Data protection and SRQ
The Swedish Rheumatology Quality Register (SRQ) is a national quality register with the aim of improving the treatment and follow-up of patients with rheumatic diseases. All data registered in SRQ is protected by the Data Protection Regulation (GDPR), but also the Patient Data Act (Patientdatalagen). In addition, the health confidentiality in the Public and Privacy Act (Offentlighets- och sekretesslagen) also applies to quality registers.
Here you will find the most frequently asked questions and answers regarding data protection and SRQ.
If you have a question that you do not find an answer to below, please contact Lotta Blom, national quality coordinator at SRQ, e-mail: firstname.lastname@example.org.
What legal basis is there for the processing of personal data in SRQ?
In order to be allowed to process personal data, there must always be support in the Data Protection Regulation, a so-called legal basis. The legal basis for SRQ is that the register is needed to fulfill a task of general interest, as well as for research and statistics.
What is the purpose of registration in SRQ?
The Swedish Rheumatology Quality Register (SRQ) is a national quality register with the aim of continuously improving the treatment and follow-up of patients with rheumatic diseases. Patients and caregivers enter information in the register and can then in real time access the patient’s health data and make a joint decision on continued care. The register also serves as a basis for research that seeks to increase knowledge and better treatment of rheumatological diseases.
What type of data is recorded in SRQ and how is it stored?
In SRQ there is mainly structured data, with a small amount of unstructured data (free text, for example comments). Data is recorded in a database that is managed by the personal data assistant (personuppgiftsbiträdet) in a national system. No data from SRQ is stored locally with the caregivers, but the caregivers have access to their own data.
Is there a personal data assistant (external party) for the processing of personal data?
Yes, SRQ’s personal data assistant is Carmona AB and there is a national personal data access agreement for the processing. Carmona AB provides forms for data storage, data entry for healthcare providers and patients, as well as a platform for data analysis and data collection = system supplier, cloud service provider, technical manager, developer.
Is there a written personal data entry agreement?
Yes, a national personal data access agreement exists between CPUA Karolinska University Hospital and Carmona AB for data management.
Who can be contacted if a registered person wants a register extract of what is registered about the person himself?
Contact the SRQ office, Lotta Blom, National quality coordinator: email@example.com
Must consent be given for registration in SRQ?
National and regional quality registers may process personal data as long as the individual does not oppose it (Chapter 7, Section 2, Patient Data Act – Patientdatalagen). A prerequisite for this procedure is that the patient receives information in accordance with Chapter 8 § 6 and Chapter 7 3 § PDL.
Who is responsible for personal data in SRQ?
The local personal data controller is the reporting healthcare provider (health care provider is a state authority, county council and municipality that performs health care = public health care provider, as well as another legal person, for example, a company-owned hospital that is county council-owned, or an individual trader who provides health care = private health care provider). The central data controller is Karolinska University Hospital.
When will registration in SRQ cease?
Storing of data in SRQ is valid for the time being.
When was SRQ started?
SRQ was started on a small scale in 1995.
How many registered persons are there in SRQ?
At year-end 2016-2017, there were more than 80,000 registered patients in SRQ.
What data protection legislation applies to the processing of personal data in SRQ?
SRQ applies the Data Protection Regulation (Dataskyddsförordningen) / Swedish Data Protection Act (Svenska dataskyddslagen, PuL until 25 May 2018), but also the Patient Data Act (Patientdatalagen).
Are any sensitive data registered in SRQ?
Yes, patient data about health status is counted as sensitive data and this is registered in SRQ.
Which kinds of personal data are processed in the register?
Name, date of birth and social security number are registered in SRQ. Address, telephone number and similar information are not registered.
What is the basis for registration of social security numbers?
Social security number is used for secure identification of the person. The entered data is important for the care and is followed by the care provider. The social security number is also used for secure login to 1177.se where the Patient’s Self Registration (PER) of health data takes place.
What categories of users have access to the personal data in the register?
Personnel at the health care provider who have been granted special authorisation can use the register and have access to registered information. Within the national organization, there are some users who have and need access to the entire SRQ (national quality coordinators and statistics).
Can information from the register be provided to outsiders?
Yes, after approval by the ethics review board and special examination locally or nationally, data can be disclosed to researchers. Research is one of the aims of SRQ. Extradition to third countries (outside the EU / EEA) does not take place.
How does the registered person get information about the register and registration?
Before the patient gives his or her consent, oral information about SRQ is provided. There are information sheets to print out in connection with the inclusion and this information is also available on the SRQ website (both the website for patients and the website for health professionals). Further information and general information about SRQ can be found on the website.
This page was last updated 25.10.2019.