WIT Institute of Software Technology and Interactive Systems Vienna University of Technology
description
Transcript of WIT Institute of Software Technology and Interactive Systems Vienna University of Technology
An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare
WITInstitute of Software Technology and Interactive SystemsVienna University of TechnologyVienna, [email protected]
Institute of Software Technology and Interactive SystemsVienna University of TechnologyVienna, [email protected]
Nevena Stolba A Min Tjoa
2
Motivation
Evidence-based medicine (EBM) is a new healthcare scientific paradigm aiming at the prevention, diagnosis and treatment of diseases using medical evidence.
Integration of external evidence-based data sources into the existing clinical information system and finding of appropriate therapy alternatives for a given patient and a given disease is a major research challenge.
Defining of explicit common security regulations and standards is a process, where both the patient’s individual rights (patient’s privacy and data protection) and the collective, societal demands (scientific progress and development of new technologies) need to be considered.
We show the need of a high-secure decision support system in order to facilitate the practical use of evidence-based medicine with respect to the
privacy regulations
3
Outline
Decision support systems (DSS) Evidence-based medicine (EBM) Data Warehouse (DWH) facilitating evidence-based medicine Security concept for healthcare decision support systems
Depersonalisation Pseudonymisation Role-based access
Conclusion
4
Data Warehouse
Inmon:A Data Warehouse is a subject-oriented, integrated, time-variant and non-volatile collection of data in support of management's decision making process.
Administrative data
Financial data
Organisationaldata
DataSourceSystems
DataExtraction and
Transformation Extraction and Standardisation
Cleaning, Transformation, Consolidation and Enhancement
Data Storage Data Load
DATA WAREHOUSE
DataAnalysis OLAP Data Minig Reporting
DataUsers Business Manager Staff Manager
Alerting
Customerdata
Data Analyst
Administrative data
Financial data
Organisationaldata
DataSourceSystems
DataExtraction and
Transformation Extraction and Standardisation
Cleaning, Transformation, Consolidation and Enhancement
Data Storage Data Load
DATA WAREHOUSE
DataAnalysis OLAP Data Minig Reporting
DataUsers Business Manager Staff Manager
Alerting
Customerdata
Data Analyst
DWH integrates data fromdiverse internal and external data sources to support: Reporting Analysis Track business trends Improve strategic decisions Enhance forcasting
5
Evidence-Based Medicine (1/2)
6
Evidence-Based Medicine (2/2)
Sackett et al., 1996 :Evidence based medicine is the conscientious, explicit, and judicious use of current best evidence in making decisions about the care of individual patients.
Books
Magazines
Journals
Healthcareprotocols
Clinical trials
Best practiceguidelines
Systematicreviews
Web-basedhealth information
Clinicalobservational data
EvidenceBased
Guidelines
Prevention
Treatment
Forecasting
Information
Rules
Books
Magazines
Journals
Healthcareprotocols
Clinical trials
Best practiceguidelines
Systematicreviews
Web-basedhealth information
Clinicalobservational data
EvidenceBased
Guidelines
Prevention
Treatment
Forecasting
Information
Rules
7
Data Warehouse facilitating EBM (1/3)
Health care institutions are deploying data warehouse applications and decision support tools on top of them for their strategic decision making processes.
The main role of the clinical decision support systems is: To reduce medical errors To increase operating efficiency To reduce treatment costs To give advice about staffing plans etc.
8
Data Warehouse facilitating EBM (2/3) Examples of DWH applications in the area of EBM:
1. Generation of evidence-based guidelines Discover unknown data patterns Identify trends Recognize best practices for different
desease treatments
2. Support of decision making processes of clinical management, human resourcesand clinical administration
Creation of business strategies Treatment scheduling Staffing plans
9
Data Warehouse facilitating EBM (3/3)
Support of clinicians at the point of care
D W H
Evidence-based rules
Patient‘s health record
Drugs
Possible treatments
Skilled stuff
Physician
Query withpatient‘s desease
Recomandedtreatment
OLAPData Mining
D W H
Evidence-based rules
Patient‘s health record
Drugs
Possible treatments
Skilled stuff
Physician
Query withpatient‘s desease
Recomandedtreatment
OLAPData Mining
10
Security Concept for Healthcare DSS
Healthcare decision support systems comprise large volumes of sensitive data and therefore must guaranty a high degree of data protection.
