Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF)

D. Kalra; P. Singleton; J. Milan; J. MacKay; D. Detmer; A. Rector; D. Ingram

doi:10.1055/s-0038-1633945

Methods of Information in Medicine, Table of Contents

Methods Inf Med 2005; 44(02): 193-197
DOI: 10.1055/s-0038-1633945

Original Article

Schattauer GmbH

Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF)

Authors

D. Kalra

¹Centre for Health Informatics and Multiprofessional Education (CHIME), University College London, London, UK
P. Singleton

¹Centre for Health Informatics and Multiprofessional Education (CHIME), University College London, London, UK

⁴Judge Institute, University of Cambridge, Cambridge, UK
J. Milan

²Royal Marsden NHS Trust, London, UK
J. MacKay

³The Genetics Unit, Institute of Child Health, University College London, London, UK
D. Detmer

⁴Judge Institute, University of Cambridge, Cambridge, UK
A. Rector

⁵Department of Computer Science, University of Manchester, Manchester, UK
D. Ingram

¹Centre for Health Informatics and Multiprofessional Education (CHIME), University College London, London, UK

Abstract

Summary

Objectives: CLEF is an MRC sponsored project in the E-Science programme that aims to establish methodologies and a technical infrastructure for the next generation of integrated clinical and bioscience research.

Methods: The heart of the CLEF approach to this challenge is to design and develop a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies have been developed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research.

Results: This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows, pseudonymisation measures and additional monitoring policies that are currently being developed.

Conclusion: Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research.

Keywords

Electronic health records - data repository - pseudonymisation - grid computing - access control

Full Text

References

References
1 Data Protection Act 1998, The Stationery Office Limited London 1998. www.hmso.gov.uk/acts/acts1998/19980029.htm.
2 EU Directive 95/46. http://europa.eu.int/comm/internal_market/privacy/law_en.htm.
3 Human Rights Act 1998, The Stationery Office Limited London 1998. www.hmso.gov.uk/acts/acts1998/19980042.htm.
4 Ingram D. The Good European Health Record Project. In: Laires, Laderia Christensen (eds.). Health in the New Communications Age. Amsterdam: IOS Press; 1995: 66-74.
5 Grimson J, Grimson W, Berry D, Stephens G, Felton E, Kalra D, Toussaint P, Weier OW. A CORBAbased integration of distributed electronic healthcare records using the synapses approach. IEEE Trans Inf Technol Biomed 1998; 2 (03) 124-38.
6 Kalra D, Austin A, O’Connor A, Patterson D, Lloyd D, Ingram D. Design and Implementation of a Federated Health Record Server. Toward an Electronic Health Record Europe 2001, Paper 001: 113.Medical Records Institute for the Centre for Advancement of Electronic Records Ltd..
7 Kalra D. Clinical foundations and information architecture for the implementation of a federated health record service. PhD Thesis. Univ London: 2002
8 Sweeney L. k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 2002; 10 (05) 557-70.
9 De Moor G, Claerhout B, De Meyer F. Privacy Enhancing Techniques: the Key to Secure Communication and Management of Clinical and Genomic Data. Methods Inf Med 2003; 42 (02) 148-53.
10 Ferris TA, Garrison GM, Lowe H. J. Proposed Key Escrow System for Secure Patient Information Disclosure in Biomedical Research Databases. Procs AMIA 2002 Annual Symposium 245-9.
11 Murphy S, Chueh H. A Security Architecture for Query Tools used to Access Large Biomedical Databases. Procs AMIA. 2002. Annual Symposium; 552-6.
12 The PERMIS Project. [http://www.permis.org/] Last accessed February 2004
13 Security Assertions Markup Language. OASIS Security Services TC. [http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=secty] Last accessed February 2004