gms | German Medical Science

Introduction: IT infrastructures in medical research such as epidemiological registries or research data networks consist of different components, such as identity management, patient consent management, user authentication services, etc., in order to provide necessary functionalities to enable research and data exchange. The authors had no knowledge of detailed requirements of those components. Hence, we conducted a requirements analysis to determine requirements.

Methods: We did a systematic literature search using PubMed. We searched articles published between 2009-09-28 and 2019-09-28 using self-defined search terms relevant to patient identity management, authentication services and consent management. Afterwards, we searched references of papers found in the result-set by using backward reference searching. The backward references were not limited regarding the publication date. We skipped duplicate references in the backward search, combined all relevant papers of both searches and searched those remaining papers for requirements.

We filtered papers which were not relevant to the research objective using the PRISMA guidelines [1]. Relevant papers’ full-texts were screened for requirements of patient identity management, authentication services and consent management.

We grouped requirements found as functional or non-functional requirements for both, generic or component-specific requirements. We identified requirements if they were either explicitly named or implicitly discussed in the literature. We merged explicit and implicit requirements.

Requirements were joined, if they described the same requirement and ranked according to how many different papers discussed the same requirements.

One medical informatics expert specialized in research infrastructure analyzed the references and requirements and another reviewed and confirmed them.

Results: The literature search resulted in 970 papers which we reduced to 24 papers relevant to the research objective after screening titles, abstracts, and available full-texts.

Out of the remaining 24 first-level papers, 743 backward references were extracted. The backward search yielded 152 relevant papers after screening titles, abstracts, and available full-texts. A total of 176 relevant papers were found in the overall search process.

Out of the 176 papers, we identified 417 unique requirements and grouped them. 110 general requirements were found (5 functional, 105 non-functional). 307 component-specific functional and non-functional requirements were found, 72 for patient identity management, 142 for consent management, and 93 for authentication services.

Discussion: The literature contains different descriptions of planned and implemented medical research IT infrastructures and detailed requirements of components used are named, explicitly and implicitly. Yet, an overview of such requirements was missing, while in the meantime, different real world implementations of medical research IT infrastructures are underway in e.g., Medical Informatics Initiative, Network University Medicine, NFDI4Health in Germany [2], [3], [4] and EHDEN [5].

The method applied in this work has weaknesses, as the search was limited to the PubMed database, and self-defined search terms were used, since suitable MeSH terms were not available. This was made up for by conducting a backward search.

Due to a more broad perspective, additional requirements were found compared to other publications which discuss components and requirements individually [6], [7], [8].

Conclusion: The requirements found in this work can be used to evaluate certain real world implementations of medical research IT components.

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.