Clinerion is committed to the trustworthy re-use of health data for research. De-identified and unlinked patient records remain inside the secure IT infrastructure of a hospital. Clinerion’s technology solution is permitted by the hospital to send queries to this de-identified, unlinked database, resulting in aggregated counts of matching patients. No additional ethics committee permissions for the data use are required.
For the responsible use and disclosure of health data without the need for patient consent, Clinerion follows the standards established by Health Insurance Portability and Accountability Act (HIPAA) (Safe Harbor and Expert Determination) and the European General Data Protection Regulation (GDPR) (EU 2016/679). However, Clinerion’s technology solution only receives and processes de-identified, unlinked patient data, and this data does not fall under GDPR, nor HIPAA.
The Clinerion Patient Network Explorer is regularly audited by an independent, third party expert and is confirmed to be fully compliant with data privacy regulations in the USA (HIPAA), and the EU (GDPR).
Patient Network Explorer was developed following “Privacy by Design” methodologies. Patient privacy is maintained through procedures and policies ensuring consistency with:
- Good Clinical Practice (GCP).
- Good Pharmacoepidemiology Practice (GPP).
- The Health Insurance Portability and Accountability Act (HIPAA).
- The European General Data Protection Regulation (GDPR) (EU 2016/679).
- The laws of Switzerland (Bundesgesetz über den Datenschutz (DSG)).
- The laws of Turkey (6698 Kişisel Verilerin Korunması Kanunu).
- The security framework requirements of the ISO 27001 standard.
- The Electronic Health Record (EHR) Association's Developer Code of Conduct.