Global Alliance for Genomics & Health Data Sharing Lexicon

Similar documents
Ethical Governance Framework

Human Rights Approach

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Personal Data Protection Competency Framework for School Students. Intended to help Educators

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

Interaction btw. the GDPR and Clinical Trials Regulation

Ethical issues raised by big data and real world evidence projects. Dr Andrew Turner

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

Consumer and Community Participation Policy

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

BBMRI-ERIC WEBINAR SERIES #2

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

PRIVACY ANALYTICS WHITE PAPER

Pan-Canadian Trust Framework Overview

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

EU Research Integrity Initiative

Translational scientist competency profile

RESEARCH DATA MANAGEMENT PROCEDURES 2015

Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070

The 45 Adopted Recommendations under the WIPO Development Agenda

2

An Essential Health and Biomedical R&D Treaty

The Biological Weapons Convention and dual use life science research

Presentation Outline

A POLICY in REGARDS to INTELLECTUAL PROPERTY. OCTOBER UNIVERSITY for MODERN SCIENCES and ARTS (MSA)

The BioBrick Public Agreement. DRAFT Version 1a. January For public distribution and comment

Workshop on anonymization Berlin, March 19, Basic Knowledge Terms, Definitions and general techniques. Murat Sariyar TMF

Privacy Policy SOP-031

University of Massachusetts Amherst Libraries. Digital Preservation Policy, Version 1.3

Draft Plan of Action Chair's Text Status 3 May 2008

Privacy by Design: Integrating Technology into Global Privacy Practices

IMI2 Intellectual Property rules in light of Call 10 topics. Magali Poinot, IMI Legal Manager IMI Stakeholder Forum 28 September 2016

4. A set of morally reasonable expectations about the governance and use of data should be determined in accordance with four principles:

Data Protection and Ethics in Healthcare

WIPO Development Agenda

Analysis of Privacy and Data Protection Laws and Directives Around the World

Human Biological Material Collection, Storage and Use

Guidance on the anonymisation of clinical reports for the purpose of publication

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe?

European Union General Data Protection Regulation Effects on Research

FACULTY OF ENGINEERING & INFORMATION TECHNOLOGIES RESEARCH DATA MANAGEMENT PROVISIONS 2015

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

INTERNATIONAL COUNCIL FOR ARCHAEOZOOLOGY (ICAZ) PROFESSIONAL PROTOCOLS FOR ARCHAEOZOOLOGY

BUREAU OF LAND MANAGEMENT INFORMATION QUALITY GUIDELINES

University of Southern California Guidelines for Assigning Authorship and for Attributing Contributions to Research Products and Creative Works

Parenteral Nutrition Down Under Inc. (PNDU) Working with Pharmaceutical Companies Policy (Policy)

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

An Introduction to a Taxonomy of Information Privacy in Collaborative Environments

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

IoT in Health and Social Care

25 th Workshop of the EURORDIS Round Table of Companies (ERTC)

What Makes International Research Ethical (Or Unethical)? Eric M. Meslin, Ph.D Indiana University Center for Bioethics

Protection of Privacy Policy

Security and Risk Assessment in GDPR: from policy to implementation

ETHICS & IMPACT EVALUATIONS

ARTICLE 29 Data Protection Working Party

Privacy Policy Framework

SHTG primary submission process

HDR UK & Digital Innovation Hubs Introduction. 22 nd November 2018

THE ASEAN FRAMEWORK AGREEMENT ON ACCESS TO BIOLOGICAL AND GENETIC RESOURCES

2. Evidence themes and their importance along the development path

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

Web 2.0 in social science research

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Extract of Advance copy of the Report of the International Conference on Chemicals Management on the work of its second session

Details of the Proposal

Intellectual Property Policy. DNDi POLICIES

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

HTA Position Paper. The International Network of Agencies for Health Technology Assessment (INAHTA) defines HTA as:

New Approaches to Safety and Risk Management

CARRA PUBLICATION AND PRESENTATION GUIDELINES Version April 20, 2017

Global strategy and plan of action on public health, innovation and intellectual property

Ocean Energy Europe Privacy Policy

SAFEGUARDING ADULTS FRAMEWORK. Prevention and effective responses to neglect, harm and abuse is a basic requirement of modern health care services.

Information Communication Technology

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

Whatever Happened to the. Fair Information Practices?

