Marcel Parciak,Theresa Bender,Ulrich Sax,Christian Robert Bauer

DOI: https://doi.org/10.1055/s-0040-1709158

IF: 1.8

2019-12-01

Methods of Information in Medicine

Abstract:Abstract Background Managing research data in biomedical informatics research requires solid data governance rules to guarantee sustainable operation, as it generally involves several professions and multiple sites. As every discipline involved in biomedical research applies its own set of tools and methods, research data as well as applied methods tend to branch out into numerous intermediate and output data objects, making it very difficult to reproduce research results. Objectives This article gives an overview of our implementation status applying the Findability, Accessibility, Interoperability and Reusability (FAIR) Guiding Principles for scientific data management and stewardship onto our research data management pipeline focusing on the software tools that are in use. Methods We analyzed our progress FAIRificating the whole data management pipeline, from processing non-FAIR data up to data usage. We looked at software tools for data integration, data storage, and data usage as well as how the FAIR Guiding Principles helped to choose appropriate tools for each task. Results We were able to advance the degree of FAIRness of our data integration as well as data storage solutions, but lack enabling more FAIR Guiding Principles regarding Data Usage. Existing evaluation methods regarding the FAIR Guiding Principles (FAIRmetrics) were not applicable to our analysis of software tools. Conclusion Using the FAIR Guiding Principles, we FAIRificated relevant parts of our research data management pipeline improving findability, accessibility, interoperability and reuse of datasets and research results. We aim to implement the FAIRmetrics to our data management infrastructure and—where required—to contribute to the FAIRmetrics for research data in the biomedical informatics domain as well as for software tools to achieve a higher degree of FAIRness of our research data management pipeline.

Alexandru Stanciu

DOI: https://doi.org/10.1101/2023.04.21.23288932

2023-04-25

MedRxiv

Abstract:This study focuses on data-related aspects and emphasizes the importance of producing a data management plan (DMP) to address the challenges specific to the collection, processing, storage, security, documentation, sharing, and distribution of data in research projects in the healthcare sector. It provides an overview of the DMP and offers guidelines for creating an effective plan that incorporates the FAIR principles. Additionally, the study outlines the main aspects of data management in the healthcare domain and analyzes several security issues, such as cryptography, biometrics, and digital watermarking, that should be considered for healthcare data. A systematic review of the literature is performed to explore the critical aspects of data management and identify emerging trends, challenges, and innovative solutions that can be incorporated into DMPs.

Silvia Llorente,Jaime Delgado,Daniel Naro,Nikolaos Fotos

DOI: https://doi.org/10.3233/SHTI240627

2024-08-22

Abstract:eHealth data can be generated by different health professionals. Documenting and storing the provenance of medical data will help in providing patients and medical institutions with trustable and traceable information regarding medical procedures and their results. The use of a modular architecture like HIPAMS allows covering different eHealth information representation formats as well as providing protection mechanisms and access control.

Esther Thea Inau,Jean Sack,Dagmar Waltemath,Atinkut Alamirrew Zeleke

DOI: https://doi.org/10.2196/preprints.22505

2020-09-11

Abstract:BACKGROUND Data stewardship is an essential driver of research and clinical practice. Data collection, storage, access, sharing, and analytics are dependent on the proper and consistent use of data management principles among the investigators. Since 2016, the FAIR (findable, accessible, interoperable, and reusable) guiding principles for research data management have been resonating in scientific communities. Enabling data to be findable, accessible, interoperable, and reusable is currently believed to strengthen data sharing, reduce duplicated efforts, and move toward harmonization of data from heterogeneous unconnected data silos. FAIR initiatives and implementation trends are rising in different facets of scientific domains. It is important to understand the concepts and implementation practices of the FAIR data principles as applied to human health data by studying the flourishing initiatives and implementation lessons relevant to improved health research, particularly for data sharing during the coronavirus pandemic. OBJECTIVE This paper aims to conduct a scoping review to identify concepts, approaches, implementation experiences, and lessons learned in FAIR initiatives in the health data domain. METHODS The Arksey and O’Malley stage-based methodological framework for scoping reviews will be used for this review. PubMed, Web of Science, and Google Scholar will be searched to access relevant primary and grey publications. Articles written in English and published from 2014 onwards with FAIR principle concepts or practices in the health domain will be included. Duplication among the 3 data sources will be removed using a reference management software. The articles will then be exported to a systematic review management software. At least two independent authors will review the eligibility of each article based on defined inclusion and exclusion criteria. A pretested charting tool will be used to extract relevant information from the full-text papers. Qualitative thematic synthesis analysis methods will be employed by coding and developing themes. Themes will be derived from the research questions and contents in the included papers. RESULTS The results will be reported using the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-analyses Extension for Scoping Reviews) reporting guidelines. We anticipate finalizing the manuscript for this work in 2021. CONCLUSIONS We believe comprehensive information about the FAIR data principles, initiatives, implementation practices, and lessons learned in the FAIRification process in the health domain is paramount to supporting both evidence-based clinical practice and research transparency in the era of big data and open research publishing. INTERNATIONAL REGISTERED REPORT PRR1-10.2196/22505

