Abstract
This paper provides the description of possible, desirable interactions between biobanks and the genetic data they process on the one side, and a regulatory concept that is becoming crucial in the European and Italian privacy law context, namely Electronic Health Records (EHR) on the other. The computerized processing of personal health data via digital platforms has received by the Italian Data Protection Authority a regulatory definition which appears to be quite narrowly constructed around the idea that this kind of data treatment will be authorized only if carried on for the purpose of providing a medical service for the therapeutic or diagnostic benefit of the patient.
The interactive treatment of genetic data combining health data providing a follow up of the health conditions of the original donor is crucial in the so called post-genomic era. Bioinformatics itself is characterized by a series of activities taking place at the informational level, like acquisition, storage, distribution, analysis and interpretation. Providing health services based also on individual genetic identities and on the knowledge of genomic risks of patients will enhance the efficacy of health care.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The European legislator—with the famous Directives 95/46/ECand 2002/58/EC—intervened, devoting to the problem of health data processing an ad hoc regulation, thus highlighting the specificity and the dangers that operations relating to this particular category of data may show. Regarding data protection regulation in general, see: Bygrave (2002); Guarda (2008), p. 65. At the national level, Italian legislator (at art. 4, co. 1, lett. d) of Legislative Decree 30 June 2003, n. 196 (Code for protection of personal data; hereinafter: Privacy Code) defines so-called “sensitive data” as follows: “personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life”. In order to process this kind of information a stricter and more protective discipline has been provided, since their collection, communication and dissemination may present the data subject to which they pertain with several serious risks of discrimination. With respect to health data processing in the Italian legal system, see: Buttarelli (1997); Caggia (2007), p. 405; Finocchiaro (2008), p. 207; Palmerini (2007), p. 1303; Viciani (2007), p. 315. An old, but very interesting, essay on health data and privacy by an economic analysis perspective in Schwartz 1997, p. 1.
- 3.
For further information see a recent study on the relationship between genetic data and biolaw: Casonato et al. (2011).
- 4.
- 5.
See in general Guarda, Fascicolo (2011); Froomkin (2008a, b); Terry and Francis (2007); Hall (2009); Hoffman and Podgurski (2006); Jacobson (2002); Terry (2008). For a further analysis with respect to the incorporation of legal principles of privacy into digital architecture see: Guarda and Zannone (2009), p. 337.
- 6.
See Cushman (2008).
- 7.
This document proposes the following definition of this new instrument: “A comprehensive medical record or similar documentation of the past and present physical and mental state of health of an individual in electronic form, and providing ready availability of these data for medical treatment and other closely related purposes”.
- 8.
It is also worth mentioning another General Provision that provides some guidelines on online medical reporting: Garante per la protezione dei dati personali (2009).
- 9.
Digital technologies and, in particular, the so-called Web 2.0 encourage and, in some ways determine, this need-to-know that distinguishes the user of the network and, more generally, individuals of this beginning of the third millennium.
- 10.
- 11.
- 12.
LG FSE, p. 2.9.
- 13.
LG FSE, p. 2.11. On the use of information from EHR systems for purposes of medical research see Willison (2009).
- 14.
Roden et al. (2008), p. 362, with specific reference to the relationship between biobanks and Electronic Medical Records (EMR): “Coupling these biobanks to electronic medical record (EMR) systems has the potential to enable investigators in the field of genomics to search, record and analyze phenotypic information pertaining to large numbers of patients in a “real word” context”. On the desirable return to the donor of the results of research conducted in biobank research see Skene (2009).
- 15.
The expression is taken, with special reference to the techniques of de-identification, by Maliapen (2009), p. 3.
- 16.
Townend et al. (2009), p. 137: “the new genetic data processing possibilities are in potential conflict with these fundamental rights, because the real value of research and biobanking research using genetic data will be in the ITS relation to the medical and environmental life-story of the data subject”.
- 17.
Zarabzadeh et al. (2009), p. 177, the aspects that should be taken to protect the confidentiality of those who undergo the genetic testing are investigated, spec. p. 179: “ensuring the confidentiality of participant data at all times is an essential aspect of biobank operation”.
- 18.
Rivers of ink have been spilled on this issue, in which the doctrine has never stopped being interested: see, among many, Macilotti (2009); Juso (2004), p. 6; Casini and Sartea (2009), p. 1121; Casonato (2009), p. 1052; Brownsword (2009), p. 83; Viciani (2007), p. 315; Godard et al. (2003), p. S88; Viciani (1996), p. 272.
- 19.
The effect of withdrawal of consent is the immediate destruction of the sample and the data associated with it or its complete anonymisation, preventing their traceability to the donor, with all the concerns already expressed above. This is also appointed by the Authorisation of the processing of genetic data by the Italian Privacy Authority, February 22, 2007, which, in paragraph 6, states that: “[…] In accordance with art. 23 of the Code, the consent shall be valid only if the person is free from any conditioning or coercion and is freely revocable at any time. In the case where a person withdraws consent to the processing of data for research purposes, the biological sample is also destroyed if it has been taken for such purposes, except that, by the beginning or following treatment, the sample can no longer be referred to an identified or identifiable person” (this authorisation has been recently re-extended until 30 June 2011 by the deliberation of Privacy Authority of 23 December 2010). See in general Helgesson and Johnsson (2005), p. 315.
