RADeep Legal Frame

RADeep Legal Frame

In agreement with RADeepPrinciple: “to maximize public benefit from data on RAs opened-up through the platform with the only restriction needed to guarantee patient’s rights and confidentially in agreement with EU regulations for cross-border sharing of clinical data”, a legal frame for secure sharing and re-use of data on patients affected by RAs enabling both entering certified medical data from available sources and re-use of data with third parties, namely other ERNs, research community and industry has been established from the outset.

The RADeep Policy aims at establishing the legal frame for the setting up, in the context of the European Reference Networks, of a European Epidemiological platform ensuring safe sharing of patients’ data in agreement with the Regulation (EU) 2016/679 of the European Parliament and the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Processing health data must be subjected to appropriate safeguards, ensuring that technical and organisational measures are in place in order to protect subjects’ rights. Pseudonymisation should be one of these safeguards. In the particular case of processing data from patients affected by rare diseases, the risk of identification of subjects needs to be taken into consideration due to their low prevalence.

Following these premises, RADeep policies have been designed including:

  • The constitution of an International Legal and Ethical Advisory Board (ILEAB)
  • Revision systems ensuring that the process of data is performed solely for scientific purposes of interest and quality.
  • An information model for subjects, which ensures that consent is given in a free, specific and informative manner.
  • Identification of the obligations of all the subjects and institutions that participate in the processing of data and their commitment to respect legal and ethics principles that correspond to health data processing, including the adoption of measures to protect the confidentiality and security of data.
  • Contracts among actors involved through which commitments for the lawful and secure processing of data is acquired.
  • Definition of minimum criteria for data to be transmitted to third parties in order to avoid the transmission of data that may potentially lead to the identification of subjects and thus, assuring the impossibility of identification of subjects considering the particularity of rare diseases.

The following diagram summarizes the pathways for RADEEP data entry, data processing and data request:

  • Controller:
    • Hôpital ERASME, Brussels, Belgium acting as coordinator and responsible of RADEEP and determining the purposes and means of the processing of personal data in RADEEP.
  • Processors:
    • University Hospital Vall d'Hebron - Vall d'Hebron Research Institute, Barcelona, Spain, acting as an institution dedicated to scientific research linked to ERN-EuroBloodNet coordinating center for the implementation of activities related to coordination of the network and with specific role in RADEEP as platform coordinator.
    • Cyprus Institute of Neurology and Genetics, Nicosia, Cyprus, actingas official member of ERN-EuroBloodNet and with specific role in RADEEP as platform developer.

Involved bodies in the security policies

  • International legal and ethical advisory board
  • DAC (Data Access Committee)