Biomedical Engineering Reference
In-Depth Information
15.4.2.3 Network Security
The security and privacy requirements for a
distributed medical data querying system are critically important, and data
protection is essential. Within the cancer Biomedical Information Grid (caBIG)
and ACGT projects, different studies about security, privacy, ethical, and
legal requirements for distributed architecture have been published [16, 17].
The European Union (EU) released a document [18] relative to personal data
process, treatment, and movement issues.
To answer security issues, we have made compliant the security infrastruc-
ture of the network with French regulation on medical data transfers and
exchanges. Users of the sentinel network are authenticated using recognized
accreditation tools like the Carte de Professionnel de Santé (CPS) health
care professional smartcard (http://gip-cps.fr) [19] released by the French
health ministry. These cards will be available throughout the EU (http://
www.hprocard.eu). The chip contains an X509 grid-compatible certifi cate
issued by a trusted CA. The authentication process and the data encryption
are then ensured by these cards.
15.4.2.4 Patient Identifi cation
Throughout the health care systems, cases
of false patient identifi cation are numerous and could be responsible for mis-
takes in drug delivery to the patient. Due to lack of a global identifi cation
system, there is no solution to address a distributed patient identifi cation. Most
countries in the EU already have a robust identifi cation system. In France, the
usage of the social security number (SSN) is strictly prohibited for data linkage
as it contains privacy data about gender and date and place of birth. Moreover,
the accuracy and reliability of these numbers are reconsidered: the SSN in the
United States presents a high risk of identity. Aware of this issue, the EU has
launched the European Patients Smart Open Services (EPSOS) program
(http://www.epsos.eu/) in order to build a European Electronic Health Record
while the French government released guidelines to build a national health
identifi er (http://www.asipsante.fr/). Despite this, there is no suitable solution
today; therefore a dedicated solution has been designed for this project.
The patient can be identifi ed using different medical folder numbers regard-
ing the different laboratories he or she visited. In order to link all the informa-
tion stored in the multiple medical databases all over the world, an additional
identifi er has been created for the sentinel network. This identifi er consists of
a random number generated as defi ned in RFC 4122 [20]) for each patient.
This identifi er is created only for data linkage and is always encrypted using
different keys in each database to protect patient privacy. When a data pro-
vider downloads some new data from his or her local data server to the local
grid server, the Pandora Gateway is in charge of searching all the local data-
bases with respect to information on the patient. It will produce a unique
identifi cation number corresponding to the medical data if two identifi ers are
correlated to the same patient (Fig. 15.2).
The distributed identity management requires specifi c ability to compare
records and link identities. The entire reliability of the sentinel network
depends on a good record linkage.
Search WWH ::
Custom Search