Esther Thea Inau,Jean Sack,Dagmar Waltemath,Atinkut Alamirrew Zeleke

DOI: https://doi.org/10.2196/22505

2021-02-02

JMIR Research Protocols

Abstract:Background Data stewardship is an essential driver of research and clinical practice. Data collection, storage, access, sharing, and analytics are dependent on the proper and consistent use of data management principles among the investigators. Since 2016, the FAIR (findable, accessible, interoperable, and reusable) guiding principles for research data management have been resonating in scientific communities. Enabling data to be findable, accessible, interoperable, and reusable is currently believed to strengthen data sharing, reduce duplicated efforts, and move toward harmonization of data from heterogeneous unconnected data silos. FAIR initiatives and implementation trends are rising in different facets of scientific domains. It is important to understand the concepts and implementation practices of the FAIR data principles as applied to human health data by studying the flourishing initiatives and implementation lessons relevant to improved health research, particularly for data sharing during the coronavirus pandemic. Objective This paper aims to conduct a scoping review to identify concepts, approaches, implementation experiences, and lessons learned in FAIR initiatives in the health data domain. Methods The Arksey and O’Malley stage-based methodological framework for scoping reviews will be used for this review. PubMed, Web of Science, and Google Scholar will be searched to access relevant primary and grey publications. Articles written in English and published from 2014 onwards with FAIR principle concepts or practices in the health domain will be included. Duplication among the 3 data sources will be removed using a reference management software. The articles will then be exported to a systematic review management software. At least two independent authors will review the eligibility of each article based on defined inclusion and exclusion criteria. A pretested charting tool will be used to extract relevant information from the full-text papers. Qualitative thematic synthesis analysis methods will be employed by coding and developing themes. Themes will be derived from the research questions and contents in the included papers. Results The results will be reported using the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-analyses Extension for Scoping Reviews) reporting guidelines. We anticipate finalizing the manuscript for this work in 2021. Conclusions We believe comprehensive information about the FAIR data principles, initiatives, implementation practices, and lessons learned in the FAIRification process in the health domain is paramount to supporting both evidence-based clinical practice and research transparency in the era of big data and open research publishing. International Registered Report Identifier (IRRID) PRR1-10.2196/22505

Hongzhi Li,Peng Zhu,Jiacun Wang,Giancarlo Fortino

DOI: https://doi.org/10.1007/s11227-024-06441-x

IF: 3.3

2024-09-19

The Journal of Supercomputing

Abstract:Internet of Medical Things (IoMT) has gradually become the main solution for smart healthcare, and cloud-assisted IoMT is becoming a critical computing paradigm to achieve data collection, fine-grained data analysis, and sharing in healthcare domains. Since IoMT data can be frequently shared for accurate diagnosis, prognosis prediction, and health counseling, how to solve the contradiction between data sharing and privacy protection for IoMT data is a challenge problem. Besides, the cloud-assisted medical system is still at risk of a single point of failure and usually suffers from poor scalability and large response delay. Hence, we propose a blockchain-based privacy-preserving and secure sharing scheme for IoMT data, named BAPS. In BAPS, the Interplanetary File System (IPFS) is adopted to store encrypted records. Then, a non-interactive zero-knowledge proof protocol is employed to verify whether the stored data meets the specific request from data requesters without disclosing personal privacy. Moreover, we combine cryptographic primitives and decentralized smart contracts to achieve user anonymity. Finally, we leverage blockchain and proxy re-encryption to achieve fine-grained sharing of healthcare data. Security analysis indicates that this scheme meets the expected security requirements. The computational cost of BAPS is reduced by about 6% compared to state-of-the-art schemes, while the communication overhead is reduced by about 8%. Both theoretical analysis and experiment results show that this scheme can realize privacy-preserving and secure data sharing with acceptable computational and communication costs.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Toomas Klementi,Gunnar Piho,Peeter Ross

