EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries...
-
date post
19-Dec-2015 -
Category
Documents
-
view
216 -
download
3
Transcript of EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries...
EUropean Best Information through Regional Outcomes in Diabetes
Privacy and Disease RegistriesTechnical Aspects
Peter BeckJOANNEUM RESEARCH, Austria
2° EUBIROD MeetingBrussels 22-23 January 2011
www.eubirod.eu
Factors = Key Elements of Data Protection
The key elements of data protection (FACTORS) identified in the management of diabetes registries are as follows:
A1. Accountability of personal information
A2. Collection of Personal Information
A3. Consent
A4. Use of Personal Information
A5. Disclosure and Disposition of Personal Information
A6. Accuracy of Personal Information
A7. Safeguarding Personal Information
A8. Openness
A9. Individual Access to Personal Information
A10. Challenging Compliance
A11. Anonymization Process for Secondary Uses of Health Data
www.eubirod.eu
= facilitate establishing whether a public key truly belongs to the purported owner
= a public key + owner identity information signed together
Introduction to CryptographyDigital Certificates
www.eubirod.eu
Public Key Infrastructure
• Certification Authority– Issue certificates
• Verify identity
– Keep a list of (valid)certificates
– Certificate revocation
• Web of Trust (PGP)
www.eubirod.eu
Security Key Concepts
Communication Security Services
• Authenticity• Authorization / Access Control• Integrity• Confidentiality• Non-Repudiation
www.eubirod.eu
Security Key Concepts
Authenticity
= verifying a claim of identity
e.g. Airport: I am John Doe, I want to fly to Brussels Passport
• something you know, • something you have,
• or something you are
username
password
(cryptographic) key
challenge-response
biometrics
Protection mechanisms
TAN
www.eubirod.eu
Security Key Concepts
Authorization / Access Control
= Apply and configure mechanisms to enforce administrative policies
Protection Mechanisms
Access Control List +
Role based access control (e.g. file system, DBs, Web-Apps)
Capabilities
Data input
Physician
Local Administrator
Global Administrator
AdministerCenters
Import Data
AdministerStaff
CreateReports
ExecuteAnalyses
Enter Data Sheets
Administer Patients
Login
www. .at
www.eubirod.eu
Security Key Concepts
Integrity
= Avoid undetected modification of data
Protection mechanism – message integrity
Message Digests (Hashing)
Protection mechanism – communication stream integrity
Sequence Numbers
Time Stamps
www.eubirod.eu
Security Key Concepts
Confidentiality
= Prevent the disclosure of information to unauthorized individuals or systems
Protection mechanism
symmetric or asymmetric encryption
www.eubirod.eu
Security Key Concepts
Non-Repudiation
= implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction
Protection mechanism
digital signatures
time stamp, notarization
www.eubirod.eu
Safeguarding Data
How can you protect your data and software?• Use and maintain anti-virus software and a firewall• Regularly scan your computer (viruses, spyware…)• Keep software up to date• Evaluate your software's settings• Avoid unused software programs• Create separate user accounts• Establish guidelines for computer use• Use passwords and encrypt sensitive files• Set up and follow corporate policies for handling and
storing data• Dispose of sensitive information properly• Follow good security habits
www.eubirod.eu
Anonymisation I
= Make it impossible to establish or indicate who or what (someone or something) is
• remove any direct identifiers (SSN, name, DOB…)
• replace direct identifiers by indirect patient IDs (Pseudonymisation)– requires a trusted third party
reversible pseudonymisation (encryption with a key)
irreversible pseudonymisation (hash, …)
www.eubirod.eu
Anonymisation II
• ensure that any combination of data cannot identify an individual– not easy, especially for sparse data
k-anonymity
• use aggregated data only (no individual data sets)– all analyses have to be done in line with data source
– further calculatons not possible
www.eubirod.eu
Data flow throgh Trusted Third Party(the case of the Disease Management Program in Austria)
Physician office Health Information
Network
Social Insurance
Internet
DMP MedicalData Repository
Physician Software
Browser
Terminal
Stand-aloneClient
Data Centre
GINA e-cardCentral System
Social Insuranceonline Portal
Pseudonymi-sation centre
DMP Administration
Software
DocumentationPrepare Data: Check, Split• Administrative and Risk Data• Clinical Data: Sign+Encrypt
Data Transmission
Administrative +Risk Data
SSN
Risk Data
SSN
Risk Data
Clinical Data
SSN
Clinical Data
Pseudo-nym
SSN
Clinical Data
Pseudo-nym
Sign+Submit
Risk Data
Clinical Data
www.eubirod.eu
Local Aggregation of Data(the case of the BIRO Reporting Architecture)
BIROCentral
Reporting
Partner Work
Conversion
SourceDataset
Local BIRO Database Engine
StatisticalAnalysis
AggregatedData
„Statistical Objects“
|A|12|1|5||B|18|2|6||C|16|1|4|
Sender
Central BIRO System
Authenticated,Signed &
EncryptedCommunication
RegionalData
ProcessingRegionalRegister
BIRODatabase
Receiver
ReportBIRO
CentralEngine