Toward the European Health Data Space: The IMPaCT-Data secure infrastructure for EHR-based precision medicine research

IF 4 2区医学 Q2 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Journal of Biomedical Informatics Pub Date : 2024-06-14 DOI:10.1016/j.jbi.2024.104670

Silvia Rodríguez-Mejías , Sara Degli-Esposti , Sara González-García , Carlos Luis Parra-Calderón

{"title":"Toward the European Health Data Space: The IMPaCT-Data secure infrastructure for EHR-based precision medicine research","authors":"Silvia Rodríguez-Mejías , Sara Degli-Esposti , Sara González-García , Carlos Luis Parra-Calderón","doi":"10.1016/j.jbi.2024.104670","DOIUrl":null,"url":null,"abstract":"<div><h3>Background:</h3><p>Art. 50 of the proposal for a Regulation on the European Health Data Space (EHDS) states that “health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organizational measures and security and interoperability requirements”.</p></div><div><h3>Objective:</h3><p>To identify specific security measures that nodes participating in health data spaces shall implement based on the results of the IMPaCT-Data project, whose goal is to facilitate the exchange of electronic health records (EHR) between public entities based in Spain and the secondary use of this information for precision medicine research in compliance with the General Data Protection Regulation (GDPR).</p></div><div><h3>Data and methods:</h3><p>This article presents an analysis of 24 out of a list of 72 security measures identified in the Spanish National Security Scheme (ENS) and adopted by members of the federated data infrastructure developed during the IMPaCT-Data project.</p></div><div><h3>Results:</h3><p>The IMPaCT-Data case helps clarify roles and responsibilities of entities willing to participate in the EHDS by reconciling technical system notions with the legal terminology. Most relevant security measures for Data Space Gatekeepers, Enablers and Prosumers are identified and explained.</p></div><div><h3>Conclusion:</h3><p>The EHDS can only be viable as long as the fiduciary duty of care of public health authorities is preserved; this implies that the secondary use of personal data shall contribute to the public interest and/or to protect the vital interests of the data subjects. This condition can only be met if all nodes participating in a health data space adopt the appropriate organizational and technical security measures necessary to fulfill their role.</p></div>","PeriodicalId":15263,"journal":{"name":"Journal of Biomedical Informatics","volume":"156 ","pages":"Article 104670"},"PeriodicalIF":4.0000,"publicationDate":"2024-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1532046424000881/pdfft?md5=479104a466d3a0a855cf5ab64177b453&pid=1-s2.0-S1532046424000881-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Biomedical Informatics","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1532046424000881","RegionNum":2,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Background:

Art. 50 of the proposal for a Regulation on the European Health Data Space (EHDS) states that “health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organizational measures and security and interoperability requirements”.

Objective:

To identify specific security measures that nodes participating in health data spaces shall implement based on the results of the IMPaCT-Data project, whose goal is to facilitate the exchange of electronic health records (EHR) between public entities based in Spain and the secondary use of this information for precision medicine research in compliance with the General Data Protection Regulation (GDPR).

Data and methods:

This article presents an analysis of 24 out of a list of 72 security measures identified in the Spanish National Security Scheme (ENS) and adopted by members of the federated data infrastructure developed during the IMPaCT-Data project.

Results:

The IMPaCT-Data case helps clarify roles and responsibilities of entities willing to participate in the EHDS by reconciling technical system notions with the legal terminology. Most relevant security measures for Data Space Gatekeepers, Enablers and Prosumers are identified and explained.

Conclusion:

The EHDS can only be viable as long as the fiduciary duty of care of public health authorities is preserved; this implies that the secondary use of personal data shall contribute to the public interest and/or to protect the vital interests of the data subjects. This condition can only be met if all nodes participating in a health data space adopt the appropriate organizational and technical security measures necessary to fulfill their role.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

迈向欧洲健康数据空间：基于电子病历的精准医学研究的 IMPaCT 数据安全基础设施。

背景：背景欧洲健康数据空间（EHDS）条例提案第 50 条规定，"健康数据访问机构只能通过安全的处理环境、技术和组织措施以及安全和互操作性要求来访问电子健康数据"：目的：根据 IMPaCT-Data 项目的结果，确定参与健康数据空间的节点应实施的具体安全措施，该项目旨在促进西班牙公共实体之间的电子健康记录（EHR）交换，并根据《通用数据保护条例》（GDPR）将这些信息二次用于精准医学研究：本文对西班牙国家安全计划（ENS）中确定的 72 项安全措施清单中的 24 项进行了分析，这些安全措施被 IMPaCT-Data 项目期间开发的联合数据基础设施的成员所采用：结果：IMPaCT-Data 案例通过协调技术系统概念和法律术语，有助于明确愿意参与 EHDS 的实体的角色和责任。确定并解释了与数据空间守门人、使能者和消费者最相关的安全措施：只有在公共卫生机构的受托责任得到维护的情况下，EHDS 才是可行的；这意味着个人数据的二次使用应有助于公共利益和/或保护数据主体的重要利益。只有在参与健康数据空间的所有节点都采取履行其职责所需的适当组织和技术安全措施时，这一条件才能得到满足。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Biomedical Informatics 医学-计算机：跨学科应用

CiteScore

8.90

自引率

6.70%

发文量

243

审稿时长

32 days

期刊介绍： The Journal of Biomedical Informatics reflects a commitment to high-quality original research papers, reviews, and commentaries in the area of biomedical informatics methodology. Although we publish articles motivated by applications in the biomedical sciences (for example, clinical medicine, health care, population health, and translational bioinformatics), the journal emphasizes reports of new methodologies and techniques that have general applicability and that form the basis for the evolving science of biomedical informatics. Articles on medical devices; evaluations of implemented systems (including clinical trials of information technologies); or papers that provide insight into a biological process, a specific disease, or treatment options would generally be more suitable for publication in other venues. Papers on applications of signal processing and image analysis are often more suitable for biomedical engineering journals or other informatics journals, although we do publish papers that emphasize the information management and knowledge representation/modeling issues that arise in the storage and use of biological signals and images. System descriptions are welcome if they illustrate and substantiate the underlying methodology that is the principal focus of the report and an effort is made to address the generalizability and/or range of application of that methodology. Note also that, given the international nature of JBI, papers that deal with specific languages other than English, or with country-specific health systems or approaches, are acceptable for JBI only if they offer generalizable lessons that are relevant to the broad JBI readership, regardless of their country, language, culture, or health system.