Skip to content

Update ethics.md #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
roxmer wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update ethics.md #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
206 changes: 175 additions & 31 deletions docs/ethics.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,62 +2,206 @@

# Version 1.0

Contents

_B3Africa Model Data Management Policy_ 1
# B3Africa Model Data Management Policy

_Version 1.0_ 1
Version 1.0

1 B3Africa Model Data Management Policy (MDMP): Frist draft 2
# 1 B3Africa Model Data Management Policy (MDMP): First draft

1.1 Introduction 2
## 1.1 Introduction

1.2 Platform Adoption Procedure 2
This Model Data Management Policy (MDMP) is based on the B3Africa legal framework proposed in this document and will provide a set of formal rules, criteria and priorities that should guarantee a consistent ascertainment of all requirements that should be fulfilled by the platform and by the users of the B3Africa platform. This policy will be implemented as part of the B3Africa final product, the eB3Kit and will pave the way for managing the use of the eB3Kit in control and regulated environments beyond the project's lifetime.

1.2.1 Organization Application 3
**Policy Principles**

1.2.2 Individual Membership Application 4
- Based on common standards regarding informed consent and ethical approval. The definition of the concepts will be determined by the applicable law on site. If the applicable law does not regulate these issues, minimum requirements will be applied. For all the European users, it will be based on the EU General Data Protection Regulation
- Compatible with the stated purpose of the B3Africa platform
- Aims to ensure that the platform meets its obligations towards its stakeholders
- Facilitate and ensure secure and high quality services for data storage, analysis and sharing
- Clearly specify what data can be stored, analysed and accessed
- Clearly specify what data will NOT be stored, analysed or accessed

1.2.3 Storage and Analysis Services Request 4
There are three main ways to adopt the platform:

1.3 Evaluation of Requests 5
1. Through a central organization that provides the eB3Kit
2. Researchers or research groups adopting the eB3Kit individually
3. Individual person acquiring the software from GitHub

1.3.1 Selection criteria for organization acceptance 5
This Model Data Management Policy only applies to adoption according to point 1 and 2 above. If the eB3Kit is adopted by an individual person, the policy can be used as an informative tool to support the ethical and legal governance work.

1.3.2 Selection criteria for individual membership 5
## 1.2 Platform Adoption Procedure

1.3.3 Selection criteria for data store and analysis 6
### 1.2.1 Introduction

1.3.4 Suggested standard forms to be designed by the platform 7
In this section, the following two ways of adopting the platform will be discussed; (1) when a central organization takes the responsibility of delivering the eB3Kit to researcher groups and biobanks, and (2) an individual research group downloads the eB3Kit from GitHub and implements it in their own infrastructure.

In situation (1), when a central organization takes the responsibility of delivering the eB3Kit to institutions, departments, research groups and biobanks, an **Adoption Committee** should be created in order to evaluate adoption requests. This is described in section 1.2.2. The procedure for evaluating the adoption requests will provide the adoption committee with evaluation criteria to be considered when granting the adoption of the eB3Kit.

In situation (2), when an individual research group acquires the software by itself, an Adoption Committee is not necessary. The adoption procedure can start with the creation of an **Access Committee**. Whoever acquires the eB3Kit, either from a central organization or individually; should have an access committee to control the access to the software and data. This is described in section 1.2.3.

# 1B3Africa Model Data Management Policy (MDMP): Frist draft
### 1.2.2 Organization Application

## 1.1Introduction
The procedure for evaluating the adoption requests will provide the adoption committee with evaluation criteria to be considered when granting the adoption of the eB3Kit. In principle, all the member organizations of the B3Africa project are entitled to adopt the platform as well as the institutions participating as use cases. Nevertheless, this policy will pave the way to future adoption of the eB3Kit by other African and European medical-research institutions. It implies that regulations about the adoption of the B3Africa platform should be in place beyond the project's lifetime. Established organizations as AISA, BBMRI-ERIC and BCNet can be suitable for managing the distribution and management of the B3Africa informatics platform.

