Preliminary exploration of the classification of data security in clinical research_Chinese Journal of Evidence-Based Medicine

Authors：

LI Xueying ¹ , WANG Xicheng ² ,  SHA Ruoqi ³ ,  YAO Chen ^1,4 , JIN Feifei ¹ , YAN Xiaoyan ⁴ , ZHU Sainan ¹ , SHANG Meixia ¹

1. Department of Biostatistics, Peking University First Hospital, Beijing 100034, P.R.China;
2. Beijing Dublin International College, Beijing University of Technology, Beijing 100124, P.R.China;
3. China Construction Bank Fintech, Beijing 100033, P.R.China;
4. Peking University Clinical Research Institute, Beijing 100191, P.R.China;

Corresponding author：

SHA Ruoqi, Email: sharuoqi.zb@ccbft.com; YAO Chen, Email: yaochen@hsc.pku.edu.cn

Keywords：

Data security; Information security; Real world data; Privacy protection; Clinical research

DOI：

10.7507/1672-2531.202012111

Video：

Export PDF Favorites Scan Get Citation

Abstract Full text Figures/Tables Video References Cited by

Objective To construct a strategy for classification of clinical research data security for real-world research, based on the features of clinical research data.Methods Based on the laws, regulations, and data security classification method in relevant fields, the clinical research data was classified into five security levels. Then, the method was gradually perfected through three times of revisions, which followed the advice from experts who were experienced in many relative areas, such as clinical medicine, clinical research methodology, clinical research management, ethics, genetics and public health data application and management.Results Experts’ opinions gradually converged through several times of consultation. The clinical research data was finally classified into five security levels with explicit definition and security policy for each security level. Thirty-three data categories, which covered demographic information, clinical examination, diagnosis, treatment information, genetic information, health economics information, medical data and information on research processes that have been published, were included in the five security levels.Conclusions Since there is an increasing trend of data scale and the data security classification and management are necessary to ensure the data security and appropriately utilization of data. The method of clinical research data classification proposed in this paper can provide beneficial references for the further improvement of data security in the future.

Citation： LI Xueying, WANG Xicheng, SHA Ruoqi, YAO Chen, JIN Feifei, YAN Xiaoyan, ZHU Sainan, SHANG Meixia. Preliminary exploration of the classification of data security in clinical research. Chinese Journal of Evidence-Based Medicine, 2021, 21(5): 525-531. doi: 10.7507/1672-2531.202012111 Copy

