Data protection concept

The overarching data protection concept of the Medical Informatics Initiative Germany (MII) was adopted by the National Steering Committee on January 7, 2022. In particular, the concept portrays the data protection framework of the 6th Projectathon of the MII. It is intended to enable all participating agencies to conduct a Privacy Impact Assessment. To this end, the concept contains a generic Privacy Impact Assessment for overarching application scenarios.

Since not all relevant procedures, interfaces and technical framework conditions have been finalized yet and the MII is also relying on the experience gained from the Projectathons for further specification steps, the concept must be adapted iteratively to new findings and specifications. This also includes the development of specifications for the authentication and authorization of users in the context of the addressed application scenarios.

Currently, the concept addresses the following overarching base application scenarios:

• Feasibility inquiries
• Data usage in the sense of distributed analyses
• Data usage in the sense of data transfer

Accordingly, the following application scenarios or use cases are not yet addressed:

• Provision of bio-samples
• Specific use cases from the consortia, possibly also use cases with reference to health care (these may be dealt with in overarching data protection concepts of the consortia)
• Use cases and processing that only take place at one DIC site (please refer to the data protection concepts of the sites)