Frequently Asked Questions
Get answers to the most frequent and commonly asked questions, that we get in the Guidance Function. Should you not find the answer you were looking for in the section below, then you are always more than welcome to contact us directly through mail or phone.
If you have recommendations for our FAQ section, then please do not hesitate to contact us here
Notice: The answers below should be seen as short introductions to well known issues. The answers do not take into consideration the fact that there are many types of research projects and issues.
You are adviced to always to always read the additional reading material, aswell as reaching out to the responsible governing actors if you have any doubts or questions.
In Denmark, there are two primary actors when it comes to register-based health data: the Danish Health Data Authority and Statistics Denmark.
In brief, the Danish Health Data Authority is responsible for a large number of databases, registers and services, which contains data on treatments in the health care system, the Danes’ health and consumption of medicines.
Read much more about the Danish Health Data Authority’s register data: here
Overall, Statistics Denmark has many of the same registers as the Danish Health Data Authority, but with a lower update frequency. In addition, Statistics Denmark also has a large number of socio-economic and socio-cultural registers.
You can read much more about Statistics Denmark’s register data: here
Common to both the Danish Health Data Authority and Statistics Denmark is that you access register data on “Forskermaskinen”. You must be affiliated with an authorized research environment to work on “Forskermaskinen”.
Please be aware, that “Forskerservice” and “Forskningsservice” are not the same thing.
“Forskerservice” is part of the Danish Health Data Authority and is organizationally located as part of the “Formidling” department, which performs the task of ensuring that the collected and processed national health data is made available at the relevant level to all external stakeholders. “Forskerservice” supports health research in Denmark by providing access to and advising on the use of national register data in the field of health.
Read more about “Forskerservice”: here
“Forskningsservice” is part of Statistics Denmark and is located in the “Personstatistikafdelingen”. Inquiries about the processing of data sets and about the use of Statistics Denmark’s research scheme must be made to one of the employees in this office. The employees in “Forskningsservice” provide advice and guidance for research projects.
Read more about Research Service: here
The patient record includes all data relating to the patient treatment, eg medical record, nursing record, registration forms, X-rays, discharge summary etc.
Biological samples are not covered by the patient record, but the results of analyzes and studies of biological samples are part of the patient record.
Find more information about patient records: here
The Danish Clinical Quality Program – National Clinical Registries (RKKP) is responsible for the operation and development of approx. 85 nationwide clinical quality databases.
The databases are divided into three main disease areas:
- Cardiovascular, Surgery and the Emergency Area
- Cancer and Cancer Screening
- Psychiatry, Gynecology / Obstetrics and Chronic Diseases
Each database aims to shed light on the quality of healthcare treatment and contribute to improving healthcare efforts and results.
You can read much more about RKKP and the respective databases: here
Yes, if for each individual source there is a legal basis for this and the result will be such that the result meets the combined legal basis. Specifically, for example, if data collected for administrative purposes is desired to be combined with data for a specific research purpose (ie., each with its own legal basis). The combination of these can only be used in relation to the specific research purpose, not for administrative purposes.
A data controller is the natural or legal person, public authority, etc., who decides for what purpose the personal data may be processed (the purpose) and how the personal data may be processed (the aids), including by whom the personal data may be processed.
A data processor, on the other hand, is the natural or legal person, public authority, etc., which processes personal data on behalf of the data controller. Unlike the data controller, the data processor does not decide how or for what purpose personal data may be processed.
If you want to know more, please refer to the Danish Data Protection Agency’s guide on data controllers and data processors: here
A data processor agreement is an agreement between you as the data controller and another party that processes personal data on your behalf. A data processor agreement is thus a written agreement between two parties that describes how the data processor is to process data for the data controller.
For more information about data controllers and data processors, please refer to the Danish Data Protection Agency’s section: here
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. The processing requires that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Information has been made anonymous if no natural persons can be identified based on the information or in combination with other information. Information made anonymous is no longer protected by the data protection rules. This is because the data protection rules only apply as long as the information can be traced back to an identifiable or identified natural person. It is a condition here that the anonymization is irrevocable.
In order to access patient records, your research project must be of significant societal interest and intend to gain knowledge about the onset of diseases, prevention, diagnosis and treatment thereof. The project must be planned and the purpose must be a systematic acquisition of knowledge.
Overall, you apply for permission to use patient records for research projects in the region you are affiliated with. You must therefore contact the Regional Council to which you belong. You can find information about the various regional councils: here
Please be aware that you only apply for approval for the disclosure of patient records at the Regional Council. You must subsequently agree with the respective hospital departments on how you intend to access patient records.
There are certain research situations where the approval of the Regional Council is not required for the disclosure of patient record information:
- The patients have given written consent for the disclosure of the patient record information for the specific research project.
- Disclosure of information takes place from approved databases, for example a clinical quality database. In this case, the researcher’s application for disclosure is sent to the database administrator.
- If the Science Ethics Committee has given permission for the specific project, and this permission includes the disclosure of information from patient records.
You can read much more about journal data: here
How long it takes before you gain access to data depends largely on which data providers you have applied for data from. In addition, there are also fluctuations in delivery times.
For you who are applying for access to data, the most important thing is to make sure that all applications, approvals etc. meets the requirements of the data provider. Often, projects are delayed because of errors, omissions or corrections in the application for data extraction.
To determine the exact times, please refer to the respective data providers, who will be able to tell you what their expected delivery time is.
It depends on which data providers you intend to use to obtain data. Furthermore, the number of tables and variables you with to acquire also has an impact on the price.
The type of project may also influence the price, for example, the National Science Ethics Committee does not charge fees for health data science research projects.
In addition, it matters whether the project requires approvals, for example from the Ethics Committee System.
The Data Protection Regulation requires all data controllers and data processors to keep internal records of their processing of personal data. By keeping a record, you have an overview of the commenced processing of personal data. This overview is a prerequisite for being able to comply with a number of obligations in the Data Protection Regulation. Records must be available both in writing and electronically.
It is important to emphasize that the requirement to keep a record is intended solely as an “internal” obligation. You must therefore only send your record to the Danish Data Protection Agency upon request. If you do not meet your requirements as set out in the Data Protection Regulation, you may be fined.
Where and whose record you must report your processing activities to depends on a number of factors, which you can read more about in the Danish Data Protection Agency’s guide.
As a rule, scientific and statistical studies must no longer be reported to the Danish Data Protection Agency (Datatilsynet). As a rule, you must keep a record of your data processing, which the supervisory authority may request to be made available.
However, the Danish Data Protection Agency’s prior permission for the transfer of personal data must be obtained in the following three cases:
- The transfer takes place for processing outside the territorial scope of the Data Protection Regulation, in accordance with Article 3 of the Data Protection Regulation.
- The disclosure relates to biological material.
- The transfer is for the purpose of publication in a recognized scientific journal or the like.
In addition, the Danish Data Protection Agency’s prior permission must not be obtained in the case of a transfer to a data processor.
If you have the slightest doubt about your obligations as a data controller, data processor, have questions regarding the processing of personal data, GDPR or the like, you are encouraged to contact the Danish Data Protection Agency.