It is Sciensano’s responsibility to support the various governments in managing the COVID-19 crisis. Sciensano is entrusted with conducting epidemiological surveillance and therefore systematically collects all kinds of data related to the pandemic. We compile and analyze that data in order to gain a realistic overview of the epidemic situation on the ground, in hospitals, residential care centers and among the population. The priority objective is to provide information and analyses that are accurate, relevant and useful to those who need to make decisions to get and keep the epidemic under control.
Secondly, Sciensano informs the general public about the overall situation and makes data available to other researchers. We do this while respecting the legislation on privacy, the protection of personal data and patient rights, including the confidentiality of medical information. In addition to European and Belgian legislation, we also strictly follow, where applicable, the specific approvals we have received from the Information Security Committee (Chamber of Social Security & Health) for the use of this data. These authorizations set out which data may be collected or obtained and in what form (whether or not the data is anonymized, whether it concerns individual or grouped data, etc.) and what actions may be performed on that data. They describe, for example, the type of research that may be conducted on the data, and whether and in what form the data might be released.
Furthermore, the data that Sciensano collects is not always our property. In that case, the institute, like any other person who wants to use third-party data, must first obtain the necessary approvals from the (co-)owner of that data.
Sciensano’s COVID-19 surveillances
Sciensano has set up various surveillances and data collections to monitor the epidemic situation. A number of these already existed before the crisis to monitor certain diseases (e.g. flu-like respiratory infections) and excess mortality . Although others have been set up specifically for COVID-19, what they all have in common is that they channel data streams from one or more sources that may or may not reach Sciensano via an intermediate step. For certain data collections, use is made of the IT architecture or services of the Sciensano healthdata.be platform.
The surveillances can roughly be divided into 3 major groups: monitoring the epidemiological situation, contact tracing and surveillance of the vaccines on the market. Below is an overview of the main programs of each group:
This surveillance enables us to follow the development of the number of tests and infections among the population. The laboratories of the national testing platform and the clinical laboratories transmit the results of the PCR tests and antigen tests to the Sciensano healthdata.be service, which then makes them available to the Sciensano infectious diseases section.
The epidemiologists in the infectious diseases section analyze the test results and a number of associated parameters that are relevant for the analyses and identifying trends, such as test date, zip code and age. Sciensano makes the data available to the general public in grouped form via, among other things, the epidemiological reports on the COVID-19 pandemic. In line with internal risk analyses in the context of the protection of personal data, we publish this information from the municipal level. We keep the pseudonymized data itself for a maximum of 30 years for scientific research, as stipulated in the cooperation agreement of August 25, 2020 between the various competent regional and federal authorities.
In addition to Sciensano’s epidemiologists, the regional health authorities also receive the data collected via healthdata.be. This is regulated by the aforementioned cooperation agreement of August 25, 2020 . The regional health authorities use this to inform the regional, provincial and local authorities according to their own insights and agreements, e.g. via the Flemish Care Atlas.
Since the emergence of the virus variants, the presence of variant strains in our country has also been monitored by means of a monitoring program via the Sequence Analysis platform (consortium of a dozen different laboratories, including University Hospital Louvain-Catholic University of Louvain, University Hospital Ghent, University Hospital Antwerp and CHU Liège). The platform provides the information that Sciensano includes in its reports. The laboratories also have the option to send information about variants to healthdata.be (such as for the test results).
In practice, this monitoring consists of two separate programs. Via one of them, the so-called hospital surge capacity surveillance, we follow the number of hospitalized COVID-19 patients in Belgian general hospitals in real time. Based on this, the occupancy rate of the number of beds and equipment (invasive ventilation and extracorporeal membrane oxygenation) intended for COVID-19 patients can be monitored. In addition to these figures, the number of new COVID-19 patients admitted to hospital as well as discharges and deaths are also recorded, making it possible to monitor the severity of the epidemic over time. The collection of this grouped data is governed by the Royal Decree of April 30, 2020 (“RD concerning correct and timely flow of information about the numbers of COVID-19 patients, the treatment capacity in hospitals and stocks of personal protective equipment”) and is mandatory for all general hospitals in Belgium.
Via the other program, known as “clinical surveillance”, we follow the clinical situation and health effects of COVID-19 patients in hospital with a margin of a few weeks. Here we collect data such as age, underlying conditions, treatment and patient outcome, as set out in this deliberation of the Information Security Committee Social Security & Health.