This Model Data Management Policy (MDMP) is based on the B3Africa legal framework proposed in this document and will provide a set of formal rules, criteria and priorities that should guarantee a consistent ascertainment of all requirements that should be fulfilled by the platform and by the users of the B3Africa platform. This policy will be implemented as part of the B3Africa final product, the eB3Kit and will pave the way for managing the use of the eB3Kit in control and regulated environments beyond the project's lifetime.
This policy will also guarantee standard data access procedures when creating federation of eB3Kit instances or when integrating the eB3Kit with existing e-infrastructures for storage, analysis or sharing purposes.

Policy Principles
The eB3Kit can be acquired by an organization that will manage its use inside the boundaries of the organization. For instance, BCNet could distribute the eB3Kit (physically or virtually) to its members. In all the cases, the organizations (biobanks, institutions, hospital, etc.) should request the adoption of the eB3Kit to BCNet.

- .Based on common standards regarding informed consent and ethical approval. The definition of the concepts will be determined by the applicable law on site. If the applicable law does not regulate these issues, the minimum requirements (section 4.1) will be applied. For all the European users it will be based on the EU Data Protection Directive
- .Compatible with the stated purpose of the B3Africa platform
- .Aims to ensure that the platform meets its obligations towards its stakeholders
- .Facilitate and ensure secure and high quality services for data storage, analysis and sharing
- .Clearly specify what data can be stored, analysed and accessed
- .Clearly specify what data will NOT be stored, analysed or accessed
A request for Organization membership will be submitted to the adoption committee in a standardized application form in which the requester provides the following information:

## 1.2Platform Adoption Procedure
- Name of the organization
- Organization number
- Organization website
- Organization contact person:
- Contact information (name, e-mail, telephone, address)
- Position
- Affiliation (Organization, Department)
- The aim and purpose of the organization. If the organization pursues any aim other than biomedical research, this must be explicitly documented.
- Forms of organisation (public or private)
- Means of funding of the organization
- All public bodies exercising supervision over the organization (Data Protection Authority, Health Boards, Boards for Higher Education, etc.)

An **Adoption Committee** should be created in order to evaluate adoption requests. Adopting the B3Africa platform means to get the B3Africa hardware and software (_eB3Kit_) to be used in principle, inside the boundaries of a research group, biobank, research institution or other organization related to biomedical research.
The requester may be asked to submit further information, if needed.

The procedure for evaluating the adoption requests will provide the adoption committee with evaluation criteria to be considered when granting the adoption of B3Africa eB3Kit.
### 1.2.3Individual Membership Application

In principle, all the member organizations of the B3Africa project are entitled to adopt the platform as well as the institutions participating as use cases. Nevertheless, this policy will pave the way to future adoption of the eB3Kit by other African and European medical-research institutions. It implies that regulations about the adoption of the B3Africa platform should be in place beyond the project's lifetime. Established organizations as BBMRI-ERIC can be suitable for managing the distribution and management of the B3Africa informatics platform.
A request for B3Africa individual membership is done by a potential user of the platform, for instance a researcher. Each physical or virtual eB3Kit will have an **access committee** (super admin users) that manages the access to the eB3Kit services. Once the eB3Kit has been adopted by a group, the individual requesters provide the following information:

This policy will also guarantee standard data access procedures when creating federation of eB3Kit instances or when integrating the eB3Kit with existing e-infrastructures for storage, analysis or sharing purposes.
- Contact information (name, e-mail, telephone, address)
- Position
- Affiliation (Organization, Department)
- Purpose of the use of the platform (LIMS, data storage, data analysis, data sharing)
- Scientific aims of the investigation

The access committee will analyse the provided information to approve the membership request.

