Project overview and approvals
Note. These guides are for guidance only and should not be seen as a definitive answer. If in doubt, please contact the relevant authorities.
On this page you will find overviews of the approvals required by various projects and data types.
When combining different data types and/or projects, be aware that all applicable rules are complied with for the relevant data or project types.
Below you can see the different projects and data types.
Click on those you want to read more about.
Projects/datatypes
General rules and laws
Diagnostic imaging data
Biological material
Genome data
Interventional studies without medicine or medical equipment
Interviews
Quality development / quality assurance projects
Trials of medicines
Medical equipment /
In vitro diagnostics
Patient record data
Registry data
Surveys
Projects/datatypes
General rules and laws
Diagnostic imaging data
Biological material
Genome data
Interventional studies without medicine or medical equipment
Interviews
Quality development / quality assurance projects
Trials of medicines
Medical equipment /
In vitro diagnostics
Patient record data
Registry data
Surveys
General rules and laws
General rules and laws
A regional research record is an overview of processing activities and contains information about who processes sensitive personal data and for what purpose. All projects that process or store personally identifiable data must be notified.
This means that if you have personally identifiable data in a project, you are obliged to keep a record of the processing activities and document who is the data controller and data processor.
Notification of the research record must typically be made to the institution where the project manager is employed. If the research originates from a hospital, it will typically be the region, but could just as well be a university or a company.
Read more about the research record here (in Danish): Vejledning om fortegnelse (datatilsynet.dk)
Storage and processing of personal data must be done according to the GDPR.
The basis for the data protection rules is the data protection regulation (in English General Data Protection Regulation or GDPR). In Denmark, the regulation is supplemented by the Data Protection Act, which lays down certain national rules on the processing of personal data.
The rules on data protection entails a number of requirements for the researcher, which must be complied with when, e.g., personal data about others is collected, stored and passed on.
For instance, the researcher must be aware of the types of personal data being processed (ordinary and/or sensitive) and whether the researcher has a legal basis for processing the personal data. In this connection, the researcher must, among other things, be aware of whether the processing of data requires consent or whether the researcher has another legal basis for processing.
Read more about GDPR here: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
Health data research is covered by the Health Act, and it is important that all laws are complied with. Health data consisting of information about individuals’ health conditions, other private matters and other confidential information from patient records etc. can be passed on to a researcher for use in a specific biomedical research project. Though it must be provided that permission has been granted for the project in accordance with the Act on a scientific ethics committee system and treatment of biomedical research projects. This also applies when it comes to biological material that a patient has provided in connection with treatment and that can be passed on for research use for a specific biomedical research project.
Read more about the Danish Health Act here (in Danish): Sundhedsloven (retsinformation.dk)
The purpose of the scientific ethics committee system is to ensure that health science research projects and health data science research projects are carried out scientifically ethically. Consideration for the rights, safety and well-being of subjects and the rights, integrity and privacy of research participants takes precedence over scientific and societal interests in creating the opportunity to provide new knowledge or examine existing knowledge that can justify the implementation of the research project.
Read more about the science ethics committee system here (in Danish): National Videnskabsetisk Komité | Nationalt Center for Etik, Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
As the data controller, you are obliged to comply with the data protection rules and generally ensure that there is adequate protection of the personal data that you process.
One of the basic principles of the data protection rules deals with data minimisation. Processing of data, including storage of data, must be limited to what is necessary to fulfill the purpose of the research project. This means that you must only obtain the data that is required for the purpose of the project.
Read more about data minimisation here: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
When you, as a private company, public authority, individual, institution or any other body, process (e.g. collect, register, pass on or delete) personal data about other people, it is important that you are aware of what your role is in connection with the treatment of data.
Within personal data law, a distinction is made between whether you are respectively the data controller for the processing of personal data, or whether you only act as a data processor for a data controller.
It is important that you know your own role in connection with the processing, since the requirements for a data controller and for a data processor are different.
If the parties participating in the processing of personal data are uncertain about who is responsible for complying with the various rules on data protection, there is a risk that none of the parties will assume responsibility, or that one party will assume responsibility, the person in question does not actually have.
It is therefore very important that you – before you start processing personal data – clarify what role you and any other parties have in connection with the processing.
As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
The data processing agreement must ensure that the personal data is processed in a correct and secure manner by the data processor, and that the data controller is notified, if there e.g. is a suspicion of a security breach.
The Data Protection Regulation’s definitions of the terms data controller and data processor:
A data controller is the individual or legal person, public authority, etc., who determines the purposes for which the personal data may be processed (the purpose) and how the personal data may be processed (the means), including by whom the personal data may be processed.
A data processor, on the other hand, is an individual or legal person, public authority etc. that processes personal data on behalf of the data controller. The data processor, in contrast to the data controller, determines neither how nor for what purposes personal data may be processed.
Find templates and read more about data processing agreements: Data controller and processor (datatilsynet.dk)
GCP stands for Good Clinical Practice, which is an international ethics and scientific quality standard for clinical trials which involve humans. The standard includes all parts of the trials, from planning to reporting results.
The purpose of GCP is to ensure that the subject’s rights, safety and well-being are taken care of, as described in the Declaration of Helsinki. By complying with GCP, it is ensures that the collected data is valid, complete and well documented.
