Operationalising ethics in secondary health-data use: an operator-focused framework for normative governance with audit and performance metrics

BackgroundOperators of health data hubs play a central role in enabling ethical secondary use by implementing consent mechanisms, privacy safeguards, data access procedures, stakeholder engagement and other practices. Despite their normative relevance, these ethics practices are inconsistently defined and rarely linked to verifiable indicators. Most governance models emphasize compliance artifacts (e.g. use & access policies) but lack performance metrics to assess real world effectiveness. This paper proposes a framework to systematically map ethics practices, link them to audit and performance metrics, and support continuous evaluation of normative governance in health data hubs.MethodsThe framework was informed by international ethics guidelines, empirical studies on governance gaps, reviews of public and normative perspectives, implementation-focused case literature, and conceptual work on ethics evaluation. Ethics practices were selected based on conceptual distinctness and operator-level controllability. These were grouped into seven governance domains and structured along the PDCA (Plan–Do–Check–Act) cycle to reflect both implementation and evaluation dynamics. For each practice, the framework provides illustrative audit items, descriptive indicators, and outcome metrics. These are not intended as prescriptive standards, but as a structured vocabulary to support internal audits, comparative assessments, and progressive alignment with ethical objectives. The framework allows for both centralized and delegated implementation models, provided that operators retain oversight and accountability. A plausibility check assessed completeness and applicability through triangulation with international guidance documents and a mapping of practices across major data hubs and European patient registries.ResultsThe framework identifies seven governance domains: Informed Consent & Information, Privacy & Data Protection, Data Quality, Use & Access Governance, Incidental Finding Management, Patient & Stakeholder Engagement, and Project Level Transparency. Each domain includes four conceptually distinct ethics practices aligned with the PDCA cycle. For each, the framework provides illustrative audit items, descriptive metrics, and outcome indicators. These specifications are not exhaustive or prescriptive but serve as adaptable reference points to support internal assessment and cross contextual dialogue. The plausibility check confirmed that all seven domains are addressed in international guidance documents and reflected, though variably, in implementation artifacts from major data hubs and patient registries.DiscussionThis framework advances the governance of secondary health data use by moving from principle based ethics toward explicitly defined and evaluable operator practices. It complements existing guidelines by offering a structured approach to specifying, auditing, and progressively improving normative responsibilities in data hubs. Its modular design allows adaptation to institutional contexts and maturity levels, while the inclusion of illustrative metrics enables gradual operationalisation without prescriptive rigidity. While related to ethics debates in AI and learning health systems, the framework focuses specifically on upstream governance responsibilities of data hub operators. Most proposed indicators remain illustrative and require further validation. Beyond operators, the framework may also support ethics boards in reviewing governance plans, patient organisations in assessing responsible data stewardship, and researchers engaged in secondary use in aligning with normative expectations. Future work should test the framework’s applicability across settings, refine metrics, and establish minimal reporting standards to support transparency and accountability in practice.