Article Preview
TopIntroduction
Sharing healthcare data is a complex task but it has the potentiality to increase gains for research, clinical, operational and strategic effectiveness (Marcos, Maldonado, Martínez-Salvador, Boscá, & Robles, 2013). This requires interoperability capability, which is usually supported by standards and protocols. Interoperability can be, mainly, functional and semantic. Functional interoperability is the system’s ability to communicate in a transparent way that can be achieved through web services and Application Programming Interfaces (APIs). Semantic interoperability is the ability of a given information to be understood in terms of its formal definition (Wang, Li, Zhang, Suzuki, & Araki, 2013) and it is achieved when the information exchanged between two systems have the same meaning for both (Cardoso et al., 2017).
The Semantic Web, also known as the Semantic Web Layer Cake, aims to enhance data interpretation (Robu, Robu, & Thirion, 2006) to support semantic interoperability. It is defined as a stack of several protocols, resources and definitions that expand available web resources (Berners-Lee, Hendler, & Lassila, 2001). Data properties and its relationships can be expressed using ontologies. Additionally, standards preconized by the World Wide Web Consortium (W3C), such as the Resource Description Framework (RDF) (Candan, Liu, & Suvarna, 2001; RDF Working Group, 2014) and the SPARQL Protocol and RDF Query Language (SPARQL) (W3C, 2013), enable the ability to add/retrieve semantic value to/from a dataset, which can be easily exposed both in machine and human-readable formats (Euzenat, 2002). Layers such as Trust, Proof and Cryptography can establish the necessary support to implement security features.
A critical problem regarding interoperability in health information systems (HIS) is data security. Patients’ data, such as personal information and treatment records, must remain confidential, that is, only authorized systems that meet all security requirements should be able to access them. A breach of security has financial and legal consequences, as well as a potential negative impact to patient care effectiveness and a strong disincentive to data sharing initiatives. Many institutions fear that the sending of information could be exploited improperly, but even if privacy issues could be resolved, there is no agreement on the specific technical infrastructure needed to support this task (Peterson, Deeduvanu, Kanjamala, & Boles, 2016).
Security issues on the Semantic Web have always been under discussion since its initial definition. Although innovative, the operation of all layers is not trivial, as each technology and protocol add some complexity to the solution. Regarding data security, it is no different.
Initially, previous works were concerned with establishing the basic needs and definition for the implementation of security mechanisms in the layers of the Semantic Web. Afterward, technical solutions emerged with several objectives, such as encrypting data stored in RDF, defining access policies and in order to preserve the privacy of individuals. However, there is not a comprehensive approach to cover all the main security dimensions.
This research work proposes an alternative security framework to secure health data exchange through Semantic APIs and query endpoints, adapting Semantic Web technologies, usually applied to open data initiatives, to ensure safe health data interoperability without an extensive technological apparatus. The APIs allow data extraction in standardized semantic formats from tuberculosis (TB) HIS. Sensitive datasets are protected by a security layer that provides adequate and personalized access to external systems, which can connect, authenticate and retrieve only authorized information using keys, data access levels and encryption strategies.
The next section introduces related work. The following section presents the methodological approach, along with technological tools and complementary resources. The fourth section details the results achieved, followed by a discussion in the fifth section. Finally, key contributions are highlighted in the last section, as well as future work.