Anonymisation & pseudonymisation  in large data sets for  medical research   Law and Ethics in  e-Social Science  Workshop...
David Trower Chief Privacy Officer EMEA  & Chair of Global Privacy Council IMS Health
Who are IMS? <ul><li>US owned multi-national in 100+ markets globally </li></ul><ul><li>EMEA region, headquartered in Lond...
Why is privacy so important to IMS? <ul><li>Matter of legal compliance and sanctions </li></ul><ul><li>Critical as IMS an ...
Our privacy gold standard <ul><li>Global Privacy Council, network of privacy officers </li></ul><ul><li>IMS assessed as co...
Legal and regulatory considerations <ul><li>Data protection </li></ul><ul><li>Patient confidentiality and medical secrecy ...
Data protection law requirements <ul><li>Notification of processing to DP Authority </li></ul><ul><li>Legal basis, often c...
The alternative is to anonymise  <ul><li>So it is no longer ‘personal data’ </li></ul><ul><li>Legal rules then don’t apply...
Is pseudonymised data ‘personal’? <ul><li>Individual de-identified patient often coded </li></ul><ul><li>Key held by physi...
Secondary use of patient data at IMS <ul><li>Sensitive privacy issue for company </li></ul><ul><li>Occasional nominative d...
Purposes <ul><li>Pharmacovigilance,  </li></ul><ul><li>Pharmacoepidemiology,  </li></ul><ul><li>Epidemiology,  </li></ul><...
Types of survey <ul><li>Direct to patient </li></ul><ul><li>Interventional </li></ul><ul><li>Physician observational studi...
IMS anonymisation standard on full medical record <ul><ul><li>No direct identifiers </li></ul></ul><ul><ul><li>Patient geo...
Is physician linked prescription data personal? <ul><li>Pharmaceutical industry very interested in doctor prescribing beha...
Is physician linked prescription data personal? Article 29 Working Party, committee of all EU DP commissioners,  produced ...
IMS EMEA response <ul><li>Variety of strategies to anonymise prescription data (“Rx”) </li></ul><ul><li>Often use Trusted ...
Any Questions?
Upcoming SlideShare
Loading in...5
×

David Trower, Anonymisation and pseudonymisation in large data sets for medical research

1,110

Published on

David Trower's slides for the Law and Ethics in e-Social Science workshop in Cologne, 23rd June, 2009

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,110
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

David Trower, Anonymisation and pseudonymisation in large data sets for medical research

