BACKGROUND: Art. 50 of the proposal for a Regulation on the European Health Data Space (EHDS) states that \"health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organizational measures and security and interoperability requirements\".
OBJECTIVE: To identify specific security measures that nodes participating in health data spaces shall implement based on the results of the IMPaCT-Data project, whose goal is to facilitate the exchange of electronic health records (EHR) between public entities based in Spain and the secondary use of this information for precision medicine research in compliance with the General Data Protection Regulation (GDPR).
METHODS: This article presents an analysis of 24 out of a list of 72 security measures identified in the Spanish National Security Scheme (ENS) and adopted by members of the federated data infrastructure developed during the IMPaCT-Data project.
RESULTS: The IMPaCT-Data case helps clarify roles and responsibilities of entities willing to participate in the EHDS by reconciling technical system notions with the legal terminology. Most relevant security measures for Data Space Gatekeepers, Enablers and Prosumers are identified and explained.
CONCLUSIONS: The EHDS can only be viable as long as the fiduciary duty of care of public health authorities is preserved; this implies that the secondary use of personal data shall contribute to the public interest and/or to protect the vital interests of the data subjects. This condition can only be met if all nodes participating in a health data space adopt the appropriate organizational and technical security measures necessary to fulfill their role.

Biomedical data are generated and collected from various sources, including medical imaging, laboratory tests and genome sequencing. Sharing these data for research can help address unmet health needs, contribute to scientific breakthroughs, accelerate the development of more effective treatments and inform public health policy. Due to the potential sensitivity of such data, however, privacy concerns have led to policies that restrict data sharing. In addition, sharing sensitive data requires a secure and robust infrastructure with appropriate storage solutions. Here, we examine and compare the centralized and federated data sharing models through the prism of five large-scale and real-world use cases of strategic significance within the European data sharing landscape: the French Health Data Hub, the BBMRI-ERIC Colorectal Cancer Cohort, the federated European Genome-phenome Archive, the Observational Medical Outcomes Partnership/OHDSI network and the EBRAINS Medical Informatics Platform. Our analysis indicates that centralized models facilitate data linkage, harmonization and interoperability, while federated models facilitate scaling up and legal compliance, as the data typically reside on the data generator\'s premises, allowing for better control of how data are shared. This comparative study thus offers guidance on the selection of the most appropriate sharing strategy for sensitive datasets and provides key insights for informed decision-making in data sharing efforts.

UNASSIGNED: The ORCHESTRA project, funded by the European Commission, aims to create a pan-European cohort built on existing and new large-scale population cohorts to help rapidly advance the knowledge related to the prevention of the SARS-CoV-2 infection and the management of COVID-19 and its long-term sequelae. The integration and analysis of the very heterogeneous health data pose the challenge of building an innovative technological infrastructure as the foundation of a dedicated framework for data management that should address the regulatory requirements such as the General Data Protection Regulation (GDPR).
UNASSIGNED: The three participating Supercomputing European Centres (CINECA - Italy, CINES - France and HLRS - Germany) designed and deployed a dedicated infrastructure to fulfil the functional requirements for data management to ensure sensitive biomedical data confidentiality/privacy, integrity, and security. Besides the technological issues, many methodological aspects have been considered: Berlin Institute of Health (BIH), Charité provided its expertise both for data protection, information security, and data harmonisation/standardisation.
UNASSIGNED: The resulting infrastructure is based on a multi-layer approach that integrates several security measures to ensure data protection. A centralised Data Collection Platform has been established in the Italian National Hub while, for the use cases in which data sharing is not possible due to privacy restrictions, a distributed approach for Federated Analysis has been considered. A Data Portal is available as a centralised point of access for non-sensitive data and results, according to findability, accessibility, interoperability, and reusability (FAIR) data principles. This technological infrastructure has been used to support significative data exchange between population cohorts and to publish important scientific results related to SARS-CoV-2.
UNASSIGNED: Considering the increasing demand for data usage in accordance with the requirements of the GDPR regulations, the experience gained in the project and the infrastructure released for the ORCHESTRA project can act as a model to manage future public health threats. Other projects could benefit from the results achieved by ORCHESTRA by building upon the available standardisation of variables, design of the architecture, and process used for GDPR compliance.

The digital health space is growing rapidly, and so is the interest in sharing anonymized health data. However, data anonymization techniques have yet to see much coverage in the medical literature. The purpose of this article is, therefore, to provide a practical framework for anonymization with a focus on the unique properties of data from digital health applications. Literature trends, as well as common anonymization techniques, were synthesized into a framework that considers the opportunities and challenges of digital health data. A rationale for each design decision is provided, and the advantages and disadvantages are discussed. We propose a framework based on storing data separately, anonymizing the data where the identified data is located, only exporting selected data, minimizing static attributes, ensuring k-anonymity of users and their static attributes, and preventing defined metrics from acting as quasi-identifiers by using aggregation, rounding, and capping. Data anonymization requires a pragmatic approach that preserves the utility of the data while minimizing reidentification risk. The proposed framework should be modified according to the characteristics of the respective data set.

