Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF)

 

 Buy Article Permissions and Reprints

Summary

Objectives: CLEF is an MRC sponsored project in the E-Science programme that aims to establish methodologies and a technical infrastructure for the next generation of integrated clinical and bioscience research.

Methods: The heart of the CLEF approach to this challenge is to design and develop a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies have been developed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research.

Results: This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows, pseudonymisation measures and additional monitoring policies that are currently being developed.

Conclusion: Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research.

• References

• 1 Data Protection Act 1998, The Stationery Office Limited London 1998. www.hmso.gov.uk/acts/acts1998/19980029.htm.
  PubMedGoogle Scholar
• 2 EU Directive 95/46. http://europa.eu.int/comm/internal_market/privacy/law_en.htm.
  PubMedGoogle Scholar
• 3 Human Rights Act 1998, The Stationery Office Limited London 1998. www.hmso.gov.uk/acts/acts1998/19980042.htm.
  PubMedGoogle Scholar
• 4 Ingram D. The Good European Health Record Project. In: Laires, Laderia Christensen (eds.). Health in the New Communications Age. Amsterdam: IOS Press; 1995: 66-74.
  Google Scholar
• 5 Grimson J, Grimson W, Berry D, Stephens G, Felton E, Kalra D, Toussaint P, Weier OW. A CORBAbased integration of distributed electronic healthcare records using the synapses approach. IEEE Trans Inf Technol Biomed 1998; 2 (03) 124-38.
  CrossrefPubMedGoogle Scholar
• 6 Kalra D, Austin A, O’Connor A, Patterson D, Lloyd D, Ingram D. Design and Implementation of a Federated Health Record Server. Toward an Electronic Health Record Europe 2001, Paper 001: 113.Medical Records Institute for the Centre for Advancement of Electronic Records Ltd..
  PubMedGoogle Scholar
• 7 Kalra D. Clinical foundations and information architecture for the implementation of a federated health record service. PhD Thesis. Univ London: 2002
  Google Scholar
• 8 Sweeney L. k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 2002; 10 (05) 557-70.
  PubMedGoogle Scholar
• 9 De Moor G, Claerhout B, De Meyer F. Privacy Enhancing Techniques: the Key to Secure Communication and Management of Clinical and Genomic Data. Methods Inf Med 2003; 42 (02) 148-53.
  Article in Thieme ConnectPubMedGoogle Scholar
• 10 Ferris TA, Garrison GM, Lowe H. J. Proposed Key Escrow System for Secure Patient Information Disclosure in Biomedical Research Databases. Procs AMIA 2002 Annual Symposium 245-9.
  PubMedGoogle Scholar
• 11 Murphy S, Chueh H. A Security Architecture for Query Tools used to Access Large Biomedical Databases. Procs AMIA. 2002. Annual Symposium; 552-6.
  Google Scholar
• 12 The PERMIS Project. [http://www.permis.org/] Last accessed February 2004
  PubMedGoogle Scholar
• 13 Security Assertions Markup Language. OASIS Security Services TC. [http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=secty] Last accessed February 2004
  PubMedGoogle Scholar