### 1.2.4Storage and Analysis Services Request

The storage service brings access to store data about samples (LIMS), sample donors, sample data derived from biological experiments and analysis results from bioinformatics analysis. A platform's member that requests the storage service will provide the following information:

- Required approvals by ethics committee or institute research boards for the research project
- Aim of the research project
- Purpose of the storage (long term storage (archival), storage for analysis)
- If all the donors whose sample data is included in the data to be stored have consented on the use of their data for the research project, if required
- If no consent is required, the reason (cell line, old samples, non-human experiment, others)
- Authorization for use of non-consented sample data, if required
- Type of omics data
- Anonymization procedure used, if required

The main idea is that the relevant information regarding ethical approval and consent, is registered and available for all users of the platform as well as for audit purposes.

## 1.3 Evaluation of Requests

The **adoption committee** evaluates the eB3Kit adoption requests while each eB3Kit will have its own **access committee** to evaluate the individual membership requests. If the B3Africa platform is acquired individually (as explained in section 1.2.1, situation (2)), the adoption procedure can start as described in section 1.3.2.

### 1.3.1Adoption Committee selection criteria for organization acceptance

The adoption committee will evaluate the required information as specified in section 1.2.2 and may ask the requester to submit further information if found necessary. The adoption committee may also collect further information on its own motion, such as information regarding the requester from a public authority exercising supervision over the organisation.

The adoption committee can deny membership to organizations that are not deemed as trustworthy or that pursues an aim that is not found to be compatible with the aims of the B3Africa platform, for example, research intended to promote discrimination on a genetic or ethnic basis. The requester will be given opportunity to state their view on the information collected, before a negative decision is taken on behalf of the application.

### 1.3.2Access Committee selection criteria for individual membership

Once one entity (department, biobank, research group, etc.) acquires the eB3Kit from a central organization, members of that entity can apply for user credentials. The following criteria should be fulfilled:

- The requester is affiliated to a trusted organization that has already adopted the B3Africa platform.
- If the affiliation of the requester is not already trusted, an organization application is required as in section 1.2.2. The requester will have to apply via his/her organization.
- The access committee will require information as defined in 1.2.3 and may collect further information on its own motion.
- If the aims or purpose of the requester is found not to be compatible the B3Africa platform, the application can be denied. The requester will be given opportunity to state their view on the information collected, before a negative decision is taken on behalf of the application.

When the eB3Kit is downloaded individually from GitHub for using in research or biobanking, it is strongly advisable to follow the same procedure.

### 1.3.3Selection criteria for data store and analysis

Only accepted members of the eB3Kit can request store and analysis services.

A member of the eB3Kit is entitled to use the platform services for data management, storage and analysis. The authorization of a member to store or analyse data requires that the member request meets the requirements in section 1.3.2. If more specifications are needed, the B3Africa access committee can contact the member in question. If the requirements are not met, then access can be denied.

The evaluation criteria for the use of the B3Africa services for data storage and analysis are:

#### 1.3.3.1 Minimum evaluation criteria for data storage and analysis

- A standardized document containing the approvals by ethics committee or institute research boards for the research project, has to be provided according to the national law of the country of the requester (SRPA: Standard Research Project Approval)
- A standardized document containing the consent information from sample donors whose samples have generated the data, has to be provided (SIAC: Standard Information About Consent)
- Based on the SIAC a standardized document for authorization of use of non-consented data will be requested in case of non-consented sample data (SINC: Standard Information on Non-Consented data)

#### 1.3.3.2 Evaluation criteria for data sharing

- Anonymization method used for sharing sample and sample donor data
- For each omics dataset, a specification of anonymization method should be provided (if needed)

### 1.3.4Suggested standard forms to be designed by the platform

The suggested standard forms can be used for audit purposes and for harmonizing constraints when sharing data among eB3Kit instances or with other infrastructures. These forms can be implemented as reports from queries to the databases in the eB3Kit or the institutions or entities can provide their own particular forms or document templates.

1. Organization application
2. Individual membership application
3. SRPA: Standard Research Project Approval
4. SIAC: Standard Information About Consent
5. SINC: Standard Information on Non-Consented data

The information regarding these forms should always be available for downloading and printing in any instance of the eB3Kit.

