Subscribe to RSS
DOI: 10.1055/s-0042-1758765
FAIR Aspects of a Health Information Protection and Management System
Funding/Acknowledgments The work presented in this article has been partially supported by the Spanish Government under the project: GenClinLab-Sec (Mechanisms for secure and efficient management of genomic information tailored to clinical laboratories: Security Aspects, PID2020-114394RB-C31) funded by MCIN/AEI/10.13039/501100011033 and by the Generalitat de Catalunya (2017 SGR 1749).Abstract
Background Privacy management is a key issue when dealing with storage and distribution of health information. However, FAIR (Findability, Accessibility, Interoperability, and Reusability) principles when sharing information are in increasing demand in several organizations, especially for information generated in public-funded research projects.
Objectives The two main objectives of the presented work are the definition of a secure and interoperable modular architecture to manage different kinds of medical content (xIPAMS [x, for Any kind of content, Information Protection And Management System] and HIPAMS [Health Information Protection And Management System]), and the application of FAIR principles to that architecture in such a way that privacy and security are compatible with FAIR.
Methods We propose the concept of xIPAMS as a modular architecture, following standards for interoperability, which defines mechanisms for privacy, protection, storage, search, and access to health-related information.
Results xIPAMS provides FAIR principles and preserves patient's privacy. For each module, we identify how FAIR principles apply.
Conclusions We have analyzed how xIPAMS, and in particular HIPAMS (Health content), support the FAIR principles focusing on security and privacy. We have identified the FAIR principles supported by the different xIPAMS modules, concluding that the four principles are supported. Our analysis has also considered a possible implementation based on the concept of DACS (Document Access and Communication System), a system storing medical documents in a private and secure way. In addition, we have analyzed security aspects of the FAIRification process and how they are provided by xIPAMS modules.
Keywords
privacy - security - health information - FAIR principles - interoperability - information protection and management systemEthical Considerations
Our manuscript does not involve research on human subjects.
Publication History
Received: 12 April 2022
Accepted: 19 September 2022
Article published online:
09 December 2022
© 2022. The Author(s). This is an open access article published by Thieme under the terms of the Creative Commons Attribution-NonDerivative-NonCommercial License, permitting copying and reproduction so long as the original work is given appropriate credit. Contents may not be used for commercial purposes, or adapted, remixed, transformed or built upon. (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany
-
References
- 1 Wilkinson MD, Dumontier M, Aalbersberg IJ. et al. The FAIR Guiding Principles for scientific data management and stewardship. Sci Data 2016; 3: 160018
- 2 Delgado J, Llorente S. FAIR aspects of a genomic information protection and management system. Stud Health Technol Inform 2021; 287: 50-54
- 3 Llorente S, Delgado J. Implementation of privacy and security for a genomic information system based on standards. J Pers Med 2022; 12 (06) 915
- 4 Llorente S, Rodriguez E, Delgado J, Torres-Padrosa V. Standards-based architectures for content management. IEEE Multimedia 2013; 20 (04) 62-72
- 5 Boeckhout M, Zielhuis GA, Bredenoord AL. The FAIR guiding principles for data stewardship: fair enough?. Eur J Hum Genet 2018; 26 (07) 931-936
- 6 Wise J, de Barron AG, Splendiani A. et al. Implementation and relevance of FAIR data principles in biopharmaceutical R&D. Drug Discov Today 2019; 24 (04) 933-938
- 7 Harrow J. ELIXIR's Human Data Communities IMI FAIRplus project. Accessed July, 21, 2022 at: https://fairplus-project.eu/
- 8 FAIR4Health project. Accessed July, 21, 2022 at: https://www.fair4health.eu
- 9 Sinaci AA, Núñez-Benjumea FJ, Gencturk M. et al. From raw data to FAIR data: the FAIRification workflow for health research. Methods Inf Med 2020; 59 (S 01): e21-e32
- 10 GO FAIR. FAIRification process. Accessed July, 21, 2022 at: https://www.go-fair.org/fair-principles/fairification-process
