Researchers can now request health data and biosamples from German university medicine through the German Research Data Portal for Health (FDPG). Formerly, this was only possible for those involved in the Medical Informatics Initiative (MII), but the new portal’s opening suggests that stakeholders want a comprehensive legal release of all health data for research purposes. The data protection officers are examining whether a data protection impact assessment is required if pseudonymization is used.
The MII was funded by the Federal Ministry of Research, and data integration centers were set up for over 30 university medical locations. The FDPG, operated by the Technology and Methods Platform for Networked Medical Research (TMF), is now the central point of contact for applications and queries about the database.
The MII core data set encompasses modules on person, diagnosis, procedures, laboratory reports, medication, consent, and biosample data. No data can be passed on without the explicit consent of the patient, and researchers are contractually obliged to carefully protect the data and to delete all data at the end of the project at the latest.
Researchers must submit a positive ethics vote from their institution before making an application for data use. Use and Access Committees (UACs) will then decide on the application. If it is approved, pseudonymised data will be available via the portal, and if required, a “record linkage” will be carried out. Currently, researchers are facing a five-month application period.
Data that can identify a person directly, such as name, date of birth, and address, are initially pseudonymized, and persona identifying data will not be passed to third parties. The FDPG acts as an interface for researchers, and no particularly sensitive data is processed at the FDPG. Therefore a data protection impact assessment is currently not required for the FDPG, but there is an assessment for each location’s processing.
The data protection concept of the MII defines the procedure to be used for pseudonymization, and it only recognizes the “need to further develop the concept.” The new portal still has some launching-stage issues, such as standardization, which is why it is still in pilot operation, being tested in initial usage projects and continuously improved.