Privacy and permission

Does the Central Registry of Rare Diseases have permission from the Belgian Privacy Commission to gather data?
Yes. The Privacy Commission has deliberated on this project. Approval (authorisation granted in deliberations
no.13/105 of 22/10/2013 and modification of 16/06/2015 of the Sectoral Committee of Health) has been obtained from the Sectoral Committee for Social Security and Health.

Does the patient need to give permission for registration in this registry?
No. The Privacy Commission has ruled that the patient's permission is not required for registration in the Central Registry of Rare Diseases. Before your data can be registered, however, the physician is obliged to inform the patient about the registry. One way physicians can do this is by providing the patient with a copy of this leaflet. If a patient has questions about this, he or she can contact the physician at any time.
Although the patient's permission is not required for data entry in the registry, patients can still object to the inclusion of data in the registry by explicit request. To do this, the patient can contact his or her physician.​

Who has access to the registered data?
At the genetic centres all data is available because it is registered in the electronic patient record. The data is then sent to the WIV-ISP, where a small number of researchers, under the supervision of a physician, have access to the (encoded) data.

What measures are taken to protect the patient's privacy?
The patient's first name and surname will never be sent to the Central Registry of Rare Diseases.
His or her national register number will be used as a unique identification number, however this will be converted to a unique code during transmission to Sciensano. The eHealth platform carries out this encoding as a Trusted Third Party and stores the unique key to the code.
Only a small number of scientific staff at Sciensano will have access to the encoded data. They are bound to secrecy under their employment contract.
Reports about the Central Registry of Rare Diseases will only contain anonymised data.

What is a Trusted Third Party?
A Trusted Third Party is an independent third party that guarantees the reliability of privacy protection measures during the gathering, exchange or processing of data.
The eHealth-Platform is a federal government institution, and is the Trusted Third Party that guarantees the encoding of patients' national register number for the Central Registry of Rare Diseases.

As this registry concerns rare diseases and contains only a limited number of patients for a specific disease, patients might easily be recognised, even when their personal information is coded. How can I be certain that personal data cannot be inferred?
A “Small Cell Analysis” has been carried out. This analysis set out the necessary measures that need to be taken to ensure that individuals can no longer be identified based on the data. For example results will always be grouped, for instance over a larger geographical area, or certain diseases will be arranged into groups of diseases.