RESUMO
The EU General Data Protection Regulation (GDPR) requirements have prompted a shift from centralised controlled access genome-phenome archives to federated models for sharing sensitive human data. In a data-sharing federation, a central node facilitates data discovery; meanwhile, distributed nodes are responsible for handling data access requests, concluding agreements with data users and providing secure access to the data. Research institutions that want to become part of such federations often lack the resources to set up the required controlled access processes. The DS-PACK tool assembly is a reusable, open-source middleware solution that semi-automates controlled access processes end-to-end, from data submission to access. Data protection principles are engraved into all components of the DS-PACK assembly. DS-PACK centralises access control management and distributes access control enforcement with support for data access via cloud-based applications. DS-PACK is in production use at the ELIXIR Luxembourg data hosting platform, combined with an operational model including legal facilitation and data stewardship.
Assuntos
Disseminação de Informação , Humanos , Acesso à Informação , Segurança Computacional , SoftwareRESUMO
Objective: Facilitate the multi-appointment scheduling problems (MASPs) characteristic of longitudinal clinical research studies. Additional goals include: reducing management time, optimizing clinical resources, and securing personally identifiable information. Materials and methods: Following a model view controller architecture, we developed a web-based tool written in Python 3. Results: Smart Scheduling (SMASCH) system facilitates clinical research and integrated care programs in Luxembourg, providing features to better manage MASPs and speed up management tasks. It is available both as a Linux package and Docker image (https://smasch.pages.uni.lu). Discussion: The long-term requirements of longitudinal clinical research studies justify the employment of flexible and well-maintained frameworks and libraries through an iterative software life-cycle suited to respond to rapidly changing scenarios. Conclusions: SMASCH is a free and open-source scheduling system for clinical studies able to satisfy recent data regulations providing features for better data accountability. Better scheduling systems can help optimize several metrics that ultimately affect the success of clinical studies.
RESUMO
BACKGROUND: The new European legislation on data protection, namely, the General Data Protection Regulation (GDPR), has introduced comprehensive requirements for the documentation about the processing of personal data as well as informing the data subjects of its use. GDPR's accountability principle requires institutions, projects, and data hubs to document their data processings and demonstrate compliance with the GDPR. In response to this requirement, we see the emergence of commercial data-mapping tools, and institutions creating GDPR data register with such tools. One shortcoming of this approach is the genericity of tools, and their process-based model not capturing the project-based, collaborative nature of data processing in biomedical research. FINDINGS: We have developed a software tool to allow research institutions to comply with the GDPR accountability requirement and map the sometimes very complex data flows in biomedical research. By analysing the transparency and record-keeping obligations of each GDPR principle, we observe that our tool effectively meets the accountability requirement. CONCLUSIONS: The GDPR is bringing data protection to center stage in research data management, necessitating dedicated tools, personnel, and processes. Our tool, DAISY, is tailored specifically for biomedical research and can help institutions in tackling the documentation challenge brought about by the GDPR. DAISY is made available as a free and open source tool on Github. DAISY is actively being used at the Luxembourg Centre for Systems Biomedicine and the ELIXIR-Luxembourg data hub.