Journal of Translational Medicine | |
A workflow-driven approach to integrate generic software modules in a Trusted Third Party | |
Wolfgang Hoffmann2  Jens Piegsa3  Christoph Havemann3  Thomas Bahls2  Tim Wegner1  Peter Penndorf2  Martin Bialke3  | |
[1] Institute of Applied Microelectronics and Computer Engineering, University of Rostock, Rostock, Germany;German Centre for Cardiovascular Research (DZHK), Greifswald, Germany;Institute for Community Medicine, Section Epidemiology of Health Care and Community Health, University Medicine Greifswald, Ellernholzstr. 1-2, Greifswald, 17487, Germany | |
关键词: Record linkage; Pseudonyms; Informed consent; Data protection; Medical data management; | |
Others : 1233503 DOI : 10.1186/s12967-015-0545-6 |
|
received in 2015-02-09, accepted in 2015-05-25, 发布年份 2015 |
【 摘 要 】
Background
Cohort studies and registries rely on massive amounts of personal medical data. Therefore, data protection and information security as well as ethical aspects gain in importance and need to be considered as early as possible during the establishment of a study. Resulting legal and ethical obligations require a precise implementation of appropriate technical and organisational measures for a Trusted Third Party.
Methods
This paper defines and organises a consistent workflow-management to realize a Trusted Third Party. In particular, it focusses the technical implementation of a Trusted Third Party Dispatcher to provide basic functionalities (including identity management, pseudonym administration and informed consent management) and measures required to meet study specific conditions of cohort studies and registries. Thereby several independent open source software modules developed and provided by the MOSAIC project are used. This technical concept offers the necessary flexibility and extensibility to address legal and ethical requirements of individual scenarios.
Results
The developed concept for a Trusted Third Party Dispatcher allows mapping single process steps as well as individual requirements and characteristics of particular studies to workflows, which in turn can be combined to model complex Trusted Third Party processes. The uniformity of this approach permits unrestricted re-combination of the available functionalities (depending on the applied software modules) for various research projects.
Conclusion
The proposed approach for the technical implementation of an independent Trusted Third Party reduces the effort for scenario specific implementations as well as for maintenance. The applicability and the efficacy of the concept for a workflow-driven Trusted Third Party could be confirmed during the establishment of several nationwide studies (e.g. German Centre for Cardiovascular Research and the National Cohort).
【 授权许可】
2015 Bialke et al.
Files | Size | Format | View |
---|---|---|---|
Figure3. | 16KB | Image | download |
Figure2. | 69KB | Image | download |
Figure1. | 60KB | Image | download |
Figure3. | 16KB | Image | download |
Figure2. | 69KB | Image | download |
Figure1. | 60KB | Image | download |
【 图 表 】
Figure1.
Figure2.
Figure3.
Figure1.
Figure2.
Figure3.
【 参考文献 】
- [1]Council of Europe. Convention for the protection of individuals with regard to automatic processing of personal data. In ETS No.108 1981 Strasbourg
- [2]European Commission (2012) Official website of the European Commission. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_de.pdf. Accessed 02 Oct 2014
- [3]World Medical Association (WMA) (2008) WMA Declaration of Helsinki—Ethical Principles for Medical Research Involving Human Subjects. In 59th WMA General Assembly 2008 Korea
- [4]Pommerening K, Drepper J, Helbing K, Ganslandt T, Müller T, Speer R et al (2014) Generic data protection concepts for medical research networks 2.0 (Leitfaden zum Datenschutz in medizinischen Forschungsprojekten. Generische Lösungen der TMF 2.0). Berlin. TMF e.V. 2014
- [5]Dierks C (2008) Legal evaluation of an electronical data trustee ship of the TMF (Rechtsgutachen zur elektronischen Datentreuhänderschaft der TMF, TMF-Produkt P052011). Berlin. 2008
- [6]The MOSAIC-Project (2014) Mosaic-Project Website. http://mosaic-greifswald.de. Accessed 1 Jun 2014
- [7]Schaar P. Privacy by design. Identity Inf Soc. 2010; 3(2):267-274.
- [8]The MOSAIC-Project (2014) ID-Management with E-PIX. https://mosaic-greifswald.de/werkzeuge-und-vorlagen/id-management-e-pix.html. Accessed 19 Sep 2014
- [9]Lenson C. Building a successful enterprise master patient index: a case study. Top Health Inf Manag. 1998; 19(1):66-71.
- [10]Geidel L, Bahls T, Hoffmann W (2013) A generic pseudonymization tool as a module of Central Data Management for medical research data (Ein generisches Pseudonymisierungswerkzeug als Modul des Zentralen Datenmanagements medizinischer Forschungsdaten). In: Löffler M, Riedel-Heller S (eds) Abstractband 8th Annual Conference of the German Society for Epidemiology (DGEpi) e.V. and 1st International LIFE Symposium (Abstractband 8. Jahrestagung der Deutschen Gesellschaft für Epidemiologie und 1. Internationales LIFE Symposium). Leipzig, pp 245–246
- [11]Bahls T, Liedtke W, Geidel L, Langanke M (2015) Ethics meets IT: aspects and elements of computer-based informed consent processing. In: Fischer T, Langanke M, Marschall P, Michl S (eds) Individualized medicine: ethical, economical and historical perspectives. Springer, Cham, pp 209–229. http://www. springer.com/biomed/book/978-3-319-11718-8 webcite
- [12]Grabe H, Assel H, Bahls T, Dörr M, Endlich K, Endlich N et al.. Cohort profile: Greifswald approach to individualized medicine (GANI_MED). J Transl Med. 2014; 12:144. BioMed Central Full Text
- [13]Lablans M, Borg A, Ückert F. A RESTful interface to pseudonymization services in modern web applications. BMC Med Inform Decis Mak. 2015; 15:2. BioMed Central Full Text
- [14]The Apache Software Foundation (2014) Apache Camel Homepage. http://camel.apache.org/. Accessed 20 Oct 2014
- [15]The Apache Software Foundation (2014) Enterprise Integration Patterns. http://camel.apache.org/enterprise-integration-patterns.html. Accessed 20 Oct 2014
- [16]ZKKR-MV (2014) Central Clinical Cancer Registry in MV (Zentrales klinisches Krebsregister Mecklenburg-Vorpommern). http://web1-zkkr.zkkr.med.uni-greifswald.de/. Accessed 29 Sep 2014
- [17]The National Cohort (Nationale Kohorte e.V.) (2015) http://www.nationale-kohorte.de/content/9.2-DS-Konzept-Treuhandstelle-NAKO-V1-01-2015-01-11.pdf. Accessed 20 May 2015
- [18]Conference of the Federal and State Data Protection Officers—Workinggroup for technical and organisational data protection issues (2012) Guide to client-capability (Technische und organisatorische Anforderungen an die Trennung von automatisierten Verfahren bei der Benutzung einer gemeinsamen Infrastruktur—Orientierungshilfe Mandantenfähigkeit). http://www.baden-wuerttemberg.datenschutz.de/wp-content/uploads/2013/04/Mandantenfähigkeit.pdf. Accessed 24 Apr 2015
- [19]Doods J, Bache R, McGilchrist M, Daniel C, Dugas M, Fritz F. Piloting the EHR4CR feasibility platform across Europe. Methods Inf Med. 2014; 53(4):264-268.
- [20]German Centre for Cardiovascular Research (DZHK) (2014) dzhk.de. http://dzhk.de/. Accessed 11 Mar 2014
- [21]Conference of the Representatives of the Governments of the Member States. Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the European Community. In Official Journal of the European Union (2007/C 306/01) 2007 Lisbon. pp 1–228