Data Protection in Healthcare-Integrated Biobanking

Development of personalized medicine depends on research using clinical biospecimens and data. This interface between clinical care and translational research is increasingly served by hospital-integrated biobanks; yet their implementation is hampered by complex data regulations. A generic data protection concept with a decision and application matrix was developed addressing five criteria: (1) organizational integration into university medicine, (2) biobank governance, (3) ethical and legal aspects, (4) specifications of the BSI (Bundesamt für Sicherheit in der Informationstechnik [Federal Office for Information Security]), and (5) FAIR (findable, accessible, interoperable, and reusable) principles for research data. Applicability was tested for the highest complexity level at Campus Lübeck. The data protection concept was approved by the local ethics committee as well as local and national data protection authorities. The concept allows an automated research-guided patient recruitment and data protection-compliant information technology (IT) in connection to national and international research networks. It ensures university and hospital conformity with the EU Data Protection Regulation. Consent behavior of 277,766 patients over five years proved routine practicability (error rate 0.0013%; withdrawals 0.09%). Clinical staff obtained higher consent rates (85.6%) compared with consent rates for use of data only at central patient admission (56.1%); even though consents in central patient admission increased constantly during observation time. The generic data protection concept can legitimately enable personalized medicine through biobanking in the clinical context.