DOI: https://doi.org/10.3389/fmed.2024.1411013

IF: 3.9

2024-07-16

Frontiers in Medicine

Abstract:Introduction This paper addresses the dilemmas of accessibility, comprehensiveness, and ownership related to health data. To resolve these dilemmas, we propose and justify a novel, globally scalable reference architecture for a Personal Health Data Space (PHDS). This architecture leverages decentralized content-addressable storage (DCAS) networks, ensuring that the data subject retains complete control and ownership of their personal health data. In today's globalized world, where people are increasingly mobile for work and leisure, healthcare is transitioning from episodic symptom-based treatment toward continuity of care. The main aims of this are patient engagement, illness prevention, and active and healthy longevity. This shift, along with the secondary use of health data for societal benefit, has intensified the challenges associated with health data accessibility, comprehensiveness, and ownership. Method The study is structured around four health data use case scenarios from the Estonian National Health Information System (EHIS): primary medical use, medical emergency use, secondary use, and personal use. We analyze these use cases from the perspectives of accessibility, comprehensiveness, and ownership. Additionally, we examine the security, privacy, and interoperability aspects of health data. Results The proposed architectural solution allows individuals to consolidate all their health data into a unified Personal Health Record (PHR). This data can come from various healthcare institutions, mobile applications, medical devices for home use, and personal health notes. Discussions The comprehensive PHR can then be shared with healthcare providers in a semantically interoperable manner, regardless of their location or the information systems they use. Furthermore, individuals maintain the autonomy to share, sell, or donate their anonymous or pseudonymous health data for secondary use with different systems worldwide. The proposed reference architecture aligns with the principles of the European Health Data Space (EHDS) initiative, enhancing health data management by providing a secure, cost-effective, and sustainable solution.

medicine, general & internal

Mauricio Solar,Victor Castañeda,Ricardo Ñanculef,Lioubov Dombrovskaia,Mauricio Araya

DOI: https://doi.org/10.3390/s24154985

2024-08-01

Abstract:This article presents an ingestion procedure towards an interoperable repository called ALPACS (Anonymized Local Picture Archiving and Communication System). ALPACS provides services to clinical and hospital users, who can access the repository data through an Artificial Intelligence (AI) application called PROXIMITY. This article shows the automated procedure for data ingestion from the medical imaging provider to the ALPACS repository. The data ingestion procedure was successfully applied by the data provider (Hospital Clínico de la Universidad de Chile, HCUCH) using a pseudo-anonymization algorithm at the source, thereby ensuring that the privacy of patients' sensitive data is respected. Data transfer was carried out using international communication standards for health systems, which allows for replication of the procedure by other institutions that provide medical images. Objectives: This article aims to create a repository of 33,000 medical CT images and 33,000 diagnostic reports with international standards (HL7 HAPI FHIR, DICOM, SNOMED). This goal requires devising a data ingestion procedure that can be replicated by other provider institutions, guaranteeing data privacy by implementing a pseudo-anonymization algorithm at the source, and generating labels from annotations via NLP. Methodology: Our approach involves hybrid on-premise/cloud deployment of PACS and FHIR services, including transfer services for anonymized data to populate the repository through a structured ingestion procedure. We used NLP over the diagnostic reports to generate annotations, which were then used to train ML algorithms for content-based similar exam recovery. Outcomes: We successfully implemented ALPACS and PROXIMITY 2.0, ingesting almost 19,000 thorax CT exams to date along with their corresponding reports.

