A standardised graphic method for describing data privacy frameworks in primary care research using a flexible zone model

International Journal of Medical Informatics

Volumn 83, Issue 12, 2014, Pages 941-957

  Kuchinke, Wolfgang ^a   Ohmann, Christian ^a   Verheij, Robert A ^b   van Veen, Evert Ben ^c   Arvanitis, Theodoros N ^d   Taweel, Adel ^e   Delaney, Brendan C ^e  

^a HEINRICH HEINE UNIVERSITY   (Germany)

^b NETHERLANDS INSTITUTE FOR HEALTH SERVICES RESEARCH   (Netherlands)

^c Medlaw Consult   (Netherlands)

^d UNIVERSITY OF WARWICK   (United Kingdom)

^e BHF Centre for Regenerative Medicine and BHF Centre of Excellence and the Biomedical Research Centre at Guy s St Thomas NHS Foundation Trust and King s College London   (United Kingdom)

Author keywords

Anonymisation; Confidentiality; Data linkage; Medical research; Privacy; Pseudonymisation; Zones

Indexed keywords

CLINICAL RESEARCH; DATA FLOW ANALYSIS; DATA TRANSFER; GRAPHIC METHODS; HOSPITAL DATA PROCESSING; INFORMATION ANALYSIS; METADATA; MODELING LANGUAGES; ZONING;

ANONYMISATION; CONFIDENTIALITY; DATA LINKAGE; MEDICAL RESEARCH; PSEUDONYMISATION;

DATA PRIVACY;

ARTICLE; CLINICAL RESEARCH; CLINICAL STUDY; COMPUTER SECURITY; CONCEPT ANALYSIS; DATA PROCESSING; INFORMATION PROCESSING; MEDICAL RESEARCH; MODEL; PATIENT CODING; PATIENT IDENTIFICATION; PRIMARY MEDICAL CARE; PRIVACY; WORKFLOW; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; FACTUAL DATABASE; HEALTH CARE POLICY; HUMAN; LEGISLATION AND JURISPRUDENCE; NETHERLANDS; PATIENT CARE; PRIMARY HEALTH CARE; STANDARDS; THEORETICAL MODEL;

BIOMEDICAL RESEARCH; COMPUTER SECURITY; CONFIDENTIALITY; DATABASES, FACTUAL; HEALTH POLICY; HUMANS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; MODELS, THEORETICAL; NETHERLANDS; PATIENT CARE; PRIMARY HEALTH CARE; PRIVACY;

EID: 84919340449     PISSN: 13865056     EISSN: 18728243     Source Type: Journal    
DOI: 10.1016/j.ijmedinf.2014.08.009     Document Type: Article

References (69)

