1. Safe use of personal data
in research
Antti Pursula, CSC
2.9.2016
2. Health and well-being data in research
• Health and well-being data collected by individuals, healthcare, registers, …,
has great potential for advancing biomedical research
• Digital data collections in Nordics is dubbed as goldmine for research
o Biobanks, health registers, longitudinal data collections, nationwide studies, etc.
• Promises of biomedical research: Personalized medicine, cure of diseases,
improved life quality, …
o Society benefits when these data collections are made available for research!
• However…
3. Protect and empower the individual
• Health and well-being data collections are highly sensitive, personal data
o Even after deindentification of data it is possible to pinpoint individuals
• Research use of health data requires data protection, ethical considerations,
empowerment of data subjects, secure data transfer and secure analysis
possibilities
• Altogether enabling only authorized use of data while still utilizing it for the
benefit of society and individuals
4. Need for secure IT services
• To grasp the promise of accelerated research based on health data, and
simultaneously taking into account the limitations, we need IT solutions that
implement the necessary preconditions
• Need also legal and ethical and societal discussion and guidelines and
regulations
5. Possible use case
1. Data collecting organization offers health-related data for research
purposes (biobank, genome center, research institute, register-holding
organization, hospital, …)
2. Researchers can apply for access to data sets
o Review process takes place to decide on the application
3. For approved requests data set is prepared and moved in a secure server
where researchers can access it
4. Researchers perform the analysis
5. After the research project access to data is closed
6. Services from CSC
• CSC has developed secure IT services to realize MyData related workflows
for research use of personal data.
• Components to support the Use Case:
o Digital authorization management tool REMS
o Secure cloud infrastructure CSC ePouta
o Human-centric identity and access management Eduuni-ID
• Service components at CSC are developed according to national strategies,
and in the close relation to European and Global initiatives (like ELIXIR
research infrastructure and GA4GH)
7. Why services from CSC?
• CSC – IT Center of Science Ltd. is government owned non-profit
organization dedicated provide IT services to support research & education
in Finland
o Research Data. Cloud Infrastructure. Supercomputing. Network connections. Open
Science. Higher Education Data Management. Scientific Software.
• Why CSC:
o Data stays at CSC’s servers and storage within Finland (i.e. in EU, and not using
commercial providers)
o No commercial interest on the data (neutral player)
o Publicly owned
o Suited ideally as a “research data bank” or “secure analysis environment” or
“genome data platform”
8. Authorization management with REMS
• REMS provides
complete process
for managing
entitlements
• Demo available at
https://remsdemo.
csc.fi/
Principal
investigat
or
Applicant
Research group
Members of the
application
Metadata
on dataset
1&2
Dataset 1
Dataset 2
DAC 1
Approver
DAC 2
Approver
REMS
Workflo
w
Reports
Entitlement
s
IdP
IdP
IdP
SP
1. Apply
for
access
4. Approve
5. Access
3.
Circulate
to
approver
2. Commit to
licence terms
9. CSC ePouta
• Cloud computing environment
designed for processing
sensitive data.
• Closed environment that
meets elevated information
security regulations (VAHTI)
as defined by the
governmental authorities.
• The cloud resources are
accessed through a dedicated
secure connection.
10. Free your identity from silos
10
Organisational
Directories
Identity
Federations
User Directories of
cloud services
Consumer Services
and their identities- human-centric identity and access management
User Directory
11. 11
Sign in methods
Organisational Personal
Services
Step Up Auth
ID: exxxxxxxxxPerson is not identified
- ID is given to a person e.g.
sequential number (mxxxxxxxxx).
One or more sign in methods can
be attached to it.
Person is identified
- Confirmed email or GSM is
attached to another ID e.g.
sequential number (exxxxxxxxx).
- mxxxxxxxxx is attached to one or
more exxxxxxxxx.
Person s profile
- Person can create and manage
profiles for services. Profiles can
be used by services with user s
consent. (My Data)
A)
B)
C)
Only organisational
sign in methods
ID: exxxxxxxxx
Only peronal sign in
methods
ID: exxxxxxxxx
User Profile
chosen by user
D) All sign in methods
ID: mxxxxxxxxxStep Up Authentication
(two-factor)
12. Summary – Data Platform
• The presented components are integral components of a Data Platform for
health data research
o Support data submission, archiving and sharing processes
o Integrated with secure cloud services for data processing
o Enables sharing of data to third parties who have the approriate access permissions.
• Providing such data platform is a collaborative effort between (at least) the data
collecting organization, IT infrastructure provider and research community
• Contacts:
o Antti.pursula@csc.fi
o Sami.saarikoski@csc.fi (Eduuni-ID)
Editor's Notes
Optical Private Network (OPN) or Multiprotocol Label Switching (MPLS)
Human-centric identity and access management
Persons self create their digital identity.
Profiles can be enriched with attributes.
Implements identity management for MyData operator