gms | German Medical Science

Introduction: Modern infrastructures for clinical research characteristically are collections of multiple kinds of datatypes. Taken from a real-world example, the Scientific Infrastructure of the DZHK consists of phenotype data, biomaterial, and imaging data, each managed by independent systems [1]. As recommended by the generic guidelines to data protection of the TMF [2], each software uses separate identifiers to represent individuals in order to prevent unauthorized gain of knowledge [3]. Only by an institutional trustee – which at all times is aware of identities and applicable consents – linkage between records originating from different system becomes feasible. However, in some cases, communication between two systems is required; e.g. to communicate phenotype parameters extracted through image analyses from the imaging system to the phenotype system. To enable this exchange, the trustee generates temporary identifiers acting as surrogates during communication. Consequently, substitution and resolving of these temporary identifiers have to be incorporated by all communication partners. Therefore, the goal was to design a proxy application, enabling this communication scheme instead of the applications that do not support it natively by themselves.

Methods: In our case, the phenotype database – represented by the web-based EDC-system secuTrial® [4] – did not support this triangular communication scheme. Since all external communication with secuTrial® is implemented as webservices using SOAP, a generic proxy application was designed to filter for temporary identifiers (incoming traffic) and pseudonyms (outgoing traffic) and resolve them via the trustees REST protocol [5]. Main requirements were efficiency, transparency, and genericity.

Results: A JavaEE servlet was implemented. The servlet implements configurable endpoints that can be used by a client instead of the original secuTrial® webservices. All incoming traffic is parsed for temporary identifiers. In general, these identifiers are recognized via pattern matching and verified by their included checksum. Confirmed temporary identifiers are sent to the trustee webservice to be resolved into their corresponding phenotype identifier. The sanitized stream is then sent to secuTrial® and processed as normal. Outbound responses are filtered for phenotype identifiers and resolved by the trustee in an equal manner. In order to increase efficiency, generated temporary identifiers can be reused for a restricted time period. For this purpose, the proxy implements a TTL-based cache that allows identifiers to be used consecutively without additional trustee resolution. After the TTL expires, the identifier gets removed from the cache.

Discussion: As the proxy recognizes identifiers solely by pattern matching and checksums, it does not depend on any further knowledge about the structure or content of the payload. Therefore, any HTTP-based webservice could be proxied in a similar manner while adaptions would only be needed to implement other endpoints. The pattern matching and checksum validation can be configured and interfaced accordingly.

Compared to a direct communication, protocol overhead and response times inevitably increase by involving the trustee in each exchange. However, this effect was mitigated through the cache. Even with very short TTL (30s), communications referring to the same individual can be momentarily kept alive effectively, requiring only the initial resolution of its identifier.

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.