FAQ - Area

The data in the AKTIN emergency admission register undergoes a multi-stage anonymisation process. The data is collected locally in a one-way pseudonymised form and queried anonymously. Both in the data query and in the subsequent processing by the Trusted Data Analysing Centre, the anonymity of the data is successively increased by reducing the data and increasing the number of cases.

The k-anonymity of the data in the AKTIN infrastructure is successively increased at various times and in various work steps. The local processing of data in the area of responsibility of the participating clinics is pseudonymised once. For scientific analyses, the data can be queried in accordance with the requirements of the Data Use and Access Committee and with the consent of the locally responsible person at the respective clinic. In such a data query, the data is anonymised by removing all identifying data such as one-way pseudonymised IDs. Data reduction is implemented in the data queries (SQL syntax) - i.e. still locally in the clinics. The query is checked locally before the queried data is collected centrally in the AKTIN Broker. Anonymous data from different locations is aggregated externally; this allows K-anonymity to be increased by increasing the number of cases. The content of the data is then processed by the Trusted Data Analysing Centre. The TDAC checks for K-anonymity and I-diversity and carries out further data reduction and data aggregation if necessary. The anonymised data can then be passed on to researchers for scientific analysis.

The data in the AKTIN infrastructure undergoes a multi-stage anonymisation process. For scientific analyses, data can be queried in accordance with the requirements of the Data Use and Access Committee and with the consent of the local person responsible at the respective clinic. During such a data query, the data is anonymised by removing all identifying data such as one-way pseudonymised IDs. Additional data reduction and data aggregation is implemented in the queries themselves and in the subsequent processing by the Trusted Data Analysing Centre before the data is then passed on to researchers for scientific analysis.

Only one-way pseudonymised data is stored in the local data warehouse (DWH). It is not possible to assign this data directly to patients. The DWH can only be accessed in the associated Emergency Departments or in the associated hospital.

Site coordinators are responsible for deciding on the provision of data in the Emergency Departments. Site coordinators are appointed by the site. If necessary, the role can be filled jointly by one or more persons. They are responsible for the implementation of and compliance with all ethical, legal, contractual and organisational requirements for data management. They are therefore responsible for a local review of each enquiry, as well as for determining and checking compliance with the applicable anonymity criteria by their own institution. The site coordinator(s) must agree to a research enquiry before it is carried out on the data of the corresponding site. They can view the results tables before they are sent out.

A rights and role concept with access rights is integrated in the AKTIN Datawarehouse (DWH). Employees only have access with a personal account and associated password. Accounts (and therefore criteria for authentication) are managed by the locations themselves. Automatic password protection measures such as minimum content and length requirements, updates and blocking in the event of incorrect logins are implemented in a new version of the AKTIN DWH software.

The aim is to conclude contracts for order processing between RWTH Aachen University and the participating locations. The exact structure is currently being clarified.

AKTIN provides a sample draft of the patient information. The clinic is responsible for providing patients with information in the Emergency Departments and in the treatment contract.

One-way pseudonymised data is stored in the local data warehouse (DWH), i.e. within the Emergency Departments. It is not possible to assign this data directly to patients. A patient's objection can be registered in the AKTIN Consent Manager using a case or patient number and the patient's data can then be deleted by the AKTIN IT team. An automated deletion function will be implemented in a new version of the AKTIN DWH software.

Anonymised data that is available in the Trusted Data Analyzing Center or for evaluation by researchers can no longer be deleted as it can no longer be assigned.

Patient data is deleted according to the company's requirements. Currently, data can be deleted from the databases using SQL syntax. An automated deletion function (after a configurable period of time) will be implemented in a new version of the AKTIN DWH software.

Anonymised data that is available in the Trusted Data Analyzing Center or for evaluation by researchers can no longer be deleted, as it can no longer be assigned.

Data can only be requested for scientific analyses in accordance with the requirements of the Data Use and Access Committee (DUAC) and the publication regulations of participating clinics and external researchers from public research institutions and medical societies. Researchers do not have to belong to a site or project. The DUAC determines or checks who is a suitable researcher.

The data stored in the local data warehouse is generally owned by the respective institution. For location-based researchers, i.e. researchers who are employed at the location, the requirements of the location apply.

In special cases (e.g. for periodic queries in the context of infection surveillance), anonymised raw data may be passed on to researchers if this has been approved in advance by the Data Use and Access Committee (DUAC) and either sufficient anonymisation is already provided on the basis of the query (e.g. structure of the data, automated anonymisation) or another legal basis (e.g. for reasons of public interest in the area of public health, such as protection against serious cross-border health risks in the event of a pandemic in accordance with Section 22 (1) No. 1 lit. c BDSG in conjunction with Art. 9 (2) lit. g GDPR) exists for the data transfer. An evaluation centre is then set up by the researchers. This must be described accordingly in the request to DUAC; if necessary, an additional data protection concept must be drawn up. The DUAC requirements apply.

This is an error in the data protection concept version 2.0 from 24/08/2020. Only one-way pseudonymised data is stored in the local data warehouse. It is not possible to assign this data directly to patients. There are therefore no allocation lists.

The pseudonymised storage of data within clinics in the context of treatment for quality assurance purposes is permitted. According to Art. 9 GDPR (2) lit. i., such data storage in a local data warehouse is justified if it serves "to ensure high standards of quality and safety of healthcare [...]". In addition, appropriate and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy, are observed, as all data remains within the patient-care department (usually the Emergency Departments).

The basis for disclosure for research purposes is not consent, but research clauses and anonymisation. According to Art. 9 GDPR (2) lit. i., data disclosure is justified for reasons of public interest in the area of public health. Disclosure to researchers is only anonymised anyway and is therefore not covered by the GDPR.

No. An ethics vote is obtained for the operation of the system at each location. An ethics application for research requests from external researchers is usually obtained by the external researchers themselves; however, external researchers only receive anonymised data. A separate ethics application may have to be submitted for own research enquiries. The publication regulations of the AKTIN emergency admission register apply.

Experience has shown that approximately 1 to 4 queries are sent to the participating Emergency Departments per month, which must be confirmed. There are one-off queries and serial queries. Serial queries only need to be confirmed once and are then carried out automatically at predefined intervals.

The data in the AKTIN emergency admission register undergoes a multi-stage anonymisation process. For scientific analyses, the data is anonymised by TDAC through aggregation and data reduction in accordance with the requirements of the Data Use and Access Committee. The exact procedure always depends on the research question. The principle of data minimisation applies.

The data is pseudonymised when it is imported into the local DWH and before it is saved in a postgresql database. Identifying content such as names and addresses are removed and one-way pseudonyms of patients, case and enquiry numbers are calculated. Base64 coding and SHA1 are used for this.

Data subjects may request the deletion of personal data concerning them. A cancellation leads to the deletion of the patient's medical data stored in the local AKTIN DWH by the respective location.

A data protection impact assessment is intended to help minimise the risks in cases where processing is likely to entail a high risk to the rights and freedoms of natural persons and, by presenting the measures to reduce the risks, to demonstrate to third parties how data controllers deal with these risks. Such a (general) presentation and risk assessment is already part of the data protection concept (see section 1.5. Data collected and risk assessment). It may be necessary for an additional, explicit data protection impact assessment to be requested by individual data protection officers. Please contact your local data protection officer.