Data Sharing & Protection Policy
The aim of Metadvice is to provide an assistive solution that supports personalised diagnostics and treatment through access to a dynamically updated knowledge base of precision medicine. Our ultimate goal is enhancing innovative medical research, facilitating accelerated and improved patient diagnosis and supporting more efficient development and administration of life-saving therapeutics. Our Data Sharing & Protection Policy supports this mission by promoting the broad and responsible sharing of medical data collected and submitted by our Members (users), which to the best of our knowledge are certified physicians, healthcare providers or patients, while providing the utmost protection of patient privacy. Sharing will amplify the scientific value of data and complement multiple research efforts conducted world-wide for the benefit of science and of patients with urgent and unmet medical needs.
The protection of patients’ privacy and confidentiality is paramount, and this Data Sharing & Protection Policy reflects our continued commitment to responsible data stewardship, which is essential to uphold the public trust in medical research. Even if we allow users to capture personal identifiers such as name, address, and social security numbers, these are not used by us and Members should avoid sharing such data with us or other Members through our products and services. The collected data may, however, include medical records, clinical observations, test results, family history and other demographic information, which may be shared on an individual-level, in accordance with the access designation, as more fully described below, and in accordance with applicable HIPAA and EU data protection and privacy regulations. Individual-level data is coded in our data repositories and a corresponding unique case identifier number is provided to the submitting Member.
Protected Health Information (PHI)
In order to maintain the privacy of patient documents provided by clinicians and researchers, the Metadvice software employs technologies to automatically extract de-identified data from electronic medical records (EMR). Upon input, the EMR is analyzed to extract medical data, including laboratory tests, bio-markers and next generation sequencing (NGS) of tumours. This means that the original document that has been uploaded cannot be reverse engineered into an identifiable record.
It is only the patient’s de-identified medical record that interacts with the Metadvice learning system, where it is compared to thousands of known features, looking for correlating mathematical patterns between them. The Metadvice learning system provides the clinician or researcher with a list of best-matched diagnostics / therapies based on the comparative analysis.
While only de-identified data is accessed by the Metadvice learning system, personal identity / Protected Health Information (PHI) is encrypted and stored securely in a separate area of the Metadvice database which is available only to the individual clinician or researcher who submitted the case. If the Member chooses, he/she may elect to share access to case data with clinical team members or collaborators. When using Metadvice to work on cases privately or within your own clinical team, your institutional pconsent form is sufficient, as the patient’s PHI remains private to you and your clinical team. When sharing cases with collaborators outside your clinical team, it is the clinician’s or researcher’s responsibility to obtain appropriate consent from the patient or parent/guardian. The Member has the ability to delete personal identity information at any time.
The following data fields are treated as PHI within the Metadvice system: names, address, telephone, date of birth and the social security number. Since data in these fields is or may be identifiable, it is encrypted and stored securely in a separate area of the Metadvice database which is available only to the individual clinician or researcher who submitted the case. All digital communication links between Members and the Metadvice private cloud occurs over secure, encrypted communication protocols.
The Metadvice team is also working directly with clinical and research collaborators to facilitate a process for the capture of valuable data from clinical documents, including diagnoses, and genetic test results. In order to maintain patients’ privacy, a process of automatic PHI redaction and data extraction is employed. The resulting de-identified data can then be incorporated into the individual patient case, enabling the Member more effective use of the Metadvice software for clinical evaluation and/or research analysis. Meanwhile, the original clinical document(s) are encrypted and stored securely for the benefit of the Member, who may wish to access the document(s) at a later date. As with any other PHI data, the original document is available only to the individual clinician or researcher who submitted the case.
Tiered System for Data Collection and Sharing
Our Phenotype Data Sharing & Protection Policy is a four-tiered system for collecting, storing and sharing the data, based on the following incremental access rights designated by Members:
- Private Access (default): for data gathered and transmitted by each of our Members, processed by our technology and stored privately and securely;
- Controlled Access: for sharing case data with fellow colleagues within a clinical department or internal Members of the institution.
- Collaborative Access: for data made available only for review by our network of Members for professional information and educational purposes, as well as sharing comments and observations within Metadvice Forums; and
- Open Access, for data made available to the public without restrictions, subject to applicable HIPAA and EU data protection and privacy regulations.
In accordance with our four-tiered system, data will be stored in four separate designated data repositories, corresponding to the access level indicated by Members. Our data repositories are hosted in a secure private cloud environment and apply the appropriate technical protection measures necessary to comply with data security, confidentiality, and privacy laws and regulations. We audit our security policies and technical measures periodically to ensure compliance with applicable HIPAA and EU data protection and privacy regulations.
The four data repositories are:
- Data designated as Private Access will be stored in a data repository partitioned in a way that allows only the submitting Member to access, review and retrieve such data.
