The focus of this Technical Report is clinical databases or other computational services, hereafter referred to
as a clinical data warehouse (CDW), which maintain or access clinical data for secondary use purposes. The
goal is to define principles and practices in the creation, use, maintenance and protection of a CDW, including
meeting ethical and data protection requirements and recommendations for policies for information
governance and security. A distinction is made between a CDW and an operational data repository part of a
health information system: the latter may have some functionalities for secondary use of data, including
furnishing statistics for regular reporting, but without the overall analytical capacity of a CDW.
This Technical Report complements and references standards for electronic health records (EHR), such as
ISO/TS 18308, and contemporary security standards in development. This Technical Report addresses the
secondary use of EHR and other health-related and organizational data from analytical and population
perspectives, including quality assurance, epidemiology and data mining. Such data, in physical or logical
format, have increasing use for health services, public health and technology evaluation, knowledge discovery
and education.
This Technical Report describes the principles and practices for a CDW, in particular its creation and use,
security considerations, and methodological and technological aspects that are relevant to the effectiveness of
a clinical data warehouse. Security issues are extended with respect to the EHR in a population-based
application, affecting the care recipient, the caregiver, the responsible organizations and third parties who
have defined access. This Technical Report is not intended to be prescriptive either from a methodological or
a technological perspective, but rather to provide a coherent, inclusive description of principles and practices
that could facilitate the formulation of CDW policies and governance practices locally or nationally.