Rui Lebre,Luís Bastião,Carlos Costa

DOI: https://doi.org/10.1007/s10278-020-00373-7

2020-06-14

Abstract:Background and Objective: Nowadays usage paradigms of medical imaging resources are requesting vendor-neutral archives, accessible through standard interfaces, with multi-repository support. Regional repositories shared by distinct institutions, teleradiology as a service at Cloud, teaching and research archives, are illustrative examples of this new reality. However, traditional production environments have a server archive instance per functional domain where every registered client application has access to all studies. This paper proposes an innovator ownership concept and access control mechanisms that provide a multi-repository environment and integrates well with standard protocols. Methods: A secure accounting mechanism for medical imaging repositories were designed and instantiated as an extension of a well-known open-source archive. A new Web services layer was implemented to provide a vendor-neutral solution complaint with modern DICOM-Web protocols for storage, search and retrieve of medical imaging data. Results: The concept validation was done through the integration of proposed architecture in an open-source solution. A quantitative assessment was performed for evaluating the impact of the mechanism in the usual DICOM Web operations. Conclusions: This article proposes a secure accounting architecture able to easily convert a standard medical imaging archive server in a multi-repository solution. The proposal validation was done through a set of tests that demonstrated its robustness and usage feasibility in a production environment. The proposed system offers new services, fundamental in a new era of Cloud-based operations, with acceptable temporal costs.

Software Engineering,Cryptography and Security

Silvia Rodríguez-Mejías,Sara Degli-Esposti,Sara González-García,Carlos Luis Parra-Calderón

DOI: https://doi.org/10.1016/j.jbi.2024.104670

Abstract:Background: Art. 50 of the proposal for a Regulation on the European Health Data Space (EHDS) states that "health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organizational measures and security and interoperability requirements". Objective: To identify specific security measures that nodes participating in health data spaces shall implement based on the results of the IMPaCT-Data project, whose goal is to facilitate the exchange of electronic health records (EHR) between public entities based in Spain and the secondary use of this information for precision medicine research in compliance with the General Data Protection Regulation (GDPR). Data and methods: This article presents an analysis of 24 out of a list of 72 security measures identified in the Spanish National Security Scheme (ENS) and adopted by members of the federated data infrastructure developed during the IMPaCT-Data project. Results: The IMPaCT-Data case helps clarify roles and responsibilities of entities willing to participate in the EHDS by reconciling technical system notions with the legal terminology. Most relevant security measures for Data Space Gatekeepers, Enablers and Prosumers are identified and explained. Conclusion: The EHDS can only be viable as long as the fiduciary duty of care of public health authorities is preserved; this implies that the secondary use of personal data shall contribute to the public interest and/or to protect the vital interests of the data subjects. This condition can only be met if all nodes participating in a health data space adopt the appropriate organizational and technical security measures necessary to fulfill their role.

Felix Nikolaus Wirth,Thierry Meurers,Marco Johns,Fabian Prasser

DOI: https://doi.org/10.1186/s12911-021-01602-x

IF: 3.298

2021-08-12

BMC Medical Informatics and Decision Making

Abstract:Abstract Background Data sharing is considered a crucial part of modern medical research. Unfortunately, despite its advantages, it often faces obstacles, especially data privacy challenges. As a result, various approaches and infrastructures have been developed that aim to ensure that patients and research participants remain anonymous when data is shared. However, privacy protection typically comes at a cost, e.g. restrictions regarding the types of analyses that can be performed on shared data. What is lacking is a systematization making the trade-offs taken by different approaches transparent. The aim of the work described in this paper was to develop a systematization for the degree of privacy protection provided and the trade-offs taken by different data sharing methods. Based on this contribution, we categorized popular data sharing approaches and identified research gaps by analyzing combinations of promising properties and features that are not yet supported by existing approaches. Methods The systematization consists of different axes. Three axes relate to privacy protection aspects and were adopted from the popular Five Safes Framework: (1) safe data, addressing privacy at the input level, (2) safe settings, addressing privacy during shared processing, and (3) safe outputs, addressing privacy protection of analysis results. Three additional axes address the usefulness of approaches: (4) support for de-duplication, to enable the reconciliation of data belonging to the same individuals, (5) flexibility, to be able to adapt to different data analysis requirements, and (6) scalability, to maintain performance with increasing complexity of shared data or common analysis processes. Results Using the systematization, we identified three different categories of approaches: distributed data analyses, which exchange anonymous aggregated data, secure multi-party computation protocols, which exchange encrypted data, and data enclaves, which store pooled individual-level data in secure environments for access for analysis purposes. We identified important research gaps, including a lack of approaches enabling the de-duplication of horizontally distributed data or providing a high degree of flexibility. Conclusions There are fundamental differences between different data sharing approaches and several gaps in their functionality that may be interesting to investigate in future work. Our systematization can make the properties of privacy-preserving data sharing infrastructures more transparent and support decision makers and regulatory authorities with a better understanding of the trade-offs taken.

