Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

STATUS: IN DEVELOPMENT

Short description 

‘A great quote’ (source)

Informed consent (IC) is a process by which a patient or research participant is fully informed about the nature, purpose, risks, and potential benefits of a study or treatment. It ensures that individuals agree to participate voluntarily, with a full understanding of what their involvement entails. In the context of health data, informed consent is also vital for GDPR compliance, as processing personal data (especially sensitive health data) often requires explicit consent from the data subject.  

Obtaining patients’ informed consent for collecting their data for scientific purposes is usually required [De novo]. Furthermore, patient consent may be necessary for archiving and sharing [uu_consent] and linkage with e.g. external registries.  

When sharing or linking health data with external registries (e.g., disease-specific databases, national health registries, or international research databases), the informed consent process must clearly define: 

  • What data will be shared or linked: The type and nature of the health data (e.g., genetic data, medical history, treatment outcomes) that will be shared or linked with external registries. 

  • Who the data will be shared with: This includes identifying the external registries, research institutions, or third parties that will have access to the data. 

  • Purpose of data sharing/linking: The consent form should explicitly state the research purposes for which the data will be shared, such as epidemiological research, clinical studies, or public health monitoring. 

  • Data security and anonymisation/pseudonymisation: Participants should be informed about how their data will be protected, whether the data will be anonymised or pseudonymised, and what security measures are in place during data sharing. 

Furthermore, consent information is necessary for the data to be machine-actionable, as without such data a computer cannot know whether it is allowed to use the data [FAIR].  

A general informed consent form is available on the website of the CCMO, but a local Institutional Ethical Review Board may demand changes after reviewing and assesses whether the IC aligns with ethical standards, legal requirements and takes considerations into account such as age. This is important because: 

  • It ensures that the consent form is written in a way that participants in that particular region can understand.  

  • The local committee will assess whether the consent form adequately explains the data processing activities, the purpose of data collection, and participants' rights (e.g., the right to withdraw consent). 

  • The committee ensures that the study adheres to local regulations regarding the use of personal and sensitive health data. 


It is crucial that essential data sharing aspects are explicitly handled in the informed consent form [De Novo]. The consent information should be made available as metadata.   

[uu_consent] https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing  

Obtaining patients’ informed consent for collecting their data for scientific purposes is usually required [De novo]. Furthermore, patient consent may be necessary for archiving and sharing [uu_consent] and linkage with e.g. external registries. Furthermore, consent information is necessary for the data to be machine-actionable, as without such data a computer cannot know whether it is allowed to use the data [FAIR]. 

A general informed consent form may be available, but a local Institutional Ethical Review Board may demand changes after reviewing. It is crucial that essential data sharing aspects are explicitly handled in the informed consent form [De Novo]. The consent information should be made available as metadata.  

[uu_consent] https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing 

SdR: The step is call Obtain informed consent. Can you “obtain” IC with an opt-out model?

https://elsi.health-ri.nl/sites/elsi/files/2020-10/Best practices%2C opt-in aan de poort voor nader gebruik - ELSI Servicedesk 20191029.pdf

Do we want to mention things like dynamic IC, electronic IC, Toestemming aan de poort?

Does a PIF also contain information about data collection / how data will be used? Or is the PIF only medical?

Why is this step important 

A properly designed informed consent is crucial for data reuse. Without it, archiving, sharing, etc may not be possible.  

To accommodate FAIR data principles (Findable, Accessible, Interoperable, and Reusable) in the Informed Consent (IC) for health research data, the IC must include specific information that addresses not only the immediate use of the data but also its potential future uses in a way that aligns with GDPR requirements. The FAIR principles encourage making data more useful for both immediate research purposes and future secondary purposes (like replication, validation, or meta-analysis), while still protecting participants' privacy and rights. 

  • Current Research Purpose: The IC should clearly explain the primary purpose for which the health data is being collected (e.g., a specific clinical study, disease research, or a longitudinal health survey). 

  • Potential Future Use: To align with the FAIR principles, the IC should also mention the possibility that the data may be used for future research purposes, which may not yet be fully known at the time of data collection. However, the scope of future research should be described as broadly but as clearly as possible, respecting GDPR’s transparency principle. 

  • FAIR Data Goals: The IC should include a statement that aligns with the goals of FAIR data, explaining that the data will be made findable, accessible, interoperable, and reusable by other researchers and stakeholders in the scientific community. 

  • Data Registries or Repositories: If applicable, the IC should state that the data will be deposited into data repositories or registries that adhere to FAIR principles, allowing it to be discoverable and reusable by others. 

  • Who Will Access the Data: Provide clarity on who will be allowed to access the data. This includes mentioning both internal and external researchers and potential data-sharing partnerships. 

  • Controlled vs. Open Access: Explain whether the data will be made available via open access (where anyone can access the data) or via controlled access (where only approved researchers or organizations can access it). 

