Wissenschafterinnenkolleg Internettechnologien

Download Report

Transcript Wissenschafterinnenkolleg Internettechnologien

An Approach towards the Fulfilment
of Security Requirements
for Decision Support Systems
in the Field of Evidence-Based Healthcare
Nevena Stolba
A Min Tjoa
WIT
Institute of Software Technology
and Interactive Systems
Institute of Software Technology
and Interactive Systems
Vienna University of Technology
Vienna, Austria
[email protected]
Vienna University of Technology
Vienna, Austria
[email protected]
Motivation

Evidence-based medicine (EBM) is a new healthcare scientific paradigm
aiming at the prevention, diagnosis and treatment of diseases using medical
evidence.

Integration of external evidence-based data sources into the existing clinical
information system and finding of appropriate therapy alternatives for a
given patient and a given disease is a major research challenge.

Defining of explicit common security regulations and standards is a process,
where both the patient’s individual rights (patient’s privacy and data
protection) and the collective, societal demands (scientific progress and
development of new technologies) need to be considered.

We show the need of a high-secure decision support system in order to
facilitate the practical use of evidence-based medicine with respect to the
privacy regulations
2
Outline





Decision support systems (DSS)
Evidence-based medicine (EBM)
Data Warehouse (DWH) facilitating evidence-based medicine
Security concept for healthcare decision support systems
 Depersonalisation
 Pseudonymisation
 Role-based access
Conclusion
3
Data Warehouse

Inmon:
A Data Warehouse is a subject-oriented, integrated, time-variant and
non-volatile collection of data in support of management's decision
making process.
Data
Users

DWH integrates data from
diverse internal and external
data sources to support:





Reporting
Analysis
Track business trends
Improve strategic decisions
Enhance forcasting
Data
Analysis
Business Manager
OLAP
Staff Manager
Data Minig
Data Analyst
Reporting
Alerting
DATA WAREHOUSE
Data Load
Data Storage
Data
Extraction and
Transformation
Data
Source
Systems
Cleaning, Transformation, Consolidation and Enhancement
Extraction and Standardisation
Administrative
data
Organisational
data
Financial
data
Customer
data
4
Evidence-Based Medicine (1/2)
5
Evidence-Based Medicine (2/2)

Sackett et al., 1996 :
Evidence based medicine is the conscientious, explicit, and judicious
use of current best evidence in making decisions about the care of
individual patients.
Books
Magazines
Clinical
observational data
Prevention
Journals
Evidence
Based
Guidelines
Clinical trials
Healthcare
protocols
Web-based
health information
Treatment
Rules
Forecasting
Best practice
guidelines
Information
Systematic
reviews
6
Data Warehouse facilitating EBM (1/3)

Health care institutions are deploying data warehouse
applications and decision support tools on top of them for their
strategic decision making processes.

The main role of the clinical decision support systems is:
To
 To
 To
 To

reduce medical errors
increase operating efficiency
reduce treatment costs
give advice about staffing plans etc.
7
Data Warehouse facilitating EBM (2/3)

Examples of DWH applications in the area of EBM:
1.
Generation of evidence-based guidelines

Discover unknown data patterns

Identify trends

Recognize best practices for different
desease treatments
2.
Support of decision making processes
of clinical management, human resources
and clinical administration

Creation of business strategies

Treatment scheduling

Staffing plans
8
Data Warehouse facilitating EBM (3/3)
Support of clinicians at the point of care
Physician
Recomanded
treatment
Query with
patient‘s desease
DWH
Possible treatments
Patient‘s health record
Skilled stuff
Drugs
Data Mining
OLAP
Evidence-based rules
9
Security Concept for Healthcare DSS

Healthcare decision support systems comprise large volumes of
sensitive data and therefore must guaranty a high degree of data
protection.

Security measures, which need to be considered to protect data
privacy in DSS in order to facilitate evidence based medicine:







Password identification for the healthcare DSS – users
Any data modification must bear a digital signature
Tracking of data manipulation through log files
Confidential health data should only be stored in a coded or
encrypted form on a mobile medium
Public Key Infrastructure for transportation security
Data used for EBM purposes must be depersonalised and
pseudonymised
A role-based access model has to be implemented
10
Depersonalisation and Pseudonymisation

The Health Insurance Portability and Accountability Act
(HIPAA) and the European Commission's Directive on Data
Protection have created a great impact on the sharpness of
security regulations.

The goal of evidence-based medicine (to recognise the
symptoms, best treatments and prevention patterns for a
given disease) can solely be accomplished by analyzing
unidentifiable patient data.

Depersonalization and pseudonymisation procedures are used
to prevent re-identification of personal data
11
Depersonalisation (1/1)

Taweel et al., 2004:
Depersonalisation is removal of any residual information that might
risk identification – e.g. names of relatives, nick names, place names,
unusual occupations, etc.

Stolba, Banek and Tjoa, 2005:
depersonalisation may be done by:

Grouping data
–

Hiding data
–

protecting sensitive data through grouping
(i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…).
all data interesting for detailed data mining (occupation, hobbies) are concealed
Removing data
–
key identifying data unnecessary for the research (e.g. name, exact birth day,
precise address, nick names, name of relatives etc) are removed.
12
Depersonalisation (2/2)

Administrative users (most often: clinical management) specify
sensitive data and its sensitivity levels
Entity
Attribut
Sensitivity Level
Depersonalisation Measure
Very Hight
Remove
Medium
Group
Patient
Name
Patient
Date of birth
Patient
Gender
Low
None
Patient
Degree
High
Hide
Address
Street
Very High
Remove
Address
City
Medium
Group
13
Pseudonymisation (1/2)

Pseudonymity is a state of disguised identity resulting from the
use of a pseudonym.

The pseudonym identifies a holder, that is, one or more human
beings who possess but do not disclose their true names (legal
identities)

Pseudonymisation is especially suitable for the requirements of
EBM because it enables a consolidation of different patients’
data without revealing patient identities.

Depending on the requirements, two kinds of
pseudonymisation can be used:
 one-way pseudonymisation
 reversible pseudonymisation
14
Pseudonymisation (2/2)

Privacy preserving measures during query processing in the
data warehouse supporting evidence-based medicine:
Query
Query result
SSN - Social Security Nr.
PD - Personal Data
HCD - Health Care Data
SSN
PD
Pseudonymised query result
HCD
Pseudo
SSN
Encrypted encrypted
dep. PD
HCD
Trusted
third party
Depersonalised query result
SSN
dep.
PD
HCD
Decrypted pseudonymised and
depersonalised query result
Encrypted depers. query result
encrypted
SSN
encrypted encrypted
dep. PD
HCD
Pseudo
SSN
dep.
PD
HCD
DWH
Result
15
Role-Based Access

The role based access model is used for decision support
systems in order to ensure that in EBM-users can only access
those data, which is granted to the role they have.
Data Warehouse
Human
Ressources
Nurse
Clinician
Administration
Clinical management




Role is a job description regardless of the actor performing it.
Roles should exactly be assigned with those authorisations that are
needed to fulfil the duties of the job.
Each user in the DWH should be assigned to at least one role, though
multiple roles are allowed.
A user can play only one role at the time.
16
Conclusion

Not enough attention is paid to the protection of high
sensitive patient data.

Main reasons for the security threats:
 System complexity
 High amount of users
 Great data volumes residing in a medical DSS

The proposed security approach ensures that patient privacy
and confidentiality are preserved while delivering a rich
medical repository for the research purposes, leading to the
scientific progress in EBM.
17
Thank You!
18