top of page

Legal Framework of the JIR Cohort

1. Why a regulatory framework?

The JIR Cohort operates within a harmonized legal and ethical framework, ensuring compliance with the GDPR and the national laws of each participating country.
It ensures that healthcare data can be reused for research purposes in a secure and transparent manner that respects patients'rights.
The reuse of health data is based on a specific legal framework, which varies from country to country but is always based on the same principles:
•    protecting individuals,

•    preserving confidentiality,
•    and ensuring responsible and proportionate use of data.
The JIR Cohort offers a compliant and secure international environment, facilitating the conduct of multicenter projects in compliance with national regulations.

2. A common framework for the reuse of health data

The reuse of health data for research purposes is based on principles common to all countries, aimed at protecting individuals, ensuring data security, and guaranteeing the scientific quality of the work.
However, the methods of applying these principles (type of authorization, role of ethics committees, etc.) may vary depending on national legislation.
This section therefore presents the main universal principles applicable to all research on the reuse of health data, whether conducted with or without the JIR Cohort, while the specific features of each country are detailed in the following pages. 

To the national legislations :

(more countries will be added - WIP - thanks for your patience)

Swiss flag.png
France_edited.jpg

The JIR Cohort works to harmonize these requirements internationally, while supporting each center in complying with local regulations in accordance with national legislation.

Principle
Description
Role or support of the JIR Cohort
Legal basis
Each project has a legal basis: consent, public interest, or research purposes.
Ensures that processing is based on a compliant legal basis.
Contract with participating centers
Any sharing or reuse of data must be formalized by a contract specifying responsibilities and security.
Establishes a single framework contract with each center.
Information and consent
Patients are informed and can consent to the reuse of their data.
Provides a harmonized general consent template, in line with national frameworks.
Research protocol
A protocol defines the objectives, methodology, and protective measures.
Based on a model validated by the SDAC.
Submission to national authorities
Some projects require the approval of an ethics committee or national authority.
Assists project leaders in compiling a file that complies with local requirements.
Data controller
Each project must have an identified data controller.
The project leader is responsible for data processing; the JIR acts as a data processor.
Data minimization
Only data necessary for the project is used.
The SDAC checks the relevance of the data and limits access to only the essential data.
Traceability
Each processing operation must be justified and documented.
Ensures complete logging of access and archiving of all projects.
Data security
Data must be protected in secure and compliant environments.
Guarantees certified hosting and secure access to data.
Scientific transparency
Projects and results must be made accessible in a responsible manner.
Ensures public traceability via the Transparency Portal and the dissemination of publications.
Page 1 of 1

3. JIR working framework

1. Centralized storage

Step 1 Centralized storage.jpg
Step 2 researcher access.jpg

2. Researcher access

3.1 The JIR Health Data Warehouse (EDS): a common, secure, and compliant framework

The JIR Cohort is a health data warehouse (EDS) that stores, manages, and reuses healthcare data for research and treatment improvement purposes.
An EDS is based on data processing governed by law, founded on:
•    an explicit purpose (research for the JIR)
•    an identified data controller (the RES Foundation),
•    and organizational and technical safeguards ensuring the protection of data and individuals.

Participating hospitals feed data into the EDS by transmitting care-related data in accordance with the framework agreement and with the consent of patients.

Multicenter operation within a single administrative framework
From a regulatory standpoint, the EDS JIR is a single source of data: projects originating from it are therefore administratively monocentric.
From a scientific standpoint, these projects remain multicentric, as the data comes from several centers, which reinforces their methodological robustness and scope.

This organization simplifies regulatory procedures while preserving scientific richness.

3.2 Research projects originating from the JIR EDS

The JIR Cohort's research projects use pseudonymized data already integrated into the EDS.
They are based on the supervised reuse of this data within a scientific, legal, and ethical framework.

Scientific and regulatory validation
Any project using JIR Cohort data is based on a specific protocol, submitted for scientific and regulatory evaluation to the SDAC (Scientific Data Access Committee).

When required by the regulations of the country of the data controller, projects are also submitted to the competent national authorities.

Legal responsibilities

Roles and responsibilities are clearly defined for each project:

JIR Legal Framework 2.png

JIR Cohort / RES Foundation

Role : Data provider and subcontractor Accountability framework : Extracts and makes data available in accordance with the statistical analysis plan (SAP), ensuring security and confidentiality.

Project leader Hospital

Role : Data controler

Accountability framework : Assumes scientific and legal responsibility for the project, in accordance with applicable national regulations (GDPR, PDA, etc.).

3.3 Governance

The governance of the JIR Cohort defines the rules, roles, and responsibilities that ensure the proper management, transparency, and compliance of the Health Data Warehouse (EDS) and related projects.
It is based on three complementary levels: legal, scientific, and operational.

Governance level
Key players
Main role and responsibilities
Legal

RES Foundation Responsible for processing the EDS

  • Ensure compliance with the GDPR and national laws.

  • Define and maintain the contractual framework with participating centers.

  •  Oversee data security and protection.

Scientific

  • Scientific SDAC (Scientific Data Access Committee) 

  • Scientific body of the JIR

  • Evaluate the scientific relevance and methodology of projects.

  • Verify data minimization and regulatory compliance prior to any access.

  • Guarantee the scientific quality and credibility of studies.

Operational

JIR Team

  • Manage the technical platform and data integration.

  • Ensure access traceability and secure data extraction (NetExplorer, EasyMedStat).

  • Provide ongoing support to centers and project leaders.

Page 1 of 1

4. The five regulatory pillars of the JIR Cohort

1.Contract
 

Untitled design (1).png

2.Consent
 

consent.jpg

3.Protocol
& Ethical approval 

ethics icon.jpg

4.Safety
 

IT icon.jpg

5.Transparency

transparency icon.jpg
Contract image.png

1. Contract

In research involving the reuse of health data, each project requires the signing of multiple agreements between the data controller and the centers to define, among other things, responsibilities and conditions for accessing the data.
The JIR replaces this complexity with a single framework agreement between the RES Foundation and each participating center.
This agreement:
•    governs the center's participation in the EDS,
•    defines security and confidentiality obligations,
•    allows projects to be carried out without new contracts.

2. Consent

The data included in the JIR EDS comes from patients who have been informed and have provided their written consent, in accordance with regulatory requirements.

This consent covers:
•    the collection and integration of data into the EDS,
•    its secure storage,
•    its reuse in research projects approved by the SDAC, in accordance with national regulations.
•    Patients' rights
JIR consent is a general consent that complies with the requirements of national laws and the GDPR.

patient consent.jpg

3. Protocol and ethical approval 

Each JIR project is based on a comprehensive research protocol, which:
•    defines the scientific objectives, methodology, and inclusion criteria,
•    describes the necessary data and the protection measures applied (pseudonymization, security, minimization),
•    specifies the regulatory framework applicable in the country of the data controller.
This protocol is submitted for validation to the SDAC (Scientific Data Access Committee). The SDAC is a governing body of the JIR Cohort, which ensures scientific and regulatory validation before any access to data is granted. 

4. Safety

Data security is a key priority for the JIR Cohort. It is based on technical and organizational measures that guarantee data confidentiality, traceability, and integrity.
At the EDS level
•    The EDS is hosted on secure, certified servers (GDPR, LPD, ISO).
•    Access is strictly controlled, with individual authentication and connection traceability.
At the project level
•    Extractions are carried out by the JIR according to a secure procedure.
•    Data is made available in secure and controlled environments.

Secure IT.jpg
Transparency portal.jpg

5. Transparency

Transparency is a regulatory and ethical principle enshrined in the GDPR and the Declaration of Helsinki.
It guarantees the traceability of projects and the visibility of results, and strengthens the trust of patients, centers, and partners.
With the JIR Cohort:
•    All research projects are recorded, monitored, and archived in a documented manner.
•    Results are disseminated in aggregate and anonymized form, in accordance with international research standards.
•    A dedicated transparency portal presents all validated projects, their publications, and their progress status.

 

This system ensures responsible and open communication about the work carried out by the JIR Cohort, with a view to scientific rigor and public trust.

bottom of page