Sharing Personal Health Data in the EU: Lessons from Successfully Implemented Open European ICU Databases

Empowering Healthcare through Data Democratization: Privacy Protection, Data Anonymization, and Trust-Building in Open European ICU Databases

Ethical and Legal Challenges

In the domain of patient care, the significance of healthcare data has grown exponentially, particularly within Intensive Care. Its potential role in enhancing patient outcomes cannot be overstated. Indeed, the COVID-19 pandemic has shown that sharing healthcare data across borders is crucial for data-driven improvements in public health. Such data is crucial for developing models that can assist healthcare providers in making more accurate diagnoses and prognoses. However, implementing these models on a large scale presents challenges. While they may perform well in controlled environments, they often struggle to generalise to diverse patient populations. Moreover, the evolving nature of patient populations and care practices over time reduces the effectiveness of these models. Additionally, the inclusiveness of models in serving minority groups depends on the datasets used, considering their demographics. Thus, geographical differences and the dynamic nature of datasets contribute to potential discrimination and the diminishing value of models trained on archived data.

 To overcome the limitations associated with models based on limited data from specific patient populations, it is important to increase the availability of data from multiple sources. This necessitates the creation of large data sets that are open and encompass a wide range of patients for diverse and inclusive modelling purposes. Although privacy risks pose a real concern when sharing healthcare data, housing the data in a relatively open network environment can minimise the chance and risk of potential data breaches1. Open data sharing can greatly facilitate research and democratise access to valuable information for everyone. Achieving this objective requires collaboration among experts from various disciplines, including ethics, privacy, healthcare, data infrastructure, and data science.

Addressing privacy concerns related to sensitive health data presents an important challenge in data sharing. In Europe, the General Data Protection Regulation (GDPR) has been implemented to safeguard individuals' data and privacy. Despite its extensive and complex nature, comprising 173 recitals and 99 articles2, the GDPR provides a framework for secure sharing of sensitive data, including healthcare data.

Four successfully implemented open European ICU databases

To demonstrate how personal health data can be appropriately shared under the GDPR, our study presents a survey of four successful open European databases containing Electronic Health Record (EHR) data from ICU patients. The objective of this study was to outline the necessary steps and offer recommendations for establishing future scientific open ICU databases, drawing from the experiences and lessons learned from these successful initiatives.

 Four open European databases containing critical care data have been established, with the aim of promoting open science and improving patient care. These databases, namely AmsterdamUMCdb3, HiRID4, SANITAS5, and HM6, provide valuable insights into ICU patients' demographics, physiology, diagnoses, treatments, and even imaging data. Among them, AmsterdamUMCdb and HiRID stand out as the largest databases, with over 23,000 and 33,000 admissions, respectively, while SANITAS and HM were specifically created for COVID-19 research. Funding for these initiatives primarily came from scientific institute grants, emphasizing the non-commercial nature of the databases. Dedicated teams of experts from various disciplines invested considerable time and effort in building and managing the databases, with an estimated four to eight person-months of work per project. Strict legal and ethical measures were implemented to protect patient privacy. The databases employed strategies such as pseudonymisation and anonymisation of data, with rigorous audits conducted by internal and external legal experts to ensure compliance with privacy regulations.

 Governance and access to the databases are carefully controlled through a comprehensive data request process, involving steering committees and evaluation of research proposals. Applicants are required to undergo training and adhere to principles of good clinical practice and scientific integrity. Despite varying requirements and procedures among the databases, the overarching goal was to prevent data misuse, while fostering collaboration and reproducibility. The impact of these open databases has been substantial, with over 500 data requests received and a growing number of associated publications and citations. To ensure the sustainability and relevance of the databases, plans for database updates and expansion have been established. Standardised medical terminologies, such as SNOMED and ICD coding, were employed to facilitate data integration and analysis across different databases.

Four approaches to sharing open healthcare data

Overall, these open European databases have paved the way for scientific collaboration and accelerated research towards improved patient care in critical care settings. By sharing data, researchers have created a powerful platform for knowledge exchange and advancement in the field of intensive care medicine. However, these databases also show that different approaches can be taken to achieve this. To aid future initiatives, we summarised four possible approaches for sharing open healthcare data, as well as their implications on security, ease of use, sustainability, and implementability (Fig. 1).

Recommendations for sharing open healthcare data

The successful implementation of open European ICU databases has provided valuable lessons for the future of data sharing in healthcare. These initiatives have demonstrated the importance of navigating ethical and legal complexities, employing effective anonymisation and pseudonymisation techniques, obtaining proper institutional review board (IRB) approvals, ensuring data findability and accessibility, making code publicly available, and adopting standardised medical terminologies.

These lessons underscore the importance of establishing a solid foundation for open data initiatives and promoting responsible data sharing practices. Based on our findings, we provide seven recommendations for sharing open healthcare data (Fig. 2).


As open data initiatives continue to gain momentum globally, it is crucial for European institutions to actively participate and share patient data. EU regulations, such as the Data Governance Act, are actively promoting data sharing for research and innovation. However, the existence of different data protection laws, such as the GDPR in Europe and HIPAA in the United States, creates challenges for international data sharing. Efforts should be made to bridge these gaps and establish frameworks that enable secure and compliant data sharing across borders.


By actively sharing personal health data through open European ICU databases, healthcare providers and researchers can enhance patient care, foster collaboration, and drive innovation. These initiatives play a pivotal role in ensuring the representation of European patients in health research and technological advancements. As the field of healthcare continues to evolve, embracing open data initiatives and implementing the lessons learned from successful implementations will contribute to improve patient outcomes and the advancement of medical knowledge on a global scale.


To delve deeper into the findings and recommendations discussed in this study, we invite readers to access the full article available here [].



  1. Seastedt, K. P. et al. Global healthcare fairness: We should be sharing more, not less, data. PLOS Digit. Health1, e0000102 (2022).
  2. Council of European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). (2016).
  3. Thoral, P. J. et al. Sharing ICU Patient Data Responsibly Under the Society of Critical Care Medicine/European Society of Intensive Care Medicine Joint Data Science Collaboration: The Amsterdam University Medical Centers Database (AmsterdamUMCdb) Example*. Crit. Care Med. 49, e563–e577 (2021).
  4. Faltys, Martin et al. HiRID, a high time-resolution ICU dataset. doi:10.13026/NKWC-JS72.
  5. Sanitas Data4Good.
  6. Hospitales, H. M. Covid Data Save Lives.

Please sign in or register for FREE

If you are a registered user on Research Data Community, please sign in