medical informatics

Caiyuan Tang,Feng Wang,Chenbin Zhao,Xiuqiang Chen

DOI: https://doi.org/10.1002/ett.4816

IF: 3.6

2023-06-21

Transactions on Emerging Telecommunications Technologies

Abstract:This image is the system model of our proposed scheme (IPAPS) and shows that our scheme includes three entires: data owner (DO), medical cloud storage server (MCSS), and third‐party auditor (TPA). In order to verify the integrity of data outsourced to the server, DO authorizes TPA to achieve the public auditing, then the authorized TPA sends verification requests to the MCSS. Finally, TPA verifies the responses returned from the MCSS and sends the result of the verification to the DO. Cloud‐based medical storage system is becoming popular. Cloud server is curious about the private information of stored cases, and the integrity of outsourced data has become increasingly concerned. Numerous public auditing protocols for the outsourced data into the cloud server were proposed. Unfortunately, in the existing protocols, some of them may neglect security to improve efficiency. Recently, Li et al. proposed an efficient privacy‐preserving public auditing protocol for cloud‐based medical storage system (EPPAP), which improved the communication efficiency by storing some of data owner's data in third part auditors, however we find that the protocol is vulnerable to collusion attack and replace attack. In this paper, we analyze the security attacks of the existing protocol, and further propose an improved public auditing protocol for secure data storage in cloud‐based medical storage system (IPAPS). In addition, we give the formal security proof and analyze the performance of our proposed protocol. The security proof shows our protocol takes into account integrity, collusion attack and replace attack at the same time. The simulation experiments in our performance analysis show that the proposed protocol is practical.

telecommunications

Luis Kuhn Cuellar,Andreas Friedrich,Gisela Gabernet,Luis de la Garza,Sven Fillinger,Adrian Seyboldt,Tobias Koch,Sven zur Oven-Krockhaus,Friederike Wanke,Sandra Richter,Wolfgang M. Thaiss,Marius Horger,Nisar Malek,Klaus Harter,Michael Bitzer,Sven Nahnsen

DOI: https://doi.org/10.1186/s12859-022-04584-3

IF: 3.307

2022-02-07

BMC Bioinformatics

Abstract:Abstract Background As technical developments in omics and biomedical imaging increase the throughput of data generation in life sciences, the need for information systems capable of managing heterogeneous digital assets is increasing. In particular, systems supporting the findability, accessibility, interoperability, and reusability (FAIR) principles of scientific data management. Results We propose a Service Oriented Architecture approach for integrated management and analysis of multi-omics and biomedical imaging data. Our architecture introduces an image management system into a FAIR-supporting, web-based platform for omics data management. Interoperable metadata models and middleware components implement the required data management operations. The resulting architecture allows for FAIR management of omics and imaging data, facilitating metadata queries from software applications. The applicability of the proposed architecture is demonstrated using two technical proofs of concept and a use case, aimed at molecular plant biology and clinical liver cancer research, which integrate various imaging and omics modalities. Conclusions We describe a data management architecture for integrated, FAIR-supporting management of omics and biomedical imaging data, and exemplify its applicability for basic biology research and clinical studies. We anticipate that FAIR data management systems for multi-modal data repositories will play a pivotal role in data-driven research, including studies which leverage advanced machine learning methods, as the joint analysis of omics and imaging data, in conjunction with phenotypic metadata, becomes not only desirable but necessary to derive novel insights into biological processes.

biochemical research methods,biotechnology & applied microbiology,mathematical & computational biology

Brent J. Liu,Zheng Zhou,H. K. Huang

DOI: https://doi.org/10.1007/s10278-005-9248-5

IF: 4.903

2005-01-01

Journal of Digital Imaging

Abstract:The Health Insurance Portability and Accountability Act (HIPAA, instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems [e.g., picture archiving and communication system (PACS)] have components that generate log files for application debugging purposes, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log data generated by these multiple components within a PACS. We have designed a HIPAA-compliant architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, we developed HIPAA-compliant auditing system (H-CAS) based on parts of this HIPAA-compliant architecture. H-CAS was implemented within a test-bed PACS simulator located in the Image Processing and Informatics lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as on normal operational activity. Integration and implementation pitfalls were also noted and included.

Hassan Mansur Hussien,Sharifah Md Yasin,Nur Izura Udzir,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.3390/s21072462

2021-04-02

Abstract:Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie-Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems.