In the first program, the hospitals that own the data provide us with grouped data. We receive some specific data about deceased persons (date of birth, date of death, gender and zip code of the place of residence) in order to guarantee the quality of the statistics (e.g. to avoid double counting of a death). The second program involves pseudonymized individual data from approximately 60% of COVID-19 patients. We retain the clinical surveillance data for a period of 30 years after the patient’s death, as noted in the aforementioned deliberation of the Information Security Committee.
The participating hospitals receive feedback about the analyses of the data they have provided. In consultation with the hospital sector and in accordance with the measures taken to protect personal data, Sciensano only publishes grouped data on all hospitals for the general public.
Residential care center surveillance
Residents of residential care centers are very vulnerable to the consequences of COVID-19. Sciensano has therefore been monitoring the situation almost in real time since the start of the crisis via a specific surveillance system. This is done on the basis of the legislation on notifiable diseases.
The residential care centers report the total number of COVID-19 cases among staff and residents, as well as the number of hospitalizations and deaths in the latter group. This concerns grouped data. We receive some additional specific data about deceased persons (date of birth, date of death, gender and zip code of the place of residence) in order to guarantee the quality of the statistics (e.g. to avoid double counting of a death). The residential care centers in Brussels and the Eupen-Malmedy region send this data directly to Sciensano. The Flemish report this to the Agentschap Zorg en Gezondheid (Care and Health Agency), while the Walloons provide it to the Agence pour une Vie de Qualité (Agency for the Quality of Life), which in turn send it to Sciensano.
More details about the surveillance and the data collected can be found in this document.
Sciensano itself only reports on grouped data. We keep this data for a maximum of 30 years for research purposes.
The number of consultations with general practitioners for suspected COVID-19 is an early indicator for determining changes in the trend in the number of infections. This program actually comprises two separate programs. The first is the existing GP sentinel network. This consists of around 120 general practitioners who keep an ongoing register of consultations for flu syndrome (flu-like symptoms) and acute respiratory infections as well as also currently reporting on COVID-19 consultations. The doctors provide Sciensano with data about, among other things, the test results and the age categories of their patients, the treatments prescribed and the number of hospitalizations. This enables us to obtain a weekly sample of the “flu status” among the general population and monitor longer-term trends. You can find these in our weekly bulletin on acute respiratory infections.
The second program is the “COVID-19 GP barometer”. This has been specifically developed to look at the evolution of the number of consultations for COVID-19 and other respiratory infections at a large number of participating general practitioners’ offices. The doctors report grouped data, not individual patient results. The participating GPs receive feedback about the situation in their practice and in their region. More information about the registered data can be found on this webpage.
Sciensano only publishes grouped results and trends concerning these surveillances at national and regional level in order to guarantee the geographical representativeness of the results. We store the (likewise grouped) underlying data for scientific research purposes without a specific end date.
Surveillance of absences from work
Changes in the number of people absent from work due to illness can also indicate a changing trend in the epidemic quite early on. MEDEX monitors absences due to illness among Belgian government personnel (civil servants). The absences in this group of 83,000 people provide a measure of the impact of COVID-19 on the working population. To this end, MEDEX provides Sciensano with grouped anonymous data about absences several times a week. This concerns the number of absentees per age group, gender, location, date, and the number of absentees per relevant reason for absence (COVID-19, flu syndrome, pneumonia, other respiratory disease). After being grouped, the data is added to our reports. Sciensano stores this data indefinitely for research purposes.
Monitoring this late indicator makes it possible to gain an insight into the seriousness of the epidemic and the impact on certain population groups in society. Sciensano uses two types of surveillance for this. The first, Belgian Mortality Monitoring (Be-MOMO), makes it possible to identify excess mortality and determine its magnitude. For this, we use a limited set of anonymized data from the national register (date and place of death, date of birth and gender), but not the cause of death, which we obtain from the national register and Statbel. Sciensano analyzes this data at regional and national level and publishes the conclusions in the form of grouped data.
In the second surveillance, Sciensano follows the trend of deaths linked to COVID-19. For this, we use the data on deaths supplied via the hospital and residential care center surveillance, and the general practitioners (for deaths outside the hospital or residential care center). Here too, we focus the analyses on the national and regional level and only publish grouped data.
The data on mortality is kept for scientific research purposes. The legislation on the protection of personal data does not apply to deceased persons. Sciensano nevertheless ensures that individuals cannot be identified in publications or datasets made available to other scientists. Where necessary, data is therefore grouped so as to minimize the chance of identification.
