Providing a Network of Trust in Processing Health Data for Research

Transcription

1 Providing a Network of Trust in Processing Health Data for Research Iheanyi Nwankwo (LUH), Elias Neri (Custodix) 1

2 Outline Legal framework for processing health data Technical and organisational measures in protecting sensitive data The CHIC data protection framework 2

3 Bridging the silos of medical data The global healthcare challenges: - Rising cost - Management of chronic diseases with an unpredictable nature (Cancer, Parkinson s) - Individual differences = tailored treatment 3

4 Digital Patient Reserach in developing a Digial Patient - Models that will accurately predict each patient s condition with his/her health data - The last mile towards achieving personalised medicine EICAR Conference, Frankfurt 4

5 Unlocking data for research The digital patient represents medical data (much of which are undiscovered, locked in various silos) Rules governing the processing of sensitive data impact medical research 5

6 Medicial data and research The Problem: Sharp divide between personal data and non-personal data Retrospective data and issues of informed consent Sometimes the aim of research requires a link-back to the data subject (eg. for validation, incidental findings etc) 6

7 Data security What data security measures? the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing (Art 17 DPD) 7

8 The CHIC Approach CHIC Network of Trust 8

9 CHIC Data Protection Framework Pseudonymisation and De Facto Anonymisation of Data Pseudonymisation Tools Upload Tool Custodix Anonimisation Tool & Services (CATS) CHIC Contractual Obligations Dedicated Center for Data Protection (CDP) Use of Trusted Third Party Security Authentication, Authorisation & Auditing Encryption 9

10 Example Data upload from hospital to CHIC platform 10

11 CHIC Computational Horizons in Cancer 11

12 Export of Patient Data - Anonymisation 12

13 Export of Patient Data Link back EICAR Conference, Frankfurt

14 Export of Patient Data - Pseudonymisation 14

15 Export of Patient Data De Facto Anonymisation 15 TTP

16 DPF Data Flow 16

17 Implementation Pseudonymisation Engine Model-drive approach Define a privacy profile (transformations) once.. Apply it to different data sources 17

18 Implementation - CAT 18

19 Implementation - CATS Service-oriented CAT Hosted service (TTP) or appliance (installed in-house) Easy integration into workflows Provides Local and central de-identification or a combination hereof Central management of privacy profiles Compatible with CAT-generated profiles Centralised audit tracking of de-identification requests for compliance & fault management 19

20 Data Transfer Create Privacy Profiles 20

21 Data Transfer - CSV 21

22 Data Transfer Privacy Profile Generic Model & Mapping from CSV Privacy Operations 22

23 Data Transfer Privacy Profile EICAR Conference, Frankfurt

24 Data Transfer Process and Upload Data 24

25 Data Transfer - Result Original Pseudonymised 25

26 ACKNOWLEDGMENT This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under Grant Agreement No

27 The CHIC Consortium EICAR Conference, Frankfurt 27

28 Thank you for your attention 28