It is legally required to monitor drug trials and clinical trials according to GCP. The trial sponsor is responsible for ensuring this monitoring, but can delegate the task to a monitoring unit – e.g. a GCP unit.
Read more about GCP here: English – GCP-Enhederne
When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1 and 74 subsection 1 and 2), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored.
The ISO 14155 standard can be accessed via Danish Standards, here: DS/EN ISO 14155:2020 – Webshop Dansk Standard
ISO 14155 also includes Good Clinical Practice (GCP), which you can read more about in the section: GCP
Read more about monitoring of medical equipments and ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
Or contact your regional GCP Unit: English – GCP-Enhederne
Diagnostic imaging data
Diagnostic imaging data
Particularly complex areas:
Special types of studies falls under particularly complex areas and must therefore be reported to the National Scientific Ethics Committee.
The particularly complex areas include:
- Comprehensive mapping of the individual’s inheritance, in which an exemption from the consent requirement pursuant to Section 10 of the Committees Act is applied for
- Psychosurgery
- Research on deceased individuals as part of the removal of their organ(s)
- Health data science research projects
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Health data science research projects:
Already collected diagnostic imaging data is categorized as health data science research projects, that is, projects that use sensitive bioinformatics data, where there may be a risk of significant health-related secondary findings. The term includes research into genome data or imaging data, which have been generated in previous research projects or in connection with clinical diagnostics of patients.
Research projects without biological material with already existing diagnostic imaging data from a previous research project or from treatment using diagnostic imaging. These projects must have their explicit and primary focus on imaging data, as the specific subject field of the research project. In addition to the image medium being the primary focal point of the research project, data from patient records or data from health registers can also be included as secondary components.
The focus is thus on the “reuse” of already created data within diagnostic imaging, either in a research context or in a treatment context. The research purpose will thus be new. This type of project is particularly characterized by dealing with very extensive and sensitive information about individuals, which may involve significant health findings about the individual, which may have to be reported back to the subject.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
You must apply for the following approvals:
Your project must be approved by the National Scientific Ethics Committee (NVK)
Reason:
Already collected diagnostic imaging data is categorized as health data science research projects, that is, projects that use sensitive bioinformatics data, where there may be a risk of significant health-related secondary findings. The term includes research into genome data or imaging data, which have been generated in previous research projects or in connection with clinical diagnostics of patients.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
All clinical trials involving humans, which do not include particularly complex areas or testing of drugs and/or medical equipment, must be reported to the Regional Scientific Ethics Committee in the area where the researcher is active.
Projects where diagnostic imaging data have not already been collected are not categorized as health data science research projects, and should therefore not be reported to the National Scientific Ethics Committee, but to the Regional Scientific Ethics Committee.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
De regionale videnskabsetiske komiteer | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Biological material
Projects with non-anonymous biological material
Biological material:
Biological material means: Human germ cells, human fertilized eggs, embryos and fetuses, tissue, cells and genetic components from humans, fetuses and or the like or deceased.
References (in Danish):
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
Hvad skal jeg anmelde? | Nationalt Center for Etik
Anonymous biological material:
Human biological material is anonymous, where the tissue donor cannot be identified, via a code or similar to the data, and which is thus not personally identifiable, and where the material cannot be directly or indirectly attributed to a person.
If the person can be identified through combination with other information, the data is identifiable and no longer anonymous.
Pseudonymised material, where the biological material can be attributed to the tissue donor via, for example, name or numerical code, is not considered anonymous within the meaning of the Committee Act. If there is just one person who has the “key”, then the material is not anonymous, but identifiable.
References (in Danish and English):
Biobanker | Nationalt Center for Etik
What is personal data? (datatilsynet.dk)
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
Health science research projects with humans, as well as experiments with tissues, cells, etc., must be reported to the Regional Scientific Ethics Committee for the area in which the researcher works.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Bekendtgørelse af lov om assisteret reproduktion i forbindelse med behandling, diagnostik og forskning m.v. (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Experiments on cell lines or the like, which originate from an approved experiment with the collection of cells or tissue, and which have obtained the necessary approval, should not be reported to the Scientific Ethics Committee.
(However, an exception applies if the experiment concerns the use of fertilized eggs, stem cells and stem cell lines from this, as mentioned in § 25 and § 27, subsection 2 of the Act on assisted reproduction in connection with treatment, diagnostics and research, etc., which must be notified)
References (in Danish):
Biobanker | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Projects with anonymous biological material
Biological material:
Biological material means: Human germ cells, human fertilized eggs, embryos and fetuses, tissue, cells and genetic components from humans, fetuses and or the like or deceased.
References (in Danish):
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
Hvad skal jeg anmelde? | Nationalt Center for Etik
Anonymous biological material:
Human biological material is anonymous, where the tissue donor cannot be identified, via a code or similar to the data, and which is thus not personally identifiable, and where the material cannot be directly or indirectly attributed to a person.
If the person can be identified through combination with other information, the data is identifiable and no longer anonymous.
Pseudonymised material, where the biological material can be attributed to the tissue donor via, for example, name or numerical code, is not considered anonymous within the meaning of the Committee Act. If there is just one person who has the “key”, then the material is not anonymous, but identifiable.
