Better and faster diagnoses, more effective treatment of diseases: The improvement of healthcare in Germany is directly related to how well specific situations (such as the Covid-19 pandemic) and the individual characteristics of patients can be addressed.

In order to better understand those and develop more individualized medical care, a better data basis is needed for medical research in Germany. Those data accumulate in various areas of healthcare - from general practitioners to pharmacies, specialists and hospitals. Today, however, these areas are poorly linked, so that health histories cannot be comprehensively mapped and recorded. Honic has set itself the goal of precisely creating this transparency about health and disease histories for the highest level of scientific medical research in Germany and Europe - without endangering the high value of patient data protection.

Since the very beginning Honic has therefore worked closely with the German data protection authority. Honic ensures among others that no patient is ever re-identifiable to researchers, health data never leaves Honic's secure platform, and researchers only access anonymized data.

Honic receives data directly from the service providers, e.g. radiological images from practices, laboratory results from laboratories or prescriptions from pharmacies. At present, Honic only has access to data of outpatient care, meaning no data from hospitals, for example.

Honic makes data available for research only after having ensured, that the data can be anonymized. Data not matching this criteria, such as radiological images of the skull or genomic data cannot be provided for research.

Honic only grants researchers access to anonymous data. This means that the researchers can no longer assign anonymous data to individuals.

Honic never receives the patients' real names or other directly identifying data. Before being transmitted to the platform, the data is encrypted at the respective service providers and pseudonymized by an external data trustee, the Bundesdruckerei GmbH.

Using a pseudonym created by the data trustee, Honic can combine data from different sources belonging to the same individual - without knowing the actual identify of the individual. The pseudonym links the data and enables Honic to create a meaningful dataset for medical research. Combining/connecting data from different sources is the prerequisite for real insights in today's medical research.

Despite the fact that Honic can not identify the patients due to the encryption and pseudonymization, the data are still considered personal under the applicable data protection law. Honic will therefore comply with all applicable data protection laws while processing the data for a specific research project. Honic has aligned the relevant specific procedure in detail with the responsible data protection supervisory authority.

Research organizations

Research organizations can request access to previously defined data packages. Meaning, Honic does not grant unlimited access to the platform, but limits data access to a specific research project. The data required for the specific research project are made available in anonymized form for a limited period of time after a successful compliance check (see below) and afterwards deleted again. In principle, no research organizations are excluded from data access. Private-sector organizations can also apply to Honic with their research projects.

Honic Compliance Process

Honic will conduct a multi-layered compliance examination prior any research project. in addition, external experts will be involved in the examination. As a key measure, an externally staffed Compliance Board will be in charge of validating each research project individually. There will be one member of the Compliance Board dedicated to representing the patients perspective in each case.

Analysis

The data analysis takes place exclusively in the Honic Compute Environment. This means that no data leave the Honic platform, and researchers are given a secure and limited access to a predefined data package only for the period of the research project.

Honic publishes an annual research report listing all completed research projects that used Honic data.

There will be different types of research projects on the Honic platform. For some, researchers will obtain Informed Consent from patients.

However, the Honic platform also allows researchers to conduct research projects based on data collected by Honic without the Informed Consent from patients. This is due to the particularly elaborate process of data collection, the unique design of the platform, and the extensive compliance check performed for each research project. From a data protection perspective, it is permissible under these circumstances to use the data for scientific research even without Informed Consent. For purposes other than scientific research, e.g. marketing, Honic will never provide the data.

The right to deletion exists vis-à-vis the service provider. Since Honic has no knowledge of which person belongs to which pseudonym, a deletion of the data can only be requested directly from the respective service providers.

The data are exclusively stored in Europe at STACKIT. STACKIT belongs to the German Schwarz IT KG, which as part of the Schwarz Group is owned by a German foundation. This ensures that the data stored at Honic never leaves the EU.

Honic cooperates exclusively with German partners who assist in the processing and preparation of data for researchers. Honic's partners include Bundesdruckerei GmbH (external data trustee) and secunet AG (hardware to secure the transmission).

Honic has taken a variety of coordinated measures to develop a platform that is completely made in Germany. This means that the platform was developed exclusively by German companies, all data is stored exclusively in Europe and Honic has been working closely with the relevant data protection and data security authorities since its formation.

Neither Honic nor Bundesdruckerei as external data trustee can re-identify the medical data at any time.  Even in the event of unauthorized access, attackers would only gain access to encrypted, pseudonymized, medical data. At the same time, Honic secures the platform with multiple coordinated protections. These include STACKIT's specialized IT security cloud, secure data transfer by using secunet technology, and institutionalized penetration tests by external IT security experts.

Honic is compensated by researchers for processing, quality assurance, preparation and anonymization of data, as well as provisioning in the secure Honic analysis environment.

Honic is a German company with limited liability (GmbH).

Honic was founded by Prof. Dr. Jörg Debatin, Dr. Henrik Matthies, Ralf König, Ralf Schramm and Denitza Larsen. The company will conduct a financing round in the spring of 2023. Dieter von Holzbrink Ventures, Isartal Ventures, adesso Ventures and German individuals (so-called 'business angels') have participated in a pre-financing round. 100 percent of the money in the pre-financing round thus comes from German individuals or institutions.