Health Innovations in Horizon 2020: the framework programme for research and innovation ( )

What does the revision of the OECD Privacy Guidelines mean for businesses?

Staffordshire Police

NASW Code of Ethics Revisions Effective January 1, 2018

Making Precision Medicine A Reality: Molecular Diagnostics, Remote Health Status Monitoring and the Big Data Challenge

Open Science for the 21 st century. A declaration of ALL European Academies

4.1. Accurate: The information is a true reflection of the original observation.

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

The HL7 RIM in the Design and Implementation of an Information System for Clinical Investigations on Medical Devices

SMA Europe Code of Practice on Relationships with the Pharmaceutical Industry

A Brief Introduction to the Regulatory Environment of Medical Device Supervision. CFDA Department of Legal Affairs Liu Pei

WANT TO PARTICIPATE IN RESEARCH? THERE S AN APP FOR THAT!

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

GESIS Leibniz Institute for the Social Sciences

Re: Review of Market and Social Research Privacy Code

Loyola University Maryland Provisional Policies and Procedures for Intellectual Property, Copyrights, and Patents

BARRIE PUBLIC LIBRARY COLLECTION DEVELOPMENT POLICY MOTION #16-34 Revised June 23, 2016

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Transcription:

Version 1.0, 15 March 2016 Global Alliance for Genomics & Health Data Sharing Lexicon Preamble The Global Alliance for Genomics and Health ( GA4GH ) is an international, non-profit coalition of individuals and organizations working in healthcare, research, disease advocacy, life science, and information technology dedicated to improving human health by maximizing the potential of genomic medicine through effective and responsible data sharing. The sharing of genomic and health-related data for biomedical research is of key importance in ensuring continued progress in our understanding of human health and wellbeing. The challenges raised by international, collaborative research require a principled but nevertheless practical framework that brings together regulators, funders, patient groups, information technologists, industry, publishers, and research consortia to share principles about data exchange. GA4GH s mission is to accelerate progress in human health by helping to establish a common framework of harmonized approaches to enable effective and responsible sharing of genomic and clinical data, and by catalysing data sharing projects that drive and demonstrate the value of data sharing. Sharing of genomic and health data is increasingly international, but must contend with discrepancies in the terms employed by applicable laws, ethics policies and regulatory systems. The purpose of this GA4GH Data Sharing Lexicon is to support international data sharing by promoting common/concordant terms within the GA4GH and across jurisdictions and research contexts with the ultimate aim of improving human health. This Data Sharing Lexicon is a tool developed to promote data-sharing in general. It is not intended to focus on biobanking or the transfer or processing of tissues or samples. The terms included are predominantly derived from legal/regulatory sources but modified so that they are applicable to many jurisdictions. These terms are not intended to replicate definitions found in particular statutes, or within scientific and technical literatures. Additional resources can be found in the attached bibliography. 1

Where relevant, the Data Sharing Lexicon builds on terminology used in GA4GH documents and policies, the most important of which are: The Framework for Responsible Sharing of Genomic and Health-Related Data Consent Policy Privacy and Security Policy Accountability Policy It also incorporates terms already in use in existing GA4GH glossaries where these are relevant and appropriate. Acknowledgements This Policy is the result of the work of many people and committees. Developed under the auspices of the GA4GH s Regulatory and Ethics Working Group, the Policy was formulated by an international committee (Data Sharing Lexicon Task Team) representing a wide spectrum of the law, security, bioethics, genomics, and life science industry communities. Collaborative input was provided from individuals as well as biomedical, patient advocacy, and ethical, policy and legal organizations, committees, and projects from all regions of the world (for contributors, see the Data Sharing Lexicon home page). 2

Data Sharing Lexicon Term Accountability Anonymisation Audit Big Data Biobank Clinical Trial Cloud Computing Coding/ Pseudonymisation Cohort Definition The obligation to explain and justify conduct. The irreversible delinking of identifying information from associated data. A systematic review to evaluate adherence to applicable laws and policies. Large and complex datasets typically combining multiple sources of information and analyzed through novel computational methods. An organized collection of human biological material and associated data which is stored, processed and searchable. A study involving human participants to investigate the efficacy and/or safety of one or more medicines or other health-related interventions. Shared computing resources accessible over the internet that can include capabilities for processing and storing data. The act of replacing an identifier with a code for the purpose of avoiding direct identification of the participant, except by persons holding the key linking the code and identifier. A group of individuals identified by common characteristic(s) (e.g., demographic, exposure, illness) or studied over time using a common protocol. 3

