Data protection officers in Hospitals and at companies
Molecular medical data are really valuable as they allow far-reaching conclusion about a patient. This is important and necessary for MDs and hospitals to determine the best treatment regimes for patients. However, it can clash with our basic ethical common sense when used by employers or insurance companies. In a positive sense to select the best fit for jobs and insurance policies. In a negative view, to discriminate against the less fortunate people. Data protection laws and officers are there to prevent this kind of data abuse and control the compliance with the laws.
How is this group defined?
Data protection officers (in Germany) need to be independent and free of conflicts of interest. There is no special education for the job, but data protection officers are required to know about the basics of pertinent laws. This can be some ordeal given the complicated data protection laws on national and international level. On top of that a variety of institutions and committees is also involved in ensuring that data protection laws are applied properly. Data protection officers can be part of a company or institution or being hired as externals.
What are the major roles of this group in personalized medicine?
The main job of a data protection officer is to monitor procedures and data protection measures for compliance with the pertinent laws. In personalized medicine this can lead to some conflicts as to stringent data protection might actually impair use of the data even if it would be beneficial for the patients. However, the laws restrict the options of data protection officers and they have to stay within these limits regardless of the consequences.
What is the major impact of this group on the development of personalized medicine?
Data protection officers represent the first line of defence against data abuse and thus are directly aware of application and consequences of data protection laws. They could take an active role to initiate amendments of pertinent laws taking the special requirements of personalized medicine into account. This could facilitate the advance of research and treatment schemes significantly.
Fig 31 Data protection officers
With whom has this group the most important interactions?
By definition this includes everybody involved in processing of personal data in industry, agencies, or surgeries of MDs. This also includes the executives responsible for setting up and directing all pertinent procedures. Direct contact to politics is usually restricted to federal or state data protection officers, who are not in direct contact with the field application due to their jobs priorities.
What is required of this group to further the development and application of personalized medicine?
Preventing unauthorised access to personal data is the main job of data protection officers. However, they also should ensure that principally authorised people can access the data. This usually requires an explicit written consent from patients. This scheme becomes ridiculous in cases where not giving the consent results in no treatment at all. Somebody contacting an MD to be cured basically has already given consent to use their medical data to help them. Data protection officers could aim at defining an internal circle automatically authorised and seal off only outsiders not involved in the treatment.
What’s coming up next?
Next week I will briefly describe the role of ethical committees. Their job is to ensure that treatments but especially research stays within the ethical limits our society has defined.