RESUMO
BACKGROUND: Although the common data model (CDM) has achieved a standardization of medical data and a de-identification of personal patient information, hospitals still store CDM data in an on-premises environment, making it difficult for researchers to access medical data. OBJECTIVE: In this study, for easy access to CDM data in a multi-institutional participatory CDM research environment and to encourage data-driven research, researchers outside hospital networks securely access and analyze CDM data in the target medical center, analyze it, and respond to the results through a public network. We propose an automated security framework that operates on a public network, such as the Internet. METHOD: The proposed scheme allows authenticated researchers to securely deliver CDM data analysis codes to a medical institution distributed on the network. The institutional servers automatically execute authenticated codes and return the results to the researcher safely. For this purpose, we designed a scheme based on cryptography. The scheme operates on a group of servers consisting of an authentication process, a signing process, a ticket-granting process, a relaying process, and a data analysis process located at the hospital providing medical CDM data. The scheme consists of four phases for a secure medical data analysis in a distributed environment: authentication, code signing, ticket issuing, and distribution and return. RESULTS: Although the CDM has de-identified patient privacy, the issue still needs to be carefully addressed. Therefore, we established four security objectives to verify that the proposed scheme can be operated safely and formally proved them using BAN logic. CONCLUSION: As a result of the proof using BAN logic, the proposed scheme was verified to achieve the proposed security goal. Although this scheme was designed solely for CDM, it can be applied to systems with similar environments and functional goals.