## 1.4 Actors and roles

The eB3Kit has two main actors: a researcher that conducts studies and bioinformatics analysis and a biobank staff that manage bio-resources in the biobank. Being an accepted member of the platform, a user can upload, download, manage and process data. These actions can be easily identified with roles that should be specifically managed by the system.

Other users can be: platform administrators, a person representing an organization that wants to be member of the platform, a person from the ethics board that wants to execute some audit processes, etc.

Researchers, biobank staff, platform, organizations and ethic board; are actors that can play different roles in the system.

This model identifies actors and roles related to data storage and analysis as follows:

| **Actor** | **Roles** |
| --- | --- |
| **Researcher** | Data responsibleTrusted userGuest |
| **Biobank staff** | Data responsibleTrusted userGuest |
| **Platform** | AdministratorAuditorAccess committeeIT support |
| **Ethic board** | AuditorGuest |
| **Organization** | Guest |

One actor can have several roles and one user can be several actors in the system.

### 1.4.1 Data responsible

A _Data responsible_ in the eB3Kit platform is a person appointed by the organization to upload data to the platform. When a data responsible uploads data to the platform creates a "data space" (for biobank data or study data). For instance, the data space can hold data from one or several research studies that can be access by the data responsible itself or by a _trusted user_.

This role involves the knowledge of the MDMP, specifically "Storage and Analysis Services Request" (section 1.2.4).

Only the _data responsible_ can manage the information related to personal data protection.

A data responsible can also inherit privileges of the _access committee_ role in order to grant access to trusted users to a specific data space.

In case data sharing is implemented, only the _data responsible_ can grant or revoke access to data for sharing.

### 1.4.2 Trusted user

This role is meant to allow several researchers or biobank staff to manage the same data space.

- A _trusted user_ can't upload data to the platform. Only the _data responsible_ has this privilege.
- A researcher as a _trusted user_ analyses and downloads data from one or more data spaces. The _trusted user_ can update or delete analysis result data but not the information uploaded by the _data responsible_, for instance, raw data or sample donor data.
- A biobank staff as _trusted user_ can manage samples and bio-resources in the LIMS system but the uploading of sample and data associated to sample collection participants is done only by the biobank staff with the _data responsible_ role.
- A _trusted user_ needs to apply for access permission to access the existing data spaces. The _data responsible_ grants this access.

### 1.4.3 Guest

This role permits to explore services and information about bio-resources and studies stored in the platform. For instance, a _guest_ could search for sample or data availability using search criteria.

The _guest_ role has very limited privileges. This role can only search at the metadata and aggregated level for the samples and studies that have granted access to be visible.

### 1.4.4 Auditor

This role can be established to carry out audit processes. For instance, an Ethics Board could access the platform using this role to control that studies or sample collection have ethical approval, samples have been consented for specific studies, etc.

### 1.4.5 Access Committee

As explained in section 1.2.1, an adoption committee will evaluate the requests to adopt the eB3Kit platform while an access committee will evaluate the access requests to be member of the eB3Kit platform. The _Access committe_e role permits to automate the acceptance of organizations and users as members of the platform. It means that through the Administrator role, organizations and users will be created in the eB3Kit.

### 1.4.6 System Administrator

### 1.2.1Organization Application
This is the role to maintain and operate the platform. It inherits the privileges of the rest of the roles.

The eB3Kit can be acquired by an organization that will manage the use of the eB3Kit. Even when the eB3Kit is acquired by an individual research group, biobank or similar; it is important that the hosting organization is involved in the process. In all the cases, the organization should request the adoption of the B3Africa eB3Kit.
### 1.4.7 IT Support

This role allows IT support for software installing, updating, upgrading, etc. as well as fixing hardware, instruments connections, network integration, etc. This role has no access to the personal data contained in the different components of the platform (biobanking, research study and bioinformatics).