gms | German Medical Science

66. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e. V. (GMDS), 12. Jahreskongress der Technologie- und Methodenplattform für die vernetzte medizinische Forschung e. V. (TMF)

26. - 30.09.2021, online

DIFUTURE strategy to deploy DataSHIELD at German university hospitals

Meeting Abstract

  • Stefan Buchka - Ludwig-Maximilians-Universität München; Institute for Medical Information Processing, Biometry, and Epidemiology (IBE), Munich, Germany
  • Marius Herr - medical data integration center (meDIC), University Hospital Tübingen, Tübingen, Germany
  • Jörg Römhild - medical data integration center (meDIC), University Hospital Tübingen, Tübingen, Germany
  • Sascha Rehm - medical data integration center (meDIC), University Hospital Tübingen, Tübingen, Germany
  • Ulrich Mansmann - Ludwig-Maximilians-Universität München; Institute for Medical Information Processing, Biometry, and Epidemiology (IBE), München, Germany
  • Guokun Zhang - Medical Data Integration Center, University Hospital München, Planegg-Martinsried, Germany
  • Fady Albashiti - Medical Data Integration Center, University Hospital München, Planegg-Martinsried, Germany
  • Stephanie Biergans - medical data integration center (meDIC), University Hospital Tübingen, Tübingen, Germany
  • Verena S. Hoffmann - Ludwig-Maximilians-Universität München; Institute for Medical Information Processing, Biometry, and Epidemiology (IBE), München, Germany

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie. 66. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e. V. (GMDS), 12. Jahreskongress der Technologie- und Methodenplattform für die vernetzte medizinische Forschung e.V. (TMF). sine loco [digital], 26.-30.09.2021. Düsseldorf: German Medical Science GMS Publishing House; 2021. DocAbstr. 201

doi: 10.3205/21gmds124, urn:nbn:de:0183-21gmds1243

Veröffentlicht: 24. September 2021

© 2021 Buchka et al.
Dieser Artikel ist ein Open-Access-Artikel und steht unter den Lizenzbedingungen der Creative Commons Attribution 4.0 License (Namensnennung). Lizenz-Angaben siehe http://creativecommons.org/licenses/by/4.0/.


Gliederung

Text

Introduction: The DataSHIELD framework facilitates privacy preserving statistical analyses of data which is distributed at different sites. The data never leaves the sites and DataSHIELD guarantees that only sufficiently aggregated data are returned. We are introducing a setup, which deploys DataSHIELD in accordance with data protection rules at university hospitals as it is used within the DIFUTURE use-case Multiple Sclerosis.

State of the Art: Commonly, data is pooled for analysis.

Concept: To guarantee privacy of patient data, and to consider local IT security infrastructures at university hospitals, we developed a user role concept, and additionally set up a DataSHIELD user management (using Keycloak) and IT security infrastructure. An operating concept on the above was written, which must be reviewed and approved by onsite data protection and IT security officers. To approve the DataSHIELD software for the hospital's IT infrastructure, a risk assessment shall be conducted. To maintain the knowledge gained and to integrate new projects within our framework, we founded a DataSHIELD committee safeguarding the consistency of data structure and analysis, technical aspects, and organizational tasks.

Implementation: For the user role concept, we defined rights and roles, which should be used by all participating sites: These roles include data managers, administrators, analysts, and local principal investigators, who approve the other roles. Only data managers can see the pseudonymized data for a specific project. She/He is responsible for data management and upload. Defined administrator roles were: (I) One for network and firewall settings, (II) one for the system (DataSHIELD installation and software maintenance), (III) one for project management within Opal, and (IV) one Keycloak administrator (i.e., user management).

As proposed by the DataSHIELD developers, an Opal data warehouse, an R-server, and the statistical software environment R with specific R-packages must be provided within each site network [1]. In addition to the usual DataSHIELD framework, we set up authentication and authorisation using Keycloak [2] as an identity and access management system to manage network-internal and -external users and corresponding project-related user permissions. Within a clinical network, the user authentication between Opal and Keycloak is protected by a proxy firewall. Between networks, a firewall allows only access to Opal (via TLS / 443) and analysis requests (via R-Studio) for specified partner sites (with white-listed IP addresses). With a common browser, users can log into Opal via Keycloak to generate personal access tokens required for analyzes using R-Studio.

Lessons Learned: The common DataSHIELD framework is not sufficient for highly sensible data. Additional IT security structures need to be implemented. Since data protection and local IT security infrastructure may differ between sites, a flexible reaction during DataSHIELD implementation is required without risking compatibility problems between sites. Our approach guarantees this. A distributed analysis on three sites with synthetic data was performed successfully. This strategy can be adapted for cooperation with other DIFUTURE or MII-wide use cases such as CORD.

Acknowledgement: DIFUTURE is funded as a part of the MI-I by the Bundesministerium für Bildung und Forschung (BMBF): 01ZZ1804C & 01ZZ1804D. ProVal-MS study: (DRKS: 00014034)

The authors declare that they have no competing interests.

The authors declare that a positive ethics committee vote has been obtained.


References

1.
Wolfson M, Wallace SE, Masca N, Rowe G, Sheehan NA, Ferretti V, et al. DataSHIELD: resolving a conflict in contemporary bioscience — performing a pooled analysis of individual-level data without sharing the data. International journal of epidemiology. 2010;39(5):1372-82.
2.
Keycloak. GitHub; 2021. Available from: https://github.com/keycloak Externer Link