Smart FOX

Glossary

Anonymized data

Data from which individuals are no longer identifiable.

The Austrian Health Data Donation Space is a virtual data space enabling citizens to donate their health data for secondary use in research. It leverages existing standards, technologies and existing IT infrastructures. The AHDDS follows the principles of Reference Architecture Model (IDSRAM-4) of the International Data Space Association (IDSA).

Clinical data refers to information captured during the process of diagnosing, treating, and managing patients within a healthcare setting. This data is critical for patient care, clinical research, and healthcare management. In contrast to the definition of health data, this means that the data is validated as part of work of health care professionals. Clinical data derives from health data with additional interpretation by health care professionals and other applicable legal requirements (e.g. retention periods).

Clinical Data Architecture (CDA) is the framework for designing, managing, and maintaining clinical data within healthcare systems. 

It ensures data is structured for efficient, secure, and reliable access, supporting various clinical and administrative purposes. Key components include data standards like HL7 and FHIR, data models for organizing and storing data, integration processes for unified data views, security measures for patient privacy, data quality management for accuracy, and analytics tools for decision-making and research. CDA is essential for the effective use of electronic health records (EHRs), clinical decision support systems (CDSS), and other healthcare IT applications, aiming to enhance patient care and operational efficiency.

Data access rights in the context of data spaces refer to the permissions and regulations that govern who can access, use, and share data within a shared digital environment. These rights ensure that data is accessed in a secure and controlled manner, aligning with privacy policies, legal requirements, and organizational guidelines. Data access rights in data spaces are crucial for 

maintaining data integrity, protecting sensitive information, and enabling trusted collaboration among different entities.

A data catalogue provides a listing of available data donation boxes (FOX BOXes) within the Austrian Health Data Donation Space

and provides means for searching and querying information on a metadata level.

An institution (e.g. medical university) or other organization (e.g. clinical research organization) that receives data from a Data Provider as specified by the Data User. The Data Consumer has to be accredited by the AHDDS. The transfer of data can either be directly or via further services that preprocess the data (Intermediaries). In Smart FOX, this could be e.g. the Medical University of Graz enabling their researchers (Data Users) to link their research data with ELGA-standardized data donations.

Data discovery, in the context of identifying information based on metadata, is the process of uncovering and cataloging data assets by analyzing metadata. This involves examining data descriptions, attributes, and structures to locate, classify, and understand datasets, facilitating efficient data management, governance, and utilization.

Data donations describe the active act of people sharing personal data for research purposes. They are conscious, intentional and unforced acts of giving.

A core element of the Austrian Health Data Donation Space is the “data donation box” (FOX BOX), an intermediary that accepts health data donations, stores the donation with verified consent and provides metadata and the data itself to Data Consumers. Digital use conditions (DUCs) are provided in machine-readable and human-readable form to indicate where, how and who will use the donated data.

In Smart FOX, a Data Donation Portal is the starting point for the undirected data donation use case and enables citizens/patients to be informed about research activities. It additionally serves as the center of activity for managing  their data donations. The Smart FOX Data Donation Portal will provide the following essential functionalities: 

  • Manage consent: Citizens/patients are offered comprehensive consent management features. They have the ability to provide informed consent for specific research studies or projects, granting researchers access to their health data. The portal ensures that consent is obtained transparently providing them with full control over their data sharing choices.
  • Manage and trace data usage: Citizens/patients are able to track and monitor the usage of their donated health data. Detailed logs and reports show which researchers or organizations have accessed/utilized data. This transparency fosters trust and ensures that their information is being used responsibly and ethically.
  • Stay informed on research initiatives: Citizens/patients are informed about ongoing research initiatives aligned with their interests. They receive updates on studies, clinical registries, clinical trials, or research projects related to their specific interest. This empowers individuals to actively engage in the research process.

Participants within the context of Smart FOX who donate data and has control over their data. They define the terms and condition of the use of their data. In Smart FOX, the Data Owner is always considered the patient/citizen. As the legal situation regarding data ownership is very complicated, the term ‘Data Owner’ is not used in a legal understanding in this document.

The Data Provider makes data technically available in the context of data donation for being transmitted to a Data Consumer on behalf of the Data Donor. In Smart FOX, this could be a service (e.g. patient-generated data and outcomes), an institution (e.g. insurance company), an association (e.g. patient advocacy group) or other organizations (e.g. medical university, biobank etc.) that is authorized by the Data Donor to provide data via an interface and is accredited by the AHDDS to participate as Data Provider in the ecosystem.

