© Fred Pieau
Expert column
Protect my users, secure my data and content

“Combining medical research with GDPR is an essential requirement to keeping innovation going" by Carole Le Goff

An opinion column of Carole Le Goff, Sales & Marketing Manager, e-Health at b<>com

Progresses in computer science are opening up a new era in healthcare domain. Each patient can potentially access a personalized and optimal care. But heterogeneous and, distributed data are an obstacle to the adoption of new clinical solutions produced by research projects. Although hospitals, medical researchers, and healthcare professionals are used to issues with protecting and securing health data, it is now more important than ever to offer them innovative solutions to make it easier to share, analyze, and process de-identified data while ensuring privacy policy. This way, patients can benefit from research findings in their own care.

Translational research is an emerging process that can turn research centers into concrete patient care applications. This practice allows patients to quickly benefit from appropriate research results. To achieve this research-care continuum, the deployment of suitable gateways for clinical research must be developed. Close collaboration between clinicians, who handle patient relations, researchers, who develop innovative processing, and industry firms, which make the exchanges secure and deployable, is critical. In the course of these two-way exchanges, one key element is the de-identification of personal data sent to the researcher, while keeping a way for the clinician to re-identify it after processing.

These days, it is essential that data protection regulations do not impede innovation. So how can translational research be made to work under GDPR?

The General Data Protection Regulation (GDPR) states that data processing for scientific purposes must respect the rights and liberties of the person. These guarantees must enable the enactment of technical and organizational measures from the design stage (privacy by design) in order to ensure adherence to the principle of minimizing data, such as pseudonymization. In a pseudonymization process, identifying elements are replaced with information that cannot be traced back to individuals. The data controller saves the replaced elements, so the process can be reversed.

One good example is in the field of medical imaging. A clinician in a translational research project is transferring medical imaging studies that have been de-identified to a research center that processes them. He can then get the results, and after a re-identification mechanism, use them to help diagnose his patients. The de-identification mechanism, using encryption, must in this case be a bit more advanced than basic pseudonymization, because the clinician will need to re-identify a processed study for a particular patient. This is possible by reconciling the processed medical images with original images sent by the clinician.

This mechanism can be implemented by relying on the DICOM standard. This IT standard for medical imaging studies has dedicated fields for patient data (name, date of birth, sex, etc.) which facilitate pseudonymization in accordance with GDPR recommendations.

A translational research solution in the field of medical imaging offers several benefits. First of all, patients stand to gain from scientific advances (such as artificial intelligence-based solutions) to better understand the progress of their illness and thereby receive the best diagnostic and treatment. Clinicians can also adopt tools that will help in their everyday practice: Confirming the diagnosis, illness follow-up, etc. Meanwhile, researchers can move through their work more quickly by accessing a broader sample of the population and faster validation of their results through clinical trials. Finally, compatibility with GDPR recommendations makes it easier to implement and deploy at scale.

These days, it is essential to consider medical research for patient benefits through the dual lenses of translational research mechanisms and adherence to GDPR requirements. Data analytics in accordance with patient privacy is not just a way of reassuring patients and pursuing advances in research, but also accelerating innovation. Diagnostic tool for clinicians are proliferating in healthcare app marketplaces. The growth of AI in the field can boost the results. Researchers, healthcare professionals, and manufacturers are not the only ones to benefit from this boom. The patient's experience is also improved.

Carole Le Goff - DICOM - bcom
© Fred Pieau