Skip to main content
SpringerLink
Log in

Identity and access management in multi-institutional medical research

Identitäts- und Zugriffskontroll-Management für organisationsübergreifende medizinische Forschung

  • Originalarbeiten
  • Published:
e & i Elektrotechnik und Informationstechnik Aims and scope Submit manuscript

Zusammenfassung

In der organisationsübergreifenden medizinischen Forschung werden äußerst sensible Patientendaten verschiedenen Teilnehmern in unterschiedlichen Verwaltungseinheiten oder sogar unterschiedlichen Ländern zur Verfügung gestellt. Aus diesem Grund ist ein wirkungsvolles Identitäts- und Zugriffskontroll-Management (engl. Identity and Access Management, IAM) hier von großer Bedeutung für die Sicherung der Vertraulichkeit dieser Daten. Dabei hat IAM zwei gegensätzliche Ziele: Zum einen sollen Mediziner auf über verschiedene Standorte verteilte medizinische Daten zugreifen können; zum anderen soll die Privatsphäre der Patienten, deren Daten bei den Studien untersucht werden, geschützt werden (beispielsweise durch Pseudonymisierung). Dieser Artikel präsentiert ein organisationsübergreifendes IAM-System, das im Rahmen des Projektes @neurIST entstanden ist. Dieses Projekt befasst sich mit der Entwicklung einer Infrastruktur für die Erforschung und Behandlung von zerebralen Aneurysmen. Dabei werden medizinische Einrichtungen und Dienstanbieter durch eine technische Plattform nach dem Paradigma der Service-orientierten Architektur miteinander verbunden. Diese Plattform verwendet das so genannte Claim-basierte Sicherheitsmodell zur Realisierung von IAM für die @neurIST-Dienste sowie Pseudonymisierungstechniken zur Sicherung der Vertraulichkeit der Patientendaten.

Summary

In multi-institutional medical research, identity and access management is crucial because of the sensitiveness of the medical data which is made available to distinct stakeholders with unique interests residing in different administrative domains as well as countries. Identity and access management in such a setting is twofold and should provide access to federated medical data spread across multiple sites to medical professionals while at the same time protect the privacy of the patients – whose medical data is used for research purposes – by pseudonymization. This paper discusses the identity and access management approach developed in the @neurIST project which deals with the study and treatment of cerebral aneurysms. @neurIST aims at developing a decision support system and a research infrastructure that unites multiple medical institutions and service providers offering technical solutions based on the Service Oriented Architecture (SOA) paradigm for treating and researching diseases. The system developed within @neurIST adopts claim-based security models to implement an efficient identity and access management for data access in the @neurIST service ecosystem and pseudonymization technologies to protect the patients' privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  • American Medical Informatics Association (AMIA) (2007): A taxonomy of secondary uses and re-uses of healthcare data. Invitational Conf. on Secondary Use of Health Data. Available online at: http://www.amia.org/inside/initiatives/healthdata/2007/index.asp/

  • Arbona, A., Benkner, S., Engelbrecht, G., Fingberg, J., Hofmann, M., Kumpf, K., Lonsdale, G., Woehrer, A. (2007): A service-oriented grid infrastructure for biomedical data and compute services. IEEE Transactions NanoBioscience 6 (2): 136–141

    Article  Google Scholar 

  • Cantor, S., Kemp, J., Philpott, R., Maler, E. (eds) (2005): Assertions and Protocols for the Oasis Security Assertion Markup Language (SAML) V2.0, OASIS Standard. Available online at: http://www.oasis-open.org/committees/security/

  • Dunlop, R., Arbona, A., Rajasekaran, H., Lo Iacono, L., Fingberg, J., Summers, P., Benkner, S., Engelbrecht, G., Chiarini, A., Friedrich, C. M., Moore, B., Bijlenga, P., Iavindrasana, J., Hose, R. D., Frangi, A. F. (2008): @neurIST – chronic disease management through integration of heterogeneous data and computer-interpretable guideline services. In: Proc. of HealthGrid 2008, Chicago

  • Geissbuhler, A., Lovis, C., Lamb, A., Spahni, S. (2001): Experience with an XML/ http-based federative approach to develop a hospital-wide clinical information system. Medinfo 10: 735–739

    Google Scholar 

  • Iavindrasana, J., Lo Iacono, L., Mueller, H., Periz, I., Summers, P., Wright, J. (2008): Access to clinical information systems for research in the life sciences: security and privacy considerations. In: Proc. of HealthGrid 2008. Amsterdam: IOS Press

    Google Scholar 

  • Karasavvas, K., Antonioletti, M., Atkinson, M. P., Chue Hong, N. P., Sugden, T., Hume, A. C., Jackson, M., Krause, A., Palansuriya, C. (2005): Introduction to OGSA-DAI services. Lecture Notes in Computer Science 3458: 1–12

    Google Scholar 

  • Lo Iacono, L. (2007): Multi-centric universal pseudonymisation for secondary use of the HER. In: Proc. of HealthGrid: 239–247. Amsterdam: IOS Press

    Google Scholar 

  • Lo Iacono, L., Rajasekaran, H. (2008): Security architecture for distributed medical information systems. Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA), Informatik 2008, München

  • Lovis, C., Spahni, S., Cassoni-Schoellhammer, N., Geissbuhler, A. (2006): Comprehensive management of the access to a component-based healthcare information system. Studies in Health Technology Informations, vol. 124: 251–256

    Google Scholar 

  • Moses, T. (ed): Extensible access control markup language (XACML) Version 2.0, OASIS Standard, February 2005. Available online at: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml/

  • Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P. (2006): Web services security: SOAP message security 1.1, OASIS Standard Specification

  • Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H. (2007): WS-Trust 1.3, OASIS Standard

  • Pommerening, K., Reng, M. (2004): Secondary use of the EHR via pseudonymisation, In: L. Bos, S. Laxminarayan, A. Marsh (eds.): Medical Care Compunetics 1: 441–446. Amsterdam: IOS Press

    Google Scholar 

  • Rajasekaran, H., Hasselmeyer, P., Lo Iacono, L., Fingberg, J., Summers, P., Benkner, S., Engelbrecht, G., Arbona, A., Chiarini, A., Friedrich, C. M., Hofmann-Apitius, M., Moore, B., Bijlenga, P., Iavindrasana, J., Müller, H., Hose, R. D., Dunlop, R., Frangi, A., Kumpf, K. (2008): @neurIST – Towards a system architecture for advanced disease management through integration of heterogeneous data, computing, and complex processing services. In: Proc. of 21 IEEE Int. Symp. on Computer-Based Medical Systems 2008 (CBMS 2008), Finland

Download references

Author information

Authors and Affiliations

  1. NEC Laboratories Europe, NEC Europe Ltd., Heidelberg, Germany

    N. Gruschka, L. Lo Iacono & H. Rajasekaran

Authors
  1. N. Gruschka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. L. Lo Iacono
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. H. Rajasekaran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. Gruschka.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gruschka, N., Lo Iacono, L. & Rajasekaran, H. Identity and access management in multi-institutional medical research. Elektrotech. Inftech. 127, 143–150 (2010). https://doi.org/10.1007/s00502-010-0734-1

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00502-010-0734-1

Schlüsselwörter

Keywords

Search

Navigation