Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)

Published byMaurice Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)"— Presentation transcript:

1 Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)

2 IT Infrastructure Planning Committee Motivation Primary Use scenarios:Primary Use scenarios: –Pseudonymisation as a potential security mechanism –reducing the actual protection requirement by decoupling the concrete patient’s identity from the health information Secondary use scenarios (clinical research, public health):Secondary use scenarios (clinical research, public health): –data leaves the context of the physician where they are protected by professional discretion –the concrete identity of the patient is often of no interest –the utilisation of anonymisation/pseudonymisation means is mandatory for secondary use scenarios

3 IT Infrastructure Planning Committee Pseudonymisation Models Model 0: Identity Protection for Primary UseModel 0: Identity Protection for Primary Use –Incorporates encryption & pseudonymisation for identity protection Model 1: Identity RemovalModel 1: Identity Removal –For one-time secondry use –Identity is completely anonymised (e. g. for research purposes) Model 2: Multiple data sources, one-time socondary useModel 2: Multiple data sources, one-time socondary use –Aims at linking multiple sources (e. g. XDS registries, repositories) –Incorporates one-way pseudonyms, generated by a TPP –the data source encrypts all medical data with the secondary users key –the encrypted data and the PID is send to a TPP building pseudonyms –the PSN and the encrypted data is forwarded to the secondary user –= the TPP cannot read data, the secondary user cannot tell the identity

4 IT Infrastructure Planning Committee Flow-of-Data (Model 2) one-way pseudonyms (no de-identification) due to one-way function typically featuring asymmetric encryption in order to prevent the TPP from being able to actually read any medical data

5 IT Infrastructure Planning Committee Pseudonymisation Models Model 3: One-Time secondary use with re-identificationModel 3: One-Time secondary use with re-identification –Incorporates two TPP, one for substituting the concrete identity, one for the actual pseudonymisation –the PID service knows the identity of the patient but contains no data –the PSEUD service can recover the PID by decrypt the PSN but does not know the concrete identity Model 4: Pseudonymous Research Data PoolModel 4: Pseudonymous Research Data Pool –is based on Model 3 but incorporates a data pool for research –pseudonym and medical data are permanently stored in the data pool Model 5: Central DB with many secondary usesModel 5: Central DB with many secondary uses –Potential for research involving a central (clinical) database –the clinical database contains medical data but no identities –the concrete reference to the pseudonymised medical data is established over a TPP being able to assign a PID that is connected to the data

6 IT Infrastructure Planning Committee The 5 Models 5 models proposed are quite flexible and they are entirely dependent on the local, national, and regional policies.5 models proposed are quite flexible and they are entirely dependent on the local, national, and regional policies. The following documents are proposed for examination (some have been started already) as to investigate further which model could be applied where, but the local policies must be taken into consideration:The following documents are proposed for examination (some have been started already) as to investigate further which model could be applied where, but the local policies must be taken into consideration: ISO TS 25237 - Health informatics – PseudonymisationISO TS 25237 - Health informatics – Pseudonymisation HITSP Anonymize Component-C25HITSP Anonymize Component-C25 HITSP Pseudonymize Transaction-T24HITSP Pseudonymize Transaction-T24 HITSP Quality Interoperability Specification-IS06HITSP Quality Interoperability Specification-IS06 HITSP Biosurveillance Interoperability Specification-IS02HITSP Biosurveillance Interoperability Specification-IS02 HITSP Public Health Case Reporting Interoperability Specification-IS11HITSP Public Health Case Reporting Interoperability Specification-IS11

7 IT Infrastructure Planning Committee Expected Acceptance data protection and extended liability issues are gradually moving into the focusdata protection and extended liability issues are gradually moving into the focus cooperative health care networks have a extremely strong demand for compliant solutionscooperative health care networks have a extremely strong demand for compliant solutions this profile provides essential building-blocks for designing those solutionsthis profile provides essential building-blocks for designing those solutions The eCR Initiative is currently providing and using various of the components presented here for full complianceThe eCR Initiative is currently providing and using various of the components presented here for full compliance Significant potential for cross-border usabilitySignificant potential for cross-border usability May serve as a foundation for a pan-European identity protection frameworkMay serve as a foundation for a pan-European identity protection framework

