FAIR Aspects of a Health Information Protection and Management System

 

 Permissions and Reprints

Abstract

Background Privacy management is a key issue when dealing with storage and distribution of health information. However, FAIR (Findability, Accessibility, Interoperability, and Reusability) principles when sharing information are in increasing demand in several organizations, especially for information generated in public-funded research projects.

Objectives The two main objectives of the presented work are the definition of a secure and interoperable modular architecture to manage different kinds of medical content (xIPAMS [x, for Any kind of content, Information Protection And Management System] and HIPAMS [Health Information Protection And Management System]), and the application of FAIR principles to that architecture in such a way that privacy and security are compatible with FAIR.

Methods We propose the concept of xIPAMS as a modular architecture, following standards for interoperability, which defines mechanisms for privacy, protection, storage, search, and access to health-related information.

Results xIPAMS provides FAIR principles and preserves patient's privacy. For each module, we identify how FAIR principles apply.

Conclusions We have analyzed how xIPAMS, and in particular HIPAMS (Health content), support the FAIR principles focusing on security and privacy. We have identified the FAIR principles supported by the different xIPAMS modules, concluding that the four principles are supported. Our analysis has also considered a possible implementation based on the concept of DACS (Document Access and Communication System), a system storing medical documents in a private and secure way. In addition, we have analyzed security aspects of the FAIRification process and how they are provided by xIPAMS modules.

Ethical Considerations

Our manuscript does not involve research on human subjects.

Publication History

Received: 12 April 2022

Accepted: 19 September 2022

Article published online:
09 December 2022

© 2022. The Author(s). This is an open access article published by Thieme under the terms of the Creative Commons Attribution-NonDerivative-NonCommercial License, permitting copying and reproduction so long as the original work is given appropriate credit. Contents may not be used for commercial purposes, or adapted, remixed, transformed or built upon. (https://creativecommons.org/licenses/by-nc-nd/4.0/)

Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany

• References

• 1 Wilkinson MD, Dumontier M, Aalbersberg IJ. et al. The FAIR Guiding Principles for scientific data management and stewardship. Sci Data 2016; 3: 160018
  CrossrefPubMedGoogle Scholar
• 2 Delgado J, Llorente S. FAIR aspects of a genomic information protection and management system. Stud Health Technol Inform 2021; 287: 50-54
  PubMedGoogle Scholar
• 3 Llorente S, Delgado J. Implementation of privacy and security for a genomic information system based on standards. J Pers Med 2022; 12 (06) 915
  CrossrefPubMedGoogle Scholar
• 4 Llorente S, Rodriguez E, Delgado J, Torres-Padrosa V. Standards-based architectures for content management. IEEE Multimedia 2013; 20 (04) 62-72
  CrossrefPubMedGoogle Scholar
• 5 Boeckhout M, Zielhuis GA, Bredenoord AL. The FAIR guiding principles for data stewardship: fair enough?. Eur J Hum Genet 2018; 26 (07) 931-936
  CrossrefPubMedGoogle Scholar
• 6 Wise J, de Barron AG, Splendiani A. et al. Implementation and relevance of FAIR data principles in biopharmaceutical R&D. Drug Discov Today 2019; 24 (04) 933-938
  CrossrefPubMedGoogle Scholar
• 7 Harrow J. ELIXIR's Human Data Communities IMI FAIRplus project. Accessed July, 21, 2022 at: https://fairplus-project.eu/
  PubMedGoogle Scholar
• 8 FAIR4Health project. Accessed July, 21, 2022 at: https://www.fair4health.eu
  PubMedGoogle Scholar
• 9 Sinaci AA, Núñez-Benjumea FJ, Gencturk M. et al. From raw data to FAIR data: the FAIRification workflow for health research. Methods Inf Med 2020; 59 (S 01): e21-e32
  Article in Thieme ConnectPubMedGoogle Scholar
• 10 GO FAIR. FAIRification process. Accessed July, 21, 2022 at: https://www.go-fair.org/fair-principles/fairification-process
  PubMedGoogle Scholar
• 11 Research Data Alliance. Accessed July, 21, 2022 at: https://www.rd-alliance.org
  PubMed
• 12 FORCE11 (the Future of Research Communications and e-Scholarship). Accessed July, 21, 2022 at: https://www.force11.org
  PubMedGoogle Scholar
• 13 FAIRsharing.org. Accessed July, 21, 2022 at: https://fairsharing.org
  PubMed
• 14 Fielding RT. Architectural Styles and the Design of Network-based Software Architectures [PhD dissertation]. University of California, Irvine; 2000
  Google Scholar
• 15 Internet Engineering Task Force (IETF). The OAuth 2.0 Authorization Framework. Accessed July, 21, 2022 at: https://datatracker.ietf.org/doc/html/rfc6749
  PubMedGoogle Scholar
• 16 Internet Engineering Task Force (IETF). JSON Web Token (JWT). Accessed July, 21, 2022 at: https://datatracker.ietf.org/doc/html/rfc7519
  PubMedGoogle Scholar
• 17 Organization for the Advancement of Structured Information Systems (OASIS). eXtensible Access Control Markup Language (XACML) v3.0. Accessed July, 21, 2022 at: http://www.oasis-open.org/specs/index.php#xacmlv3.0
  PubMedGoogle Scholar
• 18 Delgado J, Llorente S, Pàmies M, Vilalta J. Security and privacy in a DACS. Stud Health Technol Inform 2016; 228: 122-126
  PubMedGoogle Scholar
• 19 ISO/HL7. ISO/HL7 27932:2009 Data Exchange Standards – HL7 Clinical Document Architecture, Release 2. Accessed November, 11, 2022, at https://www.iso.org/standard/44429.html
  PubMed
• 20 HL7 International. Accessed July, 21, 2022 at: http://www.hl7.org/
  PubMed
• 21 Cavoukian A. Privacy by Design. Accessed July, 21, 2022 at: https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf
  PubMedGoogle Scholar
• 22 Open Web Application Security Project (OWASP). Security by design principles. Accessed July, 21, 2022 at: https://wiki.owasp.org/index.php/Security_by_Design_Principles
  PubMedGoogle Scholar
• 23 Singh S. The importance of a FAIR Data Strategy in enhancing the Data Value Lifecycle. Accessed July, 21, 2022 at: https://www.thehyve.nl/articles/fair-data-strategy-for-data-value-lifecycle
  PubMedGoogle Scholar
• 24 GDPR (General Data Protection Regulation). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - Official Journal of the European Union, L 119, 4 May 2016. Accessed July, 21, 2022 at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
  PubMed
• 25 Article 32 of the GDPR (General Data Protection Regulation). Accessed July, 21, 2022 at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02016R0679-20160504
  PubMedGoogle Scholar
• 26 Delgado J, Llorente S. Security and privacy when applying FAIR Principles to genomic information. Stud Health Technol Inform 2020; 275: 37-41
  PubMedGoogle Scholar
• 27 World Wide Web Consortium. (W3C). XML Signature Syntax and Processing Version 2.0. Accessed July, 21, 2022 at: https://www.w3.org/TR/xmldsig-core2/
  PubMedGoogle Scholar
• 28 Keycloak. Open Source Identity and Access Management. Accessed July, 21, 2022 at: https://www.keycloak.org/
  PubMedGoogle Scholar
• 29 Organization for the Advancement of Structured Information Systems (OASIS). Accessed July, 21, 2022 at: https://www.oasis-open.org/
  PubMed
• 30 WSO2. WSO2 Balana. Accessed July, 21, 2022 at: https://github.com/wso2/balana
  PubMedGoogle Scholar
• 31 mySQL. mySQL relational database. Accessed July, 21, 2022 at: https://www.mysql.com/
  PubMedGoogle Scholar
• 32 Let's encrypt. Certificate authority. Accessed July, 21, 2022 at: https://letsencrypt.org/
  PubMedGoogle Scholar
• 33 Oracle. Oracle Java. Accessed July, 21, 2022 at: https://www.oracle.com/java/
  PubMedGoogle Scholar
• 34 Oracle. Java 2 Platform Enterprise Edition (J2EE). Accessed July, 21, 2022 at: https://www.oracle.com/java/technologies/appmodel.html
  PubMedGoogle Scholar
• 35 Apache Tomcat. Accessed July, 21, 2022 at: https://tomcat.apache.org/
  PubMed
• 36 International Organization for Standardization (ISO). Accessed July, 21, 2022 at: https://www.iso.org
  PubMed
• 37 ISO/IEC. Moving Pictures Expert Group (MPEG). Accessed July, 21, 2022 at: https://www.mpeg.org
  PubMed
• 38 ISO/IEC. ISO/IEC 23092, Information technology—Genomic Information Representation. Accessed July, 21, 2022 at: https://www.mpeg.org/structure/genomic-coding/
  PubMedGoogle Scholar
• 39 Voges J, Hernaez M, Mattavelli M, Ostermann J. An introduction to MPEG-G: the first open ISO/IEC standard for the compression and exchange of genomic sequencing data. Proc IEEE 2021; 109 (09) 1607-1622
  CrossrefPubMedGoogle Scholar
• 40 ISO/IEC. ISO/IEC 23092–3, Information technology—Genomic information representation—Part 3: metadata and application programming interfaces (APIs), second edition. Accessed July, 21, 2022 at: https://www.iso.org/standard/82725.html
  PubMedGoogle Scholar
• 41 GenClinLab-Sec Project. Mechanisms for secure and efficient management of genomic information tailored to clinical laboratories: Security Aspects, PID2020–114394RB-C31 funded by MCIN/AEI/10.13039/501100011033, Accessed July, 21, 2022 at: https://dmag.ac.upc.edu/proyecto_detalle.php?id_proyecto=50
  PubMed