This paper contributes to the exploration of the potential application of duties related to the diligent anticipation of the (imminent) harms and (potential) benefits to humans that scientific innovation engenders to health-related contexts. In particular, it addresses the intersection between the human right to science and health-related data processing, which plays a key role in the production, translation and implementation of biomedical knowledge. The first part of the paper provides a brief recap of the interpretation of the right to science based on Art. 15 (1) (b) of the United Nations International Covenant on Economic, Social and Cultural Rights (hereafter ICESCR or Covenant) and the resulting obligations for States in the context of health and related data processing. The second part of the paper defines the relevance of the ICESCR for EU Member States and the European Union. In the third part, theses are put forward on how the human right to science and the obligations under Art. 15 (1) (b) ICESCR influence the interpretation and application of the General Data Protection Regulation as secondary EU law. By examining the justifications for using the right to science to interpret EU data protection law and by providing interpretation and application guidance on the main data protection principles in the area of health-related data processing, taking this right into account, the aim is to shape the EU data governance framework to meet the requirements of this human right. In doing so, the paper aims to close the gaps in the interpretation and application of the main rules of EU data protection law. Such standardization in the health-related context can contribute to a coherent interpretation and application of existing rules by referring to this emerging human right. Against this background, the paper identifies governance measures that the EU legislator could take to guide the processing of health-related data in line with the requirements of the right to science.

This paper discusses a landmark ruling by the Chilean Supreme Court of August 9, 2023 dealing with the right to mental privacy, originated with an action for constitutional protection filed on behalf of Guido Girardi Lavin against Emotiv Inc., a North American company based in San Francisco, California that is commercializing the device \"Insight.\" This wireless device functions as a headset with sensors that collect information about the brain\'s electrical activity (i.e., neurodata). The discussion revolves around whether neurodata can be considered personal data and whether they could be classified into a special category. The application of the present legislation on data (the most obsolete, such as the Chilean law, and the most recent EU law) does not seem adequate to protect neurodata. The use of neurodata raises ethical and legal concerns that are not fully addressed by current regulations on personal data protection. Despite not being necessarily considered personal data, neurodata represent the most intimate aspects of human personality and should be protected in light of potential new risks. The unique characteristics of neurodata, including their interpretive nature and potential for revealing thoughts and intentions, pose challenges for regulation. Current data protection laws do not differentiate between different types of data based on their informational content, which is relevant for protecting individual rights. The development of new technologies involving neurodata requires particular attention and careful consideration to prevent possible harm to human dignity. The regulation of neurodata must account for their specific characteristics and the potential risks they pose to privacy, confidentiality, and individual rights. The answer lies in the reconfiguration of human rights known as \"neurorights\" that goes beyond the protection of personal data.

Background: In the European Union, the General Data Protection Regulation (GDPR) plays a central role in the complex health research legal framework. It aims to protect the fundamental right to the protection of individuals\' personal data, while allowing the free movement of such data. However, it has been criticized for challenging the conduct of research. Existing scholarship has paid little attention to the experiences and views of the patient community. The aim of the study was to investigate 1) the awareness and knowledge of patients, carers, and members of patient organizations about the General Data Protection Regulation, 2) their experience with exercising data subject rights, and 3) their understanding of the notion of \"data control\" and preferences towards various data control tools. Methods: An online survey was disseminated between December 2022 and March 2023. Quantitative data was analyzed descriptively and inferentially. Answers to open-ended questions were analyzed using the thematic analysis method. Results: In total, 220 individuals from 28 European countries participated. The majority were patients (77%). Most participants had previously heard about the GDPR (90%) but had not exercised any of their data subject rights. Individual data control tools appeared to be marginally more important than collective tools. The willingness of participants to share personal data with data altruism organizations increased if patient representatives would be involved in the decision-making processes of such organizations. Conclusion: The results highlighted the importance of providing in-depth education about data protection. Although participants showed a slight preference towards individual control tools, the reflection based on existing scholarship identified that individual control holds risks that could be mitigated through carefully operationalized collective tools. The discussion of results was used to provide a critical view into the proposed European Health Data Space, which has yet to find a productive balance between individual control and allowing the reuse of personal data for research.

