1 / 34

Clinical Trials 101

Virtual Organisations for Trials and Epidemiological Studies (VOTES) – Experiences & Prototypes after 1 year Prof Richard Sinnott Technical Director National e-Science Centre University of Glasgow r.sinnott@nesc.gla.ac.uk. Clinical Trials 101. Need to answer questions such as

edan
Download Presentation

Clinical Trials 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Organisations for Trials and Epidemiological Studies (VOTES) – Experiences & Prototypes after 1 yearProf Richard Sinnott Technical Director National e-Science CentreUniversity of Glasgowr.sinnott@nesc.gla.ac.uk

  2. Clinical Trials 101 • Need to answer questions such as • How many men in Scotland between the ages of 45-65 had a heart attack in the last 5 years? Of those that did, would they be interested in trialling a new drug to prevent possible further serious major events? • Recruitment! • For recruited men, are they regularly taking the new drug (or placebo)? Do they visit their GP/hospital regularly for the drug/placebo, to give samples, for monitoring purposes? Did they have any further major events (or side-effects) in taking the drug? • Data collection! • Who can see the information associated with this trial? Can a hospital doctor, nurse see all of given patients data? Only their GP? A clinical trials researcher? Who ensures that a study is in the patients interest? Can we simplify the ethical review process? Who checks the validity of trial results? • Study management!

  3. VOTES • Virtual Organisations for Trials and Epidemiological Studies • 3 year (£2.8M) MRC funded project started October 2005 • Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study • Recruitment of potentially eligible participants • Data collection during the study • Study administration and coordination • Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial • Strong links with UK Biobank

  4. Grid Background • What is a Grid? • Data Grid vs Compute Grid vs Information Grid vs Campus Grid vs Enterprise Grid vs … • Technologies for Grids • Web services • Globus • OMII-UK • EGEE/gLite • …

  5. E-Health Grids… • Essential that they offer • Fine grained security • AAAA • Access/integration of rich variety of clinical data sets • Ease of use for end users • Single sign-on to various remote resources • Site autonomy/manageability for local admins • Scalability for large scale virtual organisations • Controlled dynamicity of users, resources, policies… • … • HYPOTHESIS: Shibboleth + Grid + advanced authorisation infrastructures can address these issues

  6. Usability • Grid Security • AAAA • Users like usernames/passwords • Provide them (once!) • Users don’t like/understand X.509 based PKI • Forget training, education for most users! • $> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem! • The vast majority most certainly won’t jump through hoops to get on the Grid • “me-Science” culture

  7. “A”AAA • Identity management issues • Certificate Revocation Lists • When revoked? By whom? How timely? • Strong passwords for private keys • Users write them down, share them, forget them • Privilege Management • Numerous domains where never get access to local account to “do stuff” • I need to access your NHS DB to run queries, change tables, run arbitrary code… • At NeSC Glasgow we have focused on • improving AAAA andAAAA

  8. Improving “A”AAA • Best to exploit local authentication • Sites know best if users still at institution and are best placed to state what their privileges are/should be • Introducing Shibboleth

  9. Introducing Shibboleth • Shibboleth (http://shibboleth.internet2.edu) Definition Shibboleth [Hebrew for an ear of corn, or a stream or flood] 1. A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce sh, called the word sibboleth. See --Judges xii. 2. Hence, the criterion, test, or watchword of a party; a party cry or pet phrase. ] • Shibboleth will replace Athens as access mgt system across UK academia • i.e. this is main stream and not (weird) Grid solutions! • Federations based on trust • or more accurately trust but verify • numerous international federations exist MAMS, SWITCH, HAKA, SDSS…

  10. Typical Shibboleth Scenario 4. Home site authenticates user 3.User selects their home institution 2. Shibboleth redirects userto W.A.Y.F. service LDAP • User points browser at Grid resource/portal (or non-Grid resource) Identity Provider AuthN Home Institution Federation Service provider 5. User accesses resource W.A.Y.F. User Grid resource / portal

  11. It’s a start, but… • Benefit from local authentication but really want finer grained control… • I know you have authenticated, but I need to know that you have sufficient/correct privileges to access my VO resources • can also return various other information needed to support authorisation decisions • At NeSC we have been working extensively with PERMIS

  12. Role Based Access Controls • Basic idea is to define: • roles applicable to specific VO • roles often hierarchical • Role X ≥ Role Y ≥ Role Z • Manager can do everything (and more) than an employee can do who can do everything (and more) than a trainee can do • actions allowed/not allowed for VO members • resources comprising VO infrastructure (computers, data resources etc) • A policy then consists of sets of these rules • { Role x Action x Target } • Can user with VO role X invoke service Y on resource Z? • Policy itself can be represented in many ways, e.g. XML, XACML, … • Tools available for policy editing, associating users with roles, signing policies etc • Policies stored as attribute certificates in LDAP server • Digitally signed/tamper proof!

