BACKGROUND: In Europe, within the scope of the General Data Protection Regulation, more and more digital infrastructures are created to allow for large-scale access to patients\' health data and their use for research. When the research is performed on the basis of patient consent, traditional study-specific consent appears too cumbersome for many researchers. Alternative models of consent are currently being discussed and introduced in different contexts.
OBJECTIVE: This study explores stakeholder perspectives on ethical, legal, and practical concerns regarding models of consent for health data research at German university medical centers.
METHODS: Semistructured focus group interviews were conducted with medical researchers at German university medical centers, health IT specialists, data protection officers, and patient representatives. The interviews were analyzed using a software-supported structuring qualitative content analysis.
RESULTS: Stakeholders regarded broad consent to be only marginally less laborious to implement and manage than tiered consent. Patient representatives favored specific consent, with tiered consent as a possible alternative. All stakeholders lamented that information material was difficult to understand. Oral information and videos were mentioned as a means of improvement. Patient representatives doubted that researchers had a sufficient degree of data security expertise to act as sole information providers. They were afraid of undue pressure if obtaining health data research consent were part of medical appointments. IT specialists and other stakeholders regarded the withdrawal of consent to be a major challenge and called for digital consent management solutions. On the one hand, the transfer of health data to non-European countries and for-profit organizations is seen as a necessity for research. On the other hand, there are data security concerns with regard to these actors. Research without consent is legally possible under certain conditions but deemed problematic by all stakeholder groups, albeit for differing reasons and to different degrees.
CONCLUSIONS: More efforts should be made to determine which options of choice should be included in health data research consent. Digital tools could improve patient information and facilitate consent management. A unified and strict regulation for research without consent is required at the national and European Union level. Obtaining consent for health data research should be independent of medical appointments, and additional personnel should be trained in data security to provide information on health data research.

BACKGROUND: Since the COVID-19 pandemic, there has been a boost in the digital transformation of the human society, where wearable devices such as a smartwatch can already measure vital signs in a continuous and naturalistic way; however, the security and privacy of personal data is a challenge to expanding the use of these data by health professionals in clinical follow-up for decision-making. Similar to the European General Data Protection Regulation, in Brazil, the Lei Geral de Proteção de Dados established rules and guidelines for the processing of personal data, including those used for patient care, such as those captured by smartwatches. Thus, in any telemonitoring scenario, there is a need to comply with rules and regulations, making this issue a challenge to overcome.
OBJECTIVE: This study aimed to build a digital solution model for capturing data from wearable devices and making them available in a safe and agile manner for clinical and research use, following current laws.
METHODS: A functional model was built following the Brazilian Lei Geral de Proteção de Dados (2018), where data captured by smartwatches can be transmitted anonymously over the Internet of Things and be identified later within the hospital. A total of 80 volunteers were selected for a 24-week follow-up clinical trial divided into 2 groups, one group with a previous diagnosis of COVID-19 and a control group without a previous diagnosis of COVID-19, to measure the synchronization rate of the platform with the devices and the accuracy and precision of the smartwatch in out-of-hospital conditions to simulate remote monitoring at home.
RESULTS: In a 35-week clinical trial, >11.2 million records were collected with no system downtime; 66% of continuous beats per minute were synchronized within 24 hours (79% within 2 days and 91% within a week). In the limit of agreement analysis, the mean differences in oxygen saturation, diastolic blood pressure, systolic blood pressure, and heart rate were -1.280% (SD 5.679%), -1.399 (SD 19.112) mm Hg, -1.536 (SD 24.244) mm Hg, and 0.566 (SD 3.114) beats per minute, respectively. Furthermore, there was no difference in the 2 study groups in terms of data analysis (neither using the smartwatch nor the gold-standard devices), but it is worth mentioning that all volunteers in the COVID-19 group were already cured of the infection and were highly functional in their daily work life.
CONCLUSIONS: On the basis of the results obtained, considering the validation conditions of accuracy and precision and simulating an extrahospital use environment, the functional model built in this study is capable of capturing data from the smartwatch and anonymously providing it to health care services, where they can be treated according to the legislation and be used to support clinical decisions during remote monitoring.

Within collaborative projects, such as the EU-funded Horizon 2020 EXIMIOUS project (Mapping Exposure-Induced Immune Effects: Connecting the Exposome and the Immunome), collection and analysis of large volumes of data pose challenges in the domain of data management, with regards to both ethical and legal aspects. However, researchers often lack the right tools and/or accurate understanding of the ethical/legal framework to independently address such challenges. With the guidance and support within and between the partner institutes (the researchers and the ethical and legal teams) in the EXIMIOUS project, we have been able to understand and solve most challenges during the first two project years. This has fed into the development of a Data Management Plan and the establishment of data management platforms in accordance with the ethical and legal framework laid down by the EU and the different national regulations of the partners involved. Through this elaborate exercise, we have acquired tools which allow us to make our research data FAIR (Findable, Accessible, Interoperable, and Reusable), while at the same time ensuring data privacy and security (GDPR compliant). Herein we share our experience of creating and managing the data workflow through an open research communication, with the aim of helping other researchers build their data management framework in their own projects. Based on the measures adopted in EXIMIOUS to ensure FAIR data management, we also put together a checklist \"DMP CHECK\" containing a series of recommendations based on our experience.

UNASSIGNED: The COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.
UNASSIGNED: The study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.
UNASSIGNED: In total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

The COVID-19 pandemic is a threat to global health and requires collaborative health research efforts across organizations and countries to address it. Although routinely collected digital health data are a valuable source of information for researchers, benefiting from these data requires accessing and sharing the data. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts, and it has been argued that there is an ethical obligation to use the European Union\'s General Data Protection Regulation (GDPR) scientific research exemption during the COVID-19 pandemic to support collaborative health research.
This study aims to explore the practices and attitudes of stakeholders in the German federal state of Bavaria regarding the secondary use of health data for research purposes during the COVID-19 pandemic, with a specific focus on the GDPR scientific research exemption.
Individual semistructured qualitative interviews were conducted between December 2020 and January 2021 with a purposive sample of 17 stakeholders from 3 different groups in Bavaria: researchers involved in COVID-19 research (n=5, 29%), data protection officers (n=6, 35%), and research ethics committee representatives (n=6, 35%). The transcripts were analyzed using conventional content analysis.
Participants identified systemic challenges in conducting collaborative secondary-use health data research in Bavaria; secondary health data research generally only happens when patient consent has been obtained, or the data have been fully anonymized. The GDPR research exemption has not played a significant role during the pandemic and is currently seldom and restrictively used. Participants identified 3 key groups of barriers that led to difficulties: the wider ecosystem at many Bavarian health care organizations, legal uncertainty that leads to risk-adverse approaches, and ethical positions that patient consent ought to be obtained whenever possible to respect patient autonomy. To improve health data research in Bavaria and across Germany, participants wanted greater legal certainty regarding the use of pseudonymized data for research purposes without the patient\'s consent.
The current balance between enabling the positive goals of health data research and avoiding associated data protection risks is heavily skewed toward avoiding risks; so much so that it makes reaching the goals of health data research extremely difficult. This is important, as it is widely recognized that there is an ethical imperative to use health data to improve care. The current approach also creates a problematic conflict with the ambitions of Germany, and the federal state of Bavaria, to be a leader in artificial intelligence. A recent development in the field of German public administration known as norm screening (Normenscreening) could potentially provide a systematic approach to minimize legal barriers. This approach would likely be beneficial to other countries.

