gms | German Medical Science

63. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e. V. (GMDS)

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie

02. - 06.09.2018, Osnabrück

Article

Send article

Framework for double pseudonymization of human biosamples in translational research

Meeting Abstract

Search Medline for

  • Bernd Ahlborn - German Consortium for Translational Cancer Research, München, Deutschland; Institute for Medical Informatics, Biometry and Epidemiology (IBE), LMU, München, Deutschland
  • Isabel Reinhardt - Institute for Medical Informatics, Biometry and Epidemiology (IBE), LMU, München, Deutschland; German Biobank Alliance, GBN, Berlin, Deutschland
  • Rainer Glaß - Neurosurgical Research, LMU, München, Deutschland
  • Niklas Thon - Department of Neurosurgery, LMU, München, Deutschland
  • Ulrich Mansmann - Institute for Medical Informatics, Biometry and Epidemiology (IBE), LMU, München, Deutschland
  • Kathrin Halfter - Institute for Medical Informatics, Biometry and Epidemiology (IBE), LMU, München, Deutschland

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie. 63. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). Osnabrück, 02.-06.09.2018. Düsseldorf: German Medical Science GMS Publishing House; 2018. DocAbstr. 29

doi: 10.3205/18gmds038, urn:nbn:de:0183-18gmds0382

Published: August 27, 2018

© 2018 Ahlborn et al.
This is an Open Access article distributed under the terms of the Creative Commons Attribution 4.0 License. See license information at http://creativecommons.org/licenses/by/4.0/.

Outline

Text

Introduction: International and national data security regulation ensure that medical data and biosamples are not shared inappropriately and handled in conflict with the patient’s privacy regulations [1], [2]. For biomedical research to remain practicable and implementable it is essential to provide protection strategies which fit regulatory requirements and needs of medical staff, while ensuring that the correct medical data is associated with its respective biosample(s). A cautious strategy for a privacy-save biosample management is double-pseudonymization via a data trustee (DT). A wide range of available biobank concepts follow the more straightforward approach of segregated data bases for IDAT, MDAT, ProbDAT, and AnaDAT [3]. Especially for small biobanks the physical and organizational segregation of data is hard to realize implying security risks. Therefore, a double-pseudonymization framework for small biobanks was developed which meets ethical requirements of involved stakeholders and provides scalability to larger settings.

Methods: The principles of the proposed concept were developed in round-table discussions with experts from all stakeholder parties (clinician, DT, researcher, ethics). The guideline of the Permanent Working Party of the German Medical Ethics Committees [2] was applied. This guideline requires a DT and double-pseudonymization in any biobank project. Definitions of the Federal Data Protection Act were used [4]. Local infrastructure was taken into account.

Results: The DT produces a linked pair of sample pseudonyms (SPSN1, SPSN2). A readable SPSN1 and a concealed SPSN2 are transferred to the clinician. The sample extractor assigns SPSN1 to a patient and transfers the concealed SPSN2 with the biosample to the biobank. The biobank is able to disclose the concealed SPSN2. Several simple practical procedures do exist for a secure implementation of this concept. The disclosed SPSN2 can be used to manage several aliquots of the biosample. This simple physical process implements by design a DT based double-pseudonymization. De-pseudonymization can only be conducted by DT who knows the relationship between both SPSNs. No patient information is required to initialize the pseudonyms. This aspect allows scaling of the process by batch processing of appropriate SPSN1-SPSN2 labels by the DT which allows sample transfer without too frequent interaction with the DT.

Discussion: Our concept presents a practical physical implementation of a DT based double-pseudonymization process. It was developed and tested in cooperation with a local biobank. A central prerequisite is the availability of a DT office. Our next step is to adapt the concept to an automated environment by cooperating with biotech partners. The concept extends the TMF framework: DT based double-pseudonymization of biosamples as well as an elegant physical procedure of biosample relabeling. The proposed strategy integrates straightforwardly into a standard biobanking routine. It may be implemented as an extension of existing data trustee software solutions.

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.

Outline

References

1.
Zentrale Kommission zur Wahrung ethischer Grundsätze in der Medizin und ihren Grenzgebieten (Zentrale Ethikkommission). Zur Verwendung von patientenbezogenen Informationen für die Forschung in der Medizin und im Gesundheitswesen. Deutsches Ärzteblatt. 1999;96(49):A-3201/B-2696/C-2326.
2.
Permanent Working Party of the German Medical Ethics Committees. Recommendation For the Assessment of Research-related Human Biobanks by Ethics Committees. 2015 [cited 2018 Feb 20]. Available from: http://www.ak-med-ethik-komm.de/docs/Recommendations2016_draft2016_09_07.pdf External link
3.
Pommerening K, Drepper J, Helbing K, Ganslandt T. Leitfaden zum Datenschutz in medizinischen Forschungsprojekten. 1st ed. Berlin: MWV; 2014.
4.
Federal Data Protection Act in the version promulgated on 14 January 2003 (Federal Law Gazette I p. 66), as most recently amended by Article 1 of the Act of 14 August 2009 (Federal Law Gazette I p. 2814). 2003.