Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)

Slides:

Advertisements

Similar presentations

Connected Health Framework

Advertisements

September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.

XDS Link-Unlink Support Profile Proposal for 2011/12 presented to the IT Infrastructure Planning Committee José Mussi (JRS Partners – IHE Canada) Karen.

United Nations Spatial Data Infrastructure Dr Kristin Stock Social Change Online and Centre for Geospatial Science, University of Nottingham.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

Mobile Application Architectures

E-health Initiatives in Poland

E-Delivery Infrastructure and Access Points. e-Freight receives funding from the EC FP7 Sustainable Surface Transport Programme Connectivity Today … …

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

Luxembourg, Ville Kajala Senior Officer on Transparency Directive Issues Pan-European Access to Financial Information Disclosed by Listed Entities.

Utilization of Basic Register Information from the PSI Perspective Aki Siponen, Counsellor, Ministry of Finance Business with Public Information National.

CNRIS CNRIS 2.0 Challenges for a new generation of Research Information Systems.

What IHE Delivers 1 Business models - sustainability IHE Australia Worhshop – July 2011 Peter MacIsaac & Paul Clarke.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

A Secure Interoperable Infrastructure For Healthcare Information System Ehsan ul Haq Abrar Ahmed Sair

1 THE HEALTH iNNOVATOR An Integrated Care Record Service The Durham & Darlington Approach The Simulator.

1 United Nations Framework Convention on Climate Change UNFCCC press conference, Bonn, 20 November 2007 Kyoto Protocol “go-live”: data, policies, infrastructures.

Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

DPROV Pilot RAIN Live Oak Network California Inter-HIE DPROV Pilot S&I Framework Date: 08/05/2015.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.

GDI NRW and GEOBASIS.NRW: Common Manifesto for Interoperability Northrhine-Westfalia is building together with its communities, the GIS industry and the.

IBM Rhapsody Simulation of Distributed PACS and DIR systems Krupa Kuriakose, MASc Candidate.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Presented by: Chaitanya K. Sambhara Paper by: Karl Mayer and Wolfgang Fritsche IABG mbH Germany - Instructor : Dr Yingshu Li.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Community Support1 Elder Abuse Policy Presentation October 3, 2011.

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

0 Craig Miller Vice President, Health Strategy and Innovation Health Information Exchange: Facilitating data sharing between public.

Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 presented to the IT Infrastructure Technical Committee A. Estelrich (GIP-DMP)

Connecting for Health: Common Framework. 2 What is Connecting for Health? Broad-based, public-private coalition More than 100 collaborators –Providers.

Cross-enterprise Document Workflow (XDW) IT Infrastructure Technical Committee Editors: Luca Zalunardo, Arianna Cocchiglia, Arsenal.IT.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

1 Data use, data sharing and information governance Geraint Lewis Chief Data Officer, NHS England Mark Golledge Programme Manager in.

Dynamic Document Sharing Detailed Profile Proposal for 2010 presented to the IT Infrastructure Technical Committee Karen Witting November 10, 2009.

0 Connectathon 2009 Registration Bob Yencha Webinar | August 28, 2008 enabling healthcare interoperability.

1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.

FIDIS & PRIME Project Views SecurIST Inaugural Workshop Brussels, Kai Rannenberg Goethe University Frankfurt

Chronic Care Coordination/Community Referral Workflow Brief Profile Proposal for presented to the PCC Planning Committee Jon Hilton, Health.

Clinical Collaboration Platform Overview ST Electronics (Training & Simulation Systems) 8 September 2009 Research Enablers  Consulting  Open Standards.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

E-Health concept in Romania Sofia, 7 th of June 2005.

Quality, Research and Public Health (QRPH) Domain HIMSS 2009 Interoperability Showcase Planning Co-Chairs: - Ana Estelrich, GIP-DMP - Ana Estelrich, GIP-DMP.

Dynamic Data Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Karen Witting September 30, 2009.

1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.

Federated Directory Service (FDS) IHE IT Profile Proposal Sören Bittins (eCR, Fraunhofer ISST) November, 18th 2008.

Educational Template Chapter 11 Data Privacy and Security Ross Fraser Chapter 11 Data Privacy & Security.

Cross-Enterprise Privacy Policy (XPP) Profile Proposal for 2008/09 presented to the IT Infrastructure Technical Committee Sören Bittins (eCR, Fraunhofer.

Jemerson Pedernal IT 2.1 FUNDAMENTALS OF DATABASE APPLICATIONS by PEDERNAL, JEMERSON G. [BS-Computer Science] Palawan State University Computer Network.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

XDS P2P (revised) Brief Profile Proposal for 2008/09 presented to the IT Infrastructure Planning Committee A. Kassner (IHE-D), J. Caumanns (eCR) 01 October.

Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,

XDS Security ITI Technical Committee May, XDS Security Use Cases Prevent Indiscriminate attacks (worms, DOS) Normal Patient that accepts XDS participation.

Implementing Purpose Specific Records using IHE XDS Brief White Paper Proposal for 2008/09 presented to the IT Infrastructure Planning Committee J. Caumanns.

Session 6: Data Flow, Data Management, and Data Quality.

June-September 2009www.ihe.net North American 2010 Connectathon & Interoperability Showcase Series Paul Seifert/ Kinson Ho Solution Architects Agfa HealthCare.

Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.

eHealth Standards and Profiles in Action for Europe and Beyond

IHE Quality, Research and Public Health QRPH domain

Unit 5 Systems Integration and Interoperability

Model Contract for Health

Presentation transcript:

Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)

IT Infrastructure Planning Committee Motivation Primary Use scenarios:Primary Use scenarios: –Pseudonymisation as a potential security mechanism –reducing the actual protection requirement by decoupling the concrete patient’s identity from the health information Secondary use scenarios (clinical research, public health):Secondary use scenarios (clinical research, public health): –data leaves the context of the physician where they are protected by professional discretion –the concrete identity of the patient is often of no interest –the utilisation of anonymisation/pseudonymisation means is mandatory for secondary use scenarios

IT Infrastructure Planning Committee Pseudonymisation Models Model 0: Identity Protection for Primary UseModel 0: Identity Protection for Primary Use –Incorporates encryption & pseudonymisation for identity protection Model 1: Identity RemovalModel 1: Identity Removal –For one-time secondry use –Identity is completely anonymised (e. g. for research purposes) Model 2: Multiple data sources, one-time socondary useModel 2: Multiple data sources, one-time socondary use –Aims at linking multiple sources (e. g. XDS registries, repositories) –Incorporates one-way pseudonyms, generated by a TPP –the data source encrypts all medical data with the secondary users key –the encrypted data and the PID is send to a TPP building pseudonyms –the PSN and the encrypted data is forwarded to the secondary user –= the TPP cannot read data, the secondary user cannot tell the identity

IT Infrastructure Planning Committee Flow-of-Data (Model 2) one-way pseudonyms (no de-identification) due to one-way function typically featuring asymmetric encryption in order to prevent the TPP from being able to actually read any medical data

IT Infrastructure Planning Committee Pseudonymisation Models Model 3: One-Time secondary use with re-identificationModel 3: One-Time secondary use with re-identification –Incorporates two TPP, one for substituting the concrete identity, one for the actual pseudonymisation –the PID service knows the identity of the patient but contains no data –the PSEUD service can recover the PID by decrypt the PSN but does not know the concrete identity Model 4: Pseudonymous Research Data PoolModel 4: Pseudonymous Research Data Pool –is based on Model 3 but incorporates a data pool for research –pseudonym and medical data are permanently stored in the data pool Model 5: Central DB with many secondary usesModel 5: Central DB with many secondary uses –Potential for research involving a central (clinical) database –the clinical database contains medical data but no identities –the concrete reference to the pseudonymised medical data is established over a TPP being able to assign a PID that is connected to the data

IT Infrastructure Planning Committee The 5 Models 5 models proposed are quite flexible and they are entirely dependent on the local, national, and regional policies.5 models proposed are quite flexible and they are entirely dependent on the local, national, and regional policies. The following documents are proposed for examination (some have been started already) as to investigate further which model could be applied where, but the local policies must be taken into consideration:The following documents are proposed for examination (some have been started already) as to investigate further which model could be applied where, but the local policies must be taken into consideration: ISO TS Health informatics – PseudonymisationISO TS Health informatics – Pseudonymisation HITSP Anonymize Component-C25HITSP Anonymize Component-C25 HITSP Pseudonymize Transaction-T24HITSP Pseudonymize Transaction-T24 HITSP Quality Interoperability Specification-IS06HITSP Quality Interoperability Specification-IS06 HITSP Biosurveillance Interoperability Specification-IS02HITSP Biosurveillance Interoperability Specification-IS02 HITSP Public Health Case Reporting Interoperability Specification-IS11HITSP Public Health Case Reporting Interoperability Specification-IS11

IT Infrastructure Planning Committee Expected Acceptance data protection and extended liability issues are gradually moving into the focusdata protection and extended liability issues are gradually moving into the focus cooperative health care networks have a extremely strong demand for compliant solutionscooperative health care networks have a extremely strong demand for compliant solutions this profile provides essential building-blocks for designing those solutionsthis profile provides essential building-blocks for designing those solutions The eCR Initiative is currently providing and using various of the components presented here for full complianceThe eCR Initiative is currently providing and using various of the components presented here for full compliance Significant potential for cross-border usabilitySignificant potential for cross-border usability May serve as a foundation for a pan-European identity protection frameworkMay serve as a foundation for a pan-European identity protection framework

IT Infrastructure Planning Committee Done definition of pseudonymisation modelsdefinition of pseudonymisation models exemplary implementations for some of the modelsexemplary implementations for some of the models introduction of model extensions:introduction of model extensions: –provider pseudonymisation / transparency –integration into policy-based security architectures

IT Infrastructure Planning Committee To-Do Application of Pseudonymisation onto content profiles from PCC and QRPHApplication of Pseudonymisation onto content profiles from PCC and QRPH developing and definition of a set of “building-blocks”developing and definition of a set of “building-blocks” implementation and deployment (policy-driven)implementation and deployment (policy-driven) compose an „umbrella model“ to fully integrate Europe‘s special demands in safe-guarding and data protection while keeping compatibility and feasibility with the other participants needs and limiting implementation effortscompose an „umbrella model“ to fully integrate Europe‘s special demands in safe-guarding and data protection while keeping compatibility and feasibility with the other participants needs and limiting implementation efforts