David Trower, Anonymisation and pseudonymisation in large data sets for medical research

Anonymisation & pseudonymisation in large data sets for medical research

Law and Ethics in

e-Social Science Workshop,

24 June 2009

NCeSS Conference, Cologne, June 2009

David Trower

Chief Privacy Officer EMEA & Chair of Global Privacy Council

IMS Health


Who are IMS?

• US owned multi-national in 100+ markets globally

• EMEA region, headquartered in London, includes 30 countries with data protection laws

• Lead supplier of market intelligence and consulting services to the pharmaceutical and healthcare industries

• Additional information is available at http://www.imshealth.com.

http://www.imshealth.com/


Why is privacy so important to IMS?

• Matter of legal compliance and sanctions

• Critical as IMS an information based company

• Secure and gain access to data

• Gain competitive advantage

• We are good citizens


Our privacy gold standard

• Global Privacy Council, network of privacy officers

• IMS assessed as compliant, by independent legal opinion, in 17 European countries

• IMS use the latest privacy enhancing technologies and methodologies to anonymise physician and patient data

• IMS works with Data Privacy Commissioners and lobbies to create a legal framework supportive to medical research


Legal and regulatory considerations

• Data protection

• Patient confidentiality and medical secrecy

• Laws regulating clinical research

• Ethical committee requirements

• Physician association rules


Data protection law requirements

• Notification of processing to DP Authority

• Legal basis, often consent

• Transparency, notice to the individual

• No unauthorised secondary use

• Data must be relevant and not excessive

• Data quality obligations

• Individual rights, for example access to own data

• Information security

• Obligations in appointing outsourcers

• Strict rules on data transfers to outside the EU


The alternative is to anonymise

• So it is no longer ‘personal data’

• Legal rules then don’t apply

• Where is the dividing line?

• The data must no longer be identifiable

• Not an absolute test

• No longer a reasonably likely chance of re-identification (Recital 26 of DP Directive)

• No firm guidelines on meaning


Is pseudonymised data ‘personal’?

• Individual de-identified patient often coded

• Key held by physician

• Sometimes need to ‘go backwards’

• For validation and data quality purposes

• WP29 Paper on ‘Definition of Personal Data’

• Coded data not personal in hands of recipient when reverse process has no impact on individual

• But this position not universally adopted across EU


Secondary use of patient data at IMS

• Sensitive privacy issue for company

• Occasional nominative data in direct research

• Mostly anonymous or coded

• As part of syndicated services based on panels

• Ad hoc primary market research for specific clients

• ‘Anonymous line data’ can be provided to clients


Purposes

• Pharmacovigilance,

• Pharmacoepidemiology,

• Epidemiology,

• Health economics and outcomes research,

• Pharmaceutical market research


Types of survey

1. Direct to patient

2. Interventional

3. Physician observational studies (e.g. diary)

4. Physician retrospective studies

5. External researcher retrospective studies

6. EHR system data extraction


IMS anonymisation standard on full medical record

1. No direct identifiers

2. Patient geography minimum limit

3. Physician identity known only to panel management

4. Extreme values top coded

5. Rare Conditions filtered

6. Date of birth masked

7. Specific socio-economic information eliminated

8. Size of sample not to exceed set % of target population

9. Free text eliminated or filtered

10. Information security limits access

11. One way hashing of key where possible… no reverse process

12. Contractual guarantees on no re-identification sometimes used


Is physician linked prescription data personal?

• Pharmaceutical industry very interested in doctor prescribing behaviour and IMS seeks to provide insights

• Information on named doctors prescribing is personal data though

• European Convention of Human Rights, Article 8, provides that everyone has “the right to respect for his private and family life, his home and his correspondence”.

• Case law of European Court of Human Rights confirms clearly that rights to a private life extend into the work environment

• Data protection law seeks to protect work product data about named individuals, seen as personal data in most cases


Is physician linked prescription data personal?

Article 29 Working Party, committee of all EU DP commissioners,

produced guidance on definition of personal data in 2007. Example 1:

Professional habits and practices

Drug prescription information (e.g. drug identification number, drug name, drug

strength, manufacturer, selling price, new or refill, reasons for use, reasons for no

substitution order, prescriber's first and last name, phone number, etc.), whether in the

form of an individual prescription or in the form of patterns discerned from a number

of prescriptions, can be considered as personal data about the physician who prescribes

this drug, even if the patient is anonymous. Thus, providing information about

prescriptions written by identified or identifiable doctors to producers of prescription

drugs constitutes a communication of personal data to third party recipients in the

meaning of the Directive.


IMS EMEA response

• Variety of strategies to anonymise prescription data (“Rx”)

• Often use Trusted Third Parties (“TTP”)

• Rx minus patient details sent to IMS

• Doctor name linked to each Rx sent to TTP

• TTP links doctor to specific group or area (“brick”)

• Acceptable brick size varies

• France 5, UK 50, Belgium 12, Germany?

• Governments and/or DP authorities determine

• Not just privacy driving size, but payer concerns


Any Questions?

Date post:	01-Dec-2014
Category:	Technology
Upload:	acarusi
View:	1,957 times
Download:	3 times

David Trower, Anonymisation and pseudonymisation in large data sets for medical research

Technology