References (in Danish and English):
Biobanker | Nationalt Center for Etik
What is personal data? (datatilsynet.dk)
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
You must do the following:
Research projects that only include anonymous human biological material that has been collected in accordance with the legislation at the place of collection, i.e. material that cannot be irreversibly attributed either directly or indirectly to specific persons, should not be reported to the Scientific Ethics Committee.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
Research projects that only include anonymous human biological material that has been collected in accordance with the legislation at the place of collection, i.e. material that cannot be irreversibly attributed either directly or indirectly to specific persons, should not be reported to the Scientific Ethics Committee.
However, an exception applies to research projects mentioned in Section 25 of the Act on Assisted Reproduction in connection with treatment, diagnostics and research etc., which must be notified.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Bekendtgørelse af lov om assisteret reproduktion i forbindelse med behandling, diagnostik og forskning m.v. (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Genome data
Genome data
Particularly complex areas:
Special types of studies fall under particularly complex areas and must therefore be reported to the National Scientific Ethics Committee.
The particularly complex areas include:
- Comprehensive mapping of the individual’s inheritance, in which an exemption from the consent requirement pursuant to Section 10 of the Committees Act is applied for.
- Psychosurgery
- Research on deceased persons as part of the removal of their organ(s).
- Health data science research projects.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Health data science research projects:
Already collected genome data is categorised as health data science research projects, that is, projects that use sensitive bioinformatics data, where there may be a risk of significant health-related secondary findings. The term includes research into genome data or imaging data, which have been generated in previous research projects or in connection with clinical diagnostics of patients.
Research projects without biological material with already existing genome data from extensive mapping of the human genome, where genome data either originates from a previous research project or originates from patient investigation/patient treatment.
The focus is thus on the “reuse” of already created data within the genome field, either in a research context or in a treatment context. The research purpose will thus be new. This type of project is particularly characterised by dealing with very extensive and sensitive information about individuals, which may involve significant health findings about the individual, which may have to be reported back to the subject.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
You must apply for the following approvals:
Your project must be approved by the National Committee on Health Research Ethics (NVK)
Reason:
Already collected genome data is categorised as health data science research projects, that is, projects that use sensitive bioinformatics data, where there may be a risk of significant health-related secondary findings. The term includes research into genome data or imaging data, which have been generated in previous research projects or in connection with clinical diagnostics of patients.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Committees on Health research Ethics (RVK) in your regional area.
Reason:
All clinical trials involving humans, which do not include particularly complex areas or testing of drugs and/or medical equipment, must be reported to the Regional Committees on Health research Ethics in the area where the researcher is active.
Projects where genome data have not already been collected are not categorised as health data science research projects, and should therefore not be reported to the National Committee on Health Research Ethics, but to the Regional Committees on Health research Ethics.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
De regionale videnskabsetiske komiteer | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Interventional studies without medicine or medical equipment
Interventional studies without medicine or medical equipment
Intervention:
Intervention studies investigate the direct treatment effect or the prevention effect, by the researcher testing a method other than standard treatment or standard prevention (intervening) in a treatment or prevention.
Particularly complex areas:
Special types of studies falls under particularly complex areas and must therefore be reported to the National Scientific Ethics Committee.
The particularly complex areas include:
- Comprehensive mapping of the individual’s inheritance, in which an exemption from the consent requirement pursuant to Section 10 of the Committees Act is applied for.
- Psychosurgery
- Research on deceased persons as part of the removal of their organ(s).
- Health data science research projects.
Health data science research projects concern:
- Research projects without biological material with already existing genome data from extensive mapping of the human genome, where genome data either originates from a previous research project or originates from patient investigation/patient treatment.
or
- Research projects without biological material with already existing diagnostic imaging data from a previous research project or from treatment using diagnostic imaging. The project must have its explicit and primary focus on image data, as the research project’s specific subject field. In addition to the image medium being the primary focal point of the research project, data from the patient records or data from health registers can also be included as a secondary components.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
SDV-sager | Nationalt Center for Etik
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
All clinical trials involving humans, which do not include particularly complex areas or testing of drugs and/or medical equipment, must be reported to the Regional Scientific Ethics Committee in the area where the researcher is active.
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
De regionale videnskabsetiske komiteer | Nationalt Center for Etik
ATTENTION: If the project deals with alternative forms of therapy, particularly complex areas or gene therapy, other rules may apply. Read more about what the individual studies require in the respective sections.
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
Although the intervention itself can be characterised as alternative, the requirements for well-defined inclusion and exclusion criteria and effect measures are the same, and the interventions must be reproducible. For example, trials with mindfulness have been known to be subject to notification in the committee system.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Komitéloven (danskelove.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
Your project must be approved by the National Scientific Ethics Committee (NVK)
Reason:
It is an interventional study and deals with particularly complex areas.
Research projects regarding particularly complex areas:
- Comprehensive mapping of the individual’s inheritance, in which dispensation for consent pursuant to Section 10 of the Committees Act is applied for
- Psychosurgery
- Research on a deceased person as part of extracting their organ
- Health data science research projects without biological material with already existing genome data or already existing diagnostic imaging data.
Read more about the particularly complex areas in the section: General information about intervention and particularly complex areas.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Dokumenter til anmeldelse af andre sundhedsvidenskabelige forsøg | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
Your project must be approved by the National Scientific Ethics Committee (NVK) and the Danish Working Environment Authority.