Ignacio Gómez-Rico Junquero,Pedro-Miguel Martinez-Girones,Adrian Galiana-Bordera,Antonio Orduña Galán,Sonia Ginés,Cayetano Miguel Hernández Marín,Luis Martí-Bonmatí

DOI: https://doi.org/10.1016/j.ijmedinf.2024.105549

Abstract:Introduction and purpose: We present the needs, design, development, implementation, and accessibility of a crafted experimental PACS (ePACS) system to securely store images, ensuring efficiency and ease of use for AI processing, specifically tailored for research scenarios, including phantoms, animal and human studies and quality assurance (QA) exams. The ePACS system plays a crucial role in any medical imaging departments that handle non-care profile studies, such as protocol adjustments and dummy runs. By effectively segregating non-care profile studies from the healthcare assistance, the ePACS usefully prevents errors both in clinical practice and storage security. Methods and results: The developed ePACS system considers the best practices for management, maintenance, access, long-term storage and backups, regulatory audits, and economic aspects. Moreover, key aspects of the ePACS system include the design of data flows with a focus on incorporating data security and privacy, access control and levels based on user profiles, internal data management policies, standardized architecture, infrastructure and application monitorization and traceability, and periodic backup policies. A new tool called DicomStudiesQA has been developed to standardize the analysis of DICOM studies. The tool automatically identifies, extracts, and renames series using a consistent nomenclature. It also detects corrupted images and merges separated dynamic series that were initially split, allowing for streamlined post-processing. Discussion and conclusions: The developed ePACS system encompasses a successful implementation, both in hospital and research environments, showcasing its transformative nature and the challenging yet crucial transfer of knowledge to industry. This underscores the practicality and real-world applicability of our innovative approach, highlighting the significant impact it has on the field of experimental radiology.

Judith A Wiener,Anne T Gilliland

DOI: https://doi.org/10.3163/1536-5050.99.1.005

Abstract:Objective: The investigation provides recommendations for establishing institutional collection guidelines and policies that protect the integrity of the historical record, while upholding the privacy and confidentiality of those who are protected by Health Insurance Portability and Accountability Act (HIPAA) or professional ethical standards. Methods: The authors completed a systematic historical investigation of the concepts of collection integrity, privacy, and confidentiality in the formal and informal legal and professional ethics literature and applied these standards to create best practices for institutional policies in these areas. Results: Through an in-depth examination of the historical concepts of privacy and confidentiality in the legal and professional ethics literature, the authors were able to create recommendations that would allow institutions to provide access to important, yet sensitive, materials, while complying with the standards set by HIPAA regulations and professional ethical expectations. Conclusion: With thoughtful planning, it is possible to balance the integrity of and access to the historical record of sensitive documents, while supporting the privacy protections of HIPAA and professional ethical standards. Although it is theorized that collection development policies of institutions have changed due to HIPAA legislation, additional research is suggested to see how various legal interpretations have affected the integrity of the historical record in actuality.

Jayapriya Jayabalan,N. Jeyanthi

DOI: https://doi.org/10.1016/j.jpdc.2022.03.009

IF: 4.542

2022-06-01

Journal of Parallel and Distributed Computing

Abstract:Traditional healthcare systems in the present scenario follow centralized client-server architecture to store and process patient-health related information. Data stored in each of the healthcare institution remain in silos which cannot be easily shared with other institutions due to technical and infrastructural constraints. Hospitals do not have an effective and secure data sharing mechanism leading to monetary and resource loss in the case of a person visiting different hospitals. Blockchain, a disruptive technology with secure and reliable decentralized framework, and can be used to circumvent problems in traditional healthcare architecture for secure storage, sharing and retrieval of Electronic Health Records (EHR). A blockchain-based framework integrated with InterPlanetary File System (IPFS) for EHR in healthcare management has been proposed in this paper. This proposed framework will enable healthcare institutions to maintain fail-safe and tamper-proof healthcare ledgers in a decentralized manner. Hospitals and doctors act as lightweight nodes, whereas patient nodes can be full or lightweight nodes. The model proposes two-factor authentication and multi-factor authentication for preventing fake node attacks. Patient-centric access model allows the patients to act as digital stewards for their health data, allowing access to doctors and hospitals on demand and revoking it after stipulated time. Symmetric key encryption (AES-128) is used for encrypting data before storing into IPFS. Asymmetric encryption (RSA-4096) is used for generating digital envelopes to pass on symmetric key to authorized entities. Digital signatures (RSA-1024) make sure that the transactions are valid and from authorized nodes. Hashing of the encrypted data is done using SHA-256 algorithm. Multiple layers of security implemented in this model makes sure that adversaries cannot obtain data stored in IPFS; even if they retrieve the data, it will not be meaningful since it is encrypted. The proposed framework for off-chain storage of health data using IPFS saves blockchain structure from scalability issues. Further the proposal for blockchain integration with IPFS helps preserve privacy in the healthcare system, making it highly secure, scalable and robust.

