In Europe, the EU Charter of Fundamental Rights stipulates that EU citizens have the right to protection of their personal data. Additionally, EU and national legislation addresses patient data access, data linkage and consent issues, including duty of confidentiality. Therefore, while individual data custodians may have differing requirements related to what approvals are needed before their data can be released for a particular study, all studies conducted in Europe must meet all applicable legislation.
The General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on free movement of such data came into force on 24 May 2016. It repeals Directive 95/46/EC and is aimed at making data protection fit for the digital age.
Regulation (EC) No 45/2001 sets forth the rules applicable to the processing of personal data by EU institutions and bodies. On 10 January 2017, a proposal was put forward to amend those rules to bring them in line with the GDPR.
For interventional research, Directive 2001/20/EC and the Guidelines for Good Clinical Practice (Commission Directive 2005/28/EC) apply. Directive 2001/20 EC will be repealed when the Clinical Trials Regulation (Regulation (EU) No 536/2014) comes into application. It will also apply to trials authorised under the previous legislation if they are still ongoing three years after the Regulation has come into operation. In addition, marketing authorisation holders (MAHs) and investigators must follow relevant national guidance of those Member States where the study is being conducted.
Article 36 of the Commission Implementing Regulation (EU) No. 520/2012 specifies that for post-authorisation safety studies (PASS) imposed as an obligation, MAHs shall ensure that all study information is handled and stored in a way that ensure the confidentiality of the study records. The GVP Module VIII - Post-authorisation safety studies recommends that these provisions should also be applied to PASS that are voluntarily initiated, managed or financed by a MAH.
The ISPE Good pharmacoepidemiology practice provides recommendations on the protection of human subjects and refers to the ISPE guidelines on Data Privacy, Medical Record Confidentiality, and Research in the Interest of Public Health. It also recommends that the plans for protecting human subjects should be described in a stand-alone section of the study protocol.
Principles of scientific integrity and ethical conduct are paramount in any medical research. The Declaration of Helsinki provides ethical principles addressed primarily to physicians involved in medical research involving human subjects, including research on identifiable human material and data and is the main document on human research ethics. The ENCePP Code of Conduct offers standards for scientific independence and transparency of research in pharmacoepidemiology and pharmacovigilance and promotes best practice for the interactions between investigators and study funders in critical areas such as planning, conduct and reporting of studies. As a core transparency measure, it recommends that the protocols of all pharmacoepidemiology and pharmacovigilance studies should be registered in the European Union electronic Register of Post-Authorisation Studies (EU PAS Register), ideally before they start. The Code also recommends that study findings should be published irrespective of positive or negative results.
Guided by three core values (best science, strengthening public health and transparency), the ADVANCE Code of Conduct for Collaborative Vaccine Studies (Vaccine 2017;35(15):1844-55) includes recommendations about 10 topics: Scientific integrity, Scientific independence, Transparency, Conflicts of interest, Study protocol, Study report, Publication, Subject privacy, Sharing of study data, Research contract. Each topic includes a definition, a set of recommendations and a list of additional reading. The concept of the study team is introduced as a key component of the ADVANCE Code of Conduct with a core set of roles and responsibilities. It also provides direct access to a comprehensive list of relevant guidelines.
The Good Pharmacoepidemiology Practices (GPP) of the International Society for Pharmacoepidemiology (ISPE) proposes practices and procedures that should be considered to help ensure the quality and integrity of pharmacoepidemiological research, including detailed guidance for protocol development, roles and responsibilities, study conduct, communication, reporting of adverse events and archiving. The Good Epidemiology Practice (GEP) of the International Epidemiological Association addresses four general ethical principles for research (Autonomy, Beneficence, Non-maleficence and Justice) and proposes rules for good research behaviour in relation to working with personal data, data documentation, publication, the exercise of judgment and scientific misconduct.
The CIOMS International Ethical Guidelines for Health-related Research Involving Humans (Geneva: 2016) provides detailed commentary on how universal ethical principles should be applied, with particular attention to conducting research in low-resource settings. It includes 25 guidelines addressing different topics, settings and population groups concerned by health-related research.
The Recommendations for the Conduct, Reporting, Editing, and Publication of Scholarly work in Medical Journals by the International Committee of Medical Journal Editors (ICJME) include clear statements on ethical principles related to publication in biomedical journals. Authorship and contributorship, editorship, peer review, conflicts of interest, privacy and confidentiality and protection of human subjects and animals in research are addressed.
The Agency for Healthcare Research and Quality (AHRQ) published Registries to Evaluate Patient Outcomes: a User’s guide, Third Edition, 2014, which is a reference for establishing, maintaining and evaluating the success of registries created to collect data about patient outcomes. Section II: ‘Legal and Ethical Considerations for Registries’ is a specific chapter dedicated to ethics, data ownership, and privacy. The concepts within are focused on US law.