Governance of collection, use and storage of RWD in the view of data protection concerns

Abstract

Abstract Issue/problem Collection, storage and sharing RWD raise concerns regarding the privacy, data protection and governance of access. To date, the concerns related to consent and adequate safeguards for data protection in conventional research and health care settings are being discussed in details in the literature. However, collection of RWD from individuals fuels questions regarding the applicability of the regulations for human subjects’ research and personal data protection. Description of the problem The data collected in the framework of RWD need to be protected in line with the overarching principles of human subjects research and personal data protection regulations such as the EU General Data Protection Regulations (GDPR). In particular, the purposes of data collection, potential further uses, duration of storage of data and the authorized users’ access to data should be managed in compliance with applicable data protection regulations. In addition, the adequate models for de-identifications of data should be used in compliance with the applicable data protection regulations. Ethical oversight on the process of data collection, storage and use should also be scrutinized. Effects/changes In order to respect the privacy rights of the patients, it is essential to first identify the potential risks and assess the adequacy of the existing safeguards in protecting the privacy of the patients. Lessons The effectiveness of the current access governance in the context of RWD should be assessed and the required safeguards to be proposed.