Reason:
It is an interventional study and deals with particularly complex areas.
All trials with gene therapy/technology must be approved by the Danish Working Environment Authority.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
De regionale videnskabsetiske komiteer | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Interviews
Interviews
Interviews:
The basic structure of an interview is a conversation between interviewer and respondent.
An interview can consist of closed questions (e.g. yes/no) so that they are reminiscent of a questionnaire, but most often an interview will consist of relatively few open questions, which the respondent have plenty of time to answer with his own words (the qualitative interview).
Reference (in Danish):
Interviews (au.dk)
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
You must do the following:
Health science interview studies that do not include human biological material should not be reported to a scientific ethics committee. (Section 14, subsection 2 of the Committee Act).
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Further information:
If the study requires a specific population, such as people with a specific disease, then other rules may apply in relation to whether the people are still in treatment or not.
See the section: Projects consisting of interviews and patient record data.
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Patients in current treatment or follow-up: Obtain consent from the patient, in which permission is given to participate in the project and to pass on or obtain information from the patient’s patient record for the current research project.
Patients not in current treatment or follow-up: Apply for permission to have the patient record data transmitted to you from the Regional Council in the area where you work. Get approval from the health professionals who have treated the people in question before contacting individuals.
Reason:
Research projects that do not require approval from the Scientific Ethics Committee must apply for permission to have patient record data transmitted from the Regional Council. You apply for permission to use patient records for research projects from the region you are affiliated with. If, for example, you want to expand the project or have other additions, you should also apply to the Regional Council in the region in which you operate.
It is clear from the Health Act that if you want to address patients for whom you have obtained patient record data, this can only be done with the permission of the healthcare professional who has treated the patient or from the management of the treatment facility if the relevant healthcare professional cannot be reached.
Section 46 of the Health Act. Para. 6: Subsequent contact with individuals may only occur to the extent that the healthcare professionals who have treated them grant permission. If it’s not possible to contact the relevant healthcare professional, permission for subsequent contact with these individuals may be granted by the management of the treatment facility.
Reference (in Danish):
Sundhedsloven (retsinformation.dk)
On the website of the Guidance Function you can find the information about applications to the Regional Councils: Guide to data access and approvals | Vejledningsfunktionen
Other references (in Danish):
Patientjournaloplysninger til forskning | Styrelsen for Patientsikkerhed (stps.dk)
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
Vær opmærksom, når du skal kontakte borgere – Sundhedsdatastyrelsen
Sundhedsloven (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Health science interview studies that do not include human biological material should not be reported to a scientific ethics committee. (Section 14, subsection 2 of the Committee Act).
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Although you do not necessarily have to notify interview studies that do not include human biological material, you must still comply with the applicable rules for the data you wish to combine the interviews with.
See which approvals other data types require on the Guidance Function’s website: Project overview and approvals | Vejledningsfunktionen
Other references (in Danish):
Patientjournaloplysninger til forskning | Styrelsen for Patientsikkerhed (stps.dk)
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
Vær opmærksom, når du skal kontakte borgere – Sundhedsdatastyrelsen
Sundhedsloven (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Quality development / quality assurance projects
Quality development / quality assurance projects with or without patient record data
Quality development / quality assurance projects:
In the case of quality projects (quality assurance or quality development), the aim is to ensure or develop and improve the quality of patient care. Quality projects are therefore close to the normal operations in the departments, and provide knowledge locally in the organization about the quality of what is examined.
The primary purpose of the study is not in itself to acquire generalizable knowledge about the onset of the disease and so on.
Reference (in Danish):
Forsknings- eller kvalitetsprojekt? – Sundhed Fagperson (rm.dk)
It can be difficult to distinguish between research projects and quality projects. The Danish Agency for Patient Safety has defined research as a planned project that aims to systematically acquire knowledge about the onset of disease and about its prevention, diagnostics and treatment. The project must be planned and the purpose must be a systematic acquisition of knowledge. Thereby, research is separated from quality projects and quality control, where it is an activity that is part of the operation of the healthcare system, for example the treatment results achieved by a hospital department for a given patient group.
It is recommended that, in case of doubt, a discussion is held with the local hospital management to get clarification.
Reference (in Danish):
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
The Northern Denmark Region has a diagram (in Danish) that can be used to assess whether one’s project is a quality or a research project:
Er mit projekt et kvalitets- eller et forskningsprojekt? (rn.dk)
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
You must do the following:
Seek approval internally from the management of the treatment facility.
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Seek approval internally from the management of the treatment facility.
Reason:
Acquisition of patient record data for use in quality assurance or quality development projects must only be approved by the management at the treatment facility, cf. section 42 d, subsection of the Health Act. 2.
Reference (in Danish):
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Trials of medicines
Trials of medicines
Medicinal product :
A product is a medicinal product if it satisfies either of the criteria in section 2(i)(a) and (i)(b) of the Danish Medicines Act:
- (i)(a): If the product is presented as a suitable medicinal product for the treatment or prevention of disease in humans or animals;
- (i)(b): If the product may be used in or administered to humans or animals to recover, change or affect physiological functions by having a pharmacological, immunological and metabolic effect, or to make a medical diagnosis.
