Separation of Personal Data in a Biobank Information System Thomas H. Müller 1 , Reinhard Thasler 2 1 University of Munich, Germany 2 Munich University Medical Centre, Germany Foundation HTCR - Human Tissue & Cell Research 1
HTCR Biobanking in a Nutshell l Goal: Make explanted tissue and associated clinical data available Webserver for research and document use. l Supervision: Independent IDAT advisory board acts as patients' Webclient trustee and decides on research projects and sample allocation. l Workflow: Implements need-to- know principle in the processing Webserver of samples and of medical data. l Data protection: Provide role- MDAT based access control and physically separate databases for identification data (IDAT) and medical data (MDAT) 2
Biobank Workflow 3
HTCR Web Application Based on generic electronic data l capture (EDC) tool „dbform“, key name dob ... developed for Linux/Apache/ PostgreSQL. Separate instances for IDAT and IDAT-DB l 1.3.2001 MDAT. x Shared non-circulated permanent l key x represents linkage. This key is arbitrary (we use UUIDs). The shared copy f(x) may be encrypted.. key PID yob ... Data is merged on client display l according to user prviileges. MDAT-DB f(x) 2001 Information content of data l required in both DB's can be reduced in one. 4
HTCR Web Application Screens 1 5
HTCR Web Application Screens 2 6
Some Technical Details l Our proposed concept of a database link is very simple and requires an acceptable amount of implementation effort. l A link is essentially a 1-1 correspondence between records of one table in one database to those of another table in another database. Both tables describe different properties of the same real-world objects l The link is directional, i.e., the first table is considered the master. l Only a few operations are required: create or search slave object, start or transfer to slave session. l A map of transparent attributes copied from master to slave may be defined. 7 l The link may be set to expire after a certain time interval.
Summary & Outlook l Separating identification data and medical data is a data protection requirement, especially in a biobank, where many items stored for an extended period of time. l In order to be effective, this requirement must be integrated into the biobank workflow - need-to-know principle. l In support of this requirement we have developed a conceptually simple technique of linking separate databases in web-based information systems. l The concept can be expanded to multiple databases, e.g. to include results from research projects performed on the allocated samples. 8
Recommend
More recommend