Security measures, which need to be considered to protect data privacy in DSS in order to facilitate evidence based medicine: Password identification for the healthcare DSS – users Any data modification must bear a digital signature Tracking of data manipulation through log files Confidential health data should only be stored in a coded or encrypted
form on a mobile medium Public Key Infrastructure for transportation security Data used for EBM purposes must be depersonalised and
pseudonymised A role-based access model has to be implemented
11
Depersonalisation and Pseudonymisation
The Health Insurance Portability and Accountability Act (HIPAA) and the European Commission's Directive on Data Protection have created a great impact on the sharpness of security regulations.
The goal of evidence-based medicine (to recognise the symptoms, best treatments and prevention patterns for a given disease) can solely be accomplished by analyzing unidentifiable patient data.
Depersonalization and pseudonymisation procedures are used to prevent re-identification of personal data
12
Depersonalisation (1/1)
Taweel et al., 2004:Depersonalisation is removal of any residual information that might risk identification – e.g. names of relatives, nick names, place names, unusual occupations, etc.
Stolba, Banek and Tjoa, 2005:depersonalisation may be done by: Grouping data
– protecting sensitive data through grouping (i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…).
Hiding data– all data interesting for detailed data mining (occupation, hobbies) are concealed
Removing data– key identifying data unnecessary for the research (e.g. name, exact birth day, precise address, nick names, name of
relatives etc) are removed.
13
Depersonalisation (2/2)
Administrative users (most often: clinical management) specify sensitive data and its sensitivity levels
GroupMedium City Address
RemoveVery HighStreetAddress
HideHigh DegreePatient
NoneLowGenderPatient
GroupMediumDate of birthPatient
RemoveVery HightNamePatient
Depersonalisation MeasureSensitivity LevelAttributEntity
GroupMedium City Address
RemoveVery HighStreetAddress
HideHigh DegreePatient
NoneLowGenderPatient
GroupMediumDate of birthPatient
RemoveVery HightNamePatient
Depersonalisation MeasureSensitivity LevelAttributEntity
14
Pseudonymisation (1/2)
Pseudonymity is a state of disguised identity resulting from the use of a pseudonym.
The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names (legal identities)
Pseudonymisation is especially suitable for the requirements of EBM because it enables a consolidation of different patients’ data without revealing patient identities.
Depending on the requirements, two kinds of pseudonymisation can be used: one-way pseudonymisation reversible pseudonymisation
15
Pseudonymisation (2/2)
Privacy preserving measures during query processing in the data warehouse supporting evidence-based medicine:
Query
Query result
Depersonalised query result
SSN PD HCD
SSN HCD
Pseudonymised query result
DWH
Encrypted depers. query result
encryptedHCD
encrypteddep. PD
PseudoSSN
encryptedHCD
Encrypteddep. PD
Trustedthird party
Decrypted pseudonymised and depersonalised query result
Result
encryptedSSN
PseudoSSN
HCDdep. PD
dep. PD
Query
Query result
Depersonalised query result
SSN PD HCD
SSN HCD
Pseudonymised query result
DWH
Encrypted depers. query result
encryptedHCD
encrypteddep. PD
PseudoSSN
encryptedHCD
Encrypteddep. PD
Trustedthird party
Decrypted pseudonymised and depersonalised query result
Result
encryptedSSN
PseudoSSN
HCDdep. PD
dep. PD
SSN - Social Security Nr.PD - Personal DataHCD - Health Care Data
16
Role-Based Access
The role based access model is used for decision support systems in order to ensure that in EBM-users can only access those data, which is granted to the role they have.
Nurse
Clinician
HumanRessources
Administration
Clinical management
Data Warehouse
Nurse
Clinician
HumanRessources
Administration
Clinical management
Data Warehouse
Role is a job description regardless of the actor performing it. Roles should exactly be assigned with those authorisations that are
needed to fulfil the duties of the job. Each user in the DWH should be assigned to at least one role, though
multiple roles are allowed. A user can play only one role at the time.
17
Conclusion
Not enough attention is paid to the protection of high sensitive patient data.
Main reasons for the security threats: System complexity High amount of users Great data volumes residing in a medical DSS
The proposed security approach ensures that patient privacy and confidentiality are preserved while delivering a rich medical repository for the research purposes, leading to the scientific progress in EBM.
18
Thank You!