Data protection-compliant ways to use real world data

Background The secondary use of existing real world data is seen as a promising method of medical research that complements the conduct of closely controlled studies. However, these real world data are collected in very different situations and are therefore subject to heterogeneous framework conditions in terms of data protection. Objectives Supporting the privacy-compliant use of real world data. Materials and methods In addition to general data protection laws at the European, national, and state levels, areas of law specific to health data, such as medical confidentiality or social law, are also examined. Protection methods such as pseudonymization and anonymization are examined and classified. Results The processing of real world data usually leads to the application of data protection law. Clarifying responsibility under data protection law can be challenging in complex collaborative projects. The type of possible legal basis for processing depends on specific framework conditions as well as the type of processing. In addition, the data must be protected during processing by technical and organizational measures. Conclusions The data protection legal framework for the processing of real world data is complex. Simplification and harmonization have not even been achieved within Germany with the European General Data Protection Regulation. Certain ways of using this data, e.g., on the basis of broad consent or with the help of an agreed assessment in accordance with a research clause, involve a great deal of effort and expense and are thus generally only available to larger projects or infrastructures.