High-quality research in hand surgery is increasingly important. A vital component is national and international multicenter collaborative research because of better generalizability and larger sample sizes. However, sharing patient data between centers can be hampered by regulations and privacy issues or reluctance to share patient data. Therefore, in this paper, we illustrate an approach for collaborative clinical research without sharing patient data while obtaining similar outcomes. To illustrate that this collaborative clinical research approach without sharing patient data leads to similar outcomes compared to aggregating all individual patient data in one database, we simulate an approach of performing meta-analyses on summary statistics of individual-center data. In the simulation, we compare the results to conventional analyses in an existing multicenter database of patients treated for Dupuytren\'s disease at three different centers with either limited fasciectomy (LF) or needle aponeurotomy (PNF). We share example data and all analysis code in a public GitHub Library. We found similar results for the meta-analysis approach without sharing individual patient data as in the conventional approach for 1) the proportion of patients treated for recurrences, 2) the Total MHQ score after both treatments, 3) the comparison of Total MHQ score after both treatments, and 4) the comparison of both treatments when correcting for confounders with regression analysis. CLINICAL SIGNIFICANCE: We illustrate how collaborative studies can be performed without sharing individual patient data while obtaining similar results as with conventional analyses. This approach can help speed up collaborative research without losing precision in outcome analysis.

BACKGROUND: Inherited retinal diseases (IRDs) are a leading cause of blindness in children and working age adults in the United Kingdom and other countries, with an appreciable socioeconomic impact. However, by definition, IRD data are individually rare, and as a result, this patient group has been underserved by research. Researchers need larger amounts of these rare data to make progress in this field, for example, through the development of gene therapies. The challenge has been how to find and make these data available to researchers in the most productive way. MyEyeSite is a research collaboration aiming to design and develop a digital platform (the MyEyeSite platform) for people with rare IRDs that will enable patients, doctors, and researchers to aggregate and share specialist eye health data. A crucial component of this platform is the MyEyeSite patient application, which will provide the means for patients with IRD to interact with the system and, in particular, to collate, manage, and share their personal specialist IRD data both for research and their own health care.
OBJECTIVE: This study aims to test the acceptability and feasibility of the MyEyeSite platform in the target IRD population through a collaborative patient-centered study.
METHODS: Qualitative data were generated through focus groups and workshops, and quantitative data were obtained through a survey of patients with IRD. Participants were recruited through clinics at Moorfields Eye Hospital National Health Service (NHS) Foundation Trust and the National Institute for Health Research (NIHR) Moorfields Biomedical Research Centre through their patient and public involvement databases.
RESULTS: Our IRD focus group sample (n=50) highlighted the following themes: frustration with the current system regarding data sharing within the United Kingdom\'s NHS; positive expectations of the potential benefits of the MyEyeSite patient application, resulting from increased access to this specialized data; and concerns regarding data security, including potentially unethical use of the data outside the NHS. Of the surveyed 80 participants, 68 (85%) were motivated to have a more active role in their eye care and share their data for research purposes using a secure technology, such as a web application or mobile app.
CONCLUSIONS: This study demonstrates that patients with IRD are highly motivated to be actively involved in managing their own data for research and their own eye care. It demonstrates the feasibility of involving patients with IRD in the detailed design of the MyEyeSite platform exemplar, with input from the patient with IRD workshops playing a key role in determining both the functionality and accessibility of the designs and prototypes. The development of a user-centered technological solution to the problem of rare health data has the potential to benefit not only the patient with IRD community but also others with rare diseases.

