非洲的数据保护立法和加强大数据健康研究合规性的途径。

IF 3.6 2区医学 Q1 HEALTH POLICY & SERVICES Health Research Policy and Systems Pub Date : 2024-10-15 DOI:10.1186/s12961-024-01230-7

Nchangwi Syntia Munung, Ciara Staunton, Otshepeng Mazibuko, P J Wall, Ambroise Wonkam

{"title":"非洲的数据保护立法和加强大数据健康研究合规性的途径。","authors":"Nchangwi Syntia Munung, Ciara Staunton, Otshepeng Mazibuko, P J Wall, Ambroise Wonkam","doi":"10.1186/s12961-024-01230-7","DOIUrl":null,"url":null,"abstract":"Background: The increasing availability of large volumes of personal data from diverse sources such as electronic health records, research programmes, commercial genetic testing, national health surveys and wearable devices presents significant opportunities for advancing public health, disease surveillance, personalized medicine and scientific research and innovation. However, this potential is hampered by a lack of clarity related to the processing and sharing of personal health data, particularly across varying national regulatory frameworks. This often leaves researcher stakeholders uncertain about how to navigate issues around secondary data use, repurposing data for different research objectives and cross-border data sharing.Method: We analysed 37 data protection legislation across Africa to identify key principles and requirements for processing and sharing of personal health and genetic data in scientific research. On the basis of this analysis, we propose strategies that data science research initiatives in Africa can implement to ensure compliance with data protection laws while effectively reusing and sharing personal data for health research and scientific innovation.Results: In many African countries, health and genetic data are categorized as sensitive and subject to stricter protection. Key principles guiding the processing of personal data include confidentiality, non-discrimination, transparency, storage limitation, legitimacy, purpose specification, integrity, fairness, non-excessiveness, accountability and data minimality. The rights of data subjects include the right to be informed, the right of access, the right to rectification, the right to erasure/deletion of data, the right to restrict processing, the right to data portability and the right to seek compensation. Consent and adequacy assessments were the most common legal grounds for cross-border data transfers. However, considerable variation exists in legal requirements for data transfer across countries, potentially creating barriers to collaborative health research across Africa.Conclusions: We propose several strategies that data science research initiatives can adopt to align with data protection laws. These include developing a standardized module for safe data flows, using trusted data environments to minimize cross-border transfers, implementing dynamic consent mechanisms to comply with consent specificity and data subject rights and establishing codes of conduct to govern the secondary use of personal data for health research and innovation.","PeriodicalId":12870,"journal":{"name":"Health Research Policy and Systems","volume":null,"pages":null},"PeriodicalIF":3.6000,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11479556/pdf/","citationCount":"0","resultStr":"{\"title\":\"Data protection legislation in Africa and pathways for enhancing compliance in big data health research.\",\"authors\":\"Nchangwi Syntia Munung, Ciara Staunton, Otshepeng Mazibuko, P J Wall, Ambroise Wonkam\",\"doi\":\"10.1186/s12961-024-01230-7\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Background: The increasing availability of large volumes of personal data from diverse sources such as electronic health records, research programmes, commercial genetic testing, national health surveys and wearable devices presents significant opportunities for advancing public health, disease surveillance, personalized medicine and scientific research and innovation. However, this potential is hampered by a lack of clarity related to the processing and sharing of personal health data, particularly across varying national regulatory frameworks. This often leaves researcher stakeholders uncertain about how to navigate issues around secondary data use, repurposing data for different research objectives and cross-border data sharing.Method: We analysed 37 data protection legislation across Africa to identify key principles and requirements for processing and sharing of personal health and genetic data in scientific research. On the basis of this analysis, we propose strategies that data science research initiatives in Africa can implement to ensure compliance with data protection laws while effectively reusing and sharing personal data for health research and scientific innovation.Results: In many African countries, health and genetic data are categorized as sensitive and subject to stricter protection. Key principles guiding the processing of personal data include confidentiality, non-discrimination, transparency, storage limitation, legitimacy, purpose specification, integrity, fairness, non-excessiveness, accountability and data minimality. The rights of data subjects include the right to be informed, the right of access, the right to rectification, the right to erasure/deletion of data, the right to restrict processing, the right to data portability and the right to seek compensation. Consent and adequacy assessments were the most common legal grounds for cross-border data transfers. However, considerable variation exists in legal requirements for data transfer across countries, potentially creating barriers to collaborative health research across Africa.Conclusions: We propose several strategies that data science research initiatives can adopt to align with data protection laws. These include developing a standardized module for safe data flows, using trusted data environments to minimize cross-border transfers, implementing dynamic consent mechanisms to comply with consent specificity and data subject rights and establishing codes of conduct to govern the secondary use of personal data for health research and innovation.\",\"PeriodicalId\":12870,\"journal\":{\"name\":\"Health Research Policy and Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.6000,\"publicationDate\":\"2024-10-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11479556/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Health Research Policy and Systems\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1186/s12961-024-01230-7\",\"RegionNum\":2,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"HEALTH POLICY & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Health Research Policy and Systems","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1186/s12961-024-01230-7","RegionNum":2,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"HEALTH POLICY & SERVICES","Score":null,"Total":0}

