Pseudonymization of patient identifiers for translational research.

BACKGROUND: The usage of patient data for research poses risks concerning the patients' privacy and informational self-determination. Next-generation-sequencing technologies and various other methods gain data from biospecimen, both for translational research and personalized medicine. If these biospecimen are anonymized, individual research results from genomic research, which should be offered to patients in a clinically relevant timeframe, cannot be associated back to the individual. This raises an ethical concern and challenges the legitimacy of anonymized patient samples. In this paper we present a new approach which supports both data privacy and the possibility to give feedback to patients about their individual research results. METHODS: We examined previously published privacy concepts regarding a streamlined de-pseudonymization process and a patient-based pseudonym as applicable to research with genomic data and warehousing approaches. All concepts identified in the literature review were compared to each other and analyzed for their applicability to translational research projects. We evaluated how these concepts cope with challenges implicated by personalized medicine. Therefore, both person-centricity issues and a separation of pseudonymization and de-pseudonymization stood out as a central theme in our examination. This motivated us to enhance an existing pseudonymization method regarding a separation of duties. RESULTS: The existing concepts rely on external trusted third parties, making de-pseudonymization a multistage process involving additional interpersonal communication, which might cause critical delays in patient care. Therefore we propose an enhanced method with an asymmetric encryption scheme separating the duties of pseudonymization and de-pseudonymization. The pseudonymization service provider is unable to conclude the patient identifier from the pseudonym, but assigns this ability to an authorized third party (ombudsman) instead. To solve person-centricity issues, a collision-resistant function is incorporated into the method. These two facts combined enable us to address essential challenges in translational research. A productive software prototype was implemented to prove the functionality of the suggested translational, data privacy-preserving method. Eventually, we performed a threat analysis to evaluate potential hazards connected with this pseudonymization method. CONCLUSIONS: The proposed method offers sustainable organizational simplification regarding an ethically indicated, but secure and controlled process of de-pseudonymizing patients. A pseudonym is patient-centered to allow correlating separate datasets from one patient. Therefore, this method bridges the gap between bench and bedside in translational research while preserving patient privacy. Assigned ombudsmen are able to de-pseudonymize a patient, if an individual research result is clinically relevant.

Facilitating the openEHR approach - organizational structures for defining high-quality archetypes.

Using openEHR archetypes to establish an electronic patient record promises rapid development and system interoperability by using or adopting existing archetypes. However, internationally accepted, high quality archetypes which enable a comprehensive semantic interoperability require adequate development and maintenance processes. Therefore, structures have to be created involving different health professions. In the following we present a model which facilitates and governs distributed but cooperative development and adoption of archetypes by different professionals including peer reviews. Our model consists of a hierarchical structure of professional committees and descriptions of the archetype development process considering these different committees.

Attitudes and behaviors related to the introduction of electronic health records among Austrian and German citizens.

BACKGROUND: Acceptance by citizens seems to be crucial for the future success of an electronic health record (EHR) in Germany and Austria. We analyzed citizens' knowledge and expectations about the concept and contents of an EHR. We also addressed possible fears and barriers, and we investigated desired EHR functionalities relevant to citizens in the Austrian and German population. METHODS: Standardized interviews of a convenience sample of 203 Austrian and 293 German citizens recruited in two metropolises. RESULTS: Up to three-quarter of the interviewed citizens already collect and store medical documents at home, mostly in paper-based form. No respondents had already used an Internet-based personal health record. Between 80% and 90% of respondents were supportive of the idea of an electronic exchange of health-related data between health care providers as core functionality of an EHR. However, many respondents formulated concerns with regard to data protection and data security within an EHR. The EHR functionalities most supported by respondents included the electronic vaccination record, online information on doctors and hospitals, and the administration of appointments and reminders. CONCLUSION: The results indicate a generally positive attitude towards the EHR. However, the study shows that data protection is an issue for many citizens, and that despite strong media discussion, there are information deficits with regard to the national EHR initiatives.