Data spaces offer a sophisticated solution for managing the vast and varied data landscape of today’s digital world. Unlike traditional database management systems (DBMSs), which serve as centralized repositories for structured data, dataspaces recognize the complexity of the modern data ecosystem. They acknowledge that data often exists in a fragmented, loosely connected state across multiple sources, challenging the conventional models of data management.

Person ensuring quality and governance of digital donation boxes (FOX BOXes) and the data catalog.

Participants that utilize data for research purposes. In Smart FOX, Data Users are researchers and analysts.

Digital use conditions refer to the predefined rules and constraints that govern how digital assets, such as data or software, can be accessed, shared, and utilized. These conditions are established by Data Donors or Providers to ensure that their assets are used in a manner that aligns with legal, ethical, and operational standards. Digital use conditions can encompass a wide range of stipulations, including licensing agreements, access controls, data privacy requirements, and usage limitations. For instance, a Data Donor might specify that their data can only be used for non-commercial research, or that it must not be shared with third parties without explicit permission. By defining clear digital use conditions, organizations can protect their intellectual property, ensure compliance with regulatory frameworks, and foster trust among Data Consumers and Users. These conditions are often enforced through digital rights management (DRM) systems, access control mechanisms, and audit trails to monitor and verify adherence.

A directed data donation takes place within a new established or an already established research context. A research context is here defined as a clinical registry or a clinical trial, where the regulatory approval for the usage of the data is clearly defined within e.g. an ethics approval. In Smart FOX the “Biobanking” use case is prototypical for DDDs, as an existing colorectal cancer registry is updated with data donations from ELGA. In this use case, the informed consent for usage of data is established via a specific and directed ethic approval between individuals and the research activity.

Electronic Health Records (EHRs) are digital versions of patients’ paper charts, containing comprehensive medical and treatment histories. EHRs facilitate secure, real-time access to patient data for authorized healthcare providers, improving coordination, decision-making, and overall quality of care.

In Austria, the electronic health record (ELGA) is a system for standardizing electronic communication between health service providers on the basis of HL7 and for networking health data and information on the basis of the Clinical Document Architecture.
In Smart FOX, ELGA-standardized data refers to the structured information from ELGA documents. Only health-related information is transformed into an open format (FHIR) and all ELGA-specific information (e.g. document number is excluded to ensure legally compliant usage). Currently, the following information exists in ELGA:

  • e-Befunde: medical discharge letters, laboratory findings, radiology findings, telehealth note, ambulatory findings
  • e-Medikation: overview of prescribed and collected medication as well as collected medication without prescription
  • e-Impfpass: documenting vaccinations (no opt-out for citizen but also no comprehensive documentation on part of the vaccinators)

FHIR (Fast Healthcare Interoperability Resources) is a standard framework developed by HL7 for exchanging healthcare information electronically. FHIR is designed to enable the seamless and secure sharing of health data across different systems, applications, and devices, supporting interoperability and improving patient care. It utilizes modern web technologies and is flexible, scalable, and easy to implement, facilitating integration with existing healthcare systems.

Health data refers to information related to an individual’s physical or mental health, medical history, and healthcare services received. This data is essential for the diagnosis, treatment, and monitoring of health conditions, as well as for healthcare management and research. Health data is critical for providing personalized medical care, improving public health outcomes, conducting medical research, and informing health policies. It must be handled with strict confidentiality and security measures to protect patient privacy. Clinical data derives from health data with additional interpretation by health care professionals and other legal requirements.

Identity data refers to information that uniquely identifies an individual or entity within a particular context. This data can include various attributes that distinguish one person or entity from another, ensuring accurate identification and authentication. Identity data is crucial for a wide range of applications, from security and access control to personalized services and regulatory compliance. It helps establish and verify the identity of individuals or entities, enabling secure and efficient interactions in both physical and digital environments. In literature, this type of data is often also referred to as “personal(ly) identifiable information.

Informed consent refers to the process by which a person voluntarily confirms their willingness to participate in a particular procedure, treatment, or research study, after having been informed of all relevant facts, risks, benefits, and alternatives. This process ensures that individuals are making knowledgeable and autonomous decisions regarding their health or participation. Informed consent is a fundamental ethical and legal requirement in healthcare and research, ensuring respect for patient autonomy and the protection of individuals’ rights and well-being. In Smart FOX, the informed consent is a fundamental building block to enable opt-in based donation of ELGA data.

