Guideline of GDPR and secondary use of patient data
Topic outline
-
-
We all agree, for the biopharmaceutical industry, EHDS opens new opportunities for real-world evidence generation, streamlined clinical trials, and accelerated development of innovative treatments. It supports data-driven decision-making, personalized medicine, and improved public health strategies—while maintaining high standards for privacy and security.
Though, the secondary use of health data raises in practice a lot of questions due to the complexity of different possible scenarios in practice and the divergence in the interpretation of the application of the European General Data Protection Regulation (GDPR). A clear understanding and application of the GDPR in the secondary use of health data is therefore urgently needed.
-
-
-
This guideline aims at clarifying the rights and the obligations of the private companies involved in secondary use data projects with data holders and hospitals in a harmonised way. It aims at facilitating the harmonisation of managing RWD projects under the current GDPR and relevant Belgian Personal Data Protection laws.
-
-
-
To this end, pharma.be, BeMedTech, CHAB/RUZB, Zorgnet-Icuro, Unessa, GIBBIS, Santhea, HDA and several individual hospitals have co-created a methodology to assess projects with a secondary use of data for research purposes under the GDPR and the Belgian Personal Data Protection law.
Moreover, this collaboration has led to the development of a guideline and a template agreement on the secondary use of patient data for research purposes. The agreement is intended for use between the parties as a starting point to facilitate further negotiations in case of a specific RWD project. While Belgium’s national implementation of EHDS is still pending, a guideline is provided as well that aims to clarify how the General Data Protection Regulation (GDPR) applies to the secondary use of health data in the interim. The present guideline focuses on the applicability of the General Data Protection Regulation (GDPR) and the Belgian Personal Data Protection Law and its most relevant aspects to pharma and medtech companies’ secondary use of patient data for scientific research purposes that were already collected by health care providers (HCPs) and health care organizations (HCOs) for routine care and treatment purposes (primary use of the data).
-