Confidentiality Conflict of Interest Consent Controlled/ Restricted Access Data Data Access Committee Data Breach Data Curation Data Donor Data Embargo Data Linkage Data Protections The ethical and legal obligation of an individual or organization to safeguard data or information by controlling access as authorized by law or by the data donor. One or more connections or interests (personal, social, financial or professional) that influence, or could be perceived to influence, professional integrity and independence. Voluntary and informed expression of the will of a person, or if incompetent, his/her legal representative. Access to data that is subject to conditions and an approval process. Observations, narratives or measurements that are assumed as the basis for further analysis, calculation or reasoning. A committee that reviews and authorizes applications for data access and use. The unauthorized collection, access, use, disclosure or release of data. The process of selecting, annotating, maintaining, archiving and tracking data. The individual whose data have been collected, held, used and shared. Defined period of time when data are unavailable for wider access. The process by which records representing the same entity or individual are linked across multiple data sources. The set of laws, policies and procedures that aim to minimize intrusion into people s privacy, uphold confidentiality, and penalize undue intrusions and/or breaches. 4

Data Security Data Sharing Data Steward Data (or Material) Transfer Agreement Database Dataset De-identification Destroy Disclosure Disclosure Risk Encryption Ethical Guidelines Ethics review committee/ IRB/ REC/REB The protection of the confidentiality, availability and integrity of data. Extending access to data for the purpose of research or analyses. An entity responsible for assuring the quality, integrity, and access arrangements of data and metadata in a manner that is consistent with applicable law, institutional policy, and individual permissions. A binding legal agreement between the provider and the recipient of data (or materials) that sets forth conditions of transfer, use and disclosure. Data and information that are managed and stored in a systematic way to enable data analyses. A collection of data which may be a subset in a database. The removal or alteration of any data that identifies an individual or could, foreseeably, identify an individual in the future. To take all necessary steps to ensure that data are no longer stored or able to be used. The revelation of confidential information about an individual. The probability of confidential information being revealed about an individual. A mechanism of safeguarding stored data or information by making those data or information unreadable without access to the correct decryption method. A framework to guide decision-making based on accepted ethical principles and practice. An independent committee for the ethical review of research activities. 5

Governance Harmonization Identifiable/ Personal Data Identity and Access Management Incidental Findings Individual Research Results Information Legacy Data or Biospecimens Medical/Health Record Metadata Open Data Access Opt-in Opt-out The process of policy making and management that guides and oversees research in a consistent and structured manner. The process of unifying certain policies, methodologies and approaches in order to achieve interoperability. Data that alone or in combination with other data may reasonably be expected to identify an individual. A set of processes and supporting technologies that enable the creation, maintenance, use, and revocation of digital identity. A finding discovered in the course of clinical care or research concerning an individual that is beyond the aims of the clinical care or research. A finding discovered in the course of research concerning an individual that relates to the aims of the research. Data that have already been interpreted, i.e. they have meaning in a specific context. Data (or biospecimens) previously collected for research or for clinical care, where new proposed uses may not be covered. A paper or electronic record created in the health care system which contains medical and health-related information about an individual and is used to record and support health care for that individual. Data that describe other data. Making data available without restriction. A consent mechanism where an active choice is made to participate. A consent mechanism where consent is implied unless an active choice is made not to participate. 6

Personal Data/ Identifiable Data Privacy Pseudonymisation/Coding Public Domain Public Engagement Quality Registered Access Re-Identification Return of Results Risk Safe Haven Secondary uses Data that alone or in combination with other data may reasonably be expected to identify an individual. The right and freedom to control access to information about oneself. The act of replacing an identifier with a code for the purpose of avoiding direct identification of the participant, except by persons holding the key linking the code and identifier. The body of knowledge and innovation in relation to which no person or other legal entity can establish or maintain proprietary interests. An inclusive act ranging from the active involvement of a population or sub-population in the development, management or governance of a project, to the provision of information and raising awareness of a project. Conformity of data, biospecimens or processes with pre-established specifications appropriate to the purpose to which the data, biospecimens or processes will be put. A system of authentication and self-declaration prior to providing access to data. The act of associating specific data or information within a dataset with an individual. Communication of research results to an individual or a designated health care provider or family member. The probability that an event, favorable or adverse, will occur within a defined time interval. A repository in which data are stored and accessed in ways that maintain their integrity and quality whilst meeting relevant ethical and legal controls on their use and dissemination. Using data or biospecimens in a way that differs from the original purpose for which they were generated or collected. 7

