Abstract
German best practice standards for secondary use of patient data require pseudonymization and informational separation of powers assuring that identifying data (IDAT), pseudonyms (PSN), and medical data (MDAT) are never simultaneously knowable by any party involved in data provisioning and use. We describe a solution meeting these requirements based on the dynamic interaction of three software agents: the clinical domain agent (CDA), which processes IDAT and MDAT, the trusted third party agent (TTA), which processes IDAT and PSN, and the research domain agent (RDA), which processes PSN and MDAT and delivers pseudonymized datasets. CDA and RDA implement a distributed workflow by employing an off-the-shelf workflow engine. TTA wraps the gPAS framework for pseudonym generation and persistence. All agent interactions are implemented via secured REST-APIs. Rollout to three university hospitals was seamless. The workflow engine allowed meeting various overarching requirements, including auditability of data transfer and pseudonymization, with minimal additional implementation effort. Using a distributed agent architecture based on workflow engine technology thus proved to be an efficient way to meet technical and organizational requirements for provisioning patient data for research purposes in a data protection compliant way.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
