A Standardised Graphic Method for Describing Data Privacy Frameworks in Primary Care Research Using a Flexible Zone Model

Overview

Journal Int J Med Inform

Specialty Medical Informatics

Date 2014 Sep 22

PMID 25241154

Citations 22

Authors

Wolfgang Kuchinke

Christian Ohmann

Robert A Verheij

Evert-Ben Van Veen

Theodoros N Arvanitis

Adel Taweel

Brendan C Delaney

Affiliations

Soon will be listed here.

Abstract

Purpose: To develop a model describing core concepts and principles of data flow, data privacy and confidentiality, in a simple and flexible way, using concise process descriptions and a diagrammatic notation applied to research workflow processes. The model should help to generate robust data privacy frameworks for research done with patient data.

Methods: Based on an exploration of EU legal requirements for data protection and privacy, data access policies, and existing privacy frameworks of research projects, basic concepts and common processes were extracted, described and incorporated into a model with a formal graphical representation and a standardised notation. The Unified Modelling Language (UML) notation was enriched by workflow and own symbols to enable the representation of extended data flow requirements, data privacy and data security requirements, privacy enhancing techniques (PET) and to allow privacy threat analysis for research scenarios.

Results: Our model is built upon the concept of three privacy zones (Care Zone, Non-care Zone and Research Zone) containing databases, data transformation operators, such as data linkers and privacy filters. Using these model components, a risk gradient for moving data from a zone of high risk for patient identification to a zone of low risk can be described. The model was applied to the analysis of data flows in several general clinical research use cases and two research scenarios from the TRANSFoRm project (e.g., finding patients for clinical research and linkage of databases). The model was validated by representing research done with the NIVEL Primary Care Database in the Netherlands.

Conclusions: The model allows analysis of data privacy and confidentiality issues for research with patient data in a structured way and provides a framework to specify a privacy compliant data flow, to communicate privacy requirements and to identify weak points for an adequate implementation of data privacy.

Citing Articles

Reusing routine electronic health record data for nationwide COVID-19 surveillance in nursing homes: barriers, facilitators, and lessons learned.

Wieland-Jorna Y, Verheij R, Francke A, Coppen R, de Greeff S, Elffers A BMC Med Inform Decis Mak. 2024; 24(1):408.

PMID: 39731119 PMC: 11674179. DOI: 10.1186/s12911-024-02818-3.

Natural language processing systems for extracting information from electronic health records about activities of daily living. A systematic review.

Wieland-Jorna Y, van Kooten D, Verheij R, de Man Y, Francke A, Oosterveld-Vlug M JAMIA Open. 2024; 7(2):ooae044.

PMID: 38798774 PMC: 11126158. DOI: 10.1093/jamiaopen/ooae044.

Generalizability of a Musculoskeletal Therapist Electronic Health Record for Modelling Outcomes to Work-Related Musculoskeletal Disorders.

Wassell M, Vitiello A, Butler-Henderson K, Verspoor K, Pollard H J Occup Rehabil. 2024; 35(1):125-138.

PMID: 38739344 PMC: 11839684. DOI: 10.1007/s10926-024-10196-w.

Lessons learned from the development of a national registry on dementia care and support based on linked national health and administrative data.

van der Heide I, Francke A, Dopp C, Heins M, Van Hout H, Verheij R Learn Health Syst. 2024; 8(2):e10392.

PMID: 38633020 PMC: 11019384. DOI: 10.1002/lrh2.10392.

Sex and gender differences in primary care help-seeking for common somatic symptoms: a longitudinal study.

Ballering A, Olde Hartman T, Verheij R, Rosmalen J Scand J Prim Health Care. 2023; 41(2):132-139.

PMID: 36995265 PMC: 10193899. DOI: 10.1080/02813432.2023.2191653.