BackgroundCohort studies and registries rely on massive amounts of personal medical data. Therefore, data protection and information security as well as ethical aspects gain in importance and need to be considered as early as possible during the establishment of a study. Resulting legal and ethical obligations require a precise implementation of appropriate technical and organisational measures for a Trusted Third Party.MethodsThis paper defines and organises a consistent workflow-management to realize a Trusted Third Party. In particular, it focusses the technical implementation of a Trusted Third Party Dispatcher to provide basic functionalities (including identity management, pseudonym administration and informed consent management) and measures required to meet study specific conditions of cohort studies and registries. Thereby several independent open source software modules developed and provided by the MOSAIC project are used. This technical concept offers the necessary flexibility and extensibility to address legal and ethical requirements of individual scenarios.ResultsThe developed concept for a Trusted Third Party Dispatcher allows mapping single process steps as well as individual requirements and characteristics of particular studies to workflows, which in turn can be combined to model complex Trusted Third Party processes. The uniformity of this approach permits unrestricted re-combination of the available functionalities (depending on the applied software modules) for various research projects.ConclusionThe proposed approach for the technical implementation of an independent Trusted Third Party reduces the effort for scenario specific implementations as well as for maintenance. The applicability and the efficacy of the concept for a workflow-driven Trusted Third Party could be confirmed during the establishment of several nationwide studies (e.g. German Centre for Cardiovascular Research and the National Cohort).
[1]
Y. Poullet,et al.
CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA CONVENTION 108 Guidelines on Facial Recognition Directorate General of Human Rights and Rule of Law
,
2008
.
[2]
Martin Lablans,et al.
A RESTful interface to pseudonymization services in modern web applications
,
2015,
BMC Medical Informatics and Decision Making.
[3]
Sylvia Stracke,et al.
Cohort profile: Greifswald approach to individualized medicine (GANI_MED)
,
2014,
Journal of Translational Medicine.
[4]
Marc Langheinrich,et al.
Privacy By Design
,
2013,
IEEE Pervasive Comput..
[5]
C M Lenson.
Building a successful enterprise master patient index: a case study.
,
1998,
Topics in health information management.
[6]
Bobby Woolf,et al.
Enterprise Integration Patterns
,
2003
.
[7]
Domján Andrea,et al.
World Medical Association Declaration of Helsinki (WMA) - Ethical principles for medical research involving human subjects
,
2014
.
[8]
Paul Marschall,et al.
Individualized medicine – ethical, economical and historical perspectives
,
2014,
EPMA Journal.
[9]
Thomas Bahls,et al.
Ethics Meets IT: Aspects and Elements of Computer-based Informed Consent Processing
,
2015
.
[10]
R Bache,et al.
Piloting the EHR4CR Feasibility Platform across Europe
,
2014,
Methods of Information in Medicine.