Privacy and Security

Privacy and Security

PHARMO Institute works with the European Medicines Agency (EMA), VAccine monitoring Collaboration for EUrope (VAC4EU), the European Pharmacoepidemiology and Pharmacovigilance (EU PE&PV) Research Network,  universities, and pharmaceutical and device manufacturers on using proportional, anonymized data from the Netherlands, among other countries, to demonstrate the value of medicines from both a safety and effectiveness standpoint to help ensure patients are treated with the appropriate medicine as quickly, safely and effectively as possible.

A subset of data underpinning this research is pan-European through a series of collaborations across the globe with the SIGMA Consortium, institutions, and universities. As data used by PHARMO and its network are always anonymous and proportional and thus falls outside the remit of GDPR. Where PHARMO uses data from the Netherlands, Stichting voor Zorg en Onderzoek (STIZON) ensures this use for projects is legally compliant with STIZON’s existing contracts, as well as with GDPR, . However, as a precaution, we treat all data use requests as though GDPR would apply. We abide by the following best practices and ethical principles:

  • All study requests and data uses are formally reviewed by STIZON’s compliance committee, which evaluates whether the proposed scope adheres to a suitable application under GDPR and aligns with governance and ethics standards. The committee also advises on the scientific validity of the request
  • All data is securely received, processed, and securely stored on GDPR and ISO27001 compliant infrastructure within the Netherlands
  • All projects are published both on the STIZON website and aggregated results are presented in STIZON’s annual report
  • All outputs from the data are at the aggregate level and any results which are small in number (n<5) are suppressed as an additional layer of protection for the privacy of individuals
  • All results are subject to publication whether the study sponsor wants to release results or not: negative results are not suppressed

The team managing the data analysis are fully trained data scientists, (pharmaco-)epidemiologists and statisticians, many operating at the post-doctorate level, and includes those well versed on healthcare information security.