To protect the dignity, privacy and health of human beings involved in research in term of the Swiss Human Research Act (HRA) and its Ordinances (KlinV/HRO), the vast majority of all research projects are today conducted with coded or pseudonymized health-related personal data and material. Coded means that the identifying information about the person concerned (surname, name, date of birth, residence, phone etc) is removed in a clinical data set or of biological material and replaced by a code (Art. 35 HRA conjunction with Art. 26 HFV). This code is also referred to as a patient or subject identifier. To ensure appropriate coding, the HRA, its Ordinances and the Guidelines for Good Clinical Practice (GCP) stipulate that the person identifiable data must be stored in a system separate from the research database (Art. 26 para. 2 HRO). If this process is carried out correctly, the study personnel has to keep a separate protocol with the person identifiable data of all patients included in a human research study. This “subject-identification log/code list” ensures the link between the research data and the individual. For data protection reasons, this important log always remains within the hospital that collected the data (i.e. the data controller). The liability to identify and contact a person in a study at any time is of key importance and the maintenance of the identification log files is a key responsibility of every investigator.
The issue with the current situation
Critical in this process is that the separation of personal health data and person identifiable data is handled very heterogeneously in research projects and in a potentially considerable number of cases it is not HRA/GCP compliant. Moreover, often the subject identification logs are kept on paper or e.g. on Excel files, making this important process difficult to control, very volatile, inefficient and not always transparent for the hospital (the data controller).
It’s the aim of IDEAL to provide for Swiss data controllers (e.g. hospitals) a decentralized, secure, uniform and therefore professional solution to support the management of person identifiable data according to the Swiss regulatory requirements in human research.
How it came about IDEAL
IDEAL is a Swiss national IT infrastructure project for human research funded by the Swiss Institute of Bioinformatics (SIB). The IDEAL project was founded by the IDEAL consortium in 2018 and was submitted as an official SPHN project during the 2018 SPHN infrastructure project call. IDEAL was approved for funding by the SIB and under the umbrella of SPHN, in particular the SPHN BioMedIT board, which acts as IDEAL supervisory board.
The IDEAL consortium is the organizational board of the IDEAL project. Consortium members are large Swiss cohorts, and the Clinical Trial Unit of the University Hospital of Basel (CTUs).
unimedsuisse recommends the project for implementation. The data protection officer Basel Stadt and the legal department of the University Hospital approved the project.
Key aims of the IDEAL project
IDEAL offers a unified and decentralized solution to link the pseudonymized data subject of a study to the identity of the natural person at the site of the data controller (e.g. the hospital).
- IDEAL therefore supports a key regulatory requirement and supports the maintenance and up-to-dateness of the person identifiable data of human research participants. IDEAL supports the process of pseudonymization (coding) and ensures the re-identification of study participants at any time in an efficient and transparent way.
- ID mapping: by linking the patient identification numbers of the study subject in the research database with the identification number of the corresponding patient in the hospital (hospital patid), the automated data integration between routine data from the hospital CDWH (e.g. clinical data, routine lab, imaging or pathology) and clinical research databases (e.g. cohort databases) is promoted throughout Switzerland.
IDEAL creates a National Network of decentralized local IDEAL clients, called the National IDEAL Data Center (NIDC). To ensure the interoperability between the different local clients, the NIDC is setup.
The NIDC is a national, centralized server platform that connects the IDEAL clients across all study sites. The NIDC provides the following functionalities:
- A central tool to distribute the IDEAL software applications within the connected network of all IDEAL clients
- Hosting of the IDEAL’s metadata repository
- Given the approved SPHN data governance structure and FAIR principles (https://www.go-fair.org/fair-principles/), the NIDC supports the management of requests from users who intend to link research data and routine hospital data.
The NIDC does not include any identifying information from study participants. In a second project phase, it is discussed to include a hash code, which is based on participants identifying information. The hash code is generated decentralized in the local application. Such code allows to identify identical individuals participating in several studies or different hospitals (privacy preserving record linkage). In Switzerland, a national identifier for research is missing, thus other solution, such as hash codes, have to be found.
IDEAL is a web-based Django application, which is locally installed at the institution of the data controller (e.g. hospital). The core of the local application is a linkage database, which links pseudonymized data from research studies with the identity of the natural person in the hospital.
To overcome data protection issues, the linkage information, including patient identifying information and the research study identifier is exclusively stored at the patients treating institution. The proposed solution is decentralized, no identifying information is stored outside the hospital
The IDEAL linkage database includes identifying information from the clinical data warehouse (e.g. name, date of birth, gender, general informed consent etc) and the pseudonymized study identifier from the research study.