Several serological monitoring programs and studies are carried out at Sciensano. These allow us to get an idea of how many people have been in contact with the COVID-19 virus and thus monitor how widespread the virus is in the general population and in specific population groups (healthcare workers in hospitals, in residential care centers and in the 1st line of care, residents of residential care centers, children and school staff). We do this by checking whether someone has antibodies against SARS-CoV-2. This indicates that such a person has been in contact with the virus or — since the start of the vaccination campaign against COVID-19 — that the person has been vaccinated. After all, antibodies against the virus are also developed in the latter case.
In all these studies, in addition to data on the presence of SARS-CoV-2 antibodies, we collect basic information about socio-demographic characteristics, information on the health situation (underlying conditions, symptoms now or in the past that may indicate COVID-19, a previous COVID-19 diagnosis), data on vaccination status, and in some cases work situation or lifestyle information.
Full details regarding the data collected, the purposes and the retention time are available in the research protocols for the different surveillances.
2. Contact tracing
To curb the spread of infections, the regional authorities have set up a system to quickly identify and trace contacts of infected persons. It consists of several components, the most well-known of which are the contact center, the passenger locator forms and the CoronAlert app.
The regional authorities, gathered together in the Interfederal Committee (IFC) Testing & Tracing, are in charge of contact tracing and are responsible for the data used by their contact centers, mobile teams and health inspectors. The federal states together with the FPS Public Health, Food Chain Safety and Environment are responsible for the information about returning travelers.
Sciensano’s role in contact tracing is limited to supporting the regional authorities and partners in the activities of the central contact system. We also ensure that the questionnaires used by the call centers are in line with the scientific recommendations. We also communicate on these topics through our channels, in agreement with the relevant authorities and based on the information they provide for this purpose. For example, the grouped data provided by the regions is included in the epidemiological reports. This is also used by the Risk Assessment Group and other groups of experts.
The cooperation agreement between the various competent regional and federal authorities forms the underlying legal basis for contact tracing in Belgium. More information about the data (collected in practice from the Sciensano Healthdata.be service) and how this is used can be found in the deliberations of the Information Security Committee. The reuse of this data for policy support and/or scientific research is assessed by the joint owners (the federal states and Sciensano via the Interfederal Test and Trace Committee).
The contact tracing operators receive a list of people to contact (call or text). This list is generated based on the available information concerning confirmed infections (from the Healthdata.be COVID-19 database) and high-risk contacts (information collected at the call center level) and from the passenger locator forms of returning travelers (information provided by FOD Public Health).
In support of IFC Testing & Tracing, Sciensano analyzes a copy of this database, with all data enabling people to be identified having been removed or pseudonymized . The data may be kept in this form for 30 years for scientific research purposes.
Analyzing aspects such as:
- the speed at which the infected person (index case) and his/her contacts are called,
- any contact of an infected person with a collective (e.g. residential care center, asylum center, etc.),
- the possible source of infection,
- the proportion of high-risk contacts that can be tested once or twice (depending on the testing strategy that applies),
- the percentage of high-risk contacts who tested positive for the virus,
enables us to determine relevant trends and developments in infections. The committee and the regional authorities use this (grouped) data to monitor and adjust the test strategy, and to enable additional measures to be taken locally if necessary.
Cluster detection (regional health inspection services)
The detection and analysis of clusters of infections (minimum 2 confirmed COVID-19 cases with an epidemiological link within a period of 7 or 14 days, depending on the situation) in the field is not carried out by Sciensano but, rather, by the regional health authorities (Agentschap Zorg en Gezondheid (Care and Health Agency), Agence pour une Vie de Qualité (Agency for the Quality of Life), the Brussels Joint Community Commission and the health service of the German-speaking Community). The data for their research comes mainly from four sources: the systematic mandatory reporting by institutions (residential care centers, rest homes, other residential institutions and care institutions) to the regional health inspectorate; the database of the National Social Security Office for the detection and follow-up of possible clusters in companies; contact center data and data from schools (via the CLB/PSE/PMS).
Sciensano supports the regional authorities in cluster detection at the epidemiological level by calculating possible family clusters. For this, we use the dataset mentioned under “Contact center”. We also facilitate the practical collection of infection data (not identity data) in French-speaking education by the Office de la Naissance et de l’Enfance (Office of Birth and Childhood) (via PSE/PMS) and the reporting to the regional health authorities (AVIQ and the Brussels Joint Community Commission). In Flanders, this is done by the student guidance centers.
Finally, based on their research, the regions provide Sciensano with grouped data (number of clusters per environment, such as household, company, etc.).