引用次数: 0

摘要

背景：来自电子健康记录、研究计划、商业基因检测、国家健康调查和可穿戴设备等不同来源的大量个人数据日益增多，为促进公共卫生、疾病监测、个性化医疗和科研创新带来了巨大机遇。然而，由于个人健康数据的处理和共享缺乏明确性，特别是在不同国家的监管框架之间缺乏明确性，这种潜力受到了阻碍。这往往让研究人员的利益相关者不知道如何处理二次数据使用、为不同研究目标重新利用数据以及跨境数据共享等问题：我们分析了非洲的 37 项数据保护立法，以确定在科学研究中处理和共享个人健康和基因数据的主要原则和要求。在这一分析的基础上，我们提出了非洲数据科学研究计划可以实施的战略，以确保遵守数据保护法，同时有效地重复使用和共享个人数据，促进健康研究和科学创新：在许多非洲国家，健康和基因数据被归类为敏感数据，受到更严格的保护。指导个人数据处理的主要原则包括保密性、非歧视性、透明度、存储限制、合法性、目的明确性、完整性、公平性、非过度性、问责制和数据最小化。数据主体的权利包括知情权、查阅权、更正权、擦除/删除数据权、限制处理权、数据可携性权和寻求赔偿权。同意和充分性评估是跨境数据传输最常见的法律依据。然而，各国对数据传输的法律要求存在很大差异，这可能会对跨非洲的合作健康研究造成障碍：我们提出了数据科学研究计划可以采取的几项战略，以符合数据保护法。这些策略包括开发安全数据流的标准化模块、使用可信数据环境以尽量减少跨境传输、实施动态同意机制以符合同意的特殊性和数据主体的权利，以及制定行为准则以管理个人数据在健康研究和创新中的二次使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Data protection legislation in Africa and pathways for enhancing compliance in big data health research.

Background: The increasing availability of large volumes of personal data from diverse sources such as electronic health records, research programmes, commercial genetic testing, national health surveys and wearable devices presents significant opportunities for advancing public health, disease surveillance, personalized medicine and scientific research and innovation. However, this potential is hampered by a lack of clarity related to the processing and sharing of personal health data, particularly across varying national regulatory frameworks. This often leaves researcher stakeholders uncertain about how to navigate issues around secondary data use, repurposing data for different research objectives and cross-border data sharing.

Method: We analysed 37 data protection legislation across Africa to identify key principles and requirements for processing and sharing of personal health and genetic data in scientific research. On the basis of this analysis, we propose strategies that data science research initiatives in Africa can implement to ensure compliance with data protection laws while effectively reusing and sharing personal data for health research and scientific innovation.

Results: In many African countries, health and genetic data are categorized as sensitive and subject to stricter protection. Key principles guiding the processing of personal data include confidentiality, non-discrimination, transparency, storage limitation, legitimacy, purpose specification, integrity, fairness, non-excessiveness, accountability and data minimality. The rights of data subjects include the right to be informed, the right of access, the right to rectification, the right to erasure/deletion of data, the right to restrict processing, the right to data portability and the right to seek compensation. Consent and adequacy assessments were the most common legal grounds for cross-border data transfers. However, considerable variation exists in legal requirements for data transfer across countries, potentially creating barriers to collaborative health research across Africa.

Conclusions: We propose several strategies that data science research initiatives can adopt to align with data protection laws. These include developing a standardized module for safe data flows, using trusted data environments to minimize cross-border transfers, implementing dynamic consent mechanisms to comply with consent specificity and data subject rights and establishing codes of conduct to govern the secondary use of personal data for health research and innovation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Health Research Policy and Systems HEALTH POLICY & SERVICES-

CiteScore

7.50

自引率

7.50%

发文量

124

审稿时长

27 weeks

期刊介绍： Health Research Policy and Systems is an Open Access, peer-reviewed, online journal that aims to provide a platform for the global research community to share their views, findings, insights and successes. Health Research Policy and Systems considers manuscripts that investigate the role of evidence-based health policy and health research systems in ensuring the efficient utilization and application of knowledge to improve health and health equity, especially in developing countries. Research is the foundation for improvements in public health. The problem is that people involved in different areas of research, together with managers and administrators in charge of research entities, do not communicate sufficiently with each other.