Last modified by melissargos on 2024/10/11 18:22
From version 21.1
edited by bschaffha
on 2024/10/10 13:58
Change comment: There is no comment for this version
To version 25.1
edited by bschaffha
on 2024/10/11 16:21
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -40,13 +40,12 @@
40 40  
41 41  == Creation of a MIP User Account ==
42 42  
43 -**Prerequisite – Step 1**: Access to the MIP requires an **EBRAINS user account, **which needs to be permitted and authenticated. EBRAINS user accounts are available to users with a legitimate interest (mainly research and development) from Europe and beyond.
43 +**Prerequisite – Step 1**: Access to the MIP requires an EBRAINS user account, which needs to be permitted and authenticated. EBRAINS user accounts are available to users with a legitimate interest (mainly research and development) from Europe and beyond.
44 44  
45 -**Request an EBRAINS user account**: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
46 -The EBRAINS user account allows users to directly access the **Public MIP** ([[https:~~/~~/mip.ebrains.eu/>>url:https://mip.ebrains.eu/]]) with no further accreditation being required.
47 -EBRAINS authorised Users with an active EBRAINS account can request access to a specific federation by contacting [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the specific request to the MIP Management team.
45 +Request an EBRAINS user account: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
46 +The EBRAINS user account allows users to directly access the Public MIP ([[https:~~/~~/mip.ebrains.eu/>>url:https://mip.ebrains.eu/]]) with no further accreditation being required.
48 48  
49 -Users can also get in direct contact with the MIP team via the online form on the **EBRAINS website**: [[https:~~/~~/www.ebrains.eu/tools/medical-informatics-platform>>url:https://www.ebrains.eu/tools/medical-informatics-platform]]
48 +**Access to a specific federation – Step 2:** EBRAINS authorised Users with an active EBRAINS account can request access to a specific federation by contacting [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the specific request to the MIP Management team. Users can also get in direct contact with the MIP team via the online form on the EBRAINS website: [[https:~~/~~/www.ebrains.eu/tools/medical-informatics-platform>>url:https://www.ebrains.eu/tools/medical-informatics-platform]]
50 50  
51 51  The Data Science Steering Committee (DSSC) of the specific federation will be involved in the accreditation process to receive access approvals.
52 52  
... ... @@ -54,6 +54,7 @@
54 54  
55 55  Upon login to the MIP, users are mandated to accept the Terms of Use of the MIP. Accredited users access the MIP through a web-based interface, which will provide them with access to the respective federation on the MIP.
56 56  
56 +
57 57  == MIP Data Governance ==
58 58  
59 59  [[image:1728560441625-436.png]]
... ... @@ -62,8 +62,17 @@
62 62  
63 63  //T(% class="small" %)his illustration depicts how data governance and data flow in the MIP are organised and how the legal framework and data management are interlinked. Decision points are indicated.//
64 64  
65 -(% style="color:#c0392b" %)//~*~*The MIP Data Protection Impact Assessment (DPIA) is currently under full revision and will become functional upon final approval by the CHUV DPO. Per Article 35(3)(b) of GDPR a Data Protection Impact Assessment is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals and at least in the case of large-scale processing of sensitive data.//
65 +(% style="color:#c0392b" %)//~*~*The **MIP Data Protection Impact Assessment (DPIA) **is currently under full revision and will become functional upon final approval by the CHUV DPO. Per Article 35(3)(b) of GDPR a Data Protection Impact Assessment is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals and at least in the case of large-scale processing of sensitive data.//
66 66  
67 +=== //MIP and data anonymisation// ===
68 +
69 +
70 +**Note**: (% style="color:#27ae60" %)**The MIP is handling anonymised data.**(%%) The definition for anonymisation (//ISO standard (ISO 29100:2011)//) of personal data is the process of encrypting or removing personally identifiable data from data so that a person can no longer be directly or indirectly identified (see also **Recital 26 of the GDPR)**. As soon a person cannot be re-identified the data is no longer considered personal data and the GDPR does not apply for further use.
71 +
72 +However, processing personal data **for the purpose of anonymisation** is still processing that must have a **legal basis under Article 6 of GDPR**. The anonymisation process is defined as “**further processing**” and this processing must be compliant with the principle of purpose limitation. The process of data anonymisation can be used to improve data protection compliance, e.g., as part of the “**privacy by design**” strategy, with the goal to improve the protection of the processed data; or as part of the “**data minimisation**” strategy, where data can be anonymised and used without the risk of harming the data subjects.
73 +
74 +(% style="color:#27ae60" %)**Both strategies are followed by the MIP.**
75 +
67 67  === MIP concepts and definitions ===
68 68  
69 69  * **Common Data Elements (CDEs)**
... ... @@ -147,6 +147,16 @@
147 147  (% style="color:#27ae60" %)**Data Transfers (Articles 44-50)**
148 148  
149 149  The MIP ensures that any data transfers comply with GDPR’s requirements for international data transfers. This is achieved using DTAs and DSAs, ensuring that data transferred across borders is protected under equivalent data protection standards. If data is transferred, secure file transfer solutions are used.
159 +
160 +**Summary of legal steps to be followed, depending on the purpose of the processing or project:**
161 +
162 +* Patient consent for usage of data for research purposes (specific, general, re-use, anonymisation)
163 +* Ethical clearance for research projects and planned processing
164 +* (% style="color:#c0392b" %)//DPIA * under preparation//
165 +* Data Transfer agreement or Data Sharing Agreement
166 +* Collaboration Agreement
167 +* Data Use agreement
168 +* MIP Installation Agreement
150 150  )))
151 151  )))
152 152