Meeting The Technical Security Needs Primary and Secondary use of EHR systems Filip De Meyer 12-10-2007.

Slides:



Advertisements
Similar presentations
Module N° 4 – ICAO SSP framework
Advertisements

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
Improving the sharing of NICE content via syndication: what the future could hold Andrew Fenton CIO NICE 20 March 2014.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Agenda Problem Existing Approaches The e-Lab Is DRM the solution?
1 Sep 15Fall 05 Standards in Medical Informatics Standards Nomenclature Terminologies Vocabularies.
Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.
Security Controls – What Works
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
SG EUROPEAN PHARMACEUTICAL PRICING NERVE CENTRE. ABOUT SIGYN R&D Sigyn R&D is a Croatian company based in Zagreb, established in Tailor made software.
1 THE HEALTH iNNOVATOR An Integrated Care Record Service The Durham & Darlington Approach The Simulator.
The Challenges of Bridging HIS/EMRs and Research Information Systems James J. Cimino Chief, laboratory for Informatics Development NIH Clinical Center.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Documentation for Acute Care
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Electronic Health Records Dimitar Hristovski, Ph.D. Institute of Biomedical Informatics.
Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy.
De-identifying Pathology Reports for Pathology Informatics
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
Future Use of Stored Samples & Data and the NIH Policy on GWAS and dbGaP NIAID/DAIDS Dione Washington, M.S. -- ProPEP Sudha Srinivasan, Ph.D.-- TRP Tanisha.
Standard of Electronic Health Record
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
PSEUDONYMIZATION TECHNIQUES FOR PRIVACY STUDY WITH CLINICAL DATA 1.
Anticipated FY2016 Appropriations Agency$ Million NIH200 Cancer70 Cohort130 FDA10 Office of the Natl Coord. for Health IT (ONC) 5 TOTAL215 Mission: To.
Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 presented to the IT Infrastructure Technical Committee A. Estelrich (GIP-DMP)
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
A Model-Driven Approach to Interoperability and Integration in Systems of Systems Gareth Tyson Adel Taweel Steffen Zschaler Tjeerd Van Staa Brendan Delaney.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Innovations in Data Dissemination Thomas L. Mesenbourg, Jr. Acting Director U.S. Census Bureau United Nations Seminar on Innovations in Official Statistics.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
Clinical Collaboration Platform Overview ST Electronics (Training & Simulation Systems) 8 September 2009 Research Enablers  Consulting  Open Standards.
Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Educational Template Chapter 11 Data Privacy and Security Ross Fraser Chapter 11 Data Privacy & Security.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
ROLE OF ANONYMIZATION FOR DATA PROTECTION Irene Schluender and Murat Sariyar (TMF)
Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)
GGF12, Brussels D.Voets, September 22, 2004 HealthGRID: Confidentiality and Ethical Issues Ir. B. Claerhout D.Voets – Custodix R&D –
TRANSFoRm A flexible zone model for data privacy and confidentiality in medical research Wolfgang Kuchinke 1,Christian Ohmann, 1 Evert-Ben van Veen 2,
DAF Phase 3-Data Access for Research Frequently Asked Questions DRAFT VERSION
Business Challenges in the evolution of HOME AUTOMATION (IoT)
CSE 5810 Biomedical Informatics and Cloud Computing Zhitong Fei Computer Science & Engineering Department The University of Connecticut CSE5810: Introduction.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.
Brussels Privacy Symposium on Identifiability
eHealth Standards and Profiles in Action for Europe and Beyond
Brussels Privacy Symposium on Identifiability
Issues of personal data protection in scientific research
Viewing the GDPR Through a De-Identification Lens
Amandine Jambert - IT Experts Department
General Data Protection Regulation
Standard of Electronic Health Record
State of the privacy union
Metadata The metadata contains
High Performance Computing Center – HLRS
Electronic health records Deploying knowledge at the Point of Care
Nursing informatics Lecture (11).
Presentation transcript:

