How are the patient and test data collected, transmitted and utilised in the data centre?


In addition to the data usually collected in the course of patient care (surname, first name, date of birth, sex, place of residence), data on occupation, professional activity, handling of possible causes of allergy (e.g. cosmetics, medicines, paints, adhesives, etc.) as well as previous occurrence of allergic diseases ('atopy') are collected in the anamnesis ('previous history') in the course of this allergy test. These data are electronically stored and processed together with the test result and the final dermatological diagnosis in the allergy department and transmitted in pseudonymised form (omitting surname, first name, postcode, place of residence date of birth and telephone numbers) to the medical research institution together with pseudonymised data of the other patients. The purpose of this central pooling of research data is to identify allergy epidemics and their cause at an early stage, so that the responsible authorities or manufacturers can be warned if necessary. 


Cryptoconcept


Both WinAlldat Net and the further processing in the ESSCA-DC are subject to strict internal requirements regarding the encryption technologies and software used. Audited open source software based on the AES algorithm is used as standard. Stronger cryptographic algorithms such as Blowfish, Twofish etc. are also available as an option.


Transparency and suitability


Due to transparency requirements and to demonstrate the appropriateness of the pseudonymised research data (i.e. surveillance data) collected in the ESSCA-DC, documents have been made available for patients and data protection officers under the following links:


Summary


Personal and test-related data are stored electronically on site using WinAlldat Net and transmitted as pseudonymised research data in the form of an encrypted AES archive to the medical research institute. The research institute has a data protection concept - Internet Security Management System consisting, among other things, of an IT guideline, crypto concept, data processing instructions, access control and firewall.


What is pseudonymised data?


Changed data protection requirements as a result of stricter legislation due to the new EU Data Protection Regulation (GDPR), which will come into force from 05/2018, required a correction and addition to the wording previously used in ESSCA-DC with regard to the surveillance data transmitted to the ESSCA-DC headquarter. The term personal data includes direct and indirect allocation of data records to natural persons. The identification of a natural person (i.e. patient) is indirectly possible via the identifiers ipatid and fallid used in WinAlldat Net via the hospital of origin, so that the data processed in ESSCA-DC are to be regarded as pseudonymised - and thus personal - data. The head office processes personal (pseudonymised) data and is consequently subject to national and General Data Protection Regulation (GDPR).


Data economy in the WinAlldat Net programme


The change in WinAlldat Net data export as of 1.11.2017 concerns the data in the data export file tblPatient.txt: as of WinAlldat Net version 2.0 R9, the age is transmitted instead of the date of birth; the patient's postcode (previously the 1st and 2nd character of the postcode) and the patient's entry date are no longer transmitted to ESSCA-DC. Patients or cases cannot be re-identified in the updated data transmission via ipatid and fallid without considerable effort. In addition, the WinAlldat Net documentation (online, Windows help file, etc.) now uses the term pseudonymised.  The document Patient information on allergological diagnostics with the epicutaneous test in the version of 28.3.2013 was comprehensively revised in cooperation with the data protection officer of the University Medical Center Göttingen. Among other things, pseudonymised instead of anonymised was used in the AES-encrypted data transmission (i.e. data transfer).