  1. 1. Anonymisation & pseudonymisation in large data sets for medical research Law and Ethics in e-Social Science Workshop, 24 June 2009
  2. 2. David Trower Chief Privacy Officer EMEA & Chair of Global Privacy Council IMS Health
  3. 3. Who are IMS? <ul><li>US owned multi-national in 100+ markets globally </li></ul><ul><li>EMEA region, headquartered in London, includes 30 countries with data protection laws </li></ul><ul><li>Lead supplier of market intelligence and consulting services to the pharmaceutical and healthcare industries </li></ul><ul><li>Additional information is available at http://www.imshealth.com . </li></ul>
  4. 4. Why is privacy so important to IMS? <ul><li>Matter of legal compliance and sanctions </li></ul><ul><li>Critical as IMS an information based company </li></ul><ul><li>Secure and gain access to data </li></ul><ul><li>Gain competitive advantage </li></ul><ul><li>We are good citizens </li></ul>
  5. 5. Our privacy gold standard <ul><li>Global Privacy Council, network of privacy officers </li></ul><ul><li>IMS assessed as compliant, by independent legal opinion, in 17 European countries </li></ul><ul><li>IMS use the latest privacy enhancing technologies and methodologies to anonymise physician and patient data </li></ul><ul><li>IMS works with Data Privacy Commissioners and lobbies to create a legal framework supportive to medical research </li></ul>
  6. 6. Legal and regulatory considerations <ul><li>Data protection </li></ul><ul><li>Patient confidentiality and medical secrecy </li></ul><ul><li>Laws regulating clinical research </li></ul><ul><li>Ethical committee requirements </li></ul><ul><li>Physician association rules </li></ul>
  7. 7. Data protection law requirements <ul><li>Notification of processing to DP Authority </li></ul><ul><li>Legal basis, often consent </li></ul><ul><li>Transparency, notice to the individual </li></ul><ul><li>No unauthorised secondary use </li></ul><ul><li>Data must be relevant and not excessive </li></ul><ul><li>Data quality obligations </li></ul><ul><li>Individual rights, for example access to own data </li></ul><ul><li>Information security </li></ul><ul><li>Obligations in appointing outsourcers </li></ul><ul><li>Strict rules on data transfers to outside the EU </li></ul>
  8. 8. The alternative is to anonymise <ul><li>So it is no longer ‘personal data’ </li></ul><ul><li>Legal rules then don’t apply </li></ul><ul><li>Where is the dividing line? </li></ul><ul><li>The data must no longer be identifiable </li></ul><ul><li>Not an absolute test </li></ul><ul><li>No longer a reasonably likely chance of re-identification (Recital 26 of DP Directive) </li></ul><ul><li>No firm guidelines on meaning </li></ul>
  9. 9. Is pseudonymised data ‘personal’? <ul><li>Individual de-identified patient often coded </li></ul><ul><li>Key held by physician </li></ul><ul><li>Sometimes need to ‘go backwards’ </li></ul><ul><li>For validation and data quality purposes </li></ul><ul><li>WP29 Paper on ‘Definition of Personal Data’ </li></ul><ul><li>Coded data not personal in hands of recipient when reverse process has no impact on individual </li></ul><ul><li>But this position not universally adopted across EU </li></ul>
  10. 10. Secondary use of patient data at IMS <ul><li>Sensitive privacy issue for company </li></ul><ul><li>Occasional nominative data in direct research </li></ul><ul><li>Mostly anonymous or coded </li></ul><ul><li>As part of syndicated services based on panels </li></ul><ul><li>Ad hoc primary market research for specific clients </li></ul><ul><li>‘ Anonymous line data’ can be provided to clients </li></ul>
  11. 11. Purposes <ul><li>Pharmacovigilance, </li></ul><ul><li>Pharmacoepidemiology, </li></ul><ul><li>Epidemiology, </li></ul><ul><li>Health economics and outcomes research, </li></ul><ul><li>Pharmaceutical market research </li></ul>
  12. 12. Types of survey <ul><li>Direct to patient </li></ul><ul><li>Interventional </li></ul><ul><li>Physician observational studies (e.g. diary) </li></ul><ul><li>Physician retrospective studies </li></ul><ul><li>External researcher retrospective studies </li></ul><ul><li>EHR system data extraction </li></ul>
  13. 13. IMS anonymisation standard on full medical record <ul><ul><li>No direct identifiers </li></ul></ul><ul><ul><li>Patient geography minimum limit </li></ul></ul><ul><ul><li>Physician identity known only to panel management </li></ul></ul><ul><ul><li>Extreme values top coded </li></ul></ul><ul><ul><li>Rare Conditions filtered </li></ul></ul><ul><ul><li>Date of birth masked </li></ul></ul><ul><ul><li>Specific socio-economic information eliminated </li></ul></ul><ul><ul><li>Size of sample not to exceed set % of target population </li></ul></ul><ul><ul><li>Free text eliminated or filtered </li></ul></ul><ul><ul><li>Information security limits access </li></ul></ul><ul><ul><li>One way hashing of key where possible… no reverse process </li></ul></ul><ul><ul><li>Contractual guarantees on no re-identification sometimes used </li></ul></ul>
  14. 14. Is physician linked prescription data personal? <ul><li>Pharmaceutical industry very interested in doctor prescribing behaviour and IMS seeks to provide insights </li></ul><ul><li>Information on named doctors prescribing is personal data though </li></ul><ul><li>European Convention of Human Rights, Article 8, provides that everyone has “the right to respect for his private and family life, his home and his correspondence”. </li></ul><ul><li>Case law of European Court of Human Rights confirms clearly that rights to a private life extend into the work environment </li></ul><ul><li>Data protection law seeks to protect work product data about named individuals, seen as personal data in most cases </li></ul>
  15. 15. Is physician linked prescription data personal? Article 29 Working Party, committee of all EU DP commissioners, produced guidance on definition of personal data in 2007. Example 1: Professional habits and practices Drug prescription information (e.g. drug identification number, drug name, drug strength, manufacturer, selling price, new or refill, reasons for use, reasons for no substitution order, prescriber's first and last name, phone number, etc.), whether in the form of an individual prescription or in the form of patterns discerned from a number of prescriptions, can be considered as personal data about the physician who prescribes this drug, even if the patient is anonymous. Thus, providing information about prescriptions written by identified or identifiable doctors to producers of prescription drugs constitutes a communication of personal data to third party recipients in the meaning of the Directive.
  16. 16. IMS EMEA response <ul><li>Variety of strategies to anonymise prescription data (“Rx”) </li></ul><ul><li>Often use Trusted Third Parties (“TTP”) </li></ul><ul><li>Rx minus patient details sent to IMS </li></ul><ul><li>Doctor name linked to each Rx sent to TTP </li></ul><ul><li>TTP links doctor to specific group or area (“brick”) </li></ul><ul><li>Acceptable brick size varies </li></ul><ul><li>France 5, UK 50, Belgium 12, Germany? </li></ul><ul><li>Governments and/or DP authorities determine </li></ul><ul><li>Not just privacy driving size, but payer concerns </li></ul>
  17. 17. Any Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×