Meeting The Technical Security Needs Primary and Secondary use of EHR systems Filip De Meyer

2  Custodix: Company Introduction  Concepts & Terminology  From Concept to Technical Solutions  Example: The Custodix Anonimisation Tool (“CAT”) (screen shots) Content

3  In a few words… –Established in 2000 as a spin-off company of the University of Ghent, Belgium –Providing Privacy Protection services, mainly in HealthCare  Trusted Third Party Services  Customized Privacy Enhanced Data Collection Solutions  Secure storage  Privacy Consultancy  …  “One stop shop” for privacy/data protection  Involved in European Research since the start  Operating in Europe, Australia and Asia About Custodix 3

4 Commercial & Research Activities 4 Commercial Research Programs

5 Countries involved (sources of data) in Custodix protected data flows. Scope of Activities 5

6 Data Protection legislation examples:  Europe: –European Directive 95/46/EC (accepted as one of the world’s highest privacy standards) –Member state implementation  Other: –Health Insurance Portability and Accountability Act (H.I.P.A.A.) –Ontario Freedom of Information and the Protection of Privacy Act in Canada –… Background/History of Activities 6

7 Custodix Services 7

8 Trusted Third Party Research Data Repositories Various EHR Sources (care/diagnostic purposes) Personal Health Records (e.g. personal diaries) + Other Sources Additionally Collected Data (for research purposes) link protect privacy EHR Sources  Research Use Research Data Repositories

9 Reduction of Identifying Information Risk Analysis delete identifier transform date produce nym personal data de-identified data Reduce Identifying Information Content delete data items … encrypt data items

10 Starting Point: Definition of Personal Data “ 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. ” (Directive 95/46/EC, the “DPD”)

11 Concept of Identification  A data subject is identified (within a set of data subjects) if it can be singled out among other data subjects.  Some associations between characteristics and data subjects are more persistent in time (e.g. a national security number, date of birth) than others (e.g. an address). set of characteristics a b c d e f g h Set of data subjects

12 The Concept of Anonymisation set of characteristics a b c d e f g hdata subject Anonymisation is the process that removes the association between the identifying data set and the data subject. This can be done in two different ways: -by removing or transforming characteristics in the associated characteristics-data-set so that the association is not unique anymore and relates to more than one data subject. - by increasing the population in the data subjects set so that the association between the data set and the data subject is not unique anymore.

13 Terminology: Pseudonymisation set of characteristics a c d h Pseudonym Pseudonymisation is a particular type of anonymisation that, after removal of the association with a data subject, adds an association between a particular set of characteristics relating to a data subject and one or more pseudonyms. The pseudonym may be unique in in a domain. In irreversible pseudonymisation, the conceptual model does not contain a method to derive the association between the data-subject and the set of characteristics from the pseudonym. ? b e f g Note that “pseudonymisation” and “anonymisation” terminology is not universal

14 The Conceptual vs. Real Life Model “To determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable; whereas codes of conduct within the meaning of Article 27 may be a useful instrument for providing guidance as to the ways in which data may be rendered anonymous and retained in a form in which identification of the data subject is no longer possible”. (Recital 26 of the DPD)  refine the concept of identifiability/anonymity.  take into account “means likely and “any other person” in through re-identification risk analysis

15 Privacy Risk Analysis

16 Levels of De-identification ( ISO/IEC DTS25237)  Level 1: removal of clearly identifying data (“rules of thumb”)  Level 2: static, model based re-identification risk analysis  Level 3: continuous re-identification risk analysis of live databases  Targets for de-identification can be set and liabilities better defined in risk analysis and policies.

