The EHDS prescribes a comprehensive and uniform assessment by the HDAB. A separate ethical assessment adds nothing and hinders science.
Trusted Data Holders and the EHDS
Recommendation to the HDAB
The EHDS creates several new roles regarding the reuse of health data. A well-known example is the Health Data Access Body, a new government agency where a permit can (or must?) be requested to work with data in a secure processing environment. Much less attention is paid to the role of trusted data holders. The HDAB can designate these trusted holders to reduce the administrative burden. Due to their expertise in legislation and the secure processing of health data, these trusted holders may submit applications according to a simplified procedure, with a recommendation regarding the decision to be made. However, the HDAB must remain responsible for the actual issuance of the permit and may not be bound by the recommendation of the trusted data holder.
The administrative law - duty to verificate
I assume that Section 3.3 of the Dutch General Administrative Law Act (Algemene wet bestuursrecht), concerning advice, applies to the advice of the trusted parties. Article 3.9 is important in this regard: “If a decision is based on an investigation into facts and conduct conducted by an advisor, the administrative body must ensure that this investigation was conducted with due care.” This is called the duty of verification. Therefore, if a university hospital has the status of trusted holder and issues a decision on an application concerning its own data, the HDAB may not approve it without reading it. While marginal review is permitted, it is not permitted to omit review.
Academic hospitals as trusted holders
Keep in mind that there’s a difference between a factual application to a data holder and a legal application to the HDAB. With a regular data holder, they can (actually) contact them to inquire whether the data the scientist wants even exist, after which they can legally apply for a permit from the HDAB and go through the entire procedure. If the data holder is a reliable data holder, they have the right to have the scientists’ legal application to the HDAB accompanied by a proposal regarding the decision to be made. For example, academic hospitals seem logical parties to be designated as reliable holders. However, if the recommendations, according to the HDAB, are frequently incorrect (unjustified refusals or, conversely, unjustified grants), the reliable holder status can be revoked.
The trusted holder oversees the data user
Trusted holders of health data must possess, in addition to expertise, their own Secure Processing Environment or at least have access to one. The simplified procedure can be followed for a permit application or a request (the statistical inquiry) that concerns data exclusively from trusted holders. If such a request is submitted not to the trusted holder but to the HDAB, the HDAB will simply forward it. The trusted holder will write its recommendation within two months, after which the HDAB will make a decision within two months. The trusted holder will then perform the operational tasks (such as anonymization). The work is subsequently carried out in the trusted holder’s Secure Processing Environment, where it monitors compliance with all laws and regulations. The HDAB in turn monitors the work of the trusted data holders.
With the right to use the Identity number (BSN)
This allows the trusted holders to perform all sorts of tasks relatively independently, which is why it is explicitly described as a role that eases the burden on the HDAB, thus leading to a more efficient system. Of course, there shouldn’t be any national legislation that would hinder this, but that’s currently the case. Trusted holders must have the right to use the national identification numer (BSN) to link files in a privacy-safe manner. Furthermore, they must be able to independently consult the National Control Register using the BSN. If they aren’t allowed to do so, they still have to do their work through the HDAB, which prevents the role of trusted holder from being fully realized.
How does the EU define 'scientific research' in the Digital Omnibus? There has been criticism of this, but it is unjustified.
Many people are afraid that their jobs are at risk due to AI. I decided to turn the question around and asked Gemini: which jobs are you going to take over, in a way that make us happy? Here is her own optimistic answer.