8 IT Infrastructure Planning Committee Done definition of pseudonymisation modelsdefinition of pseudonymisation models exemplary implementations for some of the modelsexemplary implementations for some of the models introduction of model extensions:introduction of model extensions: –provider pseudonymisation / transparency –integration into policy-based security architectures

9 IT Infrastructure Planning Committee To-Do Application of Pseudonymisation onto content profiles from PCC and QRPHApplication of Pseudonymisation onto content profiles from PCC and QRPH developing and definition of a set of “building-blocks”developing and definition of a set of “building-blocks” implementation and deployment (policy-driven)implementation and deployment (policy-driven) compose an „umbrella model“ to fully integrate Europe‘s special demands in safe-guarding and data protection while keeping compatibility and feasibility with the other participants needs and limiting implementation effortscompose an „umbrella model“ to fully integrate Europe‘s special demands in safe-guarding and data protection while keeping compatibility and feasibility with the other participants needs and limiting implementation efforts

Download ppt "Identity Protection and Pseudonymisation White Paper Proposal for 2008/09 A. Estelrich (GIP-DMP) S. Bittins (Fraunhofer ISST)"

Similar presentations

Connected Health Framework

Connected Health Framework
September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.

September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.
XDS Link-Unlink Support Profile Proposal for 2011/12 presented to the IT Infrastructure Planning Committee José Mussi (JRS Partners – IHE Canada) Karen.

XDS Link-Unlink Support Profile Proposal for 2011/12 presented to the IT Infrastructure Planning Committee José Mussi (JRS Partners – IHE Canada) Karen.
United Nations Spatial Data Infrastructure Dr Kristin Stock Social Change Online and Centre for Geospatial Science, University of Nottingham.

United Nations Spatial Data Infrastructure Dr Kristin Stock Social Change Online and Centre for Geospatial Science, University of Nottingham.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
Mobile Application Architectures

Mobile Application Architectures
E-health Initiatives in Poland

E-health Initiatives in Poland
E-Delivery Infrastructure and Access Points. e-Freight receives funding from the EC FP7 Sustainable Surface Transport Programme Connectivity Today … …

E-Delivery Infrastructure and Access Points. e-Freight receives funding from the EC FP7 Sustainable Surface Transport Programme Connectivity Today … …
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Luxembourg, 25.11.2010 Ville Kajala Senior Officer on Transparency Directive Issues Pan-European Access to Financial Information Disclosed by Listed Entities.

Luxembourg, Ville Kajala Senior Officer on Transparency Directive Issues Pan-European Access to Financial Information Disclosed by Listed Entities.
Utilization of Basic Register Information from the PSI Perspective Aki Siponen, Counsellor, Ministry of Finance Business with Public Information National.

Utilization of Basic Register Information from the PSI Perspective Aki Siponen, Counsellor, Ministry of Finance Business with Public Information National.
CNRIS CNRIS 2.0 Challenges for a new generation of Research Information Systems.

CNRIS CNRIS 2.0 Challenges for a new generation of Research Information Systems.
What IHE Delivers 1 Business models - sustainability IHE Australia Worhshop – July 2011 Peter MacIsaac & Paul Clarke.

What IHE Delivers 1 Business models - sustainability IHE Australia Worhshop – July 2011 Peter MacIsaac & Paul Clarke.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
A Secure Interoperable Infrastructure For Healthcare Information System Ehsan ul Haq 07-0401 Abrar Ahmed Sair 07-0494.

A Secure Interoperable Infrastructure For Healthcare Information System Ehsan ul Haq Abrar Ahmed Sair
1 www.isoftplc.com THE HEALTH iNNOVATOR An Integrated Care Record Service The Durham & Darlington Approach The Simulator.

1 THE HEALTH iNNOVATOR An Integrated Care Record Service The Durham & Darlington Approach The Simulator.
1 United Nations Framework Convention on Climate Change UNFCCC press conference, Bonn, 20 November 2007 Kyoto Protocol “go-live”: data, policies, infrastructures.

1 United Nations Framework Convention on Climate Change UNFCCC press conference, Bonn, 20 November 2007 Kyoto Protocol “go-live”: data, policies, infrastructures.
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.

Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.

Similar presentations

Ads by Google