- 20.
See Caplan (2006), p. 661.
- 21.
- 22.
- 23.
Maliapen (2009), p. 2, which splits in two the de-identification techniques: those that allow the re-identification (Patient De-identification System), and those that prevent it a priori (Toolkit based Encryption System).
- 24.
A further study on the general theme of the re-identification of anonymised data can be read in Cunha de Azevedo et al. (2011), p. 641.
- 25.
- 26.
For further information see Green (2009), part 8.
References
Barbareschi M, Cotrupi S, Guarrera GM (2008) Biobanca: strumentazione, personale, analisi dei costi. Pathologica 100:139–143
Comitato Nazionale per la biosicurezza e le biotecnologie – Gruppo di lavoro Bioinformatica (2005) Linee guida per la definizione di una strategia per lo sviluppo del settore della bioinformatica in Italia con particolare attenzione all’ambito biomedico. http://www.governo.it/biotecnologie/documenti/2.bioinformatica.pdf. Accessed 5 Mar 2012
Bregman-Eschete Y (2006) Genetic databases and biobanks: who controls our genetic privacy? Santa Clara Comput High Technol Law J 23:1–54
Brownsword R (2009) Consent in the Data Protection Law: Privacy, Confidentiality and Fair Processing. In: Gutwirth S, Poullet Y, De Hert P, De Terwangne C, Nouwt S (eds) Reinventing data protection? Springer, Dordrecht, pp 83–110
Buttarelli G (1997) Banche dati e tutela della riservatezza. La privacy nella Società dell’Informazione. Giuffré, Milano
Bygrave LA (2002) Data protection law. Approaching its rationale, logic and limits. Springer, The Hague/London/New York
Caggia F (2007) Il trattamento dei dati sulla salute, con particolare riferimento all’ambito sanitario. In: Cuffaro V, D’Orazio R, Ricciuto V (eds) Il codice del trattamento dei dati personali. Giapichelli, Torino, p 405
Cangelosi G (2007) I servizi pubblici sanitari: prospettive e problematiche della telemedicina. In: Il Diritto di famiglia e delle persone, fasc. 1, pt 2, pp 431–481
Caplan L (2006) Consent and anonymization in research involving biobanks. EMBO Rep 7(7):661–666
Casini M, Sartea C (2009) La consulenza genetica in Italia: problemi, regole di consenso informato, trattamento dei dati genetici e privacy. In: Medicina e morale, fasc. 6, pp 1121–1151
Casonato C (2009) Il consenso informato. Profili di diritto comparato. In: Casonato C, Frosini TE, Groppi T (eds) Diritto pubblico comparato ed europeo. Giapichelli, Torino, pp 1052–1073
Casonato C, Piciocchi C, Veronesi P (2011) Forum BioDiritto—I dati genetici nel biodiritto. Cedam, Padova
Cushman R (2008) PHRs and the next HIPAA. http://www.projecthealthdesign.org/media/file/PHR_HIPAA2.pdf. Accessed 5 Mar 2012
Cunha de Azevedo MV, Andrade N, Doneda D (2010) La re-identificazione dei dati anonimi e il trattamento dei dati personali per ulteriore finalità: sfide alla privacy. In: Ciberspazio e Diritto, fasc. 4, pp 641–655
Den Besten M (2003) The rise of bionformatics. http://ssrn.com/abstract=1521649. Accessed 5 Mar 2012
Finocchiaro G (2008) Il trattamento dei dati sanitari: alcune riflessioni critiche a dieci anni dall’entrata in vigore del Codice in materia di protezione dei dati personali. In: Ferrari GF (ed) La legge sulla privacy dieci anni dopo. Egea, Milano, pp 207–220
Froomkin AM (2008a) Forced sharing of patient-controlled health records. Working paper. http://www.projecthealthdesign.org/media/file/Forced-sharing.pdf. Accessed 5 Mar 2012
Froomkin AM (2008b) The new health information architecture: coping with the privacy implications of the personal health records revolution. UM ELSI Group for Project HealthDesign. http://www.projecthealthdesign.org/media/file/social-life-info-15.pdf. Accessed 5 Mar 2012
Garante per la protezione dei dati personali (2009) Linee guida in tema di referti. http://www.garanteprivacy.it/garante/doc.jsp?ID=1630271. Accessed 5 Mar 2012
Godard B, Schmidtke J, Cassiman JJ, Ayme S (2003) Data storage and DNA banking for biomedical research: informed consent, confidentiality, quality issues, ownership, return of benefits. A professional perspective. Eur J Hum Genet 11(Suppl 2):S88–S122
Green AJ (2009) Chains of duty and trust in health information management. Stud Ethics Law Tech 3(1):Art 7
Guarda P (2008) Data protection, information privacy, and security measures: an essay on the European and the Italian legal frameworks. Ciberspazio e Dir 65. http://eprints.biblio.unitn.it/archive/00001524. Accessed 5 Mar 2012
Guarda P (2011) Fascicolo sanitario elettronico e protezione dei dati personali. Università degli Studi di Trento, Trento. http://eprints.biblio.unitn.it/archive/00002212. Accessed 5 Mar 2012
Guarda P, Zannone N (2009) Towards the development of privacy-aware systems. Inform Softw Technol 51:337–350
