Data Privacy Protection of Medical Data in a National Context

Similar documents
PROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at:

Call Center and Clearing System. ID Technologies Inc

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

Rowan University Data Governance Policy

Strategy for Management in Canadian Jurisdictions

Public Health and the Learning Health Care System Lessons from Two Distributed Networks for Public Health

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

Information Security

Index. Registry Report

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Joint Position on the Disclosure of Clinical Trial Information via Clinical Trial Registries and Databases 1 Updated November 10, 2009

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

1. The records have been created, sent or received in connection with the compilation.

OIOSAML Rich Client to Browser Scenario Version 1.0

De-Identification of Clinical Data

Synapse Privacy Policy

Remote Access Procedure. e-governance

Collection and Use of Information

Big Data and Big Data Governance

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

Interagency Science Working Group. National Archives and Records Administration

APPMACHINE MOBILE PRIVACY STATEMENT. Version, May 29, 2015

Building Regional and National Health Information Systems. Mike LaRocca

Health Care Provider Guide

Efficient Similarity Search over Encrypted Data

Data Sharing Protocol

Pseudonymization for Secondary Use of Cloud Based Electronic Health Records

Chapter 32 Internet Security

Evaluation of different Open Source Identity management Systems

PRIVACY POLICY. Last Revised: June 23, About this Privacy Policy.

Network Security Policy

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Empower TM 2 Software

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

IMPROPER USE OF MEDICAL INFORMATION

Privacy and Security within an Interoperable EHR

Data Processing Agreement for Oracle Cloud Services

OIO SAML Profile for Identity Tokens

Security in the PEPPOL

Bank of Hawaii Protecting Confidential

SecTor 2009 October 6, Tracy Ann Kosa

Introduction to Directory Services

Database Security. The Need for Database Security

ARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS

Key Management Issues in the Cloud Infrastructure

ECRIN (European Clinical Research Infrastructures Network)

Department of State SharePoint Server PIA

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

Forward proxy server vs reverse proxy server

Automated Regional Justice Information System (ARJIS) Acceptable Use Policy for Facial Recognition

Emerging Trends in Health Information Technology: Personal Health Record(PHR) uphr. Nazir Ahmed Vaid ehealth Services (Pvt) Ltd.

Clinical Document Exchange Integration Guide - Outbound

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

PRIVACY IMPACT ASSESSMENT (PIA) For the

KRS Chapter 61. Personal Information Security and Breach Investigations

Enforcement Integrated Database (EID) Criminal History Information Sharing (CHIS) Program

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

SINTERO SERVER. Simplifying interoperability for distributed collaborative health care

8 Steps to Holistic Database Security

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Oracle WebCenter Content

Transcription:

Data Privacy Protection of in a National Context Dr. Uwe Roth Heiko Zimmermann, Dr. Stefan Benzschawel Friday, 20 April 2012 Version v1.0 r006 2012-04-20

in a National Context Data Privacy and Data Security Medical data must be protected against Unauthorized access Misuse Encryption of medical data ensures confidentiality Additional plaintext metadata is needed to query for documents, e.g. Document type Circumstances of creation Author

in a National Context Data Privacy and Data Security Fine-grained queries requires more metadata But: Further metadata opens the risk to disclose sensitive information De-Identification of metadata as a minimal demand Replacing of demographics by pseudonyms Data sets with the same pseudonym belong to the same person (no anonymisation) Demographics must not be calculated out of the pseudonym

Storage and Querying of Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 6

Demographic Data and Pseudonyms Demographic Data Pseudonym Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 7

De-Identification Trusted Third Party Demographic Data Trusted Third Party De-Identification Pseudonym Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 8

De-Identification Handshaking Protocol Demo graphic Data Pseudonym Pick-Up-Ticket Demographic Data Pick-Up Ticket Trusted Third Party De-Identification Pseudonym Pick-Up Ticket Hospitals Laboratories Doctors Offices Data Source Data Consumer Query for Pick-Up Ticket National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 9

Trusted Third Party Organizational and Legal Only place where demographics and their pseudonyms are known Organizational and legal independent from data sources data users data registry data repositories No pass-through of medical data No de-identification/modification of medical data (integrity of signed documents) Can be put in the Internet, while users of the service stay behind firewalls Uwe Roth Data Privacy Protection of in a National Context 11

Trusted Third Party Identification of Patients Identifies persons by given demographics Normalization step of demographics is needed Correction of typographic errors Phonetic reduction or names Align to official addresses Weighting of attributes with respect to entropy Distance calculation to existing identities If distance closer than a certain threshold: identity matches Uwe Roth Data Privacy Protection of in a National Context 12

Trusted Third Party Matching and Pseudonym Creation Matching decision: Definite positive match: Take existing pseudonym Definite no match: Create new pseudonym Unclear match: Create new pseudonym for the time being Requires manual intervention to take decision Creation of source-depending pseudonyms allows later correction of matching decisions Trusted Third Party will provide all pseudonyms of the same persons on request Uwe Roth Data Privacy Protection of in a National Context 13

Trusted Third Party Authentication and Access Control Allows de-identification requests only for data sources and data users Allows retrieval of pseudonym only for data registry and data repositories Guaranteed by Security Token service Security Token Service provides security tokens after authentication with role information Uwe Roth Data Privacy Protection of in a National Context 15

Secondary Use Statistics Demo graphic Data Trusted Third Party 1 st Level De-Identification Pseudonym National ehealth Platform 2 nd Level De-Identification Patient ID Hospitals Laboratories Doctors Offices Data Source Statistical Extract National ehealth Platform Statistical Database Query for Statistics Statistics or Statistical Extract Statistics Office Researcher Data Consumer Uwe Roth Data Privacy Protection of in a National Context 18

Conclusion Data sources and data users never get in touch with the pseudonym Data repositories and data storage never get in touch with demographics Enforced by the use of a security token service and role based access Identity vigilance to monitor matching decisions Correction of matching decision possible Trusted third party provides data privacy for unencrypted meta data and statistical extracts Uwe Roth Data Privacy Protection of in a National Context 20

Data Privacy Protection of in a National Context Dr. Uwe Roth (uwe.roth@tudor.lu) Heiko Zimmermann, Dr. Stefan Benzschawel Friday, 20 April 2012 Version v1.0 r006 2012-04-20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information