Reference:
Definitions of medicines and other product groups (laegemiddelstyrelsen.dk)
Clinical trials of medicines:
Health science research project relating to clinical trials with medicinal products: Any human trial that aims to uncover or verify the clinical, pharmacological or other pharmacodynamic effects of one or more experimental medicinal products or to identify side effects of one or more experimental medicinal products or to investigate absorption, distribution, metabolism or excretion of one or more investigational medicinal products in order to assess the safety or efficacy of the medicinal product.
References (in Danish and English):
Komitéloven (danskelove.dk)
Clinical trials of medicines (laegemiddelstyrelsen.dk)
Intervention:
Intervention studies investigate the direct treatment effect or the prevention effect, by the researcher testing a method other than standard treatment or standard prevention (intervening) in a treatment or prevention.
Gene therapy (advanced therapy):
Scientific progress in cellular and molecular biotechnology has led to the development of advanced therapies, such as gene therapy, somatic cell therapy, and tissue engineering. Advanced therapy products are presented as having properties for treating or preventing diseases in human beings, or that they may be used in or administered to human beings with a view to restoring, correcting or modifying physiological functions by exerting principally a pharmacological, immunological or metabolic action.
– A (medical) product which may fall within the definition of:
- A somatic cell therapy medicinal product or a tissue engineered product, and
- A gene therapy medicinal product,
Shall be considered as a gene therapy medicinal product.
– Cells or tissues shall be considered ‘engineered’ if they fulfil at least one of the following conditions:
- The cells or tissues have been subject to substantial manipulation, so that biological characteristics, physiological functions or structural properties relevant for the intended regeneration, repair or replacement are achieved.
- The cells or tissues are not intended to be used for the same essential function or functions in the recipient as in the donor.
A tissue engineered product may contain cells or tissues of human or animal origin, or both. The cells or tissues may be viable or non-viable.
Read more about the definition of gene therapy (advanced therapy) at the following source: eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32007R1394
References (in Danish and English):
Guide to assessing if a trial falls under the definition of a clinical trial (laegemiddelstyrelsen.dk)
https://database.ich.org/sites/default/files/ICH_E8-R1_Guideline_Step4_2021_1006.pdf
Hvad skal jeg anmelde? | Nationalt Center for Etik
You must apply for the following approvals:
Your trial must be approved by the Danish Medicines Agency and the Medical Research Ethics Committees and reported via the Clinical Trials Information System (CTIS).
Reason:
All clinical trials of medicinal products with intervention must be reported to the Danish Medicines Agency and the Medical Research Ethics Committees through CTIS.
Link to CTIS: Clinical Trials in the European Union – EMA (euclinicaltrials.eu)
References (in Danish and English):
Guideline for applications for authorisation of clinical trials of medicinal products in humans (laegemiddelstyrelsen.dk)
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Further information:
A clinical trial is carried out to investigate how a medicine works, what side effects it has and how it is metabolized in the body. The medicines that are being investigated can be both new medicines and well-known medicines that are already on the market in Denmark.
References:
Clinical trials of medicinal products (laegemiddelstyrelsen.dk)
Definitions of medicines and other product groups (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
Your trial must be approved by the Danish Medicines Agency and the Scientific Ethics Committees through the Clinical Trials Information System (CTIS) and report the trial to the Danush Working Environment Authority.
Reason:
All clinical trials of medicines with intervention must be reported to the Danish Medicines Agency and the Medical Research Ethics Committees through CTIS.
If the study involves gene therapy or genetic technology, it must also be reported to the Danish Working Environment Authority.
Work with gene therapy must be reported to the Danish Working Environment Authority if it is part of a clinical trial or research project, but not if it is an approved form of treatment.
Read more about the definition of gene therapy (advanced therapy) at the following source: eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32007R1394
References (in Danish and English):
Guideline for applications for authorisation of clinical trials of medicinal products in humans (laegemiddelstyrelsen.dk)
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0536&from=EN
Self-service – Arbejdstilsynet (at.dk)
Introduction – Notify genetic engineering research and work with gene therapy | Business in Denmark (virk.dk)
Further information:
A clinical trial is carried out to find out how a medicine works, what side effects it has and how it is metabolised in the body. The medicines that are being investigated can be both new medicines and well-known medicines that are already on the market in Denmark.
Read more about gene therapy in the section: General information about medicine, trials of medicines, intervention and gene therapy.
References:
Clinical trials of medicinal products (laegemiddelstyrelsen.dk)
Definitions of medicines and other product groups (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
All clinical trials involving humans, which do not include particularly complex areas or testing of drugs and/or medical equipment, must be reported to the Regional Scientific Ethics Committee in the area where the researcher is active.
It is only clinical trials with medicinal products on humans, i.e. trials on humans, with the aim of uncovering the clinical, pharmacological or other pharmacodynamic effects of one or more experimental medicinal products or identifying side effects of one or more experimental medicinal products or to investigate absorption, distribution, metabolism or excretion of one or more investigational medicinal products with a view to assessing the safety or effect of the medicinal product (section 2, no. 2 of the committee act), which must be notified via CTIS.
