The establishment of a legal and ethical frame enabling the sharing and re-use of rare hematological diseases (RHD) patients’ data ensuring the implementation of appropriate safeguards is essential for fully respecting patients' rights and privacy.
ENROL Policy enables participating stakeholders to comply with all legal and ethical considerations that apply to the processing and use of sensitive, personal information and health data in line with the General Data Protection Regulation (GDPR).
ENROL legal frame for secure sharing and re-use of data on patients affected by RHD will enable both entering certified medical data from available sources and re-use of data with third parties, namely medical community, research community, patients and industry.
Personal data allowing patients' direct identification, as name and surname, national identity number or home address will not be received by ENROL. Instead, patients’ data entered in ENROL will be received along with a pseudonym generated by the medical doctors (at local level) through a pseudonymisation tool GDPR compliant. The use of a pseudonymisation tool offered by the EU-RD Platform in the context of rare disease registries (https://eu-rd-platform.jrc.ec.europa.eu/_en) is envisaged for this aim.
Third parties interested in accessing anonymized/pseudonymized data held by ENROL will be required to submit an application that details the scientific merit of the project for which the data is needed. Requests will be reviewed by the Data Access Committee (DAC) composed by, health professionals, patients' representatives and legal and ethical experts, that ensures that the request aligns with the purpose of ENROL. Once the requests are approved, third parties will be requested to sign an agreement including clauses to legally ban a) any attempt to re-identification, including merging ENROL data to other sources of data and b) attempt to directly contact the patients.
Researchers may come from both public and private institutions in any country, including countries without the requirements foreseen in the European legislation in terms of data protection. However, all researchers and institutions will be required to sign legal agreements respecting the EU legislation and committing them to use the data only for the purpose intended and authorised.
The following diagram summarizes the pathways for ENROL data entry, data processing and data request. ENROL policy and agreements will be available soon:
Providers of data
Any legal entity providing data to ENROL, including among others:
Users of data
Any stakeholder (legal entity) with interest on RHDs, including aong others:
Legal binding documents: