The German Human Genome-Phenome Archive (GHGA) is a national consortium with the aim of providing a secure home for human genomic and omics data. Thus making the data available for further research. 

Genomic data is collected, for example, in clinical diagnostics or research. With the patient's consent, the data can be stored securely and pseudonymised in GHGA and shared with approved researchers via GHGA. This allows data to reach its full potential and help answer many research questions. 

Learn more about GHGA's mission here.

Human genomic and omics data can help answer a wide range of research questions. As technology advances, new aspects can be addressed, far beyond the original question. However, the ultimate goal remains the more effective treatment of disease. A major benefit is that researchers and healthcare professionals can test new research hypotheses using existing data sets, eliminating the need for new data collection.

Sharing data for research also enables the development and use of entirely new and innovative analysis methods. For example, methods based on artificial intelligence require large amounts of data that can often only be obtained by combining different studies. Data sharing also facilitates reproducibility. Researchers can use existing data to verify their findings by repetition.

Close collaboration between research and clinical care creates a loop where research findings inform health care decisions, from diagnosis and therapy to healthcare policy. At the same time, access to and use of clinical data when answering research questions improves research progress. Ultimately, patients benefit from research based on richer data sets.

Learn more about the benefits of data sharing here.

The German Human Genome-Phenome Archive (GHGA) is built on a data security strategy that encompasses both modern technologies and data processing in accordance with data protection regulations (GDPR). 

Protection against data misuse is at the core of our information security measures. At GHGA, we adhere to a concept known as Zero Trust Architecture. This means recognising the risk of threats from within and carefully considering who - human or machine - is allowed access to data.

GHGA uses open standards for data encryption, authentication, authorisation and privacy policies. Our security measures include technical, organisational, personnel and physical controls. 

Controlled data access provides an additional layer of protection. Only non-personally identifiable metadata is publicly available. Researchers must request access to archived data. A data access committee verifies legitimacy in accordance with the original consent. GHGA will act as a mediator, respecting the decisions of the data controllers and providing support through its trained data stewards.

GHGA thus combines technological, legal, ethical and social considerations to advance genomics while protecting sensitive data. 

Find out more about how we keep data safe.

Researchers or institutions collecting and submitting omics data to GHGA remain responsible for the data. In accordance with the consent of the data subjects, they are the ones to decide who may have access to the data.

A contract between the data collectors and data requesters provides the framework for the use of the data. A contract is the framework for data use, detailing the rights and obligations of researchers, both in terms of data handling and the protection of data donors.

GHGA does not currently store data. When the time comes, the process will be as follows:

Data will be pseudonymised and encrypted before being submitted to GHGA by the responsible parties. This means that GHGA does not store any identifying information such as names. Instead, all data is tagged with unique identifiers. The keys for re-identifying individuals are securely held by the data collecting organisation.

Within GHGA, data is stored securely and in accordance with modern security standards. Read more about our concept here.

Researchers intending to use any of the archived data must apply for access to the data controller(s). This is usually the person or institution that collected and submitted the data to GHGA and it is their decision who can use the data. A Data Access Committee (DAC) or similar instance appointed by the institution will review the legitimacy of the request and its compliance with the existing consent form before access is granted. This step ensures that only researchers with a legitimate research proposal and ethical approval have access to sensitive data.

Following approval by the data controller, the GHGA forwards the encrypted data to the requesting researchers. Researchers receive only pseudonymised data, and contractual terms dictate how the data can be handled. For example, attempts to re-identify individuals are strictly prohibited.

GHGA's role in data sharing is that of a data processor (mediator). GHGA does not own the data nor does it decide how the deposited data will be used. The researchers or institutions that submit data to GHGA remain responsible for the data and it is their decision who gets access to the data. An appointed committee, such as a Data Access Committee, reviews whether a request complies with consent and meets an approved research purpose.

As a mediator, GHGA processes and shares the data as instructed by the data controller. This includes storing the data securely and making it available to authorised researchers. Data access requests can be submitted via GHGA, whereby GHGA acts as a mediator between the applicants and the data controllers. 

Specially trained data stewards at GHGA Data Hubs will assist users in submitting data, provide guidance on managing access requests, and facilitate secure access through encrypted downloads.

GHGA plays a critical role in the secure management and smooth operation of the data sharing process, while data controllers retain control of their data.

Find out more about controlled data access.

Researchers or institutions storing data at GHGA remain responsible for the data. It is up to the responsible data controllers to decide which other researchers are granted access to the data they store in GHGA. The institutions involved in GHGA cannot use the data without authorisation either. GHGA only acts on the instructions of the data controllers (in accordance with the GDPR, GHGA works as a data processor).  

GHGA only receives and stores pseudonymised data - i.e. data sets in which directly identifying information such as names have been removed. Consequently, we cannot attribute data sets to individual persons within the archive.

If patients or other affected persons wish to exercise their rights in relation to the storage or use of their data, e.g. request the deletion of data, please contact the institution that collected the data directly. The responsible controller will then instruct GHGA to act. Alternatively, patients can also contact GHGA directly. We will then advise them on how to contact the institution in question. However, this is only possible if patients know which of the studies listed in GHGA contains their data. This is not known to GHGA.

No genome data is currently stored at GHGA, as the GHGA services for archiving genome data are not yet in operation.