Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2015 Jun 4:13:176.
doi: 10.1186/s12967-015-0545-6.

A workflow-driven approach to integrate generic software modules in a Trusted Third Party

Martin Bialke  1 Peter Penndorf  2   3 Tim Wegner  4 Thomas Bahls  5   6 Christoph Havemann  7 Jens Piegsa  8 Wolfgang Hoffmann  9   10
Affiliations

A workflow-driven approach to integrate generic software modules in a Trusted Third Party

Martin Bialke et al. J Transl Med. .

Abstract

Background: Cohort studies and registries rely on massive amounts of personal medical data. Therefore, data protection and information security as well as ethical aspects gain in importance and need to be considered as early as possible during the establishment of a study. Resulting legal and ethical obligations require a precise implementation of appropriate technical and organisational measures for a Trusted Third Party.

Methods: This paper defines and organises a consistent workflow-management to realize a Trusted Third Party. In particular, it focusses the technical implementation of a Trusted Third Party Dispatcher to provide basic functionalities (including identity management, pseudonym administration and informed consent management) and measures required to meet study specific conditions of cohort studies and registries. Thereby several independent open source software modules developed and provided by the MOSAIC project are used. This technical concept offers the necessary flexibility and extensibility to address legal and ethical requirements of individual scenarios.

Results: The developed concept for a Trusted Third Party Dispatcher allows mapping single process steps as well as individual requirements and characteristics of particular studies to workflows, which in turn can be combined to model complex Trusted Third Party processes. The uniformity of this approach permits unrestricted re-combination of the available functionalities (depending on the applied software modules) for various research projects.

Conclusion: The proposed approach for the technical implementation of an independent Trusted Third Party reduces the effort for scenario specific implementations as well as for maintenance. The applicability and the efficacy of the concept for a workflow-driven Trusted Third Party could be confirmed during the establishment of several nationwide studies (e.g. German Centre for Cardiovascular Research and the National Cohort).

PubMed Disclaimer

Figures

Figure 1
Figure 1
The Trusted Third Party (TTP) is a core element in a research data management infrastructure: After provision of a system-wide unique identifier for the study participant (identity management), the TTP stores the Informed Consent Document (IC) and provides the required pseudonyms (PSN) for data capture. The participants identifying data (IDAT) is stored within the TTP. Pseudonymised medical data (MDAT) and related metadata are stored in the research platform. The usage of (pseudonymised) medical data typically includes quality assurance, reporting and analysis. If the participant consented to the secondary use of his medical data, data may be provided for further research projects via a separate transfer unit.
Figure 2
Figure 2
Component Overview of the Trusted Third Party (TPP) Dispatcher: Composing functionalities from independent service modules (E-PIX Identity Management, gICS Informed Consent Management, gPAS Pseudonym Management).
Figure 3
Figure 3
Example: defining the individual workflow “Create Participant” for the DZHK required only a subset of basic workflows.
See this image and copyright information in PMC

References

    1. Council of Europe. Convention for the protection of individuals with regard to automatic processing of personal data. In ETS No.108 1981 Strasbourg
    1. European Commission (2012) Official website of the European Commission. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012.... Accessed 02 Oct 2014
    1. World Medical Association (WMA) (2008) WMA Declaration of Helsinki—Ethical Principles for Medical Research Involving Human Subjects. In 59th WMA General Assembly 2008 Korea
    1. Pommerening K, Drepper J, Helbing K, Ganslandt T, Müller T, Speer R et al (2014) Generic data protection concepts for medical research networks 2.0 (Leitfaden zum Datenschutz in medizinischen Forschungsprojekten. Generische Lösungen der TMF 2.0). Berlin. TMF e.V. 2014
    1. Dierks C (2008) Legal evaluation of an electronical data trustee ship of the TMF (Rechtsgutachen zur elektronischen Datentreuhänderschaft der TMF, TMF-Produkt P052011). Berlin. 2008

Publication types

LinkOut - more resources