BACKGROUND: Data science offers an unparalleled opportunity to identify new insights into many aspects of human life with recent advances in health care. Using data science in digital health raises significant challenges regarding data privacy, transparency, and trustworthiness. Recent regulations enforce the need for a clear legal basis for collecting, processing, and sharing data, for example, the European Union\'s General Data Protection Regulation (2016) and the United Kingdom\'s Data Protection Act (2018). For health care providers, legal use of the electronic health record (EHR) is permitted only in clinical care cases. Any other use of the data requires thoughtful considerations of the legal context and direct patient consent. Identifiable personal and sensitive information must be sufficiently anonymized. Raw data are commonly anonymized to be used for research purposes, with risk assessment for reidentification and utility. Although health care organizations have internal policies defined for information governance, there is a significant lack of practical tools and intuitive guidance about the use of data for research and modeling. Off-the-shelf data anonymization tools are developed frequently, but privacy-related functionalities are often incomparable with regard to use in different problem domains. In addition, tools to support measuring the risk of the anonymized data with regard to reidentification against the usefulness of the data exist, but there are question marks over their efficacy.
OBJECTIVE: In this systematic literature mapping study, we aim to alleviate the aforementioned issues by reviewing the landscape of data anonymization for digital health care.
METHODS: We used Google Scholar, Web of Science, Elsevier Scopus, and PubMed to retrieve academic studies published in English up to June 2020. Noteworthy gray literature was also used to initialize the search. We focused on review questions covering 5 bottom-up aspects: basic anonymization operations, privacy models, reidentification risk and usability metrics, off-the-shelf anonymization tools, and the lawful basis for EHR data anonymization.
RESULTS: We identified 239 eligible studies, of which 60 were chosen for general background information; 16 were selected for 7 basic anonymization operations; 104 covered 72 conventional and machine learning-based privacy models; four and 19 papers included seven and 15 metrics, respectively, for measuring the reidentification risk and degree of usability; and 36 explored 20 data anonymization software tools. In addition, we also evaluated the practical feasibility of performing anonymization on EHR data with reference to their usability in medical decision-making. Furthermore, we summarized the lawful basis for delivering guidance on practical EHR data anonymization.
CONCLUSIONS: This systematic literature mapping study indicates that anonymization of EHR data is theoretically achievable; yet, it requires more research efforts in practical implementations to balance privacy preservation and usability to ensure more reliable health care applications.

Although a number of authors have commented upon the impact of the GDPR on clinical trial conduct, few have examined the specific setting of paediatric trials. Whilst the general principles are the same as those for adults, some additional considerations arise. The ages of consent relating to data privacy and clinical trial participation are different in a number of countries, but the distinction is often not recognised in non-drug trials. Accidental pregnancies in clinical trials always raise complexities, but these are amplified when the trial subject is a minor, and the processes described in clinical trial protocols rarely take account of GDPR requirements. This paper describes approaches which can be taken to ensure the rights of children are respected.Conclusion: The conduct of paediatric clinical trials within GDPR requirements is quite possible provided authors think carefully when drafting protocols. What is Known: • GDPR is applicable to clinical trials, including paediatric trials. • A number of challenges at the interface between the GDPR and CTR have been described. What is New: • The application of the GDPR to certain specific situations in paediatric trials does not appear to have been explored. • Three such situations are described and solutions offered.

BACKGROUND: Existing evaluations of the effects of mobile apps to encourage physical activity have been criticized owing to their common lack of external validity, their short duration, and their inability to explain the drivers of the observed effects. This protocol describes the setup of Health Telescope, a longitudinal panel study in which the long-term effects of mobile electronic health (eHealth) apps are investigated. By setting up Health Telescope, we aim to (1) understand more about the long-term use of eHealth apps in an externally valid setting, (2) understand the relationships between short-term and long-term outcomes of the usage of eHealth apps, and (3) test different ways in which eHealth app allocation can be personalized.
OBJECTIVE: The objectives of this paper are to (1) demonstrate and motivate the validity of the many choices that we made in setting up an intensive longitudinal study, (2) provide a resource for researchers interested in using data generated by our study, and (3) act as a guideline for researchers interested in setting up their own longitudinal data collection using wearable devices. For the third objective, we explicitly discuss the General Data Protection Regulation and ethical requirements that need to be addressed.
METHODS: In this 4-month study, a group of approximately 450 participants will have their daily step count measured and will be asked daily about their mood using experience sampling. Once per month, participants will receive an intervention containing a recommendation to download an app that focuses on increasing physical activity. The mechanism for assigning recommendations to participants will be personalized over time, using contextual data obtained from previous interventions.
RESULTS: The data collection software has been developed, and all the legal and ethical checks are in place. Recruitment will start in Q4 of 2020. The initial results will be published in 2021.
CONCLUSIONS: The aim of Health Telescope is to investigate how different individuals respond to different ways of being encouraged to increase their physical activity. In this paper, we detail the setup, methods, and analysis plan that will enable us to reach this aim.
UNASSIGNED: PRR1-10.2196/16471.