After more than two years of covid-19, the pandemic now seems better under control, but concerns remain. In order to be able to anticipate in time, a lot of up-to-date information is needed. This can best be obtained from the data of the patients themselves. This data is widely available in the electronic systems of hospitals. Yet it is remarkably difficult to collect this data for scientific research.
Coincidentally, the General Data Protection Regulation (GDPR) was introduced just before the pandemic. This GDPR appears to have an inhibiting effect on information gathering in the event of covid-19. As medical researchers and doctors, together with the Dutch Patient Federation, we find this negative influence undesirable in the largest health crisis of modern times.
About the authors
On behalf of doctors and researchers of the volunteer collective Covidpredict: Martijn de Kruifpulmonologist, Zuyderland Medical Center, Heerlen and Martijn Beudelneurologist, Amsterdam UMC.
In cooperation with Ildiko Vajda and Marcel Heldoorn on behalf of the Dutch Patient Federation.
Permission
With the introduction of the GDPR, it has become more complex to to use patient data for medical scientific research. Previously, a principle of passive consent applied under certain conditions. In 2017, the GDPR added the requirement that the ‘consumer’ also actively consented to the ‘re-use’ of personal data for secondary purposes. This has had consequences in many professions, but in medical scientific research this influence is disproportionately great.
Medical scientific research includes extensive information about the research that must be provided both orally and in writing, and active consent must be confirmed in writing after a specified reflection period. This is already difficult in a normal hospital setting, but it became even more difficult during the corona crisis due to the serious illness of the patients, the isolation measures and the extreme pressure on care. In practice, especially when all hands were needed at the bedside, it turned out to be virtually impossible for many hospitals to get this active permission.
Emergency solution
Fortunately, there was an emergency solution at the time: a ‘No-Objection’ scheme could be invoked, whereby patients were given information that their data was being reused, unless they objected. Hardly anyone objected and that helped science well at the time. Moreover, this meant that there was hardly any ‘scientific selection’, whereby certain patient groups could opt out more than others and would then have remained out of the picture for science.
Even when the GDPR was introduced, there was a lot of attention for possible negative consequences for medical scientific research. The text of the law also contains many provisions to limit these consequences as much as possible. However, that has unfortunately not proved sufficient, because one of the biggest problems is that the legal interpretation of the law has been left to the professional field.
Legal Tug of War
The Minister of Health stipulated that each hospital could interpret the law itself. In many places this led to legal tug-of-war in which flexible and strict interpretations were opposed. For example, the ‘No-Objection’ scheme was made possible by an exception, in which active consent from the patient was not required ‘if this was not reasonably possible’. So it could happen that at the beginning of the pandemic many hospitals opted for the ‘No-Objection’ system.
Beginning in 2021, when vaccines became available, optimism about the pandemic prevailed. The ministry then changed course by actively promoting active consent. In the hospitals, where it remained busy unabated, this was met with varying degrees of response, resulting in a jumble of policy. This has an undeniable negative influence had on medical research.
wrestled
To date, many partnerships struggle with the different legal bases on which patient data is collected. Coordination still leads to considerable delays for many research groups and, as a result, to a waste of subsidy funds. The solution should lie in a more flexible interpretation of the GDPR and the establishment of an up-to-date national database of patients with covid-19. With a budget of millions, the ministry has made an attempt at such a database (yourdata-reddenlevens.nl), but active permission is a requirement here and this project is running smoothly, to say the least.
The most successful databases to date are mainly spontaneously born collaborations that can be found on data sourcescovid19.nl, but that are struggling with an increasing lack of support.
Motion-Omtzigt
It is also the case that follow-up research into, for example, excess mortality by Statistics Netherlands and RIVM is hindered by the inaccessibility of the available data for privacy reasons. As a result, the independent investigation, about which a motion was submitted by Pieter Omtzigt in the House of Representatives in December 2021, cannot be properly conducted.
All in all, in recent years we have faced two relatively new situations that are at odds with each other: the implementation of the GDPR and a global pandemic. We believe that the interpretation and perhaps also the legal text itself of the GDPR is due for revision, so that medical science is not hindered but facilitated. We argue that in times of crisis the requirement for active consent for medical scientific research with patient data should be interpreted as the legislator intended: to maintain a good overview of the medical reality of the moment. This legal nuance does not kill anyone, but Covid-19 does.