  • Cross-border Data Transfers: If the data may be shared internationally, the IC must comply with GDPR’s rules on cross-border data transfers. Explain if the data will be shared with researchers outside the EU and what safeguards are in place to protect the data in international transfers. 

How to 

Opt-in, opt-out? What about the PIF?

[Miriem]

Zoals net besproken zou het ook interessant zijn om te kijken naar

  • Welk type consent heb ik nodig:

    • Prospectief onderzoek: expliciet informed consent

    • Retrospectief:

      • opt-in of opt-out consent: wat is het verschil en wanneer pas je welke toe?

      • Expliciet consent wanneer je de retrospectieve data ook weer opnieuw zou willen gebruiken of beschikbaar willen stellen: voor hergebruik moet expliciet consent zijn gegeven.

  • Vraag bij de METC welke templates van informed consent worden geaccepteerd. Een ethische commissie mag geen adviezen geven, maar alleen beoordelen of een informed consent voldoet aan alle wettelijke eisen en verplichtingen.

  • Stel bij Privacy (functionaris gegevensbescherming of privacy officer) vragen over eventuele aanpassingen of toevoegingen van het informed consent.

    • Zijn er standaardzinnen of paragrafen die je per onderwerp zou kunnen toevoegen aan een ICF-template?

      • Toevoegingen over het koppelen van data aan externe registries

      • Toevoegingen over samenwerkingen met externe partijen, bijvoorbeeld voor opschoning en analyses van de data

[Sander / Miriem]

Question: what is specific information that should be in your IC to accomodate for FAIR data and its further usage. IC information concerning secondary use of data / materials, potential data linkage to external registries (e.g. PALGA, IKNL)?  

Step-wise how about something like:  

  1. Check your institute for an IC template 

    1. Miriem: Zou hier niet ook verwezen moeten worden naar de CCMO templates: Subject information, informed consent and informed consent procedure | Onderzoekers | Centrale Commissie Mensgebonden Onderzoek (ccmo.nl)

  2. Check whether it allows for “whatever it is we need for making this data FAIR and its sharing”  

    1. I know there are factors which depend on the study, like e.g. linkage with PALGA, IKNL, etc. 

    2. Does this depend on FAIR Objectives? Does “I want to publish the study in the HRI Catalogue” require something different in an IC than “I want to use a patient’s data for federated querying?” 

      1. Miriem: Meestal moet er voor gezondheidsdata een data sharing agreement opgezet worden. Binnen het informed consent wordt de context van de dataverzameling beschreven en mag data binnen eenzelfde context gedeeld worden (indien er toestemming is gegeven voor data delen). Dit betekent dat er voor iedere data aanvraag gecontroleerd moet worden of de doelen voor het gebruik overeenkomen met de doelen die beschreven staan in het informed consent.

        Het is nog wel een idee om hier iemand met kennis van wetgeving naar te laten kijken.

      2. Sander: The first, I want to publish the study in the HRI Catalogue, doesn’t require anything special in the IC I think? Only when the data owner actually wants to share your data does the IC become relevant? 

        1. Meriem: De metadata over welke gegevens er zijn verzameld mogen vrij gedeeld worden (tenzij dit mogelijk valt onder geheimhouding vanwege mogelijke patenten oid). Maar ook hier zou ik iemand met meer kennis over het opzetten van (DSA) contracten naar laten kijken. Zij kunnen misschien meer toevoegen over de uitzonderingen.

      3. Sander: Is “sharing” by sending someone the data and “sharing via federated querying” different? If federated querying is anonymous by default, since the data never leaves a center, does IC about sharing the data still matter? 

        1. Meriem: Ik weet niet of federated querying by default anoniem is. Volgens mij kan deze data nog steeds gepseudonimiseerd zijn. Daarom moet er nog steeds een goede infrastructuur worden opgezet waarbij de bescherming van persoonsgegevens gewaarborgd kan worden.

      4. Federated querying is a method of querying and accessing distributed datasets without physically centralizing the data. In the healthcare context, federated querying allows researchers, clinicians, or data scientists to access and analyze health data across multiple systems (e.g., hospitals, research institutions) without transferring sensitive patient data to a central location. 
        When sharing or accessing health data via federated querying, compliance with the GDPR is crucial, particularly because health data is classified as special category data under Article 9 of the GDPR. Health data includes information such as medical history, diagnosis, treatment, and genetic data. Key GDPR principles relevant to federated querying include: 

        1. Lawfulness, Fairness, and Transparency 

          1. Lawful Basis for Processing: You must have a lawful basis to access or share health data, such as explicit consent from the data subject, or processing for research purposes under Article 9(2)(j). 

          2. Transparency: Data subjects must be informed about how their data is used, even if it’s queried remotely. Transparent data-sharing policies and consent mechanisms are essential. 