Hall MA (2009) Property, privacy and the pursuit of integrated electronic medical records. http://ssrn.com/abstract=1334963. Accessed 5 Mar 2012
Häyry M, Chadwick R, Arnason V, Arnason G (eds) (2007) The ethics and governance of human genetic databases, European perspectives. Cambridge University Press, Cambridge
Helgesson G, Johnsson L (2005) The right to withdraw consent to research on biobank samples in medicine. Health Care Philos 8(3):315–321
Hoffman S, Podgurski A (2006) In sickness, health, and cyberspace: protecting the security of electronic private health information. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=931069. Accessed 5 March 2012
Izzo U (2000) Medicina e diritto nell’era digitale: i problemi giuridici della cibermedicina. In: Danno e responsabilità, fasc. 8–9, pp 807–818
Jacobson PD (2002) Medical records and HIPAA: is it too late to protect privacy? Minn Law Rev 86:1497–1514
Juso R (2004) Dati sensibili e consenso informato: profili costituzionali e legislativi. Ragiusan 237:6
Kaye J, Stranger M (eds) (2009) Principles and practice in biobank governance. Ashgate, Farnham
Macilotti M (2008) Proprietà, informazione ed interessi nella disciplina delle biobanche a fini di ricerca. Nuova giur Civ VII:222–235
Macilotti M (2009) Consenso informato e biobanche di ricerca. Nuova Giur Civ II:153–165
Macilotti M (2012) Biobanche. In: Digest Civ. Utet, Torino
Macilotti M, Izzo U, Pascuzzi G, Barbareschi M (2008) La discipina giuridica delle biobanche. Pathologica 100:86–101
Maliapen M (2009) Clinical genomic data use: privacy protecting patients rights. Stud Ethics Law Technol 3(1): Art. 1, 3
Monti A (2006) Bioninformatica e diritto d’autore. La conoscenza ha bisogno di codici aperti. Ciberspazio e Diritto 511–534
Palmerini E (2007) Commento all’art. 84. In: Bianca CM, Busnelli FD (eds) La protezione dei dati personali. Commentario al D. Lgs. 30 giugno 2003, n. 196 (“Codice Privacy”). Cedam, Padova, II, p 1303
Roden DM, Pulley JM, Basford MA, Bernard GR, Clayton EW, Balser JR, Masys DR (2008) Development of a large-scale de-identified DNA biobank to enable personalized medicine. Clin Pharmacol Therap 84(3):362–369
Rodota’ S (2000) Tra diritto e società. Informazioni genetiche e tecniche di tutela. In: Rivista critica del diritto privato, fasc. 4, pp 571–604
Schwartz PM (1997) Privacy and the economics of health care information. Tex Law Rev 76:1
Sinha A (2000) An overview of telemedicine: the virtual gaze of health care in the next century. Med Anthropol Q New Ser 14(3):291–309. http://www.jstor.org/stable/649500. Accessed 5 Mar 2012
Skene L (2009) Feeding back relatives and significant findings to participants. In: Kaye J, Stranger M (eds) Principles and practice in biobank governance. Ashgate, Farnham, pp 161–175
Terry NP (2008) Personal health records: directing more costs and risks to consumer. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1248768. Accessed 5 Mar 2012
Terry NP, Francis LP (2007) Ensuring the privacy and confidentiality of electronic health records. Univ Illinois Law Rev 681–735
Townend D, Taylor MJ, Wrights J, Wickins-Drazilova D (2009) Privacy interests in biobanking: a preliminary view on a European perspective. In: Kaye J, Stranger M (eds) Principles and practice in biobank governance. Ashgate, Farnham, pp 137–159
Viciani S (1996) L’autodeterminazione “informata” del soggetto e gli interessi rilevanti (a proposito dell’informazione sul trattamento sanitario). In: Rassegna di diritto civile, fasc. 2, pp 272–308
Viciani S (2007) Brevi osservazioni sul trattamento dei dati interenti la salute e la vita sessuale in ambito sanitario. In: Rivista critica del diritto privato, fasc. 2, pp 315–323
Willison DJ (2009) Use of data from the electronic health record for health research—current and potential governance challenges approaches. http://www.priv.gc.ca/information/pub/ehr_200903_e.pdf. Accessed 5 Mar 2012
Zarabzadeh A, Bradley RWG, Grimson J (2009) Participant ensuring privacy in networked biobanks. In: Kaye J, Stranger M (eds) (2009) Principles and practice in biobank governance. Ashgate, Farnham, pp 177–189
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Guarda, P. (2013). Biobanks and Electronic Health Records: Open Issues. In: Pascuzzi, G., Izzo, U., Macilotti, M. (eds) Comparative Issues in the Governance of Research Biobanks. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33116-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-33116-9_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33115-2
Online ISBN: 978-3-642-33116-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)