Subscribe to RSS
DOI: 10.1055/a-1950-2791
3LGM2IHE: Requirements for Data-Protection-Compliant Research Infrastructures—A Systematic Comparison of Theory and Practice-Oriented Implementation
Funding This research was funded by the German Research Foundation (DFG), Grant Number BI 1930/2-2.
Abstract
Objectives The TMF (Technology, Methods, and Infrastructure for Networked Medical Research) Data Protection Guide (TMF-DP) makes path-breaking recommendations on the subject of data protection in research projects. It includes comprehensive requirements for applications such as patient lists, pseudonymization services, and consent management services. Nevertheless, it lacks a structured, categorized list of requirements for simplified application in research projects and systematic evaluation. The 3LGM2IHE (“Three-layer Graphbased meta model – Integrating the Healthcare Enterprise [IHE] ” ) project is funded by the German Research Foundation (DFG). 3LGM2IHE aims to define modeling paradigms and implement modeling tools for planning health care information systems. In addition, one of the goals is to create and publish 3LGM2 information system architecture design patterns (short “design patterns”) for the community as design models in terms of a framework. A structured list of data protection-related requirements based on the TMF-DP is a precondition to integrate functions (3LGM2 Domain Layer) and building blocks (3LGM2 Logical Tool Layer) in 3LGM2 design patterns.
Methods In order to structure the continuous text of the TMF-DP, requirement types were defined in a first step. In a second step, dependencies and delineations of the definitions were identified. In a third step, the requirements from the TMF-DP were systematically extracted. Based on the identified lists of requirements, a fourth step included the comparison of the identified requirements with exemplary open source tools as provided by the “Independent Trusted Third Party of the University Medicine Greifswald” (TTP tools).
Results As a result, four lists of requirements were created, which contain requirements for the “patient list”, the “pseudonymization service”, and the “consent management”, as well as cross-component requirements from the TMF-DP chapter 6 in a structured form. Further to requirements (1), possible variants (2) of implementations (to fulfill a single requirement) and recommendations (3) were identified. A comparison of the requirements lists with the functional scopes of the open source tools E-PIX (record linkage), gPAS (pseudonym management), and gICS (consent management) has shown that these fulfill more than 80% of the requirements.
Conclusions A structured set of data protection-related requirements facilitates a systematic evaluation of implementations with respect to the fulfillment of the TMF-DP guidelines. These re-usable lists provide a decision aid for the selection of suitable tools for new research projects. As a result, these lists form the basis for the development of data protection-related 3LGM2 design patterns as part of the 3LGM2IHE project.
Keywords
informed consents - General Data Protection Regulation - record linkage - consent management - pseudonymizationStatement of Ethical Approval
This research does not require an ethical approval.
Publication History
Received: 16 February 2022
Accepted: 23 September 2022
Accepted Manuscript online:
23 September 2022
Article published online:
15 December 2022
© 2022. The Author(s). This is an open access article published by Thieme under the terms of the Creative Commons Attribution-NonDerivative-NonCommercial License, permitting copying and reproduction so long as the original work is given appropriate credit. Contents may not be used for commercial purposes, or adapted, remixed, transformed or built upon. (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany
-
References
- 1 Pommerening K, Drepper J, Helbing K, Ganslandt T. Guideline for Data Protection in Medical Research Projects: TMF's Generic Solutions 2.0. 1st ed. Berlin: ; MVW; 2014
- 2 Bialke M, Penndorf P, Wegner T. et al. A workflow-driven approach to integrate generic software modules in a trusted third party. J Transl Med 2015; 13: 176
- 3 Hampf C, Geidel L, Zerbe N. et al. Assessment of scalability and performance of the record linkage tool E-PIX® in managing multi-million patients in research projects at a large university hospital in Germany. J Transl Med 2020; 18 (01) 86
- 4 Rau H, Geidel L, Bialke M. et al. The generic Informed Consent Service gICS®: implementation and benefits of a modular consent software tool to master the challenge of electronic consent management in research. J Transl Med 2020; 18 (01) 287
- 5 Volmerg J, Bienzeisler J, Klausen A. et al. The technical principles of the ILEG study – preparing the connection of primary and secondary healthcare data. , at: https://dx.doi.org/10.3205/21gmds034
- 6 ths-greifswald.de. Live-demos of the trusted third party tools E-PIX, gICS and gPAS. May 15, 2019. Accessed September 02, 2021, at: https://www.ths-greifswald.de/en/live-demos-of-trusted-third-party-tools/
- 7 www.medizininformatik-initiative.de . Medical Informatics Initiative – Strengthening research and advancing healthcare. Accessed December 01, 2021, at: https://www.medizininformatik-initiative.de/en
- 8 Hoffmann W, Rienhoff O. Verfahrensbeschreibung und Datenschutzkonzept des Zentralen Datenmanagements des DZHK. Version 1.2, March 24, 2014, at: https://dzhk.de/fileadmin/user_upload/Datenschutzkonzept_des_DZHK.pdf