- 11 Research Data Alliance. Accessed July, 21, 2022 at: https://www.rd-alliance.org
- 12 FORCE11 (the Future of Research Communications and e-Scholarship). Accessed July, 21, 2022 at: https://www.force11.org
- 13 FAIRsharing.org. Accessed July, 21, 2022 at: https://fairsharing.org
- 14 Fielding RT. Architectural Styles and the Design of Network-based Software Architectures [PhD dissertation]. University of California, Irvine; 2000
- 15 Internet Engineering Task Force (IETF). The OAuth 2.0 Authorization Framework. Accessed July, 21, 2022 at: https://datatracker.ietf.org/doc/html/rfc6749
- 16 Internet Engineering Task Force (IETF). JSON Web Token (JWT). Accessed July, 21, 2022 at: https://datatracker.ietf.org/doc/html/rfc7519
- 17 Organization for the Advancement of Structured Information Systems (OASIS). eXtensible Access Control Markup Language (XACML) v3.0. Accessed July, 21, 2022 at: http://www.oasis-open.org/specs/index.php#xacmlv3.0
- 18 Delgado J, Llorente S, Pàmies M, Vilalta J. Security and privacy in a DACS. Stud Health Technol Inform 2016; 228: 122-126
- 19 ISO/HL7. ISO/HL7 27932:2009 Data Exchange Standards – HL7 Clinical Document Architecture, Release 2. Accessed November, 11, 2022, at https://www.iso.org/standard/44429.html
- 20 HL7 International. Accessed July, 21, 2022 at: http://www.hl7.org/
- 21 Cavoukian A. Privacy by Design. Accessed July, 21, 2022 at: https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf
- 22 Open Web Application Security Project (OWASP). Security by design principles. Accessed July, 21, 2022 at: https://wiki.owasp.org/index.php/Security_by_Design_Principles
- 23 Singh S. The importance of a FAIR Data Strategy in enhancing the Data Value Lifecycle. Accessed July, 21, 2022 at: https://www.thehyve.nl/articles/fair-data-strategy-for-data-value-lifecycle
- 24 GDPR (General Data Protection Regulation). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - Official Journal of the European Union, L 119, 4 May 2016. Accessed July, 21, 2022 at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
- 25 Article 32 of the GDPR (General Data Protection Regulation). Accessed July, 21, 2022 at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02016R0679-20160504
- 26 Delgado J, Llorente S. Security and privacy when applying FAIR Principles to genomic information. Stud Health Technol Inform 2020; 275: 37-41
- 27 World Wide Web Consortium. (W3C). XML Signature Syntax and Processing Version 2.0. Accessed July, 21, 2022 at: https://www.w3.org/TR/xmldsig-core2/
- 28 Keycloak. Open Source Identity and Access Management. Accessed July, 21, 2022 at: https://www.keycloak.org/
- 29 Organization for the Advancement of Structured Information Systems (OASIS). Accessed July, 21, 2022 at: https://www.oasis-open.org/
- 30 WSO2. WSO2 Balana. Accessed July, 21, 2022 at: https://github.com/wso2/balana
- 31 mySQL. mySQL relational database. Accessed July, 21, 2022 at: https://www.mysql.com/
- 32 Let's encrypt. Certificate authority. Accessed July, 21, 2022 at: https://letsencrypt.org/
- 33 Oracle. Oracle Java. Accessed July, 21, 2022 at: https://www.oracle.com/java/
- 34 Oracle. Java 2 Platform Enterprise Edition (J2EE). Accessed July, 21, 2022 at: https://www.oracle.com/java/technologies/appmodel.html
- 35 Apache Tomcat. Accessed July, 21, 2022 at: https://tomcat.apache.org/
- 36 International Organization for Standardization (ISO). Accessed July, 21, 2022 at: https://www.iso.org
- 37 ISO/IEC. Moving Pictures Expert Group (MPEG). Accessed July, 21, 2022 at: https://www.mpeg.org
- 38 ISO/IEC. ISO/IEC 23092, Information technology—Genomic Information Representation. Accessed July, 21, 2022 at: https://www.mpeg.org/structure/genomic-coding/
- 39 Voges J, Hernaez M, Mattavelli M, Ostermann J. An introduction to MPEG-G: the first open ISO/IEC standard for the compression and exchange of genomic sequencing data. Proc IEEE 2021; 109 (09) 1607-1622
- 40 ISO/IEC. ISO/IEC 23092–3, Information technology—Genomic information representation—Part 3: metadata and application programming interfaces (APIs), second edition. Accessed July, 21, 2022 at: https://www.iso.org/standard/82725.html
- 41 GenClinLab-Sec Project. Mechanisms for secure and efficient management of genomic information tailored to clinical laboratories: Security Aspects, PID2020–114394RB-C31 funded by MCIN/AEI/10.13039/501100011033, Accessed July, 21, 2022 at: https://dmag.ac.upc.edu/proyecto_detalle.php?id_proyecto=50