FAQs for researchers
Specific requirements apply for the release of personal data relating to health, as such data is classified as sensitive under the General Data Protection Regulation (GDPR). This means, for example, that research involving such data is always subject to authorisation from the Swedish Ethical Review Authority (EPM), and that security surrounding the processing of such data must be stringent. The researcher should also be well informed regarding the rights of the data subject and ensure these rights can be upheld.
Region Stockholm created the Centre for Health Data in 2019. The Centre for Health Data is a new collaborative organisation within Region Stockholm dedicated to providing a hub for researchers who require access to health data. Researchers refer to the Centre in order to retrieve data for research purposes from Region Stockholm's healthcare system. The department will perform a service role for those who are entitled to gain access to health data for research and development purposes, as well as the healthcare providers who own such data. The Centre for Health Data may also refer to Region Stockholm's Public Healthcare Services Administration (sjukvårdsförvaltningen) to gain access to adequate data.
The decisions of the Swedish Ethical Review Authority (EPM) relate to ethical aspects of research products and any personal data utilised by such projects. This is just one part of the healthcare providers' decision-making process prior to the release of data. Once data has been released, the principal research entity becomes (Personal) Data Controller for the data obtained as well as the personal data processing taking place on the research project.
As a general rule, consent is required from the patient before his/her data may be used for research purposes. There are also far-reaching requirements regarding the information to be given to the patient before such consent is obtained (for example, see this information from The Swedish Data Protection Authority). Nevertheless, healthcare providers have legal support for the release of patient data to researchers without having obtained consent following a so-called personal data protection test (menprövning in Swedish). The concept of “Men” refers to harm or disadvantage, and can be found in Chapter 25, Section 1 of the Swedish Public Access to Information and Secrecy Act, among other sources.
- The Centre for Health Data will not have its own database, rather, it will coordinate the release of data for purposes permitted under applicable confidentiality and data legislation. An extensive confidentiality examination will take place before each release of data. Among other things, this examination includes assessment of the recipient’s ability to guarantee confidentiality and security in relation to the data to which it gains access. Healthcare providers in Region Stockholm perform a thorough examination and personal data protection test for every application received, which is subsequently coordinated by the Centre for Data Health.
- To apply for access to data for research purposes you must be actively engaged in research at a university or higher education institution, or within healthcare. Life science companies and other external organisations are requested to coordinate their applications through one of three aforementioned representatives.
In addition to the form above, you must send the following:
- Application to the Swedish Ethical Review Authority (EPM), including appendices and additional applications.
- Decision from the EPM.
- Information for patient and consent form. (Please note! If there are multiple versions of the patient information and consent forms, all of these must be enclosed. If consent is not obtained, this must be indicated in the Swedish Ethical Review Authority’s decision.)
- Variable list with a specification of the personal data required for the purpose of research.
- Data Processing Agreement
- Data Transfer Agreements or standard contractual clauses for transfers to third countries.
Completed applications are emailed to firstname.lastname@example.org
You are welcome to contact the Centre for Health Data for advice before applying to retrieve data. To get in touch, please email email@example.com
Ethically reviewed direct access to journals for research purposes is administered and decided upon by individual healthcare providers. For access to journal copies, contact the operations manager for the entity in question.
A public document is one which already exists, for example, a journal document (either paper-based or digital). Such documents (paper-based, digital or stored on a USB drive) may be released directly by operations managers or where the document is located (for example, the register).
A potential document is one that does not yet exist, and must be compiled. This may involve compilation of information (data) from various databases, for example, "visit dates and diagnosis code".
As journal documents are classed as public documents, there is no need to apply for access to copies of journals via the data retrieval form. For access to journals, refer directly to the operations manager for the clinic in question. If it is necessary to identify which journals are to be retrieved, that is, a technician or administrator must perform a search, this is no longer a public document. Such documents are classed as potential and must be applied for via the form.
As things stand, Region Stockholm does not charge researchers who require access to data for research purposes. An investigation is under way that will determine the fee structure in future. In cases where Region Stockholm engages subcontractors that handle the data retrieval themselves, a fee may be charged by them.
There are several reasons, for example:
- Poor data quality.
- The data requested is missing.
- A patient refuses to give their consent.
This depends on a number of factors, such as the number of systems from which data is retrieved, whether our technicians can retrieve the data themselves or an external supplier is required and whether the data must be cleaned, rendered anonymous and/or run in conjunction with other data files, etc.
The Centre for Health Data aims to issue a response within three months of the date on which completed applications are received (applications which are incomplete or unclear may be returned to the researcher for revision).
Always get in touch with Stockholms Medicinska Biobank early in the process for help with composing your application (including applications to the Swedish Ethical Review Authority) regarding tests, and for retrieval of tests. Email firstname.lastname@example.org
Retrieval as outlined above may require two steps. 1) Firstly, a patient group is identified via some type of data source, for example, a quality register or health database. 2) Stockholms Medicinska Biobank will then retrieve tests performed on these patients in accordance with the EPM-approved research plan. The Biobank can provide assistance with step 1.