Artikel
DIFUTURE strategy to deploy DataSHIELD at German university hospitals
Suche in Medline nach
Autoren
Veröffentlicht: | 24. September 2021 |
---|
Gliederung
Text
Introduction: The DataSHIELD framework facilitates privacy preserving statistical analyses of data which is distributed at different sites. The data never leaves the sites and DataSHIELD guarantees that only sufficiently aggregated data are returned. We are introducing a setup, which deploys DataSHIELD in accordance with data protection rules at university hospitals as it is used within the DIFUTURE use-case Multiple Sclerosis.
State of the Art: Commonly, data is pooled for analysis.
Concept: To guarantee privacy of patient data, and to consider local IT security infrastructures at university hospitals, we developed a user role concept, and additionally set up a DataSHIELD user management (using Keycloak) and IT security infrastructure. An operating concept on the above was written, which must be reviewed and approved by onsite data protection and IT security officers. To approve the DataSHIELD software for the hospital's IT infrastructure, a risk assessment shall be conducted. To maintain the knowledge gained and to integrate new projects within our framework, we founded a DataSHIELD committee safeguarding the consistency of data structure and analysis, technical aspects, and organizational tasks.
Implementation: For the user role concept, we defined rights and roles, which should be used by all participating sites: These roles include data managers, administrators, analysts, and local principal investigators, who approve the other roles. Only data managers can see the pseudonymized data for a specific project. She/He is responsible for data management and upload. Defined administrator roles were: (I) One for network and firewall settings, (II) one for the system (DataSHIELD installation and software maintenance), (III) one for project management within Opal, and (IV) one Keycloak administrator (i.e., user management).
As proposed by the DataSHIELD developers, an Opal data warehouse, an R-server, and the statistical software environment R with specific R-packages must be provided within each site network [1]. In addition to the usual DataSHIELD framework, we set up authentication and authorisation using Keycloak [2] as an identity and access management system to manage network-internal and -external users and corresponding project-related user permissions. Within a clinical network, the user authentication between Opal and Keycloak is protected by a proxy firewall. Between networks, a firewall allows only access to Opal (via TLS / 443) and analysis requests (via R-Studio) for specified partner sites (with white-listed IP addresses). With a common browser, users can log into Opal via Keycloak to generate personal access tokens required for analyzes using R-Studio.
Lessons Learned: The common DataSHIELD framework is not sufficient for highly sensible data. Additional IT security structures need to be implemented. Since data protection and local IT security infrastructure may differ between sites, a flexible reaction during DataSHIELD implementation is required without risking compatibility problems between sites. Our approach guarantees this. A distributed analysis on three sites with synthetic data was performed successfully. This strategy can be adapted for cooperation with other DIFUTURE or MII-wide use cases such as CORD.
Acknowledgement: DIFUTURE is funded as a part of the MI-I by the Bundesministerium für Bildung und Forschung (BMBF): 01ZZ1804C & 01ZZ1804D. ProVal-MS study: (DRKS: 00014034)
The authors declare that they have no competing interests.
The authors declare that a positive ethics committee vote has been obtained.
References
- 1.
- Wolfson M, Wallace SE, Masca N, Rowe G, Sheehan NA, Ferretti V, et al. DataSHIELD: resolving a conflict in contemporary bioscience — performing a pooled analysis of individual-level data without sharing the data. International journal of epidemiology. 2010;39(5):1372-82.
- 2.
- Keycloak. GitHub; 2021. Available from: https://github.com/keycloak