Artikel
Applied pseudonymization: Using the data management and biobanking software DIS as an example
Suche in Medline nach
Autoren
Veröffentlicht: | 26. Februar 2021 |
---|
Gliederung
Text
The management of data and biospecimens which characterize patients and probands in-depth is a core element of modern biomedical research. Associated data is considered highly sensitive, so access to this data must be strictly regulated and it must be protected from unauthorized re-identification.
In this context, laws, regulations, guidelines and best-practices often call for pseudonymization. This means, that directly identifying data (e.g. names, addresses and contact information) is separated from data which is primarily needed for scientific research. As attackers cannot gain integrated access to both research data and associated directly identifying data, pseudonymization protects sensitive data against re-identification. The best-practice for biobanking in Germany even introduces a further pseudonymization step (i.e. mapping “first pseudonyms” to “second pseudonyms”) by introducing an additional service. Furthermore, it mandates the separation of different data categories and their hosting subsystems at technical, spatial and organizational level, resulting in at least three different databases.
This increases complexity in terms of the number of interfaces that need to be implemented for communicating between the various subsystems. In this talk different methods for pseudonymization will be presented and it will be discussed how these methods are implemented in an integrated manner in the data management and biobanking system of DIS. Challenges and lessons learned, as well as attack vectors and mitigation strategies will complete the presentation.
The authors declare that an ethics committee vote is not required.