Intermediaries serve as bridges between Data Providers and Data Consumers within the data space environment. Intermediaries and services are defined e.g. in the Data Governance Act of the EU. Intermediaries function within data spaces with the following purposes (non-taxative list):

  1. Data integration: Intermediaries help integrate data from heterogeneous sources into a cohesive and unified format within the
    dataspace. They may perform tasks such as data cleaning, normalization, and transformation to ensure consistency and
    compatibility among diverse datasets.
  2. Data access and discovery: Intermediaries facilitate data access and discovery by providing mechanisms for users to search, browse, and
    query data within the dataspace. They offer interfaces, APIs, or query languages that enable users to locate relevant datasets and retrieve
    specific information based on their requirements Data aggregation and federation: Intermediaries aggregate data from
    multiple distributed sources and federate them into a centralized or distributed data space. They establish connections with various data
    repositories, sources, and services to collect and synchronize data in real-time or batch processing modes.
  3. Data governance and management: Intermediaries enforce data governance policies, access controls, and security measures to
    ensure the integrity, confidentiality, and compliance of data within the dataspace. They manage metadata, data lineage, and provenance
    information to track the origin, usage, and lineage of datasets.
  4. Data enrichment and enhancement: Intermediaries may enhance and enrich data within the dataspace by integrating external data sources, enriching data with additional metadata or annotations, and performing data enrichment techniques such as entity resolution,
    semantic enrichment, and data enrichment through machine learning algorithms.
  5. Data analysis and processing: Intermediaries provide capabilities for data analysis, processing, and computation within the dataspace
    environment. They may offer built-in analytical tools, data processing pipelines, or integration with external analytics platforms to enable
    users to derive insights and value from the data.
  6. Data exchange and collaboration: Intermediaries facilitate data exchange and collaboration by enabling seamless sharing, collaboration, and integration of data among multiple stakeholders within the dataspace ecosystem. They support interoperability standards, data exchange protocols, and collaboration workflows to foster collaboration and innovation.

Metadata refers to data that provides information about other data. It helps to describe the content, context, and structure of the data, making it easier to manage, find, and use. DCAT-AP is a specification for metadata records, enhancing semantic interoperability across European data portals. Based on W3C’s DCAT, it supports standardized dataset descriptions, enabling efficient data exchange 

and reuse. In Smart FOX, we explore the implementation of HealthDCAT-AP, which is a specification for health data.

OMOP CDM (Observational Medical Outcomes Partnership Common Data Model) is a standardized data model developed to facilitate the systematic analysis of disparate observational healthcare data. OMOP CDM transforms diverse data sources into a common format, enabling large-scale analytics, research, and comparative effectiveness studies across multiple healthcare databases. It supports consistency and reproducibility in observational health data research, aiding in the generation of real-world evidence and insights.

Patient-reported data refers to health-related information provided directly by patients, reflecting their personal experiences, perceptions, and outcomes. This data is gathered through self-reporting mechanisms and is used to understand a patient’s perspective on their health status, treatment, and quality of life. Patient-reported data is valuable for clinicians to tailor treatments to individual needs, for researchers to evaluate the efficacy of interventions, and for policymakers to improve healthcare services. This data emphasizes the patient’s role in their own healthcare and promotes a more patient-centred approach to medical care.

As defined in the GDPR, personalised data means any information relating to an identified or identifiable natural person that can be identified directly or indirectly. In particular references to an identifier such as: name, identification number, location data, as well as factors specific to the physical, physiological, genetic, mental, economic cultural or social identity of that natural person.

PPRL is a technique used to identify and match records that correspond to the same entities across different databases without revealing any sensitive or personally identifiable information (PII). This process ensures that while linking records from separate sources, privacy of the individuals represented in those records is maintained.

As defined in the GDPR, pseudonymized data means that originally personalized data was processed in a way that the personal data can no longer be attributed to a specific natural person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Each FOX BOX has to have a defined research purpose. The level of detail is different for UDD and DDD. A research offering for UDD can be as simple as e.g. “Diabetes related research”, whereas for DDD the research offering reflects a concrete clinical trial with exclusion and inclusion criteria. In the case of UDD Data Donors can specify their terms of usage in more detail.

To enable the usage of ELGA-standardized data for secondary use a data processing pipeline with near proximity to the Austrian health telematics infrastructure has to be established. This data pipeline is developed to handle the requirements for establishing a legal and technical sound forwarding of information for secondary use from the eHealth/ELGA domain in Austria.

An undirected data donation takes place in a not yet specified research context. The data donation is provided by the patient/citizen with the intention that the data will be used in a future research context. The patient/citizen consents that the data is used under predefined conditions. In Smart FOX, the “Recruiting” use case is prototypical for an UDD as the patient/citizen is indicating via the donation of this data that he/she is willing to participate in a predefined research context.

Subscribe to the Newsletter

Register for the Smart FOX newsletter and always stay up to date on the activities surrounding the project and the latest developments from the individual work packages.