Versions Compared

Old Version 7

changes.mady.by.user Paula

Saved on

compared with

New Version 8

changes.mady.by.user Lauren White

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


– subject to the regulations – :

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.

A type of de-identification that both removes the association with a data subject and adds an association between a particular set of characteristics relating to the data subject and one or more pseudonyms. Typically, pseudonymisation is implemented by replacing direct identifiers (e.g. a name, a subject ID) with a pseudonym, such as a randomly generated value.

Data, which in connection with other information, can be used to identify an individual with high probability, e.g. age at baseline, race, gender, medical information, events, specific findings.

Re-establishment of the association between a set of identifying data and the data subject found in data or documents.

Data that can be used to uniquely identify an individual (e.g. study participant ID, social security number, exact address, telephone number, email address, government-assigned identifier) without additional information or cross-linking other information that is in the public domain.

The person-specific data separately recorded for each data subject in a clinical study.

Subject-level data that can be linked to data subject directly or indirectly, in particular by reference to details such as name, identification number, location data or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Term Definition Resource 
Adversary

A data user who intentionally or inadvertently learns or discloses information about a data subject through re-identification or attribution. This user may be motivated by a wish to discredit or otherwise harm the organisation disseminating the data, to gain notoriety or publicity, or to gain profitable knowledge about particular data subjects. Data adversaries are sometimes referred to as intruders, snoopers or attackers


Definition adapted from Elliot, M., Mackey, E., O’Hara, K. et al. The Anonymisation Decision-Making Framework (2016). UK Anonymisation Network. Accessed at: https://eprints. soton.ac.uk/399692/1/The-Anonymisation-Decision-makingFramework.pdf (last accessed 24 March 2021).
AnonymisationThe overall process of protecting the privacy of data subjects, including clinical study participants, and reducing the risk of re-identification by 1) modifying (e.g. suppressing, obscuring, aggregating, altering) identifiable information in structured data and documents, 2) assessing and controlling the residual risk of re-identification and 3) considering the context of the data release.Definition adapted from PHUSE: Data Anonymisation and Risk Assessment Automation, Version 1.0, . (9 June 2020, available from ). Accessed at: https://phuse.s3.eu-central-1. amazonaws.com/Deliverables/Data+Transparency/ Data+Anonymisation+and+Risk+Assessment+Automation.pdf (last accessed 18 March 2021).
Anonymised data and documentsData and documents that have been produced as the output of an anonymisation process.

Definition adapted from

the

International Organization for Standardization: ISO 25237:2017(en) Health informatics – Pseudonymization

,

. (January 2017

, available from

). Accessed at: https://www.iso.org/obp/ui/#iso:std:iso:25237:ed-1:v1:en (last accessed 23 March 2021)

; the

International Organization for Standardization: ISO/IEC 29100:2011(en) Information technology — Security techniques — Privacy framework

,

(December 2011

, available from

). Accessed at: https://www.iso.org/standard/45123.html (last accessed 24 March 2021).

Confidential business information (CBI)In respect of a person (individual or organisation) to whose business or affairs the information relates, means business information that is not publicly available, in respect of which the person has taken measures that are reasonable in the circumstances to ensure that it remains not publicly available, and that has actual or potential economic value to the person or their competitors because it is not publicly available and its disclosure would result in a material financial loss to the person or a material financial gain to their competitors. (In reference to clinical reports submitted to Health Canada, as defined in Canada’s Section 2 of the Food and Drugs Act.)Definition directly adapted from Health Canada: Guidance Document on Public Release of Clinical Information, Version 1.0, . (12 March 2019, available from ). Accessed at: https://www.canada.ca/en/health-canada/services/ drug-health-product-review-approval/profile-public-release-clinicalreleaseclinical-information-guidance.html (last accessed 18 March 2021).
Commercially confidential information (CCI)Any information contained in the clinical reports submitted to the European Medicines Agency (EMA) by the applicant/MAH which is not in the public domain or publicly available and where disclosure may undermine the legitimate economic interest of the applicant/MAH.Definition directly from the European Medicines Agency: External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use (Policy 0070), Version 1.4, . (9 November 2018, available from ). Accessed at: https://www.ema.europa.eu/en/human-regulatoryhumanregulatory/marketing-authorisation/clinical-data-publication/ support-industry/external-guidance-implementation-european-medicineseuropeanmedicines-agency-policy-publication-clinical-data (last accessed 18 March 2021).
Data subjectAn identified or identifiable natural person to whom a particular piece of data relates.

Definition adapted from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0

,

(10 June 2019

, available from

). Accessed at: https://phuse.s3.eu-central-1.amazonaws. com/Deliverables/Data+Transparency/Protection+of+Personal +Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021)

; Garfinkel SL. De

Garfinkel, S. L. (October 2015). ‘De-Identification of Personal

Information,

Information’. Internal Report 8053. National Institute of Standards and Technology

Internal Report 8053, October 2015, available from

. Accessed at: http://dx.doi. org/10.6028/NIST.IR.8053 (last accessed 18 March 2021)

; the UK Anonymisation Network: Elliot M

.

