All research protocols must meet professional standards. Protocols that are subject to the Medical Research Involving Human Subjects Act (WMO) must be examined by the MEC ; see also Chapter 5. All other protocols should be examined by an institutional or departmental committee of peers. Examination must be carried out prior to the actual conducting of the study.
The collection of data for medical research is subject to both the Data Protection Act (Wet Bescherming Persoonsgegevens; WBP ) and the Medical Contract Bill (Wet Geneeskundige Behandelingsovereenkomst; WGBO ).
The WGBO does not require the patient's consent for research using data the researcher already has at his/her disposal in his/her capacity as practitioner, but it does require consent to supply patient information to other researchers (including examination by them of patients' medical records).
The WBP, however, requires the participant's explicit permission for the use of their data. This consent does not need to be in writing, but it must be explicit. For example, if a researcher presents a person with a questionnaire and the person completes the questionnaire and gives it back, the act of handing the questionnaire to the researcher grants the researcher permission to use the data.There are a few situations in which permission is not needed, for example if the request for consent would entail a heavy burden of mental stress for the data subject in view of the subjects' condition, or if a long period has elapsed between the treatment and the request for consent. An important factor when deciding if consent is required is whether the data are encoded in such a way that they reasonably cannot be traced to the patient by the researcher who receives them. These conditions are described in a Code of Conduct for the Use of Data in Health Research ( Code Goed Gedrag ), which was approved by the Dutch Data Protection Authority (College Bescherming Persoonsgegevens ). It is now under revision and will be resubmitted to the Dutch Data Protection Authority in 2013. Consult a specialist, like the security and privacy (protection) officer of the AMC (email@example.com ) or the VUmc (firstname.lastname@example.org ), for guidance on these, sometimes complicated, situations.
The following principles are important:
The whole process of data collection, processing and storage must be properly shielded. The relevant regulations can be found in the official guidelines of the Data Protection Authority (Richtsnoer beveiliging van Persoonsgegevens, CBP 2013). Practical guidelines can be found in the Quality Handbook of EMGO+ , the Institute for Health and Care Research of the VUmc and the VU in Amsterdam. This electronic quality assurance handbook has been created to help researchers set up and conduct research on data. It covers the various stages of preparation, data collection, data processing, data analysis and archiving, and contains tips and examples.
The use of third parties in data collection, management and storage is only allowed when agreements are made between the AMC/VUmc and the third party (see Chapter 8). These contracts must fulfil the requirements of the Data Protection Authority.
A study or research project must be well documented in order to meet the increasing demand for open and transparent research (see the reports Zorgvuldig en integer omgaan met wetenschappelijke onderzoeksgegevens , KNAW 2012 and Vertrouwen in de wetenschap , KNAW 2013). This means that:
The Quality Handbook of EMGO+ provides guidelines for documentation throughout the research process.
Data from a research project may be made available to third parties, such as fellow researchers who might use the data for additional analysis and publications. Prior to the delivery of the anonymous data, however, an agreement must be made. The agreement should stipulate what the third party may and may not do with the data, and detail the arrangements regarding co-authorships and the safeguards against possible identification of research subjects.