Out-Law / Your Daily Need-To-Know

Data protection reforms should enable 'one time' patient consent to use of their data in medical research, says health body

Out-Law News | 29 Jul 2014 | 4:26 pm | 2 min. read

New EU data protection laws should not force medical researchers to seek consent from patients each time they wish to use their data or tissue samples in a new research project, the European Society of Medical Oncologists (ESMO) has said.

ESMO warned that "the survival of retrospective clinical research, biobanking, and population-based cancer registries in the EU" would be put at risk if current proposals backed by MEPs earlier this year are introduced into law.

It said that the MEP's plans "imposes, or may be interpreted as imposing, the requirement for researchers to ask for a patient's ‘specific’ consent every single time new research is carried out on already available data and/or tissues", and said this would "lead to the necessity of researchers continuously asking patients to ‘re-consent’ for every single use of their data."

ESMO said that it would be better if the new General Data Protection Regulation gave medical researchers the right to use patient data and tissues "forever" on the basis of a "one-time consent" to that use from patients.

"This consent could be withdrawn by the patient at any time, but researchers should not be compelled to ask for ‘re-consent’ by patients whenever new research is planned on their data and/or tissues," ESMO said in a new position paper on the risks of the proposed new EU data protection framework. "We should simply avoid the notion of a ‘specific’ consent, which would result in researchers needing to obtain continuous patient re-consent every time new research is carried out. Continually obtaining ‘specific’ consent is practically unfeasible, time-consuming, administratively burdensome, expensive, and also intrusive into patients' lives even many years after their disease experience."

"It is important to note that our position of advocating for a ‘one-time’ consent means that patients will be informed that their data/tissues will be used for future research, and they will be informed about the conditions under which their data and tissues will be stored, making the protection safeguards a part of their consent. Under this scenario, the patient retains the right to deny the consent and to withdraw it at any time. Thus, a more or less broad, ‘one-time’, withdrawable consent would allow patients – if, and only if, they are willing – to ‘donate’ their data and/or tissues to promote the public interest of future health research," it said.

ESMO said, though, that the data protection reforms should also contain an exception to the requirement for consent to personal data processing for health research purposes if the research being conducted was "public health epidemiological research through population-based disease registries".

Allowing individuals to opt out of the use of their data in such research risks undermining reliability on the conclusions that could be drawn from that research, it said.

"In the field of public health research, disease registration is now well established and has led to many major advances," ESMO said. "In oncology, it provided reliable population-based data on incidence, prevalence, and survival rates of cancers. These data have been crucial in understanding trends in cancer occurrence – i.e. to trace cancers to their specific causes, to correlate survival with changes in health organisation, to assess the outcome of newly implemented treatments, to plan new actions in health policy, to establish cancer plans and measure their effectiveness, and so on."

"By definition, cancer registries can only fulfil the essential goals of public health if they can collect and scrutinise entire patient populations. For this reason, they are incompatible with any requirement of individual consent. If a patient is allowed not to consent, the data provided by the relevant registry will be incomplete or unrepresentative, and can lead to incorrect conclusions," it said.

A new General Data Protection Regulation was proposed by the European Commission in January 2012 and since then EU law makers in the European Parliament and within the Council of Ministers have scrutinised the proposals and suggested a number of amendments. Both the Parliament and Council must give support to single wording of the Regulation before it can come into force.

The Parliament has agreed on its own internal position on the proposals but negotiation over the final wording has yet to begin as the Council has yet to reach agreement on its own position on the reforms.