Data analysis for clinical decision making

**Questions? [[Contact us!]]** ## Introduction Data analysis is crucial for clinical decision-making because it can help with evidence-based medicine, personalised treatments, efficiency and quality improvement (amongst others), all leading to better patient care and outcomes in healthcare. ## Relevant legislation ### [[GDPR]] Data analysis for clinical decision making can be a problem under the GDPR when the clinical decision is made automatically. In principle, [[Automated decision making]] is not allowed under the GDPR if the decisions have legal consequences or a significant impact on the individual (art. 22 GDPR). Exceptions: - Essential for a contract between the individual and a data [[Controller]]; - Allowed by relevant Union or Member State law, with measures to protect the individual's rights and interests; or - Explicit consent of the individual. _More information in the_ [_EDPB guidelines_](https://ec.europa.eu/newsroom/article29/items/612053)_._ Furthermore, for clinical decision making, [[Sensitive data]] such as health-related and/or genetic data is (most probably) used. Sensitive personal data should, in principle, not be processed under the [[GDPR]]. Sometimes there are exceptions and you are allowed to use sensitive data. See, for example, the [[Dutch GDPR Implementation Act (UAVG)]] for specific exceptions under Dutch law. *For more information, look at the [[Sensitive data]]-page.* Other general points to consider when analysing data are the following principles of the GDPR (art. 5 GDPR): - [[Lawfulness]] - [[Purpose limitation]] - [[Storage limitation]] - [[Data minimisation]] - [[Fairness]] and [[Transparency]] - [[Accuracy]] - [[Integrity and confidentiality]] - [[Accountability]]. ### [[AI Act]] If the clinical decision making is done automatically by an AI-system after the data analysis, there should be human oversight implemented. This only applies to automated decisions that have legal consequences or a significant impact on the individual, on which the AI-system is used. This human oversight should prevent or minimise the risks to health, safety, fundamental rights or environment that can occur when a high risk AI system is used (art. 14(2) AI Act). ### [[Data Act]] The Data Act does not specifically mention sharing data, in order to analyse it and make a clinical decision about it. However, a public sector body or a Union institution, agency or body is allowed to share data with individuals or organisations in view of carrying out scientific research or **analytics** compatible with the purpose for which the data was requested, or to national statistical institutes and Eurostat for the compilation of official statistics (art. 21 Data Act) (?) ### [[Data Governance Act]] The DGA does not specifically mention data analysis for clinical decision making. It does however touch upon the fact that during analysis, maintaining secure data processing environments that protect privacy are very important. The competent bodies under the DGA should offer support to public sector bodies in using advanced methods for organising and storing data. In making data easily accessible and transferable, one should always adhering to existing regulatory and technical standards. ### [[MDR]] The regulations outlined in the MDR concerning [[Clinical investigations]] are designed with the objective of creating uniform procedures and benchmarks for the execution and assessment of clinical studies throughout the European Union. This uniformity is of paramount importance to guarantee that EU member states, when authorising and supervising clinical investigations, adhere to a standardised framework of regulations. To know what data needs to be collected for the [[Clinical investigations]] is the following flowchart helpful. ![[Clinical investigation.png]]