By Dipak Kalra, President i~HD

There is a growing momentum right across Europe to scale up our learning from routinely collected health data (real-world data – RWD). The need for us to learn more from data is widely recognised by all stakeholders. We need to track health outcomes so that we can optimise our care pathways to deliver the best possible health benefits to patients. We need to be alert to treatment safety issues to identify unmet health needs and to monitor the health of the population from a public health perspective. We must accelerate research, to speed up the development of innovative medicines, medical devices, algorithms, and artificial intelligence. The insights needed to make medicine more personalised also require large volumes of routinely RWD to be analysed alongside genetic data.

The opportunities for us to undertake this kind of learning are also growing rapidly, with more data being collected in structured and coded forms within electronic health records, and research infrastructures being established within countries and regions, and increasingly across Europe to enable large-scale (big data) analysis for research. Distributed (federated) analytic methods are enabling this massive scaling up.

However, in parallel to this is a recognition that the public is concerned at the growing number of organisations that might have access to their health data, because of the perceived increased risk to their privacy. There is a strong societal (as well as legal) obligation on Data Protection Authorities and Data Protection Officers to ensure that all uses and reuses of health data fully comply with the European General Data Protection Regulation (GDPR). 

When I and my Institute colleagues engage with the research community, public and private, we hear a common message: they are required to adopt very stringent data protection and information security measures. Whilst they are willing to do so, they find the expectations confusing and sometimes difficult to put into practice whilst still enabling them to undertake the intended research. 

We know that hospitals and general practices are pretty good at managing data protection and information security when it comes to the clinical uses of patient data. We know that the academic and industry research community are good at upholding data protection rules when they collect and analyse data within clinical trials, through patient consent. However, the landscape that is growing rapidly is the reuse of routinely collected health data, which sits in a grey intermediate zone between those two, reusing clinical data but usually not through a consent-based legal basis. When speaking to partners we collaborate with many different research consortia we find that there is a rather widespread gap in knowledge and experience in how to adopt the right data protection practices when reusing health data, what safeguards are appropriate, how to train personnel, and what good practices they should adopt within their research teams and between teams and countries. 

We perceive an awareness, education, and expertise gap in this area, and the need for many organisations to upskill their data management and research staff in better understanding the GDPR, how it applies to the reuse of real-world data, and the steps they should take in designing and conducting big data research. The public is also interested in knowing more about this topic, which we feel is important because greater awareness and understanding of how data can and should be protected should give confidence in permitting their data to be used. The clinicians who engage closely with patients also need to understand better what downstream reuses of their clinical records are permitted and under what safeguards.

Our Institute is therefore embarking on a programme of greater awareness and support to our multi-stakeholder community. We are starting with some webinars this autumn and winter covering different data protection topics. We will then start populating a knowledge resource centre on our website where people can download guides, checklists, and templates that can help them to adopt good practices in data protection when reusing real-world data for research.

We are enthusiastic about the value of health data for societal good, the need for stakeholders to work together to scale up learning opportunities from data, but in parallel the need for us to do this in trustworthy ways that earn societal trust. 

Dipak Kalra

President i~HD