17 ISO TC215 / WG 4 ISO/IEC DTS25237 (Approved T.S.)  Health Informatics: Pseudonymisation  Result of work in ISO/ TC 215/ WG4  Based on conceptual model as explained in this presentation  Lists a number of Healthcare scenarios –clinical trials –clinical research –public health monitoring –patient safety reporting (adverse drug events)  Current status: Approved Technical Specification

18  Disease Management, Clinical Trials, … requirements –Dynamic data collection of individual line data…  Longitudinal studies  Processing data of individual patients –Protection of data subjects towards data collector  Data must be stored in protected form  Different from disclosure control  Requires –De-identified individual line data  Pseudonymisation / anonymisation  no protection through aggregation, data swapping, … –A-priory estimation of privacy risks and required data protection measures  Privacy risk based on statistical models cfr. re-identification theory –Protection of the “context” in which data is considered anonymous Common Healthcare Requirements 18

19  Goal: –Protection of identity and privacy of individuals or organizations –Allowing linkage of data associated with pseudo-IDs irrespective of the collection time (cf. longitudinal studies) and collection place (cf. multi-center studies)  Simplified: –Translating a given identifier into a pseudo-identifier by using secure, dynamic and (preferably ir-)reversible cryptographic techniques  Tricky part: –Making sure that data is truly de-identified (within a predefined context) –Removing “indirectly identifying” content Pseudonymisation 19

20 Batch Data Collection 20 Sources Data Collection Site Trusted Third Party Build custom solutions using standard components Integrate security & privacy components into existing and new projects

21  The “interactive pseudonymisation system”  Reconciling the concept of a “central anonymous database” with “nominative access” Interactive Pseudonymisation 21 Privacy Protection Gateway

22 Data Protection Service (acting as reverse proxy)  Non-intrusive to the application (transparent)  Key Management Service  Secured Search  Service Provides Authentication and user management to the application Web Enabled Implementation of Privacy Enhanced Storage Framework 22 Sources Data Collection Site PESF Service available as FLASH or Java/JavaScript toolkit Browser API

23  Secure Communication  Anonymous Data Collection  Secured Repository Case: Combined Trust Services 23 State-of-the-art Implementation based on innovative security technology Secure Information eXchange

24 Core Activities  Integration … of clinical history, medical imaging and genetic data.  Knowledge Grid … distributed mining for knowledge extraction.  Clinical Trials … breast cancer & pediatric nephroblastoma Developing a Biomedical GRID infrastructure for sharing Clinical and Genomic expertise

25 Pseudonymisation Tool

26 Center for Data Protection  Act as "data controller" or assist "data controllers" in the sense of the European Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data;  Be a think-tank for everyone professionally involved or interested in practical data protection;  Promote the application of novel technology in the context of data protection (ePrivacy, eSecurity), and act as a dissemination point for practical solutions;  Get involved with the development and promotion of standards and certification related to privacy protection;  Provide assistance in dealing with complex data protection issues on an international level by offering access to a multidisciplinary pool of expertise.

27  Generate privacy protection profiles that can be run on heterogeneous data.  Create (profile) once, run many times....

28 CAT:Overview

29 CAT: Variable Mappings Editor, XML  Variable mappings (dicom, xml, csv, custom)  Define a privacy type /variable –Identifier –Free text –Undefined –...

30 CAT: Transformation Editor  Operands –named variable (e.g. patientID) –privacy type  Flexible and detailed configuration –simple nym transformation –secure vaults (single or multiple argument) –random –replace with value –clear –make date relative –...

31 CAT: Transformation Editor, XML

32 CAT XML Example: Result  “firstname” replaced by calculated nym  “last name” cleared before after

33 CAT: Key Handling  generate keys  store keys  import/export ...

34 CAT, DICOM Example

35 CAT: Variable Mappings Editor, DICOM

36 CAT: Transformation Editor, DICOM

37 CAT: DICOM Examples replaced by nym cleared original examples

38 Custodix NV Verlorenbroodstr. 120 B-9820 Merelbeke Belgium or Thank you for your attention! 38 Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.