The research approach of the HEDIMED project requires collection and analysis of human data and biological samples. 

To ensure the safety and anonymity, the data will be robustly pseudonymised and  anonymised, and group-based analyses will be conducted to make it impossible to identify individuals. 

The researchers responsible for the experimental activities will only have access to coded samples with relevant information in a fully pseudonymised or  anonymised  form. Only the medical unit responsible for gathering the data will hold a well-protected key to the data anonymisation 

Once the data has passed a data quality check, it will be stored in a cloud computing environment designed for processing sensitive personal data. 

The HEDIMED project complies with international conventions and codes of conduct in its research activities, and EU regulations including GDPR will be followed in the analyses of samples and data in the consortium. 

Ethical assessment of the project is a crucial part at every stage of the process and two of the 13 HEDIMED work packages are dedicated to ethics. An Ethical and Data Protection Committee has been established  to guide this work and an external Ethical Advisor has been nominated.

Ethics oversight and data protection

The ethics of the project will be part of every stage of the research process. The ethical issues will also be reviewed and discussed in the Steering Committee and consortium meetings. 

The Ethical and Data Protection Manager together with the Ethical and Data Protection Committee will ensure that ethics issues are kept central at the meetings. 

Work packages 3 and 13 are dedicated to ethics;   work package 3 ensuring the protection of data throughout the project and work package 13 setting the ethics requirements of the project.  

Work package 3 will develop procedures that will be followed in other work packages and interactions between Partners to protect personal data at all steps of the work, including data and sample transfers. 

The technical measures of the data protection include pseudonymisation or full  anonymisation of the data and clinical samples. 

Full anonymisation will be used for data that will be available publicly (e.g. in certain exposome toolbox functions, see work package 9) and when there is need to ensure the highest possible data protection level in any other stages of the work to make sure that data cannot be used to identify a subject. 

Data protection officers (DPOs) of the participating institutions will be consulted during the work to comply with GDPR regulations and institutional practices in handling the data in line with Directive 95/46/EC (Data Protection Directive) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding processing of personal data and on the free movement of such data, and The Data Protection Law. Pseudonymization algorithms are defined in IHE International recommendations. 

The toolbox, that is created at the end of the project, will protect an individual’s location data by providing a tool to the clinical centres to assess living environment data without the need to transfer coordinates to other instances. 

Data collection and storage

The clinical cohorts and clinical trials have already obtained approval from ethical committees and their informed consent covers the work carried out by HEDIMED. 

The written informed consent has been and will be obtained from each participant and/or their legal guardian according to the respective national legal requirements and the regulatory and legal requirements of the participating country, before any procedure specific to the clinical study/trial. 

The responsible clinical site (investigator) retains the informed consent form or any additional participant information form as part of the trial records. Each individual will date each signature. A signed copy of the informed consent form or any additional participant information will be given to each participant or their legal guardian. 

All collected patient data will be treated confidentially and identified only by a unique study identification number. 

Medical records relating to the clinical investigations, including those that are electronically maintained and those that may contain information that would identify an individual patient will remain confidential and is only seen by doctors and nurses working in the clinical sites, but may be reviewed by, released, and/or transmitted to representatives of the hospital, regulatory authorities, or its agents when reasonable and appropriate for the conduct of the trial. 

Data on human subjects and their biological samples will be processed fairly and lawfully, meaning that they will not be falsified, hidden or presented in an unbalanced way to provide support for the desired outcome of the studies in an improper way. 

The data will be processed for purposes relevant to research on immune-mediated disease risk and treatment. This means that the data collected will be those that are adequate and relevant and not include information that can be regarded as superfluous (excessive). 

Quality of data collected across the project will be ensured through the expertise and track record of participating centres and clinicians collecting the data, the use of standardised case-record forms that have been tested and validated in previous projects, and the accuracy of laboratory tests will be guaranteed by centralizing analyses wherever possible in specialised laboratories and using SOPs of validated tests. 

Data protection and data privacy will be guaranteed by the compliance to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679; Directive 95/46/EC), the EU legislation Article 29 workgroup paper n°WP131 on The Processing of Personal Data Relating to Health in Electronic Health Records and the Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector. 

International conventions and codes of conduct

The research activities of the HEDIMED project comply with the international conventions and codes of conduct, and in particular the Helsinki Declaration (year 2013) of the World Medical Association adopted by the World Medical Assembly. 

The study will be conducted respecting the ethical principles in accordance with: 

  • The Universal Declaration on Bioethics and Human Rights embraced by UNESCO’s General Conference (2015, October 19th). 
  • The Charter of the Fundamental Rights of the European Union (2000/C345/01).
  • The European Convention on Human Rights and Biomedicine Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine (Council of Europe, Oviedo, 4.IV.1997). 
  • The Declaration of Helsinki (2000). 
  • World Medical Association Declaration of Helsinki ‐Ethical Principles for Medical Research Involving Human Subjects. (Brazil 2013). 
  • Convention of the Council of Europe on Human Rights and Biomedicine signed (Oviedo 1997) and the Additional Protocol on the Prohibition of Cloning Human Beings (Paris 1998) 
  • International Ethical Guidelines for Biomedical Research Involving Human Subjects ‐Council for International Organizations of Medical Sciences (Geneva: CIOMS, 2002). 
  • The Universal Declaration on the Human Genome and the Rights of Man (UNESCO 1997). 
  • The Declaration on Human Genetic Data (UNESCO 2003). 
  • The Universal Declaration on Bioethics and Human Rights (UNESCO 2005). 
  • UN Convention on the Rights of the Child (amended 2002). 
  • The European Code of Conduct for Research Integrity (2017): 
  • Montreal Statement on Research Integrity in Cross-Boundary Research Collaborations (2013): 
  • European Commission (2018) Ethics in Social Science and Humanities. humanities_en.pdf 

HEDIMED partners will conform to the last amended versions of the following EU legislation: 

  • The Charter of Fundamental Rights of the European Union (Lisbon, 2009). 
  • Directive 95/46/EC of 24 October 1995 on the protection of individuals with regards to the processing of personal data and the movement of such data. Amended by regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding processing of personal data and on the free movement of such data. Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use. 
  • Directive 2004/33/EC as regards information to be provided to prospective donors, information required from donors, eligibility of donors; storage, transport and distribution conditions for blood and blood components; quality and safety requirements for blood and blood components. 
  • Directive 2004/23/EC of 31 March 2004 on Setting standards of quality and safety for the donation, procurement, testing, processing, preservation, storage and distribution of human tissues and cells. 
  • Directive 2002/98/EC of the European Parliament and of the Council of 27 January 2003 setting standards of quality and safety for the collection, testing, processing, storage and distribution of human blood and blood components and amending Directive 2001/83/EC.
  • Directive 2005/28/EC on Good Clinical Practice.