Policy EMA/0070 – part 2
Anonymization of clinical reports for publication (III)
Anonymization process (Section 6.3)
To facilitate the companies’ approach to the anonymization process, it is recommended to follow the process described below:
- Determine the direct identifiers and the quasi-identifiers in the dataset
- Identify the possible adversaries and plausible attacks on the data and evaluation of the risk of re-identification
- Consider data utility
- Determine the risk related to the re-identification threshold
- Evaluate the actual risk of re-identification
- Establish the anonymization methodology
- Document the anonymization methodology and process.
Reporting on the anonymization process (Section 6.4)
The anonymization report must be submitted to the Agency together with the anonymized clinical reports; it should contain information on:
- the anonymization process, including the methodology (the techniques used and the rationale for using them),
- the outcome of the analysis of the risk of re-identification or, alternatively, the confirmation that the three criteria for anonymization have been fulfilled.
The report must be published by the Agency together with the anonymized clinical reports.
Redaction of personal data of individuals other than trial participants (section 7)
In the context of the implementation of the CT Regulation, the Agency is currently performing a Privacy Impact Assessment (PIA) to establish the functionalities of the database, in particular with regard to the data fields to be made publicly accessible.
The outcome of the PIA will be included in the guidance. However, it is anticipated that Personal data of individuals other than patients, i.e. investigators, Sponsor staff and MAH/Applicant staff will not be published with the following exceptions:
- the (principal) investigators and their sites
- the signatories of the clinical study report
- the signatories of the clinical overviews
- the signatories of the clinical summaries.
In any case, the contact details and signature of these latter should be redacted. Personal data relating to all other clinical study personnel should also be redacted. Data pertaining to the above exceptions in other parts of the CSR will be redacted as they may give away geographical information (e.g. site number, site address, investigator names) that could be linked to patients and hence may enable their identification.
Legal framework and available standards (Section 3)
Finally, we recap the sources mentioned in section 3, dedicated to the regulatory framework currently in force in the EU, to the guidelines and standards regarding anonymization of personal data on which the guidance developed by the Agency is based.
- Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of 60 individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, of 18 December 2000.
- Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, of 24 October 1995.
- Opinion 05/2014 on anonymization techniques of the Article 29 Data Protection Working Party.
- Opinion 06/2013 on open data and public sector information reuse of the Article 29 Data Protection Working Party.
- Information Commissioner’s Office (ICO) Code of Practice. Anonymization: managing data protection risk.
- Sharing clinical trial data: Maximizing benefits, minimizing risk. Institute of Medicine (IOM). 2015. Washington, DC: The National Academies Press.
- Pharmaceutical Users Software Exchange (PhUSE) de-identification standards for CDISC SDTM 3.2
- Transcelerate BioPharma Inc.
- Clinical Study Reports Approach to Protection of Personal Data.
- Data De-identification and Anonymization of Individual Patient Data in Clinical Studies – A Model Approach.
- White Paper on Anonymization of Clinical Trial Data Sets. International Pharmaceutical Privacy Consortium (IPPC).
- Scientific literature.