gms | German Medical Science

MAINZ//2011: 56. GMDS-Jahrestagung und 6. DGEpi-Jahrestagung

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e. V.
Deutsche Gesellschaft für Epidemiologie e. V.

26. - 29.09.2011 in Mainz

Access control of anonymized patient records for medical research use – Cooperation with consideration of data ownership secured by digital signature

Meeting Abstract

Suche in Medline nach

  • Yao Zhou - Institut für Pathologie, Charité - Universitätsmedizin Berlin, Berlin
  • Sabine Hanß - Institut für Medizinische Informatik, Charité - Universitätsmedizin Berlin, Berlin
  • Sonja Niepage - Institut für Pathologie, Charité - Universitätsmedizin Berlin, Berlin
  • Thomas Schrader - Fachbereich Informatik und Medien, Fachhochschule Brandenburg, Brandenburg

Mainz//2011. 56. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie (gmds), 6. Jahrestagung der Deutschen Gesellschaft für Epidemiologie (DGEpi). Mainz, 26.-29.09.2011. Düsseldorf: German Medical Science GMS Publishing House; 2011. Doc11gmds509

DOI: 10.3205/11gmds509, URN: urn:nbn:de:0183-11gmds5094

Veröffentlicht: 20. September 2011

© 2011 Zhou et al.
Dieser Artikel ist ein Open Access-Artikel und steht unter den Creative Commons Lizenzbedingungen (http://creativecommons.org/licenses/by-nc-nd/3.0/deed.de). Er darf vervielfältigt, verbreitet und öffentlich zugänglich gemacht werden, vorausgesetzt dass Autor und Quelle genannt werden.


Gliederung

Text

Background: Secondary use of electronic patient records for research bases on gathering adequate data from different data sources, and sharing them through a platform. The Open European Nephrology Science Center (OpEN.SC) [1] is such a platform sponsored by German Research Foundation (DFG). The owners of data sources, although are protected by certain laws, regulations, and contracts, still have concerns about, potential research competitors get more advanced with their data without getting any rewards [2]. Therefore, data owners hesitate when they are invited to share data through a platform like OpEN.SC. In order to relieve such concern of data owners, we have introduced a ticket and digital signature based access control mechanism to realize sharing and cooperating with consideration of data ownership.

Methods: We analyzed the use cases with our Medical Advisor Board consisting of data source owners and medical experts. We also modeled the lifecycle of a ticket, and the workflow of ticket lifecycle status changing. We employed legally binding digital signature [3] to make the access control reliable.

Results: The use cases comprise two aspects. One is data owners want to know who request to access which patient records imported from their data sources, and to be able to permit or deny the request. The other is the researchers want to first have a general view - basic information - of a patient record without a ticket, and to request a ticket for the interesting record to get access to complete information.

The workflow starts with researcher requests for tickets. When the owners of data-in our case heads of department-login OpEN.SC portal, all the ticket requests are presented. They read the requests and decide whether the ticket should be granted or not. If yes, a ticket grant contract with time limit is generated. The owners sign the contracts with digital signature enabled by smart card and password. The researchers can get access to the complete patient information for which they have tickets.

Discussion: Ticket and digital signature based access control encourages data owners to share their data through a platform like OpEN.SC. It helps decrease misuse of patient records. It also promotes research cooperation by connecting medical researchers together with patient records.


References

1.
Schrader T, Niepage S, Hahn C, et al. OpEN.SC - The Open European Nephrology Science Center. 21st European Congress of Pathology (ECP 2007), September 8-13, 2007, Istanbul, Turkey.
2.
Hall AM, Schulman AK. Ownership of Medical Information. JAMA. 2009;301(12):1282- – 1284.
3.
Esiqia technologies gmbh. Die Branchen-Lösungen Gesundheitswesen. http://www.esiqia.com/index.php?id=312. Accessed April 11, 2011. Externer Link