Maintenance Notice

Due to necessary scheduled maintenance, the JMIR Publications website will be unavailable from Wednesday, July 01, 2020 at 8:00 PM to 10:00 PM EST. We apologize in advance for any inconvenience this may cause you.

Who will be affected?

Accepted for/Published in: JMIR Medical Informatics

Date Submitted: Sep 25, 2023
Date Accepted: Feb 17, 2024

The final, peer-reviewed published version of this preprint can be found here:

Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study

Wündisch E, Hufnagl P, Brunecker P, Meier zu Ummeln S, Träger S, Kopp M, Prasser F, Weber JE

Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study

JMIR Med Inform 2024;12:e53075

DOI: 10.2196/53075

PMID: 38632712

PMCID: 11040164

Design of a Trusted Third Party at a large University Hospital: Current Status and Future Developments

  • Eric Wündisch; 
  • Peter Hufnagl; 
  • Peter Brunecker; 
  • Sophie Meier zu Ummeln; 
  • Sarah Träger; 
  • Marcus Kopp; 
  • Fabian Prasser; 
  • Joachim E. Weber

ABSTRACT

Background:

Pseudonymisation has become a best practice to securely manage the identities of patients and study participants in medical research projects and data sharing initiatives. This method offers the advantage of not requiring directly identifying data to support various research processes, while still allowing for advanced processing activities, such as data linkage. Often, pseudonymization and related functionalities are bundled in specific technical and organization units, the so-called Trusted Third Parties (TTPs). However, pseudonymization can significantly increase the complexity of data management and research workflows, necessitating the need for adequate tool support. Common tasks for TTPs include supporting the secure registration and pseudonymization of patient and sample identities as well as consent management.

Objective:

Despite the challenges involved, little has been published about successful architectures and functional tools for implementing TTPs in large-scale university hospitals. The aim of this manuscript is to bridge this gap by describing the software architecture and tool set developed and deployed as part of a TTP established at Charité – Universitätsmedizin Berlin.

Methods:

The infrastructure for the TTP was designed to provide a modular structure while keeping maintenance requirements low. Basic functionalities were realized with the free MOSAIC tools. However, supporting common study processes required to implement workflows that span different basic services, e.g., patient registration, followed by pseudonym generation and concluded by consent collection. To achieve this, an integration layer was developed that provides a unified RESTful Application Programming Interface (API) as a basis for more complex workflows. Based on this API, a unified Graphical User Interface (GUI) was also implemented, providing an integrated view on information objects and workflows supported by the TTP. The API was implemented using Java and Spring Boot, while the GUI was implemented in PHP and Laravel. Both services use a shared Keycloak instance as a unified management system for roles and rights.

Results:

By the end of 2022, the TTP has already supported more than 10 research projects since it took up operation in December 2019. Within these projects, more than 3,000 identities were stored, more than 30,000 pseudonyms were generated and more than 1,500 consent forms were submitted. In total, more than 150 people regularly work with the software platform. By implementing the integration layer and the unified user interface together with comprehensive roles and rights management, the effort for operating the TTP could be significantly reduced, since personnel of the supported research projects can use many functionalities independently.

Conclusions:

With the architecture and components described, a user-friendly and compliant environment for supporting research projects has been created. We believe that the insights into the design and implementation of our TTP can help other institutions to efficiently and effectively set up corresponding structures.


 Citation

Please cite as:

Wündisch E, Hufnagl P, Brunecker P, Meier zu Ummeln S, Träger S, Kopp M, Prasser F, Weber JE

Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study

JMIR Med Inform 2024;12:e53075

DOI: 10.2196/53075

PMID: 38632712

PMCID: 11040164

Download PDF


Request queued. Please wait while the file is being generated. It may take some time.

© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.