Technical Discussion on CGM Data Collection & Submission to DRH

Meeting Outcomes

1. Clear roadmap for submitting CGM data
2. Agreement on anonymization strategies compliant with KSA laws
3. A sample dataset for technical assessment
4. Defined next steps for a pilot submission to DRH
5. Identification of any blockers or challenges in the process

Welcome & Meeting Objectives (5-10 min)

Meeting Goals

• Gain a clear understanding of how CGM data is collected, stored, and managed at your hospital.
• Review file structures, data formats, and available metadata.
• Discuss anonymization techniques and data privacy considerations.
• Outline the CGM data submission process to DRH.
• Identify any technical, regulatory, or operational challenges that might impact data sharing.
• Determine next steps, including a potential pilot submission of CGM data.

Understanding the CGM Process at the Hospital (15-20 min)

Discussion Points:

• CGM Data Collection Methods
  • What CGM devices and brands are currently used? (e.g., Abbott FreeStyle Libre, Dexcom G6, Medtronic)
  • Are CGM readings integrated into the hospital’s Electronic Health Records (EHR)? If so, which system is in use?
  • Is there a centralized repository for CGM data, or does each department manage its own data?
  • How frequently is CGM data captured (real-time streaming, hourly, daily uploads)?
  • Do patients have access to their CGM data through a patient portal?
• CGM Data Processing & Storage
  • Where is the data stored? (Cloud-based, local servers, hospital EHR, research databases?)
  • How long is CGM data retained?
  • Who has access to CGM data, and how is access controlled?
  • Is there an internal policy for analyzing and reporting on CGM data for research purposes?
• CGM Data Use Cases
  • Is CGM data currently used for clinical decision-making?
  • Have there been previous research initiatives involving CGM data?
  • Are there any regulatory restrictions specific to KSA hospitals regarding CGM data sharing?

Expected Outcomes:
✅ Clarity on the CGM devices, data flows, and existing processes at the hospital.
✅ Understanding of storage, retention, and access policies for CGM data.
✅ Identification of any potential barriers to data sharing.

File Structure & Sample Request (15-20 min)

Discussion Points:

• Review of Existing File Structures
  • What format is the CGM data stored in? (CSV, JSON, HL7, FHIR, proprietary formats?)
  • What fields are typically included in the CGM dataset?
  • Are there timestamps, glucose values, sensor metadata, and patient demographics?
• Data Cleaning & Transformation
  • Are there existing data standardization or cleaning procedures before storage?
  • Are there any known gaps, missing values, or data integrity issues?
  • What data validation processes exist within the hospital?
• Metadata & Contextual Information
  • Does the hospital store contextual information like medication use, diet logs, exercise records, and patient-reported symptoms alongside CGM data?
  • Are event markers available (e.g., hypoglycemia episodes, insulin doses, meal times)?
• Sample File Request
  • Can we receive a de-identified sample dataset for offline analysis?
  • What internal approvals are needed to share a sample dataset?
  • Would the hospital need a Data Use Agreement (DUA) or Memorandum of Understanding (MOU) before sharing?

Expected Outcomes:
✅ Understanding of data format, structure, and metadata availability.
✅ Agreement on providing a sample dataset for preliminary analysis.
✅ Identification of internal approval steps required to share the data.

Data Anonymization & Compliance (15-20 min)

Discussion Points:

• KSA Data Privacy & Compliance Considerations
  • Are there national regulations (e.g., Saudi Data Protection Law, GDPR-equivalent) that impact CGM data sharing?
  • Does the hospital have existing data anonymization policies?
• Anonymization & De-identification Strategies
  • What identifiers exist in CGM data that must be anonymized? (e.g., Patient ID, timestamps, location)
  • Does the hospital already use anonymization techniques such as:
    • Pseudonymization (replacing identifiers with random values)
    • Data masking (removing sensitive elements)
    • Aggregation (grouping data to reduce re-identification risk)
    • Differential privacy (adding noise to obscure individual data points)
• Feasibility of Implementing DRH’s Anonymization Guidelines
  • Can the hospital comply with DRH’s anonymization requirements?
  • Would additional tools be required to standardize and de-identify the data before submission?

Expected Outcomes:
✅ Identification of compliance requirements for CGM data sharing in KSA.
✅ Agreement on anonymization strategies that align with DRH requirements.
✅ Understanding of any additional hospital-side anonymization needs.

Getting Started with CGM Data Submission to DRH (10-15 min)

Discussion Points:

• Introduction to DRH Submission Process
  • Overview of how data is ingested into DRH.
  • Available submission methods (API, secure file upload, HL7/FHIR interface).
• Data Submission Steps
  • Pre-submission data validation checks.
  • Secure transfer mechanisms and encryption requirements.
  • Expected turnaround time for data processing in DRH.
• Technical & Operational Readiness
  • What resources would the hospital need to start submissions?
  • Who would be responsible for preparing and transmitting CGM data?
  • Would a pilot submission of de-identified CGM data be feasible?

Expected Outcomes:
✅ Clarity on DRH’s submission workflow and technical requirements.
✅ Identification of hospital resources required for CGM data submission.
✅ Agreement on next steps for a pilot submission.

Next Steps & Action Items (10 min)

Key Takeaways

• Summary of what was learned about CGM data collection at the hospital.
• Confirmation of file format, anonymization approach, and submission readiness.

Action Items