UNASSIGNED: Data linkage for health research purposes enables the answering of countless new research questions, is said to be cost effective and less intrusive than other means of data collection. Nevertheless, health researchers are currently dealing with a complicated, fragmented, and inconsistent regulatory landscape with regard to the processing of data, and progress in health research is hindered.
UNASSIGNED: We designed a qualitative study to assess what different stakeholders perceive as ethical and legal obstacles to data linkage for health research purposes, and how these obstacles could be overcome.
UNASSIGNED: Two focus groups and eighteen semi-structured in-depth interviews were held to collect opinions and insights of various stakeholders. An inductive thematic analysis approach was used to identify overarching themes.
UNASSIGNED: This study showed that the ambiguity regarding the \'correct\' interpretation of the law, the fragmentation of policies governing the processing of personal health data, and the demandingness of legal requirements are experienced as causes for the impediment of data linkage for research purposes by the participating stakeholders. To remove or reduce these obstacles authoritative interpretations of the laws and regulations governing data linkage should be issued. The participants furthermore encouraged the harmonisation of data linkage policies, as well as promoting trust and transparency and the enhancement of technical and organisational measures. Lastly, there is a demand for legislative and regulatory modifications amongst the participants.
UNASSIGNED: To overcome the obstacles in data linkage for scientific research purposes, perhaps we should shift the focus from adapting the current laws and regulations governing data linkage, or even designing completely new laws, towards creating a more thorough understanding of the law and making better use of the flexibilities within the existing legislation. Important steps in achieving this shift could be clarification of the legal provisions governing data linkage by issuing authoritative interpretations, as well as the strengthening of ethical-legal oversight bodies.

The potential benefits of digital health technologies in population-based health research depend mainly on whether and to what extent these technologies can be based on the processing of personal health data. However, there needs to be more certainty in the application and interpretation of the relevant legal regulations on the processing of research data using digital health technologies. Research practice primarily uses consent as a legitimation basis for data processing, although the information model of the German and European legislator, with its ambitious requirements for voluntary and informed consent, is unrealistic and needs to be revised. Even the concepts of broad consent, dynamic consent, and meta consent, which represent alternatives to the classic consent solution, cannot remedy all the deficits of the consent model.In order to guarantee the informational self-determination of the persons concerned and, at the same time, keep an eye on the interests of research in the public health sector, data protection for research purposes must be further developed. Solutions should not only be tailored to consent behavior but must also consider the legitimization of research data processing without consent or aim to remove the personal reference of the data irretrievably. To date, the law has only fulfilled its task of striking an appropriate balance between the interests of all stakeholders to a limited extent. However, improvement is in sight, especially given current regulatory initiatives and new legal solutions. This discussion article illustrates the ambivalent role of law: on the one hand, health data protection law is often perceived as an obstacle to innovation, but on the other hand, law can pave the way for digital health technologies if further developed.
UNASSIGNED: Der potenzielle Nutzen digitaler Gesundheitstechnologien hängt im Bereich der populationsbezogenen Gesundheitsforschung maßgeblich davon ab, ob und in welchem Umfang sich diese Technologien auf eine Verarbeitung personenbezogener Gesundheitsdaten stützen lassen. Allerdings herrscht erhebliche Unsicherheit bei der Anwendung und Auslegung der einschlägigen rechtlichen Regelungen zur Verarbeitung von Forschungsdaten mittels digitaler Gesundheitstechnologien. Die Praxis der Forschungsdatenverarbeitung ist immer noch maßgeblich vom Primat der Einwilligung als Legitimationsgrundlage für eine Datenverarbeitung geprägt, obwohl das Informationsmodell des deutschen und europäischen Gesetzgebers mit seinen ambitionierten Anforderungen an die freiwillige und informierte Einwilligung realitätsfern ist. Auch die Konzepte des Broad Consent, Dynamic Consent und Meta Consent, die Alternativen zur klassischen Einwilligungslösung darstellen, können nicht sämtliche Defizite des Einwilligungsmodells beheben.Um die informationelle Selbstbestimmung der betroffenen Personen zu gewährleisten und gleichzeitig die Interessen der Forschung im Public-Health-Bereich im Blick zu behalten, muss der Forschungsdatenschutz weiterentwickelt werden. Lösungen müssen dabei nicht nur am Einwilligungsverhalten selbst ansetzen, sondern auch eine Legitimation der Datenverarbeitung ganz ohne Einwilligung in den Blick nehmen oder auf eine unwiederbringliche Aufhebung des Personenbezugs der Daten abzielen. Dieser Diskussionsartikel beleuchtet die ambivalente Rolle des Rechts im Hinblick auf digitale Gesundheitstechnologien und zeigt, dass der oftmals als Hindernis verstandene Gesundheitsdatenschutz – bei entsprechender Weiterentwicklung – durchaus den Weg für digitale Gesundheitstechnologien bereiten kann.

The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR\'s text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.