An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare

WITInstitute of Software Technology and Interactive SystemsVienna University of TechnologyVienna, Austriastolba@wit.tuwien.ac.at

Institute of Software Technology and Interactive SystemsVienna University of TechnologyVienna, Austriaamin@ifs.tuwien.ac.at

Nevena Stolba A Min Tjoa

2

Motivation

Evidence-based medicine (EBM) is a new healthcare scientific paradigm aiming at the prevention, diagnosis and treatment of diseases using medical evidence.

Integration of external evidence-based data sources into the existing clinical information system and finding of appropriate therapy alternatives for a given patient and a given disease is a major research challenge.

Defining of explicit common security regulations and standards is a process, where both the patient’s individual rights (patient’s privacy and data protection) and the collective, societal demands (scientific progress and development of new technologies) need to be considered.

We show the need of a high-secure decision support system in order to facilitate the practical use of evidence-based medicine with respect to the

privacy regulations

3

Outline

Decision support systems (DSS) Evidence-based medicine (EBM) Data Warehouse (DWH) facilitating evidence-based medicine Security concept for healthcare decision support systems

Depersonalisation Pseudonymisation Role-based access

Conclusion

4

Data Warehouse

Inmon:A Data Warehouse is a subject-oriented, integrated, time-variant and non-volatile collection of data in support of management's decision making process.

Administrative data

Financial data

Organisationaldata

DataSourceSystems

DataExtraction and

Transformation Extraction and Standardisation

Cleaning, Transformation, Consolidation and Enhancement

Data Storage Data Load

DATA WAREHOUSE

DataAnalysis OLAP Data Minig Reporting

DataUsers Business Manager Staff Manager

Alerting

Customerdata

Data Analyst

Administrative data

Financial data

Organisationaldata

DataSourceSystems

DataExtraction and

Transformation Extraction and Standardisation

Cleaning, Transformation, Consolidation and Enhancement

Data Storage Data Load

DATA WAREHOUSE

DataAnalysis OLAP Data Minig Reporting

DataUsers Business Manager Staff Manager

Alerting

Customerdata

Data Analyst

DWH integrates data fromdiverse internal and external data sources to support: Reporting Analysis Track business trends Improve strategic decisions Enhance forcasting

5

Evidence-Based Medicine (1/2)

6

Evidence-Based Medicine (2/2)

Sackett et al., 1996 :Evidence based medicine is the conscientious, explicit, and judicious use of current best evidence in making decisions about the care of individual patients.

Books

Magazines

Journals

Healthcareprotocols

Clinical trials

Best practiceguidelines

Systematicreviews

Web-basedhealth information

Clinicalobservational data

EvidenceBased

Guidelines

Prevention

Treatment

Forecasting

Information

Rules

Books

Magazines

Journals

Healthcareprotocols

Clinical trials

Best practiceguidelines

Systematicreviews

Web-basedhealth information

Clinicalobservational data

EvidenceBased

Guidelines

Prevention

Treatment

Forecasting

Information

Rules

7

Data Warehouse facilitating EBM (1/3)

Health care institutions are deploying data warehouse applications and decision support tools on top of them for their strategic decision making processes.

The main role of the clinical decision support systems is: To reduce medical errors To increase operating efficiency To reduce treatment costs To give advice about staffing plans etc.

8

Data Warehouse facilitating EBM (2/3) Examples of DWH applications in the area of EBM:

1. Generation of evidence-based guidelines Discover unknown data patterns Identify trends Recognize best practices for different

desease treatments

2. Support of decision making processes of clinical management, human resourcesand clinical administration

Creation of business strategies Treatment scheduling Staffing plans

9

Data Warehouse facilitating EBM (3/3)

Support of clinicians at the point of care

D W H

Evidence-based rules

Patient‘s health record

Drugs

Possible treatments

Skilled stuff

Physician

Query withpatient‘s desease

Recomandedtreatment

OLAPData Mining

D W H

Evidence-based rules

Patient‘s health record

Drugs

Possible treatments

Skilled stuff

Physician

Query withpatient‘s desease

Recomandedtreatment

OLAPData Mining

10

Security Concept for Healthcare DSS

Healthcare decision support systems comprise large volumes of sensitive data and therefore must guaranty a high degree of data protection.

