In Journal of medical Internet research ; h5-index 88.0
BACKGROUND : The COVID-19 pandemic is a threat to global health and requires collaborative health research efforts across organizations and countries to address it. Although routinely collected digital health data is a valuable source of information for researchers, benefiting from this data requires accessing and sharing the data. Health care organizations focusing on individual risk minimization threatens to undermine COVID-19 research efforts, and it has been argued that there is an ethical obligation to use the European Union's General Data Protection Regulation (GDPR) scientific research exemption during the COVID-19 pandemic to support collaborative health research.
OBJECTIVE : This study aimed to explore the practices and attitudes of stakeholders in the German federal state of Bavaria regarding the secondary-use of health data for research purposes during the COVID-19 pandemic, with a specific focus on the GDPR scientific research exemption.
METHODS : Individual semi-structured qualitative interviews were conducted between December 2020 and January 2021 with a purposive sample of 17 stakeholders from three different groups in Bavaria: 1) researchers involved in COVID-19 research (n=5), 2) data protection officers (n=6), and 3) research ethics committee representatives (n=6). Transcripts were analysed using conventional content analysis.
RESULTS : Participants identified systemic challenges in conducting collaborative secondary-use health data research in Bavaria; secondary health data research generally only happens when patient consent had been obtained, or the data had been fully anonymized. The GDPR research exemption has not played a significant role during the pandemic, and is currently used very seldom and restrictively. Participants identified three key groups of barriers that led to difficulties: 1) the wider ecosystem at many Bavarian health care organisations, 2) legal uncertainty that is leading to risk adverse approaches, and 3) ethical positions that patient consent ought to be obtained whenever possible to respect patient autonomy. To improve health data research in Bavaria and across all of Germany, participants wanted greater legal certainty regarding the use of pseudonymized data for research purposes without the patient's consent.
CONCLUSIONS : The current balance between enabling the positive goals of health data research and avoiding associated data protection risks is heavily skewed towards avoiding risks; so much so that it makes reaching the goals of health data research extremely difficult. This is important because it is widely recognised that there is an ethical imperative to use health data to improve care. The current approach also creates a problematic conflict with Germany´s, and the federal state of Bavaria´s, ambitions to be a leader in artificial intelligence. A recent development in the field of German public administration known as "norm screening" (Normenscreening) could potentially provide a systematic approach to minimize legal barriers. This approach would likely be beneficial to other countries.
McLennan Stuart, Rachut Sarah, Lange Johannes, Fiske Amelia, Heckmann Dirk, Buyx Alena