        2. Data Minimization and Purpose Limitation 

          1. Minimization: The GDPR requires that only the data necessary for the specific purpose is accessed or processed. In federated querying, this means limiting access to the minimum amount of data required to answer the query. 

          2. Purpose Limitation: Health data accessed through federated queries must only be used for the specific purpose (e.g., research) for which it was originally collected, and not for secondary purposes unless additional consent is obtained or a legal basis exists. 

        3. Data Security and Confidentiality 

          1. Security of Processing: Federated querying must implement robust technical and organizational measures to secure health data. This includes encryption, anonymization, pseudonymization, and access controls to prevent unauthorized access. 

          2. Data Localization: Since data remains on local servers, federated systems reduce the risks associated with transferring health data, but the data controllers (entities holding the data) must ensure secure query execution and auditability. 

        4. Accountability and Governance 

          1. Data Controllers and Processors: Each institution participating in a federated querying system is likely to act as a data controller, responsible for ensuring GDPR compliance. Federated systems often require detailed Data Processing Agreements (DPAs) between the entities to govern how data is accessed and used. 

          2. Data Protection Impact Assessments (DPIAs): If federated querying involves high-risk processing of health data, organizations may need to conduct a DPIA to assess risks and ensure GDPR compliance. 

  3. Make sure the necessary lines are in the IC 

  4. Get the IC approved 

[ELSI Servicedesk]

Hoi Sander,

Bij deze een antwoord op je vraag aan de ELSI Servicedesk, Susanne heeft een aantal dingen op een rij gezet. Er zijn zeker standaardzinnen of ‘best practices’ beschikbaar. Voor WMO-studies volgen onderzoekers natuurlijk de standaard PIF van de CCMO. In die zin zou je dan ook van ‘goedgekeurd’ kunnen spreken. Hierin wordt onderscheid gemaakt tussen materiaal en data.

image-20241003-072026.png

Uiteraard moet de vraag voorafgegaan worden aan de passende informatie in de folder zelf. Uitgangspunt hierbij is dat de onderzoeker duidelijk aangeeft voor welk doel of welke doelen de data/materialen hergebruikt mogen worden. Dit mag breder zijn dan het oorspronkelijke doel van de studie, maar niet te breed. Doelen in de lijn van ‘onderzoek naar kanker’ of ‘onderzoek naar gezond ouder worden’ worden meestal als passend gezien.

Voor koppelen met de CBS doodsoorzakenstatistiek staat in de comments nog dit:

image-20241003-072037.png

De meest up-to-date formulering vind je hier op de CBS-website.

In het implementatieproject gedragscode hebben we gewerkt aan een standaard alinea plus vraag over hergebruik. Je ziet dat de vraag wel gebaseerd is op die van de CCMO, maar materiaal en data worden in 1 vraag opgenomen. Deze tekst vind je hier.
Meer informatie staat hier

Binnenkort verschijnt op de ELSI Servicedesk de standaard PIF die otwikkeld is in het project ‘wederzijdse erkenning’ van de NFU. Hier zit ook een hergebruikvraag bij (en meer, ook bv koppelen) voor biobanken. En in het project implementatie nWMO toetsingskader (getrokken door Elyse) wordt ook gewerkt aan een standaard PIF, maar daar moet nog mee gestart worden.

Susanne zegt: ik ben zelf van harte bereid om deze pagina voor jullie te reviewen. Hergebruik aan de voorkant goed regelen is zeg maar mijn ding ;). Je voorkomt er achteraf een hoop gedoe mee. Tegelijkertijd vind ik het ook heel belangrijk om patienten niet onnodig 10 toestemmingsvragen te stellen. Als een onderdeel (bv koppelen, organoids) een inherent onderdeel van een project is, hoort het allemaal in de hoofd-toestemmingsvraag.

Multi-center IC?

FAIRopoly 

The development of this ICF benefited from previous experience with ICF submissions by 4 ERN Registries (ERKReg, EuRRECa, ENROL, VASCA) and from the utilization of “machine-readable” consent-related Ontologies (Data Use Ontology and Informed Consent Ontology). Several iterative expert reviews (including patient organizations and ERN representatives) were conducted to finalize the ICF.

Some potential sources: 

[HANDS] - chapter privacy and autonomy

Consent

Consent aims at informing potential study subjects of all aspects of participation, including the procedures for data handling, data access and anonymity. An informed person can freely decide to participate or not. If someone does participate, he or she understands and accepts the risks and burdens involved in participation.

The Central Committee on Research Involving Human Subjects (CCMO) has produced guidelines for obtaining informed consent and has adapted the nationally mandatory proefpersonen-informatieformulier in light of the GDPR (for WMO research). In addition, the NFU working group ‘Privacy, ethiek & recht in gezondheidsonderzoek’ is currently developing a UMC format for broad consent, which may be applicable to certain non-WMO research. Advice on how to inform donors and patients about the use of their biomaterials and/or data in scientific research can be found at the ELSI servicedesk.

The ethical committee at your UMC can help you design your informed consent procedure. Regarding data management, the informed consent should include the person's wishes about:

  • the use and reuse of patient data for research in the current and future projects;

  • notification about the research results, including incidental research findings (special concern is required for results that cannot be interpreted now, but may be interpretable in the near future);

  • which data he/she can access, if applicable;

  • the possibility to withdraw certain aspects of informed consent and the consequences;

  • data use by commercial parties.

Consent should be documented along with the collected data, so subsequent users of the data are aware of the conditions agreed to by study subjects.

In general, it is very difficult to re-contact patients or study subjects to extend or change the consent. So, we advise you to obtain informed consent for storing clinical and personal data for the purpose of both healthcare and future scientific research, each with a separate specific informed consent (also see: care and research environment). In addition, patients should always be able to retract their consent.

Frequently Asked Questions

  • What does the EU General Data Protection Regulation state about consent?

    “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.”

    And, regarding broad consent for scientific research: “It is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed to give their consent to certain areas of scientific research when in keeping with recognized ethical standards for scientific research. Data subjects should have the opportunity to give their consent only to certain areas of research or parts of research projects to the extent allowed by the intended purpose.”

    When and with what procedure should patients give consent for the use of their data or biomaterial for scientific research?

    This is described at ‘Toestemmings- en bezwaarprocedures’ at the ELSI Servicedesk.

  • What if it is impossible to ask for consent?

    In some exceptional cases, you are legally allowed to perform scientific research without a consent. More information about this can be found at ‘Toestemmings- en bezwaarprocedures’ at the ELSI Servicedesk. Always minimise the data and specifically describe the arguments for not asking for consent and make sure that your institute or its Data Protection Officer has accepted your arguments, before you start your research.

  • Do I need informed consent to use anonymous data?

    Informed consent is not mandatory if your data is truly anonymous. However, you should carefully consider whether your data indeed is anonymous: it may be possible to trace ‘anonymous’ data to an individual person by combining the data with other data sources. You should always be aware of this possibility when sharing your data with third parties. It is advisable to let an independent party (for instance a Data Access Committee or Board) objectively assess your proposed data sharing.

  • What does my institute need to do to inform patients?

    Your institute needs to actively inform patients that they may be asked to participate in scientific research. Also, they should be informed that in some exceptional cases, it can legally be allowed to perform scientific research without a consent. Patients are offered the right to refuse to such use. Your institute needs to install a procedure to ensure that such refusals are followed through, i.e., if people have refused sharing their data for scientific research, these data should not be used in research.

  • What about genetic data?

    The EU General Data Protection Regulation states that ‘Genetic data should be defined as personal data relating to the inherited or acquired genetic characteristics of a natural person which result from the analysis of a biological sample from the natural person in question, in particular chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis, or from the analysis of another element enabling equivalent information to be obtained.’

    Most genetic studies will involve restricted access to individual level genotype and phenotype due to privacy concerns that are associated with this type of data.

    The ELSI Servicedesk answers the question to what extent the data from whole genome sequencing are regarded as (directly) identifying. Also it advises on whether an informed consent form should state that genetic data is being processed.

  • Who can help me at my UMC?

    Use the Toolbox to find support on informed consent at your UMC.

  • Further reading

    For more information on incidental findings, please take a look at the BBMRI publication: Handreiking voor het constateren van, omgaan met en informeren over nevenbevindingen voor biobanken in BBMRI-NL.

The How to section should:

  • be split into easy to follow steps;

    • Step 1

    • Step 2

    • etc.

  • help the reader to complete the step;

  • aspire to be readable for everyone, but, depending on the topic, may require specialised knowledge;

  • be a general, widely applicable approach;

  • if possible / applicable, add (links to) the solution necessary for onboarding in the Health-RI National Catalogue;

  • aim to be practical and simple, while keeping in mind: if I would come to this page looking for a solution to this problem, would this How-to actually help me solve this problem;

  • contain references to solutions such as those provided by FAIR Cookbook, RMDkit, Turing way and FAIR Sharing;

  • contain custom recipes/best-practices written by/together with experts from the field if necessary. 

Expertise requirements for this step 

This section could describe the expertise required. Perhaps the Build Your Team step could then be an aggregation of all the “Expertise requirements for this step” steps that someone needs to fulfil his/her FAIRification goals.  

Practical examples from the community 

Examples of how this step is applied in a project (link to demonstrator projects).  

Training

Add links to training resources relevant for this step. Since the training aspect is still under development, currently many steps have “Relevant training will be added in the future if available.”

Suggestions

Visit our How to contribute page for information on how to get in touch if you have any suggestions about this page.

  • No labels