Korean Government announced CDM is not under regulation. No IRB, No committee permission

We have good news from Korea.

The Korean Government announced that Distributed Research Network based on CDM does not require IRB or any regulation.

The followings are the decisions from each related government organizations

Ministry of Health and Welfare, Division of Healthcare Data Development:
-According to the guideline, the “Data Deliberation Committee” is a procedure that must be taken to deliberate on whether and how to provide pseudonymized information to the outside of the institution.
-“Statistics” is anonymous information and is not subject to the Personal Information Protection Act and 『Health Care Data Utilization Guideline』
-Extracting statistical values from medical DBs and platforms established in advance in medical institutions and providing and analyzing them to companies does not correspond to the provision and use of pseudonymized information outside the institution, so deliberation by the Data Deliberation Committee is unnecessary.

Ministry of Health and Welfare, Division of Bioethics Policy:
-There is no obligation to undergo IRB review for the process of medical institutions providing statistics obtained from medical records collected through medical treatment. Not regulated by the government, such as the Bioethics Act.

Hi Dr. Park,

We need to be careful with this issue.

Regarding the bioethics division’s response, we need to distinguish the “provision” and the “consumption/analysis” of the data.

The Korean Bioethics act ensures that IRB MUST review “human researches”, not the logistics of the base data.

In this context, a provision of certain OHDSI data, that can be assumed as an anonymized one with respect to recently-amended Korean privacy regulations, DOES NOT require IRB review for the data-providing hospitals. This is a good thing!

However, the consumption of the data is another thing. The research consuming the provided OHDSI data is expected to comply with the existing review practice(i.e., a formal review or a shortened, administrative screening to decide whether an exemption can be applied according to article 16 (2) of the bioethics act.)

–

For non-Koreans, a little bit more about the context:

Until this authoritative decision, it was unclear that the provision of the OHDSI data needs an IRB review, due to the statute of the bioethics act.

There is an unrelated, but confusing provision in the bioethics act about providing data: article 18 (1), (2). It says,

(1) When a human subject of research gives written consents to providing his/her personal information to a third party pursuant to Article 16 (1), the relevant human subjects researcher may provide his/her personal information to a third party, subject to examination thereof by the competent institutional committee

(2) When a human subjects researcher intends to provide personal information about a human subject of research to a third party under paragraph (1), he/she shall “anonymized” such personal information: Provided, That the foregoing shall not apply where a human subject of research consents to leaving his/her personally identifiable information therein. (quote/unquote is added by me)

This article requires an IRB review and the “anonymization” for the provision of personal information. However, the anonymization, referred to in this article 18, is technically defined in article 2 (19) of the bioethics act. It is different from that of the recently-amended privacy act of 2020. According to the authoritative decision that we’re discussing, article 18 is not applied to the data from OHDSI framework, because it’s too anonymized in the context of recent, clarifying regulation.

The recently-amended privacy act of 2020 clearly distinguishes three types of data: original private information, pseudonymized private information, and anonymized information. According to the definition in the act, the risk of re-identification from the pseudonymized PI is not small. But that from the anonymized PI is negligible(i.e., summation, average, or aggregated statistics.)

The privacy act of 2020 clearly notes that anonymized PI is not private information and it doesn’t have identifying capacity whatsoever. According to the statute, article 18 of the bioethics act is not applied to OHDSI data “provision.”

The operation of the distributed research network based on CDM does not require an IRB review for the provision. However, the consumption of the data from the distributed reseearch network still seems to need an IRB review or a shortened, administrative screening to decide whether an exemption can be applied according to article 16 (2) of the bioethics act.

Please correct me if I’m wrong.

This is really great news! But some people are confused (as seen on your facebook timeline - https://www.facebook.com/freefrombias/posts/10218753058242176 ) as they don’t need ANY IRB stuff for the publication.

This news would be a present of Santa or New Year, indeed.

But I agree with @Junghwan_Park. I am not sure that all OHDSI studies are not considered human subjects research, so they do not need to go to the IRB to get approval or exemption in Korea. Fundamentally, we require IRB process to confirm that our study performs ethically regardless regional legislation.

At least, the notification of the Korean government can guarantee no need for further IRB process in each Korean center to get IRB approval or exemption in each Korean medical center for one OHDSI study. Still, this is a tremendous progress for ODHSI research, because getting IRB approval from each center is the major challenge in OHDSI research in Korea.

Since this is a really debatable topic in Korea, I suggest to move this thread to the Korean chapter for further discussion.