Elliot, M., Mackey, E., O’Hara, K. et al. (2016). The Anonymisation Decision-Making Framework

, 2016, available from

. UK Anonymisation Network. Accessed at: https://eprints.soton. ac.uk/399692/1/The-Anonymisation-Decision-making-Framework.pdf (last accessed 24 March 2021)

; the

.

International Association of Privacy Professionals: Glossary of Privacy Terms

, available from

. Accessed at: https://iapp.org/resources/glossary (last accessed 22

March 2021).		De-identificationDefinition adapted from PHUSE: Data Anonymisation and Risk Assessment Automation, Version 1.0, 9 June 2020, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Data+Anonymisation+and+Risk+Assessment+Automation.pdf (last accessed 18 March 2021).Protected personal data (PPD)Definition adapted from the European Union: Directive 95/46/EC (Data Protection Directive), 24 October 1995, available from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046 (last accessed 23 March 2021).PseudonymisationDefinition adapted from the International Organization for Standardization: ISO 25237:2017(en) Health informatics – Pseudonymization, January 2017, available from https://www.iso.org/obp/ui/#iso:std:iso:25237:ed-1:v1:en (last accessed 23 March 2021); Clinical Data Interchange Standards Consortium: Glossary, V15.0, 18 December 2020, available from https://www.cdisc.org/standards/glossary (last accessed 24 March 2021); Garfinkel SL. De-Identification of Personal Information, National Institute of Standards and Technology Internal Report 8053, October 2015, available from http://dx.doi.org/10.6028/NIST.IR.8053 (last accessed 18 March 2021); the National Institute of Standards and Technology: Computer Security Resource Center Glossary, available from https://csrc.nist.gov/Glossary (last accessed 22 March 2021).Pseudonymised data and documents

Data and documents that have been produced as the output of a pseudonymisation process.

Quasi identifier

Definition adapted from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0, 10 June 2019, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Protection+of+Personal+Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021); PHUSE: A Global View of the Clinical Transparency Landscape – Best Practices Guide, Version 1.0, 22 May 2020, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Clinical+Trials+Data+Transparency+Toolkit+Best+Practices+Guide.pdf (last accessed 18 March 2021);

PHUSE: De-Identification Standard for CDISC SDTM 3.2, Version 1.01, 20 May 2015, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/De-identification+Standard+for+SDTM+3.2+Version+1.0.xls (last accessed 22 March 2021); El Emam K. Guide to the De-Identification of Personal Health Information, Auerbach Publications 2013; PHUSE: Data Anonymisation and Risk Assessment Automation, Version 1.0, 9 June 2020, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Data+Anonymisation+and+Risk+Assessment+Automation.pdf (last accessed 18 March 2021).

Re-identification

Definition adapted from Garfinkel SL. De-Identification of Personal Information, National Institute of Standards and Technology Internal Report 8053, October 2015, available from http://dx.doi.org/10.6028/NIST.IR.8053 (last accessed 18 March 2021);the Information and Privacy Commissioner of Ontario: De-identification Guidelines for Structured Data, June 2016, available from https://www.ipc.on.ca/wp-content/uploads/2016/08/Deidentification-Guidelines-for-Structured-Data.pdf (last accessed 18 March 2021); the National Institute of Standards and Technology: Computer Security Resource Center Glossary, available from https://csrc.nist.gov/Glossary (last accessed 22 March 2021).

Re-identification risk

The probability that re-identification could occur.

Residual risk

A general term for any process of removing the association between a set of identifying data and a data subject present in data/documents. The association between data and subject is removed by modifying (e.g. removing, obscuring, aggregating, altering) identifiable information in structured data and documents.

Definition adapted from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0, 10 June 2019, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Protection+of+Personal+Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021); Garfinkel SL. De-Identification of Personal Information, National Institute of Standards and Technology Internal Report 8053, October 2015, available from http://dx.doi.org/10.6028/NIST.IR.8053 (last accessed 18

March 2021)

; Clinical Data Interchange Standards Consortium: Glossary, V15.0, 18 December 2020, available from https://www.cdisc.org/standards/glossary (last accessed 24 March 2021).		De-identified data and documents

Data and documents that have been produced as the output of a de-identification process.

Direct identifierDefinition directly from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0, 10 June 2019, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Protection+of+Personal+Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021).Individual patient or participant data (IPD)Definition directly from PHUSE: Protection of Personal Data in Clinical Documents – A Model Approach, Version 1.0, 10 June 2019, available from https://phuse.s3.eu-central-1.amazonaws.com/Deliverables/Data+Transparency/Protection+of+Personal+Data+in+Clinical+Documents+A+Model+Approach.pdf (last accessed 18 March 2021).Personal information (PI)

The risk of re-identification that remains on data or documents that have been produced as the output of an anonymisation process.