JMIR Publications

ABSTRACT

Background:

The secondary use of clinical data in data-gathering, non-interventional research or learning activities (SeConts) bears great potential for scientific progress and health care improvement. At the same time, it poses relevant risks for privacy and informational self-determination of the patients whose data are used. A tailored framework for risk assessment in SeConts is still lacking and so does a clarification of the concept and practical scope of SeConts.

Methods:

(1) We analyze each element of the concept of SeConts to provide a synthetic definition. (2) We investigate the practical relevance and scope of SeConts through a literature review. (3) We operationalize the widespread definition of risk (as a harmful event of a certain magnitude that occurs with a certain probability) in order to conduct a tailored analysis of privacy risk factors typically implied in SeConts.

Results:

(1) We offer a conceptual clarification and a definition of SeConts. (2) We provide a list of types of research and learning activities that can be subsumed under the definition of SeConts. We also offer a proposal for the classification of SeConts types into the categories “non-interventional (observational) clinical research”, “quality control and improvement”, or “public health research”. (3) We provide a list of risk factors that determine either probability or magnitude of harm implied in SeConts. Discussion: The risk factors mentioned above provide a framework for assessing the privacy-related risks for patients implied in SeConts. We illustrate the usage of the risk assessment by applying it to a concrete example. Conclusion: In the future, research ethics committees and data use and access committees will be able to rely on and apply the framework offered here when reviewing projects of secondary use of clinical data for learning and research purposes.