Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software."— Presentation transcript:

1 An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria stolba@wit.tuwien.ac.at Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria amin@ifs.tuwien.ac.at Nevena StolbaA Min Tjoa

2 2 Motivation Evidence-based medicine (EBM) is a new healthcare scientific paradigm aiming at the prevention, diagnosis and treatment of diseases using medical evidence. Integration of external evidence-based data sources into the existing clinical information system and finding of appropriate therapy alternatives for a given patient and a given disease is a major research challenge. Defining of explicit common security regulations and standards is a process, where both the patient’s individual rights (patient’s privacy and data protection) and the collective, societal demands (scientific progress and development of new technologies) need to be considered. We show the need of a high-secure decision support system in order to facilitate the practical use of evidence-based medicine with respect to the privacy regulations

3 3 Outline Decision support systems (DSS) Evidence-based medicine (EBM) Data Warehouse (DWH) facilitating evidence-based medicine Security concept for healthcare decision support systems  Depersonalisation  Pseudonymisation  Role-based access Conclusion

4 4 Data Warehouse Inmon: A Data Warehouse is a subject-oriented, integrated, time-variant and non-volatile collection of data in support of management's decision making process. DWH integrates data from diverse internal and external data sources to support: Reporting Analysis Track business trends Improve strategic decisions Enhance forcasting

5 5 Evidence-Based Medicine (1/2)

6 6 Evidence-Based Medicine (2/2) Sackett et al., 1996 : Evidence based medicine is the conscientious, explicit, and judicious use of current best evidence in making decisions about the care of individual patients.

7 7 Data Warehouse facilitating EBM (1/3) Health care institutions are deploying data warehouse applications and decision support tools on top of them for their strategic decision making processes. The main role of the clinical decision support systems is: To reduce medical errors To increase operating efficiency To reduce treatment costs To give advice about staffing plans etc.

8 8 Data Warehouse facilitating EBM (2/3) Examples of DWH applications in the area of EBM: 1. Generation of evidence-based guidelines Discover unknown data patterns Identify trends Recognize best practices for different desease treatments 2. Support of decision making processes of clinical management, human resources and clinical administration Creation of business strategies Treatment scheduling Staffing plans

9 9 Data Warehouse facilitating EBM (3/3) Support of clinicians at the point of care

10 10 Security Concept for Healthcare DSS Healthcare decision support systems comprise large volumes of sensitive data and therefore must guaranty a high degree of data protection. Security measures, which need to be considered to protect data privacy in DSS in order to facilitate evidence based medicine: Password identification for the healthcare DSS – users Any data modification must bear a digital signature Tracking of data manipulation through log files Confidential health data should only be stored in a coded or encrypted form on a mobile medium Public Key Infrastructure for transportation security Data used for EBM purposes must be depersonalised and pseudonymised A role-based access model has to be implemented

11 11 Depersonalisation and Pseudonymisation The Health Insurance Portability and Accountability Act (HIPAA) and the European Commission's Directive on Data Protection have created a great impact on the sharpness of security regulations. The goal of evidence-based medicine (to recognise the symptoms, best treatments and prevention patterns for a given disease) can solely be accomplished by analyzing unidentifiable patient data. Depersonalization and pseudonymisation procedures are used to prevent re-identification of personal data

12 12 Depersonalisation (1/1) Taweel et al., 2004: Depersonalisation is removal of any residual information that might risk identification – e.g. names of relatives, nick names, place names, unusual occupations, etc. Stolba, Banek and Tjoa, 2005: depersonalisation may be done by:  Grouping data – protecting sensitive data through grouping (i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…).  Hiding data – all data interesting for detailed data mining (occupation, hobbies) are concealed  Removing data – key identifying data unnecessary for the research (e.g. name, exact birth day, precise address, nick names, name of relatives etc) are removed.

13 13 Depersonalisation (2/2) Administrative users (most often: clinical management) specify sensitive data and its sensitivity levels

14 14 Pseudonymisation (1/2) Pseudonymity is a state of disguised identity resulting from the use of a pseudonym. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names (legal identities) Pseudonymisation is especially suitable for the requirements of EBM because it enables a consolidation of different patients’ data without revealing patient identities. Depending on the requirements, two kinds of pseudonymisation can be used:  one-way pseudonymisation  reversible pseudonymisation

15 15 Pseudonymisation (2/2) Privacy preserving measures during query processing in the data warehouse supporting evidence-based medicine: SSN - Social Security Nr. PD - Personal Data HCD - Health Care Data

16 16 Role-Based Access The role based access model is used for decision support systems in order to ensure that in EBM-users can only access those data, which is granted to the role they have. Role is a job description regardless of the actor performing it. Roles should exactly be assigned with those authorisations that are needed to fulfil the duties of the job. Each user in the DWH should be assigned to at least one role, though multiple roles are allowed. A user can play only one role at the time.

17 17 Conclusion Not enough attention is paid to the protection of high sensitive patient data. Main reasons for the security threats:  System complexity  High amount of users  Great data volumes residing in a medical DSS The proposed security approach ensures that patient privacy and confidentiality are preserved while delivering a rich medical repository for the research purposes, leading to the scientific progress in EBM.

18 18 Thank You!

Download ppt "An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software."

Similar presentations

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.

Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.
Faculty of Computer Science © 2006 CMPUT 605February 11, 2008 A Data Warehouse Architecture for Clinical Data Warehousing Tony R. Sahama and Peter R. Croll.

Faculty of Computer Science © 2006 CMPUT 605February 11, 2008 A Data Warehouse Architecture for Clinical Data Warehousing Tony R. Sahama and Peter R. Croll.
Security Controls – What Works

Security Controls – What Works
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
2 The Use of Health Information Technology in Physician Practices.

2 The Use of Health Information Technology in Physician Practices.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
The Role of Information Technology For A Private Medical Practice Noel Chua Rosalinda Raymundo.

The Role of Information Technology For A Private Medical Practice Noel Chua Rosalinda Raymundo.
Documentation for Acute Care

Documentation for Acute Care
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Copyright 2011 Health Administration Press

Copyright 2011 Health Administration Press
Introduction to evidence based medicine

Introduction to evidence based medicine
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
BioMedical Computing and Standards. BioMedical Computing Medical Equipment Cellular and system simulation Data mining for medical correlations Determining.

BioMedical Computing and Standards. BioMedical Computing Medical Equipment Cellular and system simulation Data mining for medical correlations Determining.
“Put the Power of Predictive Analytics in the Hands of Clinical Researchers” Filippos Katsampouris Marketing Manager Healthcare & Pharmaceutical Accounts.

“Put the Power of Predictive Analytics in the Hands of Clinical Researchers” Filippos Katsampouris Marketing Manager Healthcare & Pharmaceutical Accounts.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Document information 3.02 Understand Health Informatics

Document information 3.02 Understand Health Informatics
The Use of Health Information Technology in Physician Practices

The Use of Health Information Technology in Physician Practices

Similar presentations

Ads by Google