Data Protection and Data Security Regarding Grid Computing in Biomedical Research

Data Protection and Data Security Regarding Grid Computing in Biomedical Research

Yassene Mohammed (Georg-August-University, Germany), Fred Viezens (Georg-August-University, Germany), Frank Dickmann (Georg-August-University, Germany), Juergen Falkner (Fraunhofer Institute for Industrial Engineering IAO, Germany) and Thomas Lingner (University Medicine Berlin, Germany)
DOI: 10.4018/978-1-60566-374-6.ch005
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

This chapter describes security and privacy issues within the scope of biomedical Grid Computing. Grid Computing is of rising interest for life sciences (Konagaya, 2006) and has been used since many years in sciences like high energy physics. Anyhow, medical applications on the grid require a special focus on data security and data protection issues. Based on general security and privacy rules, the authors describe the current state of the art of grid security. Then they describe which additional security measures have to be established in different biomedical grid scenarios. Legal aspects have to be taken into account as well as the current possibilities and flaws of grid security technology. Describing the enhanced security concept in MediGRID (MediGRID, 2005) they outline how medical Grid Computing could fulfill privacy regulations used in more demanding environments.
Chapter Preview
Top

Introduction

Following the power grid paradigm, Grid computing implies, that a grid user has easy and transparent access to compute power, storage resources, data, and applications (I. Foster & Kesselmann, 1999). In practice there are still some hurdles in doing so. Nevertheless Grid Computing will become a key infrastructural component on the way to a broadly applied computational medicine (EU-SHARE, 2006; Iakovidis, 2005). In this context HealthGrid contains three aspects: the computing aspect for highly intense calculation tasks, the data aspect for distributed access to a large amount of data and the knowledge aspect for a sophisticated utilization of data (Figure 1).

Figure 1.

Three aspects of grid-functions in healthcare (adapted from Iakovidis, 2005)

Within biomedical Grid projects, a grid infrastructure for medical and biomedical research has been established mainly using Computing Grid resources. It enhances interdisciplinary and widely location-independent collaboration of researchers. The interoperability between different medical and biomedical grids provides a broader range of applications and datasets for the biomedical applications and provides opportunities for new collaborations (Montagnat et al., 2008).

Concerning security matters of medical and biomedical applications, different types of grid usage need different security levels according to legal and ethical (Iavindrasana et al., 2008) requirements as well as Good Clinical Practice GCP (Mohammed, 2006). These requirements include privacy as well as intellectual property issues. Whereas privacy addresses confidentiality of identifying data of patients and intellectual property is directed to protect clinical and research information from unauthorized access. Trust in privacy upholds patients trust in health services. Without trust patients might avoid healthcare services which can lead to severe problems, for the patient but nonetheless for the whole healthcare system of a society. Also beyond doubt scientists and healthcare professionals need to have full confidence in the offered grid infrastructure in order to store their precious data onto the Data Grid. Thus technical implementations must ensure a reliable confidentiality of any information transfer and storage. (Garcia, Dikaiakos, Kyprianou, Bilas, & Marazakis, 2008)

While Computing Grid applications have to decide whether a user may use one resource or not, Data Grid applications can only be operated securely with fine grained access control with respect to data elements. Security solutions for Knowledge Grids still have to be outlined, as liability requirements have to be met additionally.

Regarding access control for the Computing Grid scenario, most authentication and authorizations challenges are solved due to the usage of grid proxy certificates and virtual organization solutions (Pommerening, 2006). Fine grained access control solutions - the right to access one document within a data store, or even accessing different sections within the same document (e.g. medical structured documents) - are still under development (Mohammed, Sax, Viezens, & Rienhoff, 2007; Schiffers, 2008; Witzig, 2008) .

For Data Grid applications in patient care and medical research the usage of international standardized ontologies, terminologies and nomenclatures is essential (Blanquer, Hernandez, & Segrelles, 2006). The problem of how to establish data repositories using standardized terminologies could not be solved by the grid projects yet, although for example caBIG and caGRID (Oster et al., 2007; Welch et al., 2003) try to tackle those issues. Knowledge Grid applications are not to be found yet in biomedical Grid Computing (Konagaya, 2006).

Key Terms in this Chapter

PET: Privacy-enhancing technologies; the use of information and communication technologies for the sake of the protection of human privacy.

Pseudonymization: Before releasing the data (for example for a specific research) the identifying data will be replaced with pseudonym. Only the trusted party who perform the pseudonymization can match between the identifying data and the pseudonym.

Authorization: The act of providing and checking the authority of the user on a specific resource, informally speaking “who can do what”.

Integrity: Ensure data cannot be changed/deleted/altered by unauthorized party/person.

Authenticity/Authentication: Ensure that the person is the one she claimed to be. In regard to authentic document, authenticity is defined as integrity plus freshness.

Accountability: Actions of a person, especially modifications that she performs on data can be traced.

Confidentiality: The assurance that data are not made available or disclosed to unauthorized person.

Privacy: The ability and/or right to protect the personal secrets; it extends to the ability and/or right to prevent invasions of the personal space (the exact definition varies from one country to another). Privacy is applicable to natural persons (human beings) but not to legal persons (such as corporations).

Anonymization: The changing of personal data in such a way that the re-identification of the person/subject is no longer possible (absolute Ananymization) or only with large amount of time, cost and manpower possible (de facto anonymized, scientific use files).

Complete Chapter List

Search this Book:
Reset