1.	国家药品监督管理局. 临床试验数据管理工作技术指南. Available from: http://www.nmpa.gov.cn/WS04/CL2138/300192.html.
2.	U. S. Food and Drug Administration. Computerized systems used in clinical investigations. Available from: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computerized-systems-used-clinical-investigations.
3.	U. S. Food and Drug Administration. Electronic source data in clinical investigations. Available from: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/electronic-source-data-clinical-investigations.
4.	The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) Integrated Addendum to ICH E6(R1): Guideline for Good Clinical Practice (R2). Available from: https://database.ich.org/sites/default/files/E6_R2_Addendum.pdf.
5.	Abraham R, Schneider J, Brocke J. Data governance: a conceptual framework, structured review, and research agenda. Int J Inf Manage, 2019, 49: 424-438.
6.	国家市场监督管理总局, 中国国家标准化管理委员会. 信息技术服务治理第 5 部分: 数据治理规范. Available from: http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=F3B2108863A2292F5AF0FA645CEE047F.
7.	International Organization for Standardization. Information technology-governance of IT-governance of data-part 1: application of ISO/IEC 38500 to the governance of data ISO/IEC 38505-1: 2017. Available from: https://www.iso.org/standard/56639.html.
8.	The Global Data Management Community. Guide to the data management body of knowledge (DAMA-DMBOK) 2009 functional framework v. 3. Available from: https://damadach.org/dama-dmbok-functional-framework/.
9.	李雪迎, 沙若琪, 姚晨, 等. 面向真实世界数据的临床研究数据治理模式选择. 中国循证医学杂志, 2020, 20(10): 1150-1156.
10.	彭晓霞, 舒啸尘, 谭婧, 等. 基于真实世界数据评价治疗解决的观察性研究设计技术规范. 中国循证医学杂志, 2019, 19(7): 779-786.
11.	高培, 王杨, 罗剑锋, 等. 基于真实世界数据评价治疗结局研究的统计分析技术规范. 中国循证医学杂志, 2019, 19(7): 787-793.
12.	聂晓璐, 武泽昊, 赵厚宇, 等. 使用常规收集医疗卫生数据开展观察性研究的报告规范(药物流行病学版)RECORD-PE 规范中文版(上). 药物流行病学杂志, 2019, 28(3): 190-198, 212.
13.	Sherman RE, Anderson SA, Dal Pan GJ, et al. Real-world evidence-what is it and what can it tell us? N Engl J Med, 2016, 375(23): 2293-2297.
14.	孙鑫, 谭婧, 王雯, 等. 真实世界证据助推药械评价与监管决策. 中国循证医学杂志, 2019, 19(5): 521-526.
15.	黄亚芳, 阎小妍, 李雪迎, 等. 真实世界证据在医疗器械临床研究中的应用. 中国循证医学杂志, 2017, 17(12): 1373-1377.
16.	胡建平. 医院数据治理框架、技术和实现. 北京: 人民卫生出版社, 2019.
17.	桑尼尔索雷斯, 著. 匡斌, 译. 大数据治理. 北京: 清华大学出版社, 2014.
18.	中华人民共和国网络安全法. Available from: http://www.npc.gov.cn/wxzl/gongbao/2017-02/20/content_2007531.htm.
19.	数据安全法草案: 落实数据安全保护责任规定支持促进措施. Available from: http://www.npc.gov.cn/npc/c30834/202006/97f149839ff04c428224f6344ead7e38.shtml.
20.	中华人民共和国人类遗传资源管理条例. Available from: http://www.gov.cn/zhengce/content/2019-06/10/content_5398829.htm.
21.	李雪迎, 姚晨, 晋菲斐, 等. 利用医院电子病历数据开展临床研究的信息安全策略. 中国食品药品监管, 2020, (11): 48-55.
22.	国家市场监督管理总局, 中国国家标准化管理委员会. 信息安全技术健康医疗信息安全指南. Available from: http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=239351905E7B62A7DF537856738247CE.
23.	计算机信息系统安全保护等级划分准则. Available from: http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=814B9ED6130F17C4B53EF6AA98BCD5A7.
24.	关于国家标准《信息安全技术健康医疗信息安全指南》征求意见稿征求意见的通知. Available from: https://www.tc260.org.cn/front/bzzqyjDetail.html?id=2018122714084535965&norm_id=20180929110009&recode_id=30639.
25.	中国信息安全测评中心. 信息安全等级保护管理办法(试行), 2006. Available from: www.itsec.gov.cn/fgbz/xgfg/200610/t20061012_15247.html.
26.	金融数据安全数据安全分级指南. Available from: http://hbba.sacinfo.org.cn/snDetail/f387de367946d1cc02133ae8f207327c8edae8a2a213c31184f86b3481990921.
27.	CDISC. CDASH Model v1.1. Available from: https://www.cdisc.org/standards/foundational/cdash/cdash-model-v1-1.
28.	CDISC 中国协调委员会. 临床数据获取协调标准(CDASH). Available from: http://www.cdiscchina.org/forum.php?mod=viewthread&tid=12322&extra=page%3D1.
29.	中华人民共和国卫生健康委员会. 国家健康医疗大数据标准、安全和服务管理办法(试行). Available from: http://www.nhc.gov.cn/guihuaxxs/s10741/201809/758ec2f510c74683b9c4ab4ffbe46557.shtml.
30.	中华人民共和国民法典. Available from: http://www.npc.gov.cn/npc/c30834/202006/75ba6483b8344591abd07917e1d25cc8.shtml.

Chinese Journal of Evidence-Based Medicine

Preliminary exploration of the classification of data security in clinical research

Abstract Full text Figures/Tables Video References Cited by

Previous Article

Next Article

Format

Content