gms | German Medical Science

Introduction: With clinical follow-up studies a group of patients are assembled and assessed after hospitalization. Determined by a factor of interest the subjects are contacted by phone with compiled questionnaires. We've developed a software architecture solution that facilitates digital data collection and sharing based on Zero Trust security. Access and authorization control are shifted from a trusted perimeter network towards a zero-trust environment to enable medical data collection and exchange between hospital workgroups based on highest security and privacy standards.

State of the art: Epic EHR [1] and Cerner EHR [2] are two dominating software companies that bring different values and improvement to practice. Open source alternatives are OpenClinica [3] and the REDCap software [4]. This software allows teams to design, build, and manage their follow-up studies online and offline. The gap are particular in-house features and functionalities needed, technical incompatibilities, incomplete or inconsistent specifications, and data mismatches.

Concept: The critical points in our follow-up software include the privacy and security of our patient's health data. The implemented solution is based on a Zero Trust security and the specific needs of our user. Zero Trust includes an architecture and authorization concept that enables tasks such as automated follow-up messages and data requests, or collaborative support with data sharing options, while preserving security and privacy.

The basis for our flexible and maintainable system is the alignment between our software design and the clinical hospital domain with a Domain-Driven Design. With the Domain-Driven Design, we identified the entities, relationships and behavior and developed a four-layer model with GUIs, application services, resources, and hospital adapter with databases. Reactive behavior in front- and backend enables real time data updates and collaborative features for an iterative workflow engine and automized data pipelines.

Implementation: Our JAVA backend is asynchronous, event-driven, and multithreading. For data security we implemented a resource management flow in the backend with a set of API endpoints that are accessed after different checks. These checks are based on a Zero Trust architecture [5] with a control and data plane concept. The user authentication uses the Lightweight Directory Access Protocol (LDAP) for identity management and token generation. An API request filter with an interceptor enforces a policy and role check of the tokens and authorizes access to resources. Additionally, implements the JavaScript frontend a detailed access control management with authentication and authorization handling. Front- and backend are deployed to our hospital own cloud-servers with a Docker stack infrastructure.

Lessons learned: Reactiveness and real-time events can be used to trigger processes and actions. This allows an efficient and responsive system that can support the complex and dynamic workflow of follow-up studies, and medical research. In addition, the ability to securely authenticate and authorize medical health and patient data supports an individual and collaborative workflow.

Privacy and security of medical patients' data is a critical point. We prioritized data security and privacy in our architecture development.This allows us to ensure that the software complies with the relevant regulations and we implement safe software principles and methods.

The author declares that she has no competing interests.

The author declares that an ethics committee vote is not required.