This means that projects that do not aim to investigate the actual effect of a medicine, but where approved medicines are included as part of the standard treatment in the project. These projects are not considered trials of medicines and must therefore not be reported via CTIS, but to the Regional Scientific Ethics Committees.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
De regionale videnskabsetiske komiteer | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Medical equipment / In vitro diagnostic
Medical equipment with intervention
Medical equipment:
Medical devices are products which are used to diagnose, prevent, relieve or treat a disease, disability, injury, etc. There are more than 500,000 different types of medical devices available, covering anything from wheelchairs and glasses to pacemakers, mobile phone apps and state-of-the-art surgical equipment.
Reference:
Medical devices (laegemiddelstyrelsen.dk)
Intervention:
Intervention studies investigate the direct treatment effect or the prevention effect, by the researcher testing a method other than standard treatment or standard prevention (intervening) in a treatment or prevention.
You must apply for the following approvals:
Your project must be notified to the Danish Medicines Agency and to the Medical Research Ethics Committees.
Reason:
All clinical trials with medical equipment that wish to obtain/extend CE marking must be notified to both the Medical Research Ethics Committees and the Danish Medicines Agency.
References (in Danish and English):
Anmeld kliniske afprøvninger med medicinsk udstyr under MDR | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Application for clinical investigation of medical devices (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - ISO 14155: When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1. and 74 subsection 1. and 2.), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored. Read more about ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
You must apply for the following approvals:
Your project must be notified to the Danish Medicines Agency and to the Medical Research Ethics Committees.
Reason:
If you carry out clinical follow-up studies of medical equipment after marketing, which are otherwise subject to notification to a scientific ethics committee, you must report it to the Medical Research Ethics Committees. If the testing involves additional burdensome and/or invasive procedures in relation to the equipment’s CE marking, you must also notify the Danish Medicines Agency (article 74.1). If you are in doubt as to whether the testing involves additional burdensome or invasive procedures, contact the Danish Medicines Agency
References (in Danish and English):
Anmeld kliniske afprøvninger med medicinsk udstyr under MDR | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Application for clinical investigation of medical devices (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - ISO 14155: When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1. and 74 subsection 1. and 2.), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored. Read more about ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
You must apply for the following approvals:
Your project must be reported to the Medical Research Ethics Committees.
Reason:
If you carry out tests of medical devices for purposes other than those listed in articles 62, 74(1) & 74(2), which involve additional procedures or behavioural regulation in relation to normal clinical practice, you must report it to the Medical Research Ethics Committees (Article 82).
References (in Danish):
Anmeld kliniske afprøvninger med medicinsk udstyr under MDR | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Further information:
Testing of medical equipment for purposes other than those listed in Article 62, 74(1) & 74(2), which involve additional procedures or behavioural regulation in relation to normal clinical practice. It can be, for example, research-initiated tests of already CE-marked medical equipment (including head-to-head studies) or tests of early prototypes of medical equipment without the aim of obtaining CE marking.
References (in Danish):
Anmeld kliniske afprøvninger med medicinsk udstyr under MDR | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - ISO 14155: When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1. and 74 subsection 1. and 2.), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored. Read more about ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
In vitro diagnostic equipment with intervention
In vitro diagnostic equipment:
In vitro diagnostic medical equipment means any medical equipment that is a reagent, reagent product, calibrator, control material, sample kit, instrument, apparatus, device, software or system, used alone or in combination, and which, according to the manufacturer, is intended for use in vitro for the examination of sample material from the human body, including blood and tissue donations.
Reference (in Danish):
Medicinsk udstyr til in vitro-diagnostik (laegemiddelstyrelsen.dk)
After 26 May 2022, medical equipment for in-vitro diagnostics can only be put into use when these are CE-marked.
In order for a clinical test of a medical equipment to be covered by the regulation’s article 58, subsection 1 the following conditions must be met:
- Must include surgically invasive samples collected only for the purpose of studying performance and is an interventional clinical performance study whose test results may influence patient care decisions and/or be used in treatment guidance
or
- Conducting the study involves additional invasive interventions or other risks for the subjects of the studies compared to the standard procedure for using the equipment.
References (in Danish):
Kliniske afprøvninger med medicinsk udstyr til in vitro-diagnostik under IVDR | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Intervention:
Intervention studies investigate the direct treatment effect or the prevention effect, by the researcher testing a method other than standard treatment or standard prevention (intervening) in a treatment or prevention.
You must apply for the following approvals:
Your project may have to be notified to both the Medical Research Ethics Committees and the Danish Medicines Agency.
Reason:
If the clinical testing of in vitro diagnostic medical equipment is carried out with the aim of obtaining the CE mark for the equipment, it must be reported to both the Medical Research Ethics Committees and the Danish Medicines Agency.
If the clinical testing is carried out with CE-marked in vitro diagnostic medical equipment with use outside the equipment’s stated purpose, the rules in Article 58 of the regulation apply. Such clinical trials that meet the conditions of Article 58 of the regulation
Subsection 1 must be reported to both the Medical Research Ethics Committees and the Danish Medicines Agency.
Subsection 2 must only be reported to the Medical Research Ethics Committees, but with notification to the Danish Medicines Agency. Subsection 2 deals with clinical tests of equipment for accompanying diagnostics, i.e. equipment which is essential for the safe and effective use of an associated medicinal product.