Security measures, which need to be considered to protect data privacy in DSS in order to facilitate evidence based medicine: Password identification for the healthcare DSS – users Any data modification must bear a digital signature Tracking of data manipulation through log files Confidential health data should only be stored in a coded or encrypted

form on a mobile medium Public Key Infrastructure for transportation security Data used for EBM purposes must be depersonalised and

pseudonymised A role-based access model has to be implemented

11

Depersonalisation and Pseudonymisation

The Health Insurance Portability and Accountability Act (HIPAA) and the European Commission's Directive on Data Protection have created a great impact on the sharpness of security regulations.

The goal of evidence-based medicine (to recognise the symptoms, best treatments and prevention patterns for a given disease) can solely be accomplished by analyzing unidentifiable patient data.

Depersonalization and pseudonymisation procedures are used to prevent re-identification of personal data

12

Depersonalisation (1/1)

Taweel et al., 2004:Depersonalisation is removal of any residual information that might risk identification – e.g. names of relatives, nick names, place names, unusual occupations, etc.

Stolba, Banek and Tjoa, 2005:depersonalisation may be done by: Grouping data

– protecting sensitive data through grouping (i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…).

Hiding data– all data interesting for detailed data mining (occupation, hobbies) are concealed

Removing data– key identifying data unnecessary for the research (e.g. name, exact birth day, precise address, nick names, name of

relatives etc) are removed.

13

Depersonalisation (2/2)

Administrative users (most often: clinical management) specify sensitive data and its sensitivity levels

GroupMedium City Address

RemoveVery HighStreetAddress

HideHigh DegreePatient

NoneLowGenderPatient

GroupMediumDate of birthPatient

RemoveVery HightNamePatient

Depersonalisation MeasureSensitivity LevelAttributEntity

GroupMedium City Address

RemoveVery HighStreetAddress

HideHigh DegreePatient

NoneLowGenderPatient

GroupMediumDate of birthPatient

RemoveVery HightNamePatient

Depersonalisation MeasureSensitivity LevelAttributEntity

14

Pseudonymisation (1/2)

Pseudonymity is a state of disguised identity resulting from the use of a pseudonym.

The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names (legal identities)

Pseudonymisation is especially suitable for the requirements of EBM because it enables a consolidation of different patients’ data without revealing patient identities.

Depending on the requirements, two kinds of pseudonymisation can be used: one-way pseudonymisation reversible pseudonymisation

15

Pseudonymisation (2/2)

Privacy preserving measures during query processing in the data warehouse supporting evidence-based medicine:

Query

Query result

Depersonalised query result

SSN PD HCD

SSN HCD

Pseudonymised query result

DWH

Encrypted depers. query result

encryptedHCD

encrypteddep. PD

PseudoSSN

encryptedHCD

Encrypteddep. PD

Trustedthird party

Decrypted pseudonymised and depersonalised query result

Result

encryptedSSN

PseudoSSN

HCDdep. PD

dep. PD

Query

Query result

Depersonalised query result

SSN PD HCD

SSN HCD

Pseudonymised query result

DWH

Encrypted depers. query result

encryptedHCD

encrypteddep. PD

PseudoSSN

encryptedHCD

Encrypteddep. PD

Trustedthird party

Decrypted pseudonymised and depersonalised query result

Result

encryptedSSN

PseudoSSN

HCDdep. PD

dep. PD

SSN - Social Security Nr.PD - Personal DataHCD - Health Care Data

16

Role-Based Access

The role based access model is used for decision support systems in order to ensure that in EBM-users can only access those data, which is granted to the role they have.

Nurse

Clinician

HumanRessources

Administration

Clinical management

Data Warehouse

Nurse

Clinician

HumanRessources

Administration

Clinical management

Data Warehouse

Role is a job description regardless of the actor performing it. Roles should exactly be assigned with those authorisations that are

needed to fulfil the duties of the job. Each user in the DWH should be assigned to at least one role, though

multiple roles are allowed. A user can play only one role at the time.

17

Conclusion

Not enough attention is paid to the protection of high sensitive patient data.

Main reasons for the security threats: System complexity High amount of users Great data volumes residing in a medical DSS

The proposed security approach ensures that patient privacy and confidentiality are preserved while delivering a rich medical repository for the research purposes, leading to the scientific progress in EBM.

18

Thank You!