A Web Architecture Based on Physical Data Separation Supporting Privacy Protection in Medical Research

A Web Architecture Based on Physical Data Separation Supporting Privacy Protection in Medical Research

Jan Sliwa (Division of Computer Science, Bern University of Applied Sciences, Bern, Switzerland) and Emmanuel Benoist (Division of Computer Science, Bern University of Applied Sciences, Bern, Switzerland)
Copyright: © 2012 |Pages: 12
DOI: 10.4018/ijrqeh.2012100106
OnDemand PDF Download:
$37.50

Abstract

In this paper, the authors present a novel Web based architecture of a medical registry with enhanced protection of personal data of the patients. The goal of a medical registry is to gather experience from clinical practice concerning a disease or treatment (e.g., hip replacement) and to improve the future treatments by applying adequate methods and selecting optimal products. The processing of health data is strictly regulated by laws protecting patients’ privacy. The presented solution is based on the physical separation of identity related data and clinical data and combining the information from both sources on the screen of the user, according to their permissions. The anonymized clinical data can be used for research whereas the risk of de-anonymizing the patient is significantly reduced. This solution has been verified by an operation of a deployed real-life application.
Article Preview

Introduction

Medical registries provide a platform for collecting the outcomes of medical treatments in a systematic way. Recording the initial conditions of the patients, the applied treatments and their results, short- and long-term, permits assessment of the relative quality of various methods and devices and to determine their optimal scope of application. This should lead to better decisions in the future and in effect to an improvement of patient care and to a cost reduction. The value of a registry increases with the quantity and quality of collected data. On the other hand, these data are personally highly sensitive, possibly stigmatizing. When disclosed, they may be used as a basis for discrimination and profiling. Their privacy is strictly regulated. However, when subsequent data records related to a patient are entered, e.g., for a follow-up examination, he/she has to be retrieved, therefore his/her real identity must be stored in the system. For the purpose of medical research these identities are irrelevant but the data set of a patient must still be connected. These requirements are partly contradictory but we have to satisfy them all. In this paper we present a novel architecture based on the physical separation of the identity related data and the anonymized clinical data that greatly limits the risk of a privacy breach while still allowing for valuable medical research. We have discussed these trade-offs with a special stress on the ethical aspects in Sliwa and Benoist (2011).

We work in a multifaceted area concerning the following aspects:

  • Privacy / security technology,

  • Utility requirements of medical registries,

  • Compliance to privacy legislation.

First, we present the rationale for medical registries and their organization as statistical databases. We also discuss the legal environment in which these registries operate. Then we present the architecture of our solution. We give examples of the problems related to the separation of the data categories and show their solutions. Finally we summarize the experience gained from our project and outline the possible future work in this area.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 6: 4 Issues (2017)
Volume 5: 4 Issues (2016)
Volume 4: 4 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2013)
Volume 1: 4 Issues (2012)
View Complete Journal Contents Listing