References (in Danish and English):
Kliniske afprøvninger med medicinsk udstyr til in vitro-diagnostik under IVDR | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Application for clinical investigation of medical devices (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - ISO 14155: When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1. and 74 subsection 1. and 2.), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored. Read more about ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
You must apply for the following approvals:
Your project must be reported to the Medical Research Ethics Committees and the Danish Medicines Agency may need to be notified.
Reason:
If clinical follow-up studies of CE-marked in vitro diagnostic medical equipment are carried out after marketing, these must be reported to the Medical Research Ethics Committees. If these tests imply that the trial participants are exposed to additional procedures than those during normal use of the equipment, and are invasive or burdensome, the Danish Medicines Agency must also be notified of this.
If in doubt as to whether the testing entails additional burdensome or invasive procedures, contact the Medical Research Ethics Committees by e-mail: kontakt@dvmk.dk.
References (in Danish and English):
Kliniske afprøvninger med medicinsk udstyr til in vitro-diagnostik under IVDR | Nationalt Center for Etik Hvortil skal jeg anmelde? | Nationalt Center for Etik
Hvad skal jeg anmelde? | Nationalt Center for Etik
Application for clinical investigation of medical devices (laegemiddelstyrelsen.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - ISO 14155: When a test of medical equipment is subject to notification to the Danish Medicines Agency (EU regulation article 62 subsection 1. and 74 subsection 1. and 2.), the test must meet the ISO 14155 standard, i.e. that the trial must be monitored. Read more about ISO 14155 (in Danish and English): Monitorering af klinisk afprøvning af medicinsk udstyr – GCP-Enhederne, Danish Standards Foundation
Patient record data
Projects with patient record data with/without biological material
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
Biological material:
Biological material means: Human germ cells, human fertilized eggs, embryos and foetuses, tissue, cells and genetic components from humans, foetuses and or the like or deceased.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk)
Hvad skal jeg anmelde? | Nationalt Center for Etik
You must do the following:
Patients in current treatment or follow-up: Obtain written consent from the patient, in which permission is given for the transmission or collection of information from the patient’s patient record for the current research project.
Patients not in current treatment or follow-up: Apply for permission have the patient record data transmitted from the Regional Council in the area where you work.
Reason:
Research projects that do not require approval from the Scientific Ethics Committee must apply for permission to have the patient record data transmitted from the Regional Council. You apply for permission to use patient records for research projects from the region you are affiliated with. If, for example, you want to expand the project or have other additions, you must apply to the Regional Council in the region in which you operate.
On the Guidance function’s website you can find information about the applying process to the Regional Councils: Guide to data access and approvals | Vejledningsfunktionen
References (in Danish):
Patientjournaloplysninger til forskning | Styrelsen for Patientsikkerhed (stps.dk)
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must apply for the following approvals:
The trial must be approved by the Regional Scientific Ethics Committee (RVK) in your regional area.
Reason:
Health science research projects with humans, as well as experiments with tissues, cells, etc. must be reported to the Regional Scientific Ethics Committee for the area in which the researcher works. Transmission of patient record data can also be requested in the application.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Hvortil skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Registry data
Register projects with data from data providers
Registry research projects:
Register research projects are quantitative research that uses data from registers. Registers mean a structured collection of personal or company information, and register research in this context means research carried out using information from electronic registers.
Reference (in Danish):
register.p65 (registerforskning.dk)
Exclusively register projects:
Exclusive register projects are studies that only contain data registered in a register, where no additional data is used, such as medical record data or biological material, etc.
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Data providers:
In this context, data providers mean entities that have data that can be used for research. Here, Statistics Denmark, the Health Data Agency, the Regions’ Clinical Quality Development Program (RKKP) and the National Archives, among others, can be mentioned as some of the data providers that have data that can be used for registry projects.
You must do the following:
Register research projects which do not include human biological material, but are based on pure data, i.e. letters, numbers, signs and so on (section 14, subsection 2 of the committee act), are not required to notify a Scientific Ethics Committee.
However, the general rules for research with health data must be followed, see the section: General rules and laws.
References (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Find information about data access from the data provider(s) from whom data is requested.
Reason:
Requirements for accessing data depend, among other things, on the data provider and how the data is to be processed.
You can read more about access to data from the various data providers, or read about the application process for some of the data providers on the Guidance Functions website: Guide to data access and approvals | Vejledningsfunktionen
Further information:
In this context, data providers mean entities that have data that can be used for research. Here, Statistics Denmark, the Health Data Agency, the Regions’ Clinical Quality Development Program (RKKP) and the National Archives, among others, can be mentioned as some of the data providers that have data that can be used for registry projects.
You must do the following:
Contact the data supplier from whom register data is requested.
Reason:
Some data providers offer the possibility to enrich their register data with other data, for example, your own data or data from other data providers.
However, there is a difference between whether you have to work with data on the data providers services or whether you have data sent home.
Further information:
Although you do not necessarily have to notify the registry part of the research project, you must still comply with the applicable rules for the data you wish to combine register data with.
See which approvals other data types require on the Guidance Functions website: Project overview and approvals | Vejledningsfunktionen
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
Surveys
Surveys
Surveys:
A questionnaire study or survey can be defined as any quantitative study where respondents answer a questionnaire. Most surveys use self-administered questionnaires, where the respondent himself fills in the questionnaire online or in paper form.
