Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Apr 18:12:e53075.
doi: 10.2196/53075.

Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study

Eric Wündisch  1 Peter Hufnagl  2 Peter Brunecker  3 Sophie Meier Zu Ummeln  1 Sarah Träger  1 Marcus Kopp  1 Fabian Prasser #  4 Joachim Weber #  1   5   6
Affiliations

Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study

Eric Wündisch et al. JMIR Med Inform. .

Abstract

Background: Pseudonymization has become a best practice to securely manage the identities of patients and study participants in medical research projects and data sharing initiatives. This method offers the advantage of not requiring the direct identification of data to support various research processes while still allowing for advanced processing activities, such as data linkage. Often, pseudonymization and related functionalities are bundled in specific technical and organization units known as trusted third parties (TTPs). However, pseudonymization can significantly increase the complexity of data management and research workflows, necessitating adequate tool support. Common tasks of TTPs include supporting the secure registration and pseudonymization of patient and sample identities as well as managing consent.

Objective: Despite the challenges involved, little has been published about successful architectures and functional tools for implementing TTPs in large university hospitals. The aim of this paper is to fill this research gap by describing the software architecture and tool set developed and deployed as part of a TTP established at Charité - Universitätsmedizin Berlin.

Methods: The infrastructure for the TTP was designed to provide a modular structure while keeping maintenance requirements low. Basic functionalities were realized with the free MOSAIC tools. However, supporting common study processes requires implementing workflows that span different basic services, such as patient registration, followed by pseudonym generation and concluded by consent collection. To achieve this, an integration layer was developed to provide a unified Representational state transfer (REST) application programming interface (API) as a basis for more complex workflows. Based on this API, a unified graphical user interface was also implemented, providing an integrated view of information objects and workflows supported by the TTP. The API was implemented using Java and Spring Boot, while the graphical user interface was implemented in PHP and Laravel. Both services use a shared Keycloak instance as a unified management system for roles and rights.

Results: By the end of 2022, the TTP has already supported more than 10 research projects since its launch in December 2019. Within these projects, more than 3000 identities were stored, more than 30,000 pseudonyms were generated, and more than 1500 consent forms were submitted. In total, more than 150 people regularly work with the software platform. By implementing the integration layer and the unified user interface, together with comprehensive roles and rights management, the effort for operating the TTP could be significantly reduced, as personnel of the supported research projects can use many functionalities independently.

Conclusions: With the architecture and components described, we created a user-friendly and compliant environment for supporting research projects. We believe that the insights into the design and implementation of our TTP can help other institutions to efficiently and effectively set up corresponding structures.

Keywords: EHR; application; architecture; consent; data management; data privacy; electronic health record; health platform; health record; identifying data; implementation; infrastructure; modular; pseudonymisation; pseudonymization; scalability; security; software; trusted third party; user interface.

PubMed Disclaimer

Conflict of interest statement

Conflicts of Interest: None declared.

Figures

Figure 1.
Figure 1.. Stages of the functional authorization model.
Figure 2.
Figure 2.. Workflow of actions in the app.
Figure 3.
Figure 3.. Architecture overview, including wrapped MOSAIC stack (core components); systems maintained by the trusted third party (TTP; graphical components as well as access and identity components); systems queried by the TTP (electronic health record [EHR] system and directory services); and systems from which the TTP is queried (Research Electronic Data Capture [REDCap]). E-PIX: Enterprise Identifier Cross-Referencing; gICS: Generic Informed Consent Service; gPAS: Generic Pseudonym Administration Service.
Figure 4.
Figure 4.. Key information objects and their relationships.
Figure 5.
Figure 5.. Screenshots of the user interface: editing consent information.
Figure 6.
Figure 6.. Screenshot of the user interface: overview of consent status.
Figure 7.
Figure 7.. Screenshot of the consent app: entering or scanning an ID.
Figure 8.
Figure 8.. Screenshot of the consent app: filling out consent forms.
Figure 9.
Figure 9.. Screenshot of the consent app: sign and submit.
See this image and copyright information in PMC

Similar articles

See all similar articles

Cited by

References

    1. Pommerening K, Sax U, Müller T, Speer R, Ganslandt T, Drepper J. Integrating eHealth and medical research: the TMF data protection scheme. [10-04-2024];EHealth Comb Health Telemat Telemed Biomed Eng Bioinforma Edge. 2008 Jan;:5–10. https://www.staff.uni-mainz.de/pommeren/Artikel/CeHR_POM_Publ.pdf URL. Accessed.
    1. Borda A, Gray K, Fu Y. Research data management in health and biomedical citizen science: practices and prospects. JAMIA Open. 2019 Dec;3(1):113–125. doi: 10.1093/jamiaopen/ooz052. doi. Medline. - DOI - PMC - PubMed
    1. Wang X, Williams C, Liu ZH, Croghan J. Big data management challenges in health research-a literature review. Brief Bioinform. 2019 Jan 18;20(1):156–167. doi: 10.1093/bib/bbx086. doi. Medline. - DOI - PMC - PubMed
    1. Zhao Z, Chuah JH, Lai KW, et al. Conventional machine learning and deep learning in Alzheimer's disease diagnosis using neuroimaging: a review. Front Comput Neurosci. 2023 Feb 6;17:1038636. doi: 10.3389/fncom.2023.1038636. doi. Medline. - DOI - PMC - PubMed
    1. Eggert K, Wüllner U, Antony G, et al. Data protection in biomaterial banks for Parkinson's disease research: the model of GEPARD (Gene Bank Parkinson's Disease Germany) Mov Disord. 2007 Apr 15;22(5):611–618. doi: 10.1002/mds.21331. doi. Medline. - DOI - PubMed