Data Access Request
One of our main goals is to make our data available for scientific research. This scientific research must contribute to the improvement of treatment of cancer and must serve the public interest within the boundaries of privacy legislation. Only data that is required for the underlying research project may be requested.
Due to COVID-19 we are currently unable to guarantee our normal turnaround time for processing Data Access Requests. We are working as fast as we can under the current conditions, but regret we cannot commit to any deadlines.
All relevant documents related to applying for data can be found at the bottom of this page.
Data request scenarios
There are four data request scenarios (and thereby different routes that can be followed to obtain access to the data):
- The researcher wants to request access to data from several hospitals. In this scenario the researcher can, but does not need to be affiliated with a hospital that has contributed samples to the Hartwig Medical Database. The Data Access Request procedure applies.
- The researcher wants to request access to data only from the hospital he/she is affiliated with and for research purposes other than that described in the original study design (data reuse). The Data Access Request procedure applies here too. Although this access request only covers data from the hospital the researcher is affiliated with, the request concerns data reuse and the Data Access Request procedure is specifically designed to assess whether the applicable research complies with the ethical and legal constraints in relevant legislation and the terms of the informed consent that was signed by the patient.
- The treating physician (or a researcher on their behalf) wants to request data of patient(s) from the hospital he/she is affiliated with for reasons directly related to treatment of the patient. The Clinical Request procedure applies.
- The researcher wants to request access to data only from the hospital he/she is affiliated with for research purposes described in the original study design. The Clinical Request procedure applies.
Please consult our Data Guide for details on the data available for research.
Data Access Request procedure
- To request data access following the Data Access Request procedure, please send an email to firstname.lastname@example.org including the name, surname and email address of the main applicant. We will contact you within a week and provide information on how to submit an online Data Access Request. For details on the procedure, please read the General instructions for completing a Data Access Request.
- During the Data Access Request procedure, you will need to create a Google Cloud Platform account (using the institutional email address of the download contact indicated in the Data Access Request form) and enable multi-factor authentication. For instructions, please read Creating a Google Cloud Platform account.
- The Data Access Request will go through scientific assessment and will be reviewed by the independent Data Access Board within six weeks of receipt of the completed and signed online Data Access Request form.
- If the Data Access Request is approved, the researcher, the Licensee and a representative of Hartwig Medical Foundation must jointly sign the ‘License Agreement for EEA countries’ or the ‘License Agreement for non-EEA countries’, which establish the rights and obligations governing the use of the data.
- Hartwig Medical Foundation will make the licensed data available through the Google Cloud Platform after the License Agreement has been signed by all parties. Making the data available requires a valid GCP account with multi-factor authentication enabled that has been created using the institutional email address of a download contact of the Data Access Request. For instructions, please read Creating a Google Cloud Platform account.
If you wish to know more about the Data Access Request procedure, please read the Guiding Principles and the Rules of Procedure at the bottom of this page. If you have any other questions, please read the FAQs or send an email to email@example.com
Adding a download contact to an Approved Data Access Request
- As stipulated in article 4.5 of the License Agreement, the organization (the Licensee) must make a request to add new users as download contacts to a Data Access Request. These users must be involved in the project and working in the organization with the approved Data Access Request.
- The person who signed the License Agreement on behalf of the institution (and not the main applicant/researcher) can send us an email with a formal request to add a download contact, including the number of the Data Access Request and the name, position and email address of the new download contact.
- We will send an email to confirm receipt.
- We can thereafter make the data available for the new ‘download contact’ through the Google Cloud Platform. This requires a valid GCP account with multi-factor authentication enabled that has been created using the new download contact’s institutional email address. For instructions, please read Creating a Google Cloud Platform account.
Request for extension of usage of the Data Access Request
- A Licensee may request an extension of the term during which they may use the licensed data. The Licensee will receive a reminder to do so near the end of the term of the Data Access Request. The request for extension will also be assessed in accordance with the Rules of Procedure and Guiding Principles for Data Access Requests.
- To request request an extension, please send an email to firstname.lastname@example.org including the name, surname and email address of the main applicant of the Data Access Request Renewal. We will contact you within a week and provide information on how to submit an online Data Access Request Renewal.
- The licensee will be informed whether their request for extension has been granted.
Approved Data Access Requests
- If you wish to know which Data Access Requests have been submitted and approved, please refer to the list of approved Data Access Requests.
Clinical Request procedure
Approval of the request (with description of the purpose, i.e. medical reason or original study purpose) should be collected from the Central study organization/PI and the Local study PI of the hospital the applicant is affiliated with. Please use the Clinical Request Form to get approval and submit the request. The approved request can be sent to email@example.com, after which the data will be prepared and made available through the Google Cloud Platform within one week. Note: making the data available requires a valid GCP account with multi-factor authentication enabled that has been created using the institutional email address of the person registered in the standard form. For instructions, please read Creating a Google Cloud Platform account.
Handling data with due care
European privacy legislation
In keeping with European privacy legislation (i.e. the General Data Protection Regulation, or GDPR), specific arrangements apply for providing data to parties residing in a country outside the European Economic Area (EEA).
On July 16th the EU Court of Justice (CoJ) passed judgment in the Schrems II case. In this judgment the EU-US Privacy Shield framework was declared invalid. This is part of the legal basis on which we transfer our data to US based parties, the other one being the EU Model Clauses. The judgment also raised the bar for data transfers to other non-EEA based parties, for whose jurisdiction the European Commission did not issue a so called adequacy decision.
What does this mean?
We can only transfer data to non-EEA parties if we can establish that the level of protection of data in such jurisdiction is adequate and the necessary contractual and technical measures are in place.
How do we establish this?
- Data requesters are required to provide Hartwig with a set of confirmations as regards data privacy protection in their jurisdiction. For that purpose we have adopted a list of confirmations , which is incorporated in the data request form.
- A license agreement specifically for non-EEA parties based in jurisdictions without an adequacy decision. The license agreement is available for download.
- The technical measures in place to protect data from unwanted/unauthorized access already met the required standards.
Note: EEA-based parties are generally only subject to the Hartwig Medical Foundation’s ‘License Agreement for EEA countries’, also available for download.
Rules for publication
Researchers making use of data provided by us must acknowledge this in every publication, by using at least the text below.
This publication and the underlying research are partly facilitated by Hartwig Medical Foundation and the Center for Personalized Cancer Treatment (CPCT) which have generated, analysed and made available data for this research.
For an exact description read our complete Publication Policy.
The fact that the CPCT, together with Hartwig Medical Foundation, has managed to bundle data, knowledge and expertise from almost all Dutch hospitals is unique and now also deserves international attention.