Research involving health data faces a key challenge: data must be analysable and linkable across different sources – yet at the same time, the identity and privacy of the individuals concerned must remain protected. Particularly when dealing with sensitive personal data, simply removing names is not enough. Technical and organisational procedures are required that enable data to be used in compliance with data protection regulations whilst also allowing for scientifically robust analysis.
This is precisely where the EUPID (European Patient Identity Management) services developed by the AIT Austrian Institute of Technology come in. They help researchers analyse health data securely and in compliance with data protection regulations. Names and other directly identifying information are not passed on or stored, but are replaced by pseudonyms.
The accredited certification body DSGVO-ZT has now confirmed that the EUPID services offered by AIT comply with the requirements of the General Data Protection Regulation. This independent certification strengthens confidence in the data protection-compliant use of sensitive health data and supports the further international establishment of EUPID as a reliable infrastructure for health research. Researchers can thus use related datasets without names or other directly identifying information being disclosed.
A key advantage of EUPID is that data relating to the same individual can be identified and linked even when it is stored in different datasets under different pseudonyms. In this way, the privacy of data subjects is protected as effectively as possible, whilst high-quality research using distributed datasets remains feasible.
Personal data protected
Such solutions are particularly relevant where personal data is stored in different locations and there is a significant need for research. This applies, for example, to areas such as childhood cancer, where EUPID has been in use for some time. “Particularly when it comes to sensitive health data, data protection must not only be taken into account but also implemented in a technically traceable manner. The certification of EUPID Services provides additional reassurance for research partners, ethics committees and affected patients”, explains Dieter Hayn, Senior Scientist in the Competence Unit Digital Health Information Systems at the AIT Center for Health and Bioresources.
For AIT, the data protection certification is an important milestone for the further dissemination of EUPID within international research networks. The certification also sends an important signal to potential partners: it strengthens confidence in the services, facilitates the resolution of data protection queries and underscores that pseudonymisation and the linking of sensitive datasets are carried out on an independently audited basis.
Further info: https://www.ait.ac.at/en/research-topics/digital-health
https://eupid.eu/
About AIT