Surveillance of returning travelers (FPS Health, Food Chain Safety and Environment)
Travelers returning from abroad must fill in a Passenger Locator Form (PLF) in most cases. These are collected by the Federal Public Service Health, Food Chain Safety and Environment (in cooperation with the federal states). Certain data about travelers from risk zones who need to be tested (details on page 7 and 8 of this document) is forwarded to the COVID-19 database at healthdata.be to facilitate the follow-up of their tests by FPS Public Health. That is done on the basis of this cooperation agreement. Information on returning travelers can be found in the weekly COVID-19 report.
The CoronAlert app (IFC Testing & Tracing)
The CoronAlert app from the IFC Testing & Tracing enables the user to know whether he/she has been in contact with an infected person and therefore may have run the risk of being infected him/herself. The app does not identify infected persons and does not report them to contact tracing.
The CoronAlert app communicates directly with two separate databases at healthdata.be (Sciensano) set up specifically to support this app. These databases are therefore completely separate from the databases mentioned in the “Contact center” section. One database contains the log data that allows the app to function. The other contains the test results, the test code, the date of sampling and the date on which the user basically became infectious. The data in these databases is pseudonymized and kept for a maximum of 14 days. It is also not analyzed.
Sciensano only acts as a controller for the collection and processing of personal data within the framework of the legislation for the protection of personal data; the federal states are responsible for the design, development, availability and use of the app.
More details about exactly what data the app collects and what precisely the app does and doesn’t do can be found on this page.
3. Surveillance of the vaccines on the market
The aim of the COVID-19 vaccination campaign is to vaccinate as large a part of the population as possible in order to prevent disease and death from COVID-19 to the greatest possible extent.
By linking various existing databases, Sciensano is able to track how many people are vaccinated and what percentage of the population (and what percentage of certain target groups) has already been vaccinated.
In addition, also by linking different databases, Sciensano studies the efficacy or effectiveness of the different vaccines in preventing infection with the SARS-CoV-2 virus. We also detect any cases of COVID-19 in fully vaccinated individuals and try to characterize them further (severity of infection, time since vaccination, etc.).
The aforementioned objectives are bundled in the LINK-VACC project, which is part of the so-called ‘post-authorization surveillance’ of COVID-19 vaccines available on the market in our country.
Central to this project is Vaccinnet+, the database of the regional health authorities with data on all the COVID-19 vaccinations administered. When a doctor administers a vaccine, he/she records a number of details about the vaccine, about the vaccinated person and about him/herself. The data is forwarded to healthdata.be at Sciensano. Sciensano researchers will then have access to a pseudonymized version of that data (including age, zip code of the vaccinated person, vaccination date, brand and batch number of the vaccine).
In order to achieve the objectives mentioned above, the vaccination data is then linked to several other databases. For this, pseudonymized data is used at all times to ensure that individual persons cannot be identified.
A link to the database is established with test results, as well as with those of the clinical data (such as medical examinations, treatments, complications, admission progress) of people admitted to a Belgian hospital with COVID-19. In order to be able to identify persons active in the healthcare sector, a link is established with the Common Base Registry for HealthCare Actors (CoBHRA). Finally, a number of demographic and socio-economic data (e.g. education level, employment status, etc.) from the Statbel database are used, with further data on underlying disorders, reimbursed flu vaccination and reimbursement of relevant medicines from the Intermutualistic Agency linked to the vaccination data.
Only pseudonymized data is linked in this regard. The Sciensano researchers can therefore never identify persons whose data is available in the various databases. The possible reuse of the data from Vaccinnet+ and from the database with pseudonymized test results for policy support and/or scientific research is assessed by the joint owners (the federal states and Sciensano via the Interfederal Test and Trace Committee). We keep the pseudonymized data for a maximum of 30 years for research purposes.
Sciensano publishes the grouped results (regional and national level) of the analyses for the general public in consultation with the Vaccination Taskforce and the Interfederal Committee Testing & Tracing. This data is available via the epidemiological reports and on the dashboard. Grouped results are also shared with the European Center for Disease Prevention and Control (ECDC) and the European Medicines Agency (EMA) as part of the European surveillance of vaccination uptake. In addition, Sciensano provides more detailed information to the regional health authorities, the vaccination control tower and the Corona Commissariat.
This post-authorization surveillance is based on the cooperation agreement of March 12, 2021 between the various competent regional and federal authorities and has received approval from the Medical Ethics Committee of UZ Brussel (Brussels University Hospital) and from the Information Security Committee. More information about the data used and the links made between the databases can be found in this information letter accompanying the underlying scientific project, in the Vaccinnet+ privacy statement, in the deliberations of the Information Security Committee and in this description of the LINK-VACC project.
