Do CHANGE platform: A service-based architecture for secure aggregation and distribution of health and wellbeing data

Abstract

Over the last decade, the adoption of open API standards offers new services meaningful in the domain of health informatics and behavior change. We present our privacy-oriented solution to support personal data collection, distribution, and usage. Given the new General Data Protection Regulations in Europe, the proposed platform is designed with requirements in mind to position citizens as the controllers of their data. The proposed result uses NodeJS servers, OAuth protocol for Authentication and Authorization, a publish-subscribe semantic for real-time data notification and Cron for APIs without a notification strategy. It uses Distributed Data Protocol to control and securely provision data to distributed frameworks utilizing the data and those distributed applications are exemplified. The platform design is transparent and modularized for research projects and small businesses to set-up and manage, and to allow them to focus on the application layer utilizing personal information. This solution can easily be configured to support custom or new data sources with open API and can scale. In our use cases, maintaining the separate ecosystem services was trivial. The adopted distributed protocol was the most challenging to manage due to its high RAM usage. And implementing a fine-grained privacy control by end-users was challenging in an existing clinical enterprise system.