  13. Finer Grained Shibboleth Scenario 4. Home site authenticates user and pushes attributes totheservice provider 3.User selects their home institution 2. Shibboleth redirects userto W.A.Y.F. service LDAP 1. User points browser at Grid resource/portal Identity Provider Service provider Shib Frontend AuthN Home Institution 6. Make final AuthZ decision Federation Grid Application 5. Pass authentication info and attributestoauthZ function W.A.Y.F. User Grid Portal

  14. Ok, but… • I can do authorisation but I want single-sign on to lots of distributed resources • Browser allows to keep session information so can access other resources without signing in again • Provided authorisation information valid for different service providers • Each service provider completely autonomous • Can configure attribute release/attribute acceptance policies per identity provider/service provider

  15. Trials & Tribulations of Scottish Clinical Data Space • Scottish Data Space… • Scottish Care Information (SCI) Store • Scottish Morbidity Records (SMR) • General Practitioners Administration System for Scotland (GPASS) • Data dictionary • … • Consent database

  16. SCI Store • Batch-type system that regional health authorities use • Includes • lab results, • biochemical, • haematology, • pathology, • microbiology, • radiology • … • Front end web based tools • input data, • querying

  17. SCI Store…ctd • 16 SCI stores across Scotland • Atos Origin commercial supplier of technology • each have their own schemas collecting different data sets • NeSC been given SCI store software • Includes training data sets • These data sets are partial at best right now • ~100 tables in schema, but only 10 tables used in data provided • SQLServer back-end database

  18. A Quick Tour of SCI Store

  19. Scottish Morbidity Records • Scottish Morbidity Records • Good quality data sets put together by ISD • Historic SMR1 Discharges January 1981 - March 1997 • COPPISH SMR01 Discharges April 1997 onwards • Historic SMR4 Discharges 1981 – March 1997 • COPPISH SMR04 Admissions April 1996 onwards • GRO Death Records January 1980 - December1995 • GRO Death Records January 1996 onwards • SOCRATES (Cancer Registrations) 1980 onwards • (Still) negotiating access to anonymised SMR data sets

  20. GPASS • General Practice Administration System for Scotland (GPASS) • used by over 85% of GPs in Scotland • links from SCI Store to GPASS • access to GPASS software with training data sets • XML API available for querying • www.gpass.co.uk

  21. Data Dictionary • Includes vocabulary for • SMR data • Clinical data • Social care data • Negotiating access to DB back end or web service front end to this • Will link to data federation framework / tools

  22. Consent… Access by academics!?! Why? For pharmaco... what? Geno...what? ....NO!

  23. Data Linkage • Achieved through Community Health Index (CHI) number • 10-character code consisting of • 6-digit date of birth (DDMMYY) • two digits • 9th digit which is always even for females and odd for males • arithmetical check digit • Was scheduled for complete roll-out by 6-6-6

  24. Distributed Data Framework

  25. VOTES Demonstrator(s) • Various proof of concept clinical trials linking SCIStore, GPASS, Consent DBs • Brain Trauma network (www.brainit.org) • Collecting various data sets from brain trauma patients across Europe • Centrally maintained repository in Glasgow Southern General Hospital • MRI images • Physiological data sets • We have been given anonymised versions of these data sets

  26. Dynamicity, Scalability…? • UK Shibboleth federation based around small set of pre-agreed attributes based on eduPerson schema • eduPersonScopedAffiliation: indicates the user’s relationship (e.g., staff, student, etc) within the institution; • eduPersonTargetedID: needed when an SP is presented with an anonymous assertion only, e.g. eduPersonScopedAffiliation. This attribute provides a persistent user pseudonym; • eduPersonPrincipalName: used where a persistent user identifier consistent across different services is needed; • eduPersonEntitlement: enables an institution to assert that a user satisfies an additional set of specific conditions that apply for access to a particular resource • Grid vision for dynamic virtual organisations • Add, remove, change people, institutes, their privileges on the fly for changing sets of resources as required by the VO

  27. Dynamicity, Scalability…? • Dynamic Virtual Organisations for e-Science Education (DyVOSE) project • Delegation issuing service • Remote Source of Authority trusts me to assign their roles to my users • Also allows me to delegate to someone else potentially at a remote site • I trust them to assign roles to my users directly

  28. Future Plans • Several other projects looking to exploit these kinds of things • Major EPSRC pilot project (£5.3M) on “Meeting the Design Challenges of nanoCMOS Electronics” (project just started) • Security essential in this domain including support for IP of data, simulations, processes, licenses,… • Many other life science projects • Grid Enabled Microarray Expression Profile Search • Scottish Bioinformatics Research Network • Biochemical Pathway Simulator • Further proposals building on these solutions • Scottish Grid Service

  29. Questions?

More Related