180 likes | 352 Views
An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare. Nevena Stolba. A Min Tjoa. WIT Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria
E N D
An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare Nevena Stolba A Min Tjoa WIT Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria stolba@wit.tuwien.ac.at Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria amin@ifs.tuwien.ac.at
Motivation • Evidence-based medicine (EBM) is a new healthcare scientific paradigm aiming at the prevention, diagnosis and treatment of diseases using medical evidence. • Integration of external evidence-based data sources into the existing clinical information system and finding of appropriate therapy alternatives for a given patient and a given disease is a major research challenge. • Defining of explicit common security regulations and standards is a process, where both the patient’s individual rights (patient’s privacy and data protection) and the collective, societal demands (scientific progress and development of new technologies) need to be considered. • We show the need of a high-secure decision support system in order to facilitate the practical use of evidence-based medicine with respect to the privacy regulations
Outline • Decision support systems (DSS) • Evidence-based medicine (EBM) • Data Warehouse (DWH) facilitating evidence-based medicine • Security concept for healthcare decision support systems • Depersonalisation • Pseudonymisation • Role-based access • Conclusion
Data Warehouse • Inmon: A Data Warehouse is a subject-oriented, integrated, time-variant and non-volatile collection of data in support of management's decision making process. • DWH integrates data from diverse internal and external data sources to support: • Reporting • Analysis • Track business trends • Improve strategic decisions • Enhance forcasting
Evidence-Based Medicine (2/2) • Sackett et al., 1996 : Evidence based medicine is the conscientious, explicit, and judicious use of current best evidence in making decisions about the care of individual patients.
Data Warehouse facilitating EBM (1/3) • Health care institutions are deploying data warehouse applications and decision support tools on top of them for their strategic decision making processes. • The main role of the clinical decision support systems is: • To reduce medical errors • To increase operating efficiency • To reduce treatment costs • To give advice about staffing plans etc.
Data Warehouse facilitating EBM (2/3) • Examples of DWH applications in the area of EBM: • Generation of evidence-based guidelines • Discover unknown data patterns • Identify trends • Recognize best practices for different desease treatments • Support of decision making processes of clinical management, human resources and clinical administration • Creation of business strategies • Treatment scheduling • Staffing plans
Data Warehouse facilitating EBM (3/3) Support of clinicians at the point of care
Security Concept for Healthcare DSS • Healthcare decision support systems comprise large volumes of sensitive data and therefore must guaranty a high degree of data protection. • Security measures, which need to be considered to protect data privacy in DSS in order to facilitate evidence based medicine: • Password identification for the healthcare DSS – users • Any data modification must bear a digital signature • Tracking of data manipulation through log files • Confidential health data should only be stored in a coded or encrypted form on a mobile medium • Public Key Infrastructure for transportation security • Data used for EBM purposes must be depersonalised and pseudonymised • A role-based access model has to be implemented
Depersonalisation and Pseudonymisation • The Health Insurance Portability and Accountability Act (HIPAA) and the European Commission's Directive on Data Protection have created a great impact on the sharpness of security regulations. • The goal of evidence-based medicine (to recognise the symptoms, best treatments and prevention patterns for a given disease) can solely be accomplished by analyzing unidentifiable patient data. • Depersonalization and pseudonymisation procedures are used to prevent re-identification of personal data
Depersonalisation (1/1) • Taweel et al., 2004: Depersonalisation is removal of any residual information that might risk identification – e.g. names of relatives, nick names, place names, unusual occupations, etc. • Stolba, Banek and Tjoa, 2005: depersonalisation may be done by: • Grouping data • protecting sensitive data through grouping (i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…). • Hiding data • all data interesting for detailed data mining (occupation, hobbies) are concealed • Removing data • key identifying data unnecessary for the research (e.g. name, exact birth day, precise address, nick names, name of relatives etc) are removed.
Depersonalisation (2/2) • Administrative users (most often: clinical management) specify sensitive data and its sensitivity levels
Pseudonymisation (1/2) • Pseudonymity is a state of disguised identity resulting from the use of a pseudonym. • The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names (legal identities) • Pseudonymisation is especially suitable for the requirements of EBM because it enables a consolidation of different patients’ data without revealing patient identities. • Depending on the requirements, two kinds of pseudonymisation can be used: • one-way pseudonymisation • reversible pseudonymisation
Pseudonymisation (2/2) • Privacy preserving measures during query processing in the data warehouse supporting evidence-based medicine: SSN - Social Security Nr. PD - Personal Data HCD - Health Care Data
Role-Based Access • The role based access model is used for decision support systems in order to ensure that in EBM-users can only access those data, which is granted to the role they have. • Role is a job description regardless of the actor performing it. • Roles should exactly be assigned with those authorisations that are needed to fulfil the duties of the job. • Each user in the DWH should be assigned to at least one role, though multiple roles are allowed. • A user can play only one role at the time.
Conclusion • Not enough attention is paid to the protection of high sensitive patient data. • Main reasons for the security threats: • System complexity • High amount of users • Great data volumes residing in a medical DSS • The proposed security approach ensures that patient privacy and confidentiality are preserved while delivering a rich medical repository for the research purposes, leading to the scientific progress in EBM.