PICASO has had the advantage of having a legal expert from VUB as a project partner. In addition to sitting on the Ethical Board, VUB has advised the consortium on the applicable regulatory frameworks and legal requirements, both in the context of ‘PICASO as a research project’ and in the context of ‘PICASO as an exploitable system’. In particular, the consortium was advised on legal issues that related to surveillance issues and to the use of patient data in a manner that was foreseen by the PICASO project.
Moreover, the legal requirements in relation to data privacy and data protection as the General Data Protection Regulation (GDPR) came into force on 25 May 2018 (i.e. halfway into the project) were carefully analysed to ensure that the project complied. Finally, the potential issues that might arise as a result of Medical Device Regulation were also carefully considered and discussed within the project. A detailed analysis of the legal issues in the context of PICASO are provided in D3.5 Privacy Compliance Laws Associated with Surveillance.
To fully understand the legal framework and requirements related to PICASO, it was first of all necessary to conceptualise PICASO in two forms: i) ‘PICASO as an exploitable product’ which refers to a platform architecture that potentially will be deployed after the PICASO project has been finished and ii) ‘PICASO as an exploitable system’ which refers to the described trials in two different legal jurisdictions.
‘PICASO as an exploitable product’
The goal of the PICASO is to demonstrate that the federation of patient data is possible in a way that respects ethical and legal concerns surrounding privacy. The diagram bellow shows one possible way to view the architecture of the project.
This view of the architecture demonstrates some key features of a potential PICASO system that may be used. Some of the most important elements that are important from a legal perspective are: i) Patient data is not stored centrally in a cloud, ii) A number of physicians or carers may have access to a patient’s data, and iii) Individual patients will have control over which physicians can see their data and what they can see, and iiii) (iv) This can include data that comes from mobile monitoring devices.
‘PICASO as an exploitable system’
The aim of the PICASO project is to demonstrate the possibility of such an infrastructure (as described above) on a small scale in the context of two controlled trials in Germany and Italy. These trials will involve the communication of data between specialists of two different categories in other to demonstrate the principles discussed above. In both instances all data will be transferred between the local hospital site and other care providers through the use of a local cloud service provider. This provider will be based in the same jurisdiction as the trial is taking place. All processing will be in compliance with local data protection law and ethical requirements. This involved getting clearance from local ethics committees and producing consent forms for trial participants in line with both the demands of the local ethic committees and the demands made by the PICASO ethical board.
To find out more see D3.5 Privacy Compliance Laws Associated with Surveillance.