Supervisory Authority Surveillance Traceability Trusted Third Party Vulnerable Persons / Populations The public authority (or authorities) in a given jurisdiction responsible for monitoring the application of law and administrative measures adopted pursuant to data privacy, data protection and data security. The systematic collection, monitoring and dissemination of health data to assist in planning, implementation and evaluation of an action or intervention such as research or public health. The ability to verify the history, location, or application of an item, by means of documented recorded identification. For a biospecimen this pertains to any step of its handling, including donation, collection, processing, testing, storage, and disposition. An individual or organization that safeguards access to information linking individuals to their data and biospecimens. Individuals or groups requiring special considerations and/or under the protection of governments, institutions or legal representatives including but not limited to children, the elderly, and those with mental health issues. 8

Appendix 1: Table of Concordance of Data Privacy and Security Terms 1 (from GA4GH Privacy and Security Policy) Spectrum of Identifiability 1 (Most identifiable) 2 3 4 (Least identifiable) Is or can be fully identifiable to everyone Is unidentifiable to most, but remains re-identifiable to those with access to the key(s) Is likely no longer identifiable to anyone Never was identifiable identified or identifiable personal nominative coded key-coded pseudonymized reversibly de-identified linked anonymized masked encrypted anonymized de-identified pseudonymized irreversibly de-identified non-identifiable unidentifiable unlinked anonymized anonymous 6 Category 1: Identified/personal/nominative data are labelled with personal identifiers such as name or identification numbers. Data are directly traceable back to the Data Donor. Category 2: Pseudonymization/coding/key-coding consists of replacing one attribute (typically a unique attribute) in a record by another. Pseudonymized/coded/key-coded data are labelled with at least one specific code and do not carry any personal identifiers, but an individual is still likely to be identified indirectly; accordingly, pseudonymization/coding/key-coding when used alone will not result in an anonymous data. Pseudonymization/coding/key-coding reduces the linkability of a dataset with the original identity of a Data Donor; as such, it is a useful security measure in genomic research, but it is not a method of anonymization. Category 3: Anonymization is intended to prevent re-identification. Data must be processed in such a way that it can no longer be used to identify a Data Donor by using all the means likely reasonably to be used by person or entity. An important factor is that the processing must be irreversible to reasonable degree, i.e., anonymized data must not be traceable back to the Data Donor. Category 4: Anonymous data are never labelled with personal identifiers when originally collected, nor is a coding key generated. Therefore, there is no potential to trace back Data to individual Data Donors. Anonymous data are of extremely limited utility in genomic research. 1 Adapted from William W. Lowrance, Learning from Experience Privacy and the Secondary Use of Data in Health Research (London: Nuffield Trust, 2002) at 34; ICH, Guidance for Industry: E15 Definitions for Genomic Biomarkers, Pharmacogenomics, Pharmacogenetics, Genomic Data and Sample Coding Categories (April 2008); Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques; Knoppers BM, Saginur M. The Babel of genetic data terminology. Nature Biotechnology 2005; 23(8): 925-927. 9

Appendix 2: Additional Resources GA4GH, Privacy and Security Policy (2015), Appendix 1 Glossary and 2 Table of Concordance of Data Privacy and Security Terms [link] P3G, Biobank Lexicon [link] Presidential Commission for the Study of Bioethical Issues, Privacy and Progress in Whole Genome Sequencing (2012) Appendix I: Glossary of Key Terms [link] World Health Organisation, Standards and Operational Guidance for Ethics Review of Health-Related Research with Human Participants (2011) Glossary [link] BBMRI, Lexicon [link] Nuffield Council of Bioethics, The Collection, Linking and Use of Data in Biomedical Research and Health Care: Ethical Issues (2015) [link] OECD, Health Data Governance (2015) [link] Administrative Data Research Network (ADRN), Glossary, Definitions of Terms used in the Network (2015) [link] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2013) [link] Elliot M et al, Glossary on Statistical Disclosure Control (2009) [link] 10

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback