Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2023 Feb 8;11(4):496.
doi: 10.3390/healthcare11040496.

A GDPR-Compliant Dynamic Consent Mobile Application for the Australasian Type-1 Diabetes Data Network

Zhe Wang  1 Anthony Stell  1 Richard O Sinnott  1 The Addn Study Group  1
Affiliations

A GDPR-Compliant Dynamic Consent Mobile Application for the Australasian Type-1 Diabetes Data Network

Zhe Wang et al. Healthcare (Basel). .

Abstract

Australia has a high prevalence of diabetes, with approximately 1.2 million Australians diagnosed with the disease. In 2012, the Australasian Diabetes Data Network (ADDN) was established with funding from the Juvenile Diabetes Research Foundation (JDRF). ADDN is a national diabetes registry which captures longitudinal information about patients with type-1 diabetes (T1D). Currently, the ADDN data are directly contributed from 42 paediatric and 17 adult diabetes centres across Australia and New Zealand, i.e., where the data are pre-existing in hospital systems and not manually entered into ADDN. The historical data in ADDN have been de-identified, and patients are initially afforded the opportunity to opt-out of being involved in the registry; however, moving forward, there is an increased demand from the clinical research community to utilise fully identifying data. This raises additional demands on the registry in terms of security, privacy, and the nature of patient consent. General Data Protection Regulation (GDPR) is an increasingly important mechanism allowing individuals to have the right to know about their health data and what those data are being used for. This paper presents a mobile application being designed to support the ADDN data collection and usage processes and aligning them with GDPR. The app utilises Dynamic Consent-an informed specific consent model, which allows participants to view and modify their research-driven consent decisions through an interactive interface. It focuses specifically on supporting dynamic opt-in consent to both the registry and to associated sub-projects requesting access to and use of the patient data for research purposes.

Keywords: GDPR; dynamic consent; mHealth; privacy; type-1 diabetes.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

Figure 1
Figure 1
(a) A representative example of de-identified data based on a subset of the ADDN schema. (b) A screenshot of the HbA1c section of the benchmarking report. “P-“ indicates a paediatric centre.
Figure 2
Figure 2
Screenshots of the ADDN Consent application. (a) Activation through an ADDN registry generated activation code. (b) Description of the ADDN project and basic onboarding documentation.
Figure 3
Figure 3
Screenshots of the ADDN registry: creating a research request.
Figure 4
Figure 4
Screenshots of the ADDN Consent application. (a) Dynamic consent tasks. (b) Patient view of their data. (c) Patient view of their HbA1C data in visit records.
Figure 5
Figure 5
ADDN mobile app for comparison of patient data with registry data.
Figure 6
Figure 6
(a) Architecture of ADDN registry and data pipelines [12]. (b) An example of patient data with a merged opt-in consent result.
Figure 7
Figure 7
The complete ADDN Consent workflow.
See this image and copyright information in PMC

References

    1. Optus Notifies Customers of Cyberattack Compromising Customer Information. 2022. [(accessed on 20 December 2022)]. Available online: https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus....
    1. Arnold B.B. Into the Breach—The Optus Data Hack. 2022. [(accessed on 20 December 2022)]. Available online: https://lsj.com.au/articles/into-the-breach/
    1. Medibank Private Cyber Security Incident-Australian Cyber Security Centre. [(accessed on 20 December 2022)];2022 Available online: https://www.cyber.gov.au/acsc/view-all-content/alerts/medibank-private-c....
    1. Privacy Act Review—Discussion Paper. [(accessed on 20 December 2022)];2021 Available online: https://consultations.ag.gov.au/rights-and-protections/privacy-act-revie...
    1. Attorney-General’s Department . Review of the Privacy Act 1988 (Cth)—Issues Paper. Attorney-General’s Department’s; Barton, ACT, Australia: 2020.