Healthdata.be was set up as part of the framework of the e-Health 2013-18 action plan and based at Sciensano. Healthdata.be is a service provider that makes a platform available for the collection and storage of health data for policy support and/or scientific research in a secure manner for various actors in the Belgian healthcare system.
More information about Healthdata.be and the generic method for the exchange of personal data relating to health via healthdata.be.
The healthdata.be platform has specific management rules that were established by a steering group consisting of stakeholders from the Belgian healthcare system (including representatives of doctors’ associations, hospitals, patient umbrella organizations, health insurance companies, etc.). For example, the use of the platform and access to the data within the data warehouse of healthdata.be is only allowed with permission from the Information Security Committee. This committee is an independent body and is not part of Sciensano.
In the context of the COVID-19 epidemic, Healthdata.be was commissioned to build a central database to support contact tracing, among other things. Here you will find more information about what the healthdata.be “COVID-19 database” contains in precise terms. Healthdata.be stores the pseudonymized data for 30 years to enable further scientific research. Identification data of persons and organizations that is collected in the context of contact tracing is kept for 60 days and then deleted. All the details can be found in this privacy statement.
Healthdata.be is separate from the scientific activities undertaken by Sciensano. Sciensano’s scientists therefore do not automatically have access to this data. Like any third-party user who wishes to use certain data for research purposes, they must follow the legislation and request the necessary authorizations from the Information Security Committee.
This separation is very strict. The Sciensano epidemiologists therefore only have access to part of the data collected by healthdata.be in the context of the COVID-19 epidemic. The mere fact that certain data ends up at Sciensano (healthdata.be) does not always mean that Sciensano (department of epidemiology) can actually analyze this.
How does Sciensano secure all that data?
Data within Sciensano
Sciensano secures the data it processes through a series of technical and organizational measures, which are continuously optimized and expanded. In addition to the usual security measures that apply to all data processed within Sciensano, the COVID-19 data is subject to additional specific measures, due to its extremely sensitive nature.
The data collection tools, data warehouse and other services of the healthdata.be platform are designed in such a way that various security measures are active against threats by default. These measures have been stepped up since the start of the COVID-19 pandemic and the processing of nominative data. healthdata.be is also audited externally in this regard. Furthermore, various security protocols are in force at the organizational level which are strictly followed in the current phase of increased vigilance.
Pseudonymization of data (as stated in Article 4(5) of the General Data Protection Regulation) is the processing of personal data in such a way that this data can no longer be linked to a specific person without additional (“identifying”) data being used. The data that enables the person to be identified is replaced by a specific code (the pseudonym) via an algorithm. The algorithm can consistently assign the same pseudonym to a person, allowing information from different sources to be combined without it being possible for the person to be identified.
This encryption process is reversible. The identifying data must therefore be strictly separated from the personal data at the technical and organizational level.
Due to the reversibility of this process, it remains possible to conduct further research on this data in the future, when new analysis possibilities and insights become available. This requires agreement from the Information Security Committee (Chamber of Social Security & Health), and the reversal itself must be carried out by a so-called “Trusted Third Party”.
Anonymizing data goes a step further, with personal data processed in such a way that it is no longer possible to trace it back to a specific person. This operation is irreversible. The disadvantage of anonymization is that it is no longer possible to correlate data from different sources about the same person.
Ungrouped or unprocessed data is data that does not (yet) belong to a particular group or category. This data provides specific information about a certain situation or individual, e.g. a positive or negative test result from a specific person.
Although this information is useful for the person him/herself per se, we need to look at the situation of a large group of people in order to follow the development of an epidemic. In other words, the data is grouped. (This is also referred to as aggregated data.) It is then no longer relevant who the individuals in that group of people are precisely. To put it very simplistically, you could say that we group the positive and negative test results of all individuals who were tested on a given day. Doing this every day allows us to see how the share of positive and negative tests is evolving, in order to estimate whether the epidemic is decreasing or increasing.
Data can be grouped in varying degrees. For instance, the group can consist of the test results of all tested persons without anything else, but you can also use multiple parameters. For example, all test subjects on a particular day, all women tested on a particular day, all women over 65 tested on a particular day, etc. When Sciensano includes grouped data in its reports, we always ensure that the group(s) is/are composed in such a way that the data cannot be traced back to one or more identifiable persons. For that reason, we do not, for example, publish numbers of infections at neighborhood or street level in our public reports.