- Data designated as Controlled Access will be stored in a data repository partitioned in a way that allows only the submitting Member and other Members actively selected by the submitting Member to access, review and retrieve such data. Except when the submitting Member actively selects to share these data with other specific Members, such data will not be shared with any third party on an individual-level and may only be shared on an aggregate-level (such as general statistics across multiple data sets or subsets) to ensure that no patient’s personal health information (PHI) is publicly disseminated nor re-identified.
- Data designated as Collaborative Access will be stored in a data repository accessible only to other Members where case data is shared with Metadvice Forums. Such data may be shared on an individual-level only with other Members and may not be disseminated publicly on an individual-level. It may, however, be shared on an aggregate-level.
- Data designated as Open Access will be stored in a separate data repository. Such data may be retrieved and shared on an individual- and aggregate-level with third parties without restrictions through a written request for data access submitted to and reviewed by us on a case by case basis. We have the right to monitor, retrieve, store, review and use all data, regardless of privacy level designated by Members, only to the extent actually required to ensure the proper operation and maintenance of our products and services.
Access to data by Metadvice personnel for maintenance and support purposes is limited strictly on a “need-to-access” basis and requires compliance with rigid internal authorization policies. In addition, all data stored in our repositories are used to train and improve our technology automatically for the continued development thereof.
Designating data as either Private, Controlled, Collaborative or Open Access should be consistent with the original informed consent or permission under which the data were collected and submitted. It is each Member’s responsibility to determine whether a patient consent or permission is required or advisable in order to disclose, process, retrieve, transmit, and view the PHI, based on the laws and regulations of the Member’s jurisdiction and/or the policies of the Member’s institution. If applicable, it is the Member’s responsibility to obtain and maintain such consents or permissions. Click here to download a sample patient informed consent.
By uploading data to our products and services, Members certify and assure that the data has been collected in a legal and ethically appropriate manner and that patients’ identifiable PHI, which are not the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively, have been removed or de-identified before submission. Members control whether the data will be submitted to a Private, Controlled, Collaborative or Open Access data repository and assure that: The data submission is consistent with applicable laws, regulations, and institutional policies, specifically such laws and regulations which are in effect in the patient’s jurisdiction; Data submission and subsequent data sharing (if applicable) are consistent with the informed consent or permission; Risks to individuals and their families associated with data submitted to the designated data repositories were considered; and, to the extent relevant and possible, risks to groups or populations associated with data submitted to designated data repositories were considered. If no indication is made, data will be designated as Private Access by default.
Data Withdrawal or Change in Access Designation
An access level may be increased by a Member, provided the consent obtained from the patient supports such change. If, at any time, a patient revokes his or her consent in whole or in part, the respective data may be removed from the data repository completely or transferred to another data repository, as applicable. To change the access designation or withdraw data from our repositories, Members may contact us in writing via e-mail to firstname.lastname@example.org and clearly indicate the case identifier number and nature of the change. We will apply the change within 10 business days and certify such change in writing to the requesting Member. It is important to note that data already shared or disseminated in accordance with the original access designation before requesting a change in designation has been received and processed by us, may not be retrieved.
Requests for Data Access
Data stored in our designated repositories may be accessed either on an individual- or aggregate-level, based on the submitting Members’ designation of such data, the corresponding informed consents or permissions and applicable laws and regulation. Requests for access to data are reviewed by us on a case by case basis. Decisions are based primarily on conformance of the purpose described in the access request to the data use with the values and missions described in this Policy, as well as on the scope of data requested and the identity of the requesting entity. Generally, data will be shared with any entity or individual with a valid reason to request such data and will be limited to the minimum necessary to accomplish the intended purpose of such use. Third parties approved to access data from our repositories are expected to abide by terms and conditions specified in a separate agreement signed with us in accordance with HIPAA and EU data protection and privacy regulations, including:
- Using the data only for the approved purpose;
- Protecting data confidentiality;
- Following all applicable laws, regulations, and policies for handling such data;
- Not attempting to identify individual participants from whom the data were obtained;
- Not selling any of the data obtained from our data repositories;
- Not sharing any of the data obtained from our data repositories with individuals or entities other than those listed in the data access request;
- Complying with security practices that outlines expected data security protections (e.g., physical security measures) to ensure that the data are kept secure and not released to any person not permitted to access the data.
If requests for access to data are submitted by entities or individuals for non-commercial / non-profit purposes only, we will consider, based on certain criteria, such as the identity of the requester, the purposes listed in the request and the scope of data requested, granting access to such data on a non-profit basis, and in certain cases, on a pro-bono basis (bearing all costs ourselves), and, as necessary, in accordance with applicable HIPAA and EU data protection and privacy regulations.
Anyone accessing datasets from our designated data repositories, whether on an individual- or aggregate-level, will be required to acknowledge our contribution in all resulting oral or written presentations, disclosures, or publications.
Updated January 20, 2019