Reference (in Danish):
Surveys (au.dk)
Patient record data:
A patient record consists of notes and other material which provide information about the patient’s medical history, condition, planned and carried out treatments, etc., including what information has been given and what the patient has indicated on that basis.
The patient record includes, among other things, operation descriptions, anaesthesia records, X-rays, test results, discharge summary etc., even if this information may appear from separate systems.
The journal may contain information about private matters and other confidential information about the patient, if they are necessary for the patient’s treatment or follow-up.
The journal must provide a clear and comprehensive presentation of the patient’s state of health and need for treatment, so that the health professionals involved can familiarize themselves with the patient’s condition and the planned treatment.
Biological samples are not included in the patient record, but results of analyses and examinations of biological samples are part of the patient record.
References (in Danish):
Vejledning om journalføring for sygehuse og det præhospitale område (retsinformation.dk)
Journalføringsbekendtgørelsen (retsinformation.dk)
You must do the following:
Health science survey studies that do not include human biological material should not be reported to a scientific ethics committee. (Section 14, subsection 2 of the Committee Act).
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Further information:
If the study requires a specific population, such as people with a specific disease, then other rules may apply in relation to whether the people are still in treatment or not.
See the section: Projects consisting of interviews and patient record data.
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Patients in current treatment or follow-up: Obtain consent from the patient, in which permission is given to participate in the project and to pass on or obtain information from the patient’s patient record for the current research project.
Patients not in current treatment or follow-up: Apply for permission to have the patient record data transmitted to you from the Regional Council in the area where you work. Get approval from the health professionals who have treated the people in question before contacting individuals.
Reason:
Research projects that do not require approval from the Scientific Ethics Committee must apply for permission to have patient record data transmitted from the Regional Council. You apply for permission to use patient records for research projects from the region you are affiliated with. If, for example, you want to expand the project or have other additions, you should also apply to the Regional Council in the region in which you operate.
It is clear from the Health Act that if you want to address patients for whom you have obtained patient record data, this can only be done with the permission of the healthcare professional who has treated the patient or from the management of the treatment facility if the relevant healthcare professional cannot be reached.
Section 46 of the Health Act. Para. 6: Subsequent contact with individuals may only occur to the extent that the healthcare professionals who have treated them grant permission. If it’s not possible to contact the relevant healthcare professional, permission for subsequent contact with these individuals may be granted by the management of the treatment facility.
Reference (in Danish):
Sundhedsloven (retsinformation.dk)
On the Guidance Functions website you can find the information about applications to the Regional Councils: Guide to data access and approvals | Vejledningsfunktionen
Other references (in Danish):
Patientjournaloplysninger til forskning | Styrelsen for Patientsikkerhed (stps.dk)
Patientjournaloplysninger til forskning, statistik eller planlægning (regionsyddanmark.dk)
Vær opmærksom, når du skal kontakte borgere – Sundhedsdatastyrelsen
Sundhedsloven (retsinformation.dk)
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
You must do the following:
Health science survey studies that do not include human biological material should not be reported to a scientific ethics committee. (Section 14, subsection 2 of the Committee Act).
Reference (in Danish):
Hvad skal jeg anmelde? | Nationalt Center for Etik
Although you do not necessarily have to notify survey studies that do not include human biological material, you must still comply with the applicable rules for the data you wish to combine the interviews with.
See which approvals other data types require on the Guidance Function’s website: Project overview and approvals | Vejledningsfunktionen
General rules and laws:
- Regional research record: All projects that process or store personally identifiable information must be notified to the register. Read more about the regional research record: Guide to data access and approvals | Vejledningsfunktionen
- GDPR: All rules on the storage and processing of personal data must be complied with in accordance with the GDPR. Read more about GDPR: Fundamental concepts (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- The Danish Health Act: Research with health data is covered by the Health Act, and therefore sets statutory requirements that the researcher must comply with. Read more about the health act (in Danish): Sundhedsloven (retsinformation.dk)
- The Committee Act: The Committee Act must ensure that health and health data science research projects are conducted ethically soundly. This places certain requirements on the researcher, which must be complied with. Read more about the Committee Act (in Danish): Bekendtgørelse af lov om videnskabsetisk behandling af sundhedsvidenskabelige forskningsprojekter og sundhedsdatavidenskabelige forskningsprojekter (retsinformation.dk
- Data minimisation principle: Data must be sufficient, relevant and limited to what is necessary to fulfil the purpose. This means that you must only obtain the data that is required for the purpose of the project. Read more about data minimisation: What are your obligations? (datatilsynet.dk), (in Danish) Databeskyttelsesloven (retsinformation.dk)
- Data processing agreement: As a data controller with a data processor to process personal data, the data controller must enter into a data processor agreement with that person. The agreement must contain instructions for the data processor on how the information is to be processed. A data processing agreement is a binding contract, which must be in writing and must be stored electronically.
Read more about data processing agreements: Data controller and processor (datatilsynet.dk) - GCP: Good Clinical Practice (GCP) is an international ethical and scientific quality standard for the conduct of a clinical drug trial involving humans. All drug trials and clinical trials must be monitored according to GCP. Read more about GCP: English – GCP-Enhederne
The content on the page is produced by Marie Sandstød and Kasper Westphal Leth.
Last updated: 22/12/2023