computer science, theory & methods

Pinky Bai,Sushil Kumar,Kirshna Kumar,Omprakash Kaiwartya,Jaime Lloret,Mufti Mahmud

DOI: https://doi.org/10.3390/electronics11203311

IF: 2.9

2022-10-15

Electronics

Abstract:Smart healthcare systems provide user-centric medical services to patients based on collected information of patients inducing personal health information (PHI) and personal identifiable information (PII). The information (PII and PHI) flows into the smart healthcare system with or without any regulation and patient concern with the help of new information and communication technologies (ICT). The use of ICT comes with the security and privacy issues of collected PII and PHI data. The Europe Union has published the General Data Protection Regulation (GDPR) to regulate the flow of personal information. Towards this end, this paper proposes a blockchain-based data storage and sharing framework for a smart healthcare system that complies with the "Privacy by Design" rule of the GDPR. The personal information collected from patients is stored on off-chain storage (IPFS), and other information is stored on the blockchain ledger, which is visible to all participants. The smart contracts are designed to share the PII data with another participant based on prior permission of the data owner. The proposed framework also includes the deletion of PII and PHI in the system as per the "Right to be Forgotten" GDPR rule. Security and privacy analyses are performed for the framework to demonstrate the security and privacy of data while sharing and at rest. The comparative performance analysis demonstrates the benefit of the proposed GDPR-compliant data storage and sharing framework using blockchain. It is evident from the reported results that the proposed framework outperforms the state-of-the-art techniques in terms of performance metrics in a smart healthcare system.

engineering, electrical & electronic,computer science, information systems,physics, applied

Birger Haarbrandt,Björn Schreiweis,Sabine Rey,Ulrich Sax,Simone Scheithauer,Otto Rienhoff,Petra Knaup-Gregori,Udo Bavendiek,Christoph Dieterich,Benedikt Brors,Inga Kraus,Caroline Marieken Thoms,Dirk Jäger,Volker Ellenrieder,Björn Bergh,Ramin Yahyapour,Roland Eils,HiGHmed Consortium,Michael Marschollek

DOI: https://doi.org/10.3414/ME18-02-0002

Abstract:Introduction: This article is part of the Focus Theme of Methods of Information in Medicine on the German Medical Informatics Initiative. HiGHmed brings together 24 partners from academia and industry, aiming at improvements in care provision, biomedical research and epidemiology. By establishing a shared information governance framework, data integration centers and an open platform architecture in cooperation with independent healthcare providers, the meaningful reuse of data will be facilitated. Complementary, HiGHmed integrates a total of seven Medical Informatics curricula to develop collaborative structures and processes to train medical informatics professionals, physicians and researchers in new forms of data analytics. Governance and policies: We describe governance structures and policies that have proven effective during the conceptual phase. These were further adapted to take into account the specific needs of the development and networking phase, such as roll-out, carerelated aspects and our focus on curricula development in Medical Inform atics. Architectural framework and methodology: To address the challenges of organizational, technical and semantic interoperability, a concept for a scalable platform architecture, the HiGHmed Platform, was developed. We outline the basic principles and design goals of the open platform approach as well as the roles of standards and specifications such as IHE XDS, openEHR, SNOMED CT and HL7 FHIR. A shared governance framework provides the semantic artifacts which are needed to establish semantic interoperability. Use cases: Three use cases in the fields of oncology, cardiology and infection control will demonstrate the capabilities of the HiGHmed approach. Each of the use cases entails diverse challenges in terms of data protection, privacy and security, including clinical use of genome sequencing data (oncology), continuous longitudinal monitoring of physical activity (cardiology) and cross-site analysis of patient movement data (infection control). Discussion: Besides the need for a shared governance framework and a technical infrastructure, backing from clinical leaders is a crucial factor. Moreover, firm and sustainable commitment by participating organizations to collaborate in further development of their information system architectures is needed. Other challenges including topics such as data quality, privacy regulations, and patient consent will be addressed throughout the project.