The establishment of a legal and ethical frame enabling the sharing and re-use of rare hematological diseases (RHD) patients’ data ensuring the implementation of appropriate safeguards is essential for fully respecting patients' rights and privacy.
ENROL Policy enables participating stakeholders to comply with all legal and ethical considerations that apply to the processing and use of sensitive, personal information and health data in line with the General Data Protection Regulation (GDPR).
ENROL legal frame for secure sharing and re-use of data on patients affected by RHD will enable both entering certified medical data from available sources and re-use of data with third parties, namely medical community, research community, patients and industry.
Pseudonymised personal data held in ENROL will be processed in a manner that only anonymous or de-identified data will be transferred to researchers or other third parties (patients' associations, policy makers, industry) in order to contribute to projects whose objectives are directly connected to ENROL aims.
In this context, third parties will never have access to the information that may directly lead to patients' identification and will be requested to sign an agreement including clauses to legally ban a) any attempt to re-identification, including merging ENROL data to other sources of data and b) attempt to directly contact the patients.
Third parties interested in accessing data held by ENROL will be required to submit an application that details the scientific merit of the project for which the data is needed. Requests will be reviewed by the Steering and Data Access Committee (SDAC) composed by, health professionals, patients' representatives and legal and ethical experts, that ensures that the request aligns with the purpose of ENROL.
Researchers may come from both public and private institutions in any country, including countries without the requirements foreseen in the European legislation in terms of data protection. However, all researchers and institutions will be required to sign legal agreements respecting the EU legislation and committing them to use the data only for the purpose intended and authorised.
In the GDPR context, VHIR/HUVH is designated as the platform controller. An agreement will be signed with CING as processor. More information on the coordinating institutions and roles are available at Coordination team.
The following diagram summarizes the pathways for ENROL data entry, data processing and data request. ENROL policy and agreements will be available soon: