DMuDB Acceptable Use Policy

DMuDB for diagnostic laboratories | Subscription and pricing | Acceptable Use Policy | DMuDB news and updates | DMuDB user resources | DMuDB newsletter | Disclaimer

1. Key points
1.1  The Diagnostic Mutation Database (DMuDB) is intended for use only by healthcare professionals for interpretation of genetic variants for the purpose of providing a diagnosis for a patient.

1.2  Data held within the database remain the property and responsibility of the laboratory that submitted them. Data submitters should normally be consulted before data are used.

1.3  Use of data within DMuDB for purposes other than diagnosis (e.g. research, management or audit of services) is not permitted without express permission.

1.4  The data are confidential and should be treated in the same way as any other patient data that you have access to.

1.5  Copying of DMuDB data, and storage of it outside of the database, for any purpose, is not permitted.

1.6  Data submitted to DMuDB must be of clinical reporting quality and should have been approved for reporting prior to submission to DMuDB.
2.  Access to DMuDB

2.1  Laboratories registering for a DMuDB account must be involved in the interpretation of genetic test results for the purpose of diagnosis of a patient.

3.  Use of data stored within DMuDB
3.1  The Diagnostic Mutation Database has been established to support diagnostic genetics laboratories. Data are submitted to the database on the understanding that sharing variant data will help to improve diagnoses for patients undergoing genetic testing. For this reason data stored within DMuDB should be used solely for the purpose of interpreting variants identified during the testing of patient samples.

3.2  Use of DMuDB data for any other purpose, even if it is related to healthcare (e.g. research, service set-up, management or audit of services), is not permitted. However, individuals may contact data submitters directly or the DMuDB curators to request permission to use data for a specific purpose. If permission is granted for the requested use, the data requested must be either provided directly by the data submitter, or must be extracted from DMuDB by a database curator and approved by the data submitter before being released for use by the requester. The data requester must not extract the requested data themselves and bypass this approval/release process. Curators and/or data submitters may impose separate terms and conditions on the use of the data, e.g. covering intellectual property rights.

3.3  Data stored within DMuDB must not be copied and stored elsewhere for any purpose except where express permission has been granted by the data submitter(s) and approval/release processes followed as described in the previous paragraph.

3.4  When a referral is identified to be relevant to a user’s own case the user should contact the submitting laboratory for additional details and possibly permission to use the data, if it is to be referred to directly. This will ensure that the user has the latest information about a case, allow them to check if they are dealing with the same or related patients, and to discuss interpretation of the mutation, especially if views differ or new information is available.

4.  Submitting data to DMuDB
4.1  Data submitted to DMuDB should be of clinical reporting quality, i.e. the variant and its interpretation/classification recorded in the database should mirror that reported to the clinician to support diagnosis of the patient. The variant information should have been approved prior to submission to DMuDB according to the laboratory’s established procedures. It is the responsibility of the data submitter to ensure that this level of quality is adhered to. Further information regarding the recording of variant data, and the process of handling updates to submitted data, is available in the DMuDB User Manual.

4.2  Data submitted via curator-assisted bulk upload undergo error and consistency checks prior to upload as part of DMuDB’s Quality Control (QC) process. Data submitted manually by database users are not subject to these QC checks. DMuDB curators will conduct regular analyses of data within DMuDB to identify errors in nomenclature or inconsistencies in variant records and will raise these issues with the submitting laboratory and extended community as necessary. DMuDB curators will not provide support, guidance or decision-making with regard to the correct interpretation of variants within DMuDB. To support quality control within DMuDB, users should alert the DMuDB curators to any errors, inconsistencies or disputable entries that they discover.

4.3  Attention of data submitters and database users is drawn to the Disclaimer statement contained on the database website. In particular, data submitters should note that the database curators undertake to ensure that submitted data remains the responsibility and under the control of the original submitters and will not be amended, withdrawn or used for other purposes without their consent. Data remains as the intellectual property of the original submitters but this right does not extend to any other data submitted to the database by other users nor to the database as a whole.

5.  Responsibilities
5.1  It is the responsibility of the database owner/curators and their appointed agents to develop, provide and maintain the service to the best of their ability and to resolve faults and issues with the software and user access as swiftly as possible.

5.2  It is the responsibility of the database owner/curators to ensure that sufficient security is in place to provide effective protection of patient information.

5.3  It is the responsibility of data submitters to ensure that appropriate patient consent is obtained prior to the submission of data to the database and to ensure that data are removed from the database should patient consent be withheld at a later date.

5.4  It is the responsibility of data submitters to ensure that submitted data meet the required quality standards and to keep the data stored in DMuDB as accurate and up to date as possible.

5.5  It is the responsibility of data submitters to ensure that data submitted to DMuDB are sufficiently de-identified to protect patient confidentiality and that they adhere to the consent and confidentiality policies of their own institutions and countries.

5.6  It is the responsibility of database users to ensure that data are used solely for the intended uses outlined in this Acceptable Use Policy.

5.7  It is the responsibility of database users to ensure that their individual accounts remain secure (e.g. by maintaining a strong and confidential password) and that they do not release DMuDB data outside the database or allow it to be released without express permission and approval of the data submitters.

5.8  It is the responsibility of database users to inform the database curators immediately if they suspect that the security of their account has been compromised.

5.9  Database users must not share their login details (username and password) with other individuals. A user will be held responsible for any interference to the normal operation of DMuDB caused through the inappropriate use of their user account, which may result in sanctions including, but not limited to, removal of their access rights. In the case of suspected illegal activity, the appropriate authorities will be notified. All accesses to, and transactions on, DMuDB are logged for the purposes of system maintenance, security and audit.

5.10  The curators of DMuDB reserve the right to suspend any user account with no notice should inappropriate or unauthorised use of the database by that user be suspected. Account suspensions may be publicised to other users of the database should the database curators believe that the security of the database contents may be compromised.

6.  Consent and confidentiality
6.1  DMuDB has been established in line with the United Kingdom (UK) Data Protection Act 1998 and following advice from the Central Manchester University Hospitals NHS Foundation Trust Caldicott Guardian*. In expanding the service to other countries all reasonable care has been taken to ensure that patient information will continue to be safeguarded appropriately. The principles of data sharing within DMuDB are in line with the principles followed by other established international database projects – primarily that only essential, de-identified data are shared.

6.2  The data stored within DMuDB are intended for use solely to support the interpretation of variants, which in turn supports the diagnosis of patients. Access to the database is restricted to registered account holders who must be involved in the interpretation of genetic test results for the purpose of diagnosis of a patient. Essentially, the database facilitates the normal practice of inter-laboratory consultation within the diagnostic community to support the interpretation of genetic variants.

6.3  If consent to genetic testing has been obtained from a patient then no further explicit consent needs to be obtained for the data to be shared via DMuDB. If consent is withdrawn at a later date it must be possible to identify the patient’s entry and remove it from the database.

6.4  Data Protection requires that data are effectively de-identified and that only essential information is shared.

6.5  It remains the responsibility of the data submitter to ensure that they comply with the consent and confidentiality requirements outlined here in addition to those of the data submitter’s own institution and/or country.

6.6  Data submitters are advised to contact a DMuDB curator if they have any concerns about what data to submit to the database.

DMuDB is a service provided by NGRL Manchester, based at Central Manchester University Hospitals NHS Foundation Trust, Manchester, United Kingdom.

* Within the UK’s National Health Service (NHS) a Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. The Guardian plays a key role in ensuring that the NHS, Councils with Social Services responsibilities and partner organisations satisfy the highest practicable standards for handling patient identifiable information. Department of Health (retrieved 26 July 2011).