1. NHS (UK) observational data and interventional research service: (accessed 17.07.13). http://www.cprd.com/.
2. Foresti S. Preserving Privacy in Data Outsourcing 2011, Springer, New York.
3. Tene O. Privacy - the next generations. Int. Data Privacy Law 2011, 1(1):15-27.
4. Malin B.A., El Emam K., O'Keefe C.M. Biomedical data privacy: problems, perspectives, and recent advances. J. Am. Med. Inform. Assoc. 2013, 20:2-6.
5. TRANSFoRm project: (accessed 22.08.14). http://www.transformproject.eu/.
6. Delaney B.C., Peterson K.A., Speedie S., Taweel A., Arvanitis T.N., Hobbs F.D.R. Envisioning a learning health care system: the electronic primary care research network: a case study. Ann. Fam. Med. 2012, 10(1):54-59.
7. EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Off. J. Eur. Communities, 1999; No. L281/31-281/39.
8. Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, Report 104-726, 104th Congress (1996).
9. Department of Health and Human Services, Office of the Secretary: 45 CFR Parts 160 and 164. Standards for Privacy of Individually Identifiable Health Information; Final Rule. Federal Register vol. 67, No. 157 (2002).
10. The OECD Privacy Framework, OECD Paris, France (2013). Online available (accessed 22.08.14). http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf.
11. APEC Privacy Framework, APEC Secretariat, Singapore (2005), ISBN 981-05-4471-5.
12. International Standards on the Protection of Personal Data and Privacy, The Madrid Resolution, Spanish Data Protection Agency (2009).
13. U.S.-EU Safe Harbor Framework Documents, US Federal Register, July 24, 2000. Online available: (accessed 23.08.14). http://export.gov/safeharbor/eu/eg_main_018493.asp.
14. Verschuuren M., Badeyan G., Carnicero J., Gissler M., Asciak R.P., Sakkeus L., Sternbeck M., Devillé W. Working group on Confidentiality and Data Protection of the Network of competent Authorities of the Health Information and Knowledge strand of the EU Public Health Programme 2003-08. Eur. J. Public Health 2008, 18:550-551.
15. Academy of Medical Sciences (AMS). A new pathway for the regulation and Non-care of health research. January 2011, available at: (accessed 23.08.14). http://www.acmedsci.ac.uk/p47prid88.html.
16. van Veen E.B. Obstacles to European research projects with data and tissue: solutions and further challenges. Eur. J. Cancer 2008, 44:1438-1450.
17. Office for Civil Rights, Department of Health and Human Services. HIPAA Privacy Rule. Title 45 of the Code of Federal Regulations Parts 160 and 164. Washington, D.C, Feb 2009, available at: (accessed 23.08.13). http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf.
18. McGraw D. Paving the regulatory road to the "learning health care system". Sanford Law Rev. Online 2012, 64:75. (February 8, 2012), available at: www.stanfordlawreview.org/online/privacy-paradox/learning-health-care-system (accessed 23.08.13).
19. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research 2009, Institute of Medicine, The National Academies Press, Washington, DC. S.J. Nass, L.A. Levit, L.O. Gostin (Eds.).
20. Office of the National Coordinator for Health information Technology, US Department of Health and Human Services: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, December 15, 2008, available at: (accessed 23.08.14). http://www.healthit.gov/policy-researchers-implementers/standards-interoperability-si-framework.
21. Runnegar C. International privacy frameworks: an overview. 2011 International Cloud Symposium (OASIS); 2011 October 10-12 2011, The Internet Society, Heathrow, UK.
22. Safran C., Bloomrosen M., Hammond W.E., Labkoff S., Markel-Fox S., Tang P.C., Detmer D.E. Toward a national framework for the secondary use of health data. J. Am. Med. Inform. Assoc. 2007, 14:1-9.
23. Bloomrosen M., Detmer D. Advancing the framework: Use of health data - a report of a working conference of the American Medical Informatics Association. JAMIA 2008, 15:715-722.
24. Kalra D., Singleton P., Milan D.J., Detmer D., Rector A., Ingram D. Security and confidentiality approach for the Clinical E-Science Framework (CLEF). Methods Inf. Med. 2005, 44:193-197.
25. N. Forgó (Ed.), The ACGT ethical and legal requirements. ACGT deliverable 10.2. 13.03.2007, available at: (accessed 22.08.14). http://acgt.ercim.eu/uploads/media/ACGT_D10.2_IRI_Final_01.pdf.
26. E.-B. van Veen, Patient data for health research. October 2011. Available at: (accessed 23.08.14). http://www.medlaw.nl/wp-content/uploads/patient-data-for-health-research.pdf.
27. R.A. Verheij, C.E. Van Dijk, I. Stirbu-Wagner, S.A. Dorsman, S. Visscher, H. Abrahamse, R. Davids, J. Braspenning, T. Van Althuis, J.C. Korevaar. Landelijk Informatienetwerk Huisartsenzorg. Feiten en cijfers over huisartsenzorg in Nederland. LINH: Netherlands Information Network of General Practice. Utrecht/Nijmegen: NIVEL/IQ, 2009.
28. General Practice Research Database (GPRD), Has been renamed as: Clinical Practice Research Datalink (CPRD), available at: (accessed 23.08.14). http://www.cprd.com/intro.asp.
29. Kuehne T. What is a model? Language engineering for model-driven software development 2005; 04101. Dagstuhl Seminar Proceedings 2005, March.
30. Unified Modelling Language (UML), Object Management Group, available at: (accessed 23.08.14). http://www.uml.org/.
31. Friedenberg R.M. Patient-doctor relationships. Radiology 2003, February, 226:306-308.
32. Institute of Electrical and Electronics Engineers: IEEE standard 1471. IEEE Recommended Practice for Architectural Description of Software-Intensive Systems (2000). Replaced by 42010-2007.
33. Borgelt C., Gebhardt J., Kruse R. Graphical Models (2002). Proceedings of International School for the Synthesis of Expert Knowledge (ISSEK'98) 2002, 51-68. Wiley, Hoboken, NJ.
34. OASIS Privacy Management Reference Model, available at: (accessed 23.08.14). https://www.oasis-open.org/.
35. Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (HHS, US), 15 December 2008, available at: (accessed 23.08.14). http://www.healthit.gov/sites/default/files/nationwide-ps-framework-5.pdf.
36. Health privacy framework, National Health and Medical Research Council Australia, available at: (accessed 23.08.14). http://www.nhmrc.gov.au/health-ethics/human-research-ethics-committees-hrecs/health-research-privacy-framework.
37. Clinical E-Science Framework (CLEF), University of Sheffield, UK, available at: (accessed 23.08.14). http://nlp.shef.ac.uk/clef/.
38. ACGT (Legal and Ethical issues), available at: (accessed 23.08.13). http://acgt.ercim.eu/documents/legal-and-ethical-issues.html.
39. GenoMatch, available at: (accessed 23.08.13). http://www.tembit.de/.
40. Kaujalgi V.B. Structured Systems Analysis and Design: Data Flow Approach 1994, Orient Blackswan, Himayatnagar, India.
41. School for Primary Care Research: Will the National Primary Care Database Bring Big Benefits? 2014, February 24, University of Oxford, Tweet.
42. van Veen E.B. Europe and tissue research: a regulatory patchwork. Diagn. Histopathol. 2013, 19(9):331-336.
43. Nederlands instituut voor onderzoek van de gezondheidszorg, available at: (accessed 23.08.13). http://www.nivel.nl/taxonomy/term/all%3Fgegevensverzameling%5B%5D=45.
44. Code of Conduct health research, Commissie Regelgeving en Onderzoek, available at: (accessed 23.08.14). http://www.federa.org/sites/default/files/bijlagen/coreon/code_of_conduct_for_medical_research_1.pdf.
45. Central Bureau of Statistics Act, Staatsblad 2004, 695, available at: (accessed 23.08.14). http://www.cbs.nl/NR/rdonlyres/F10515CB-91C6-426C-9BD9-177F743F72C6/0/cbswet15122004.pdf.
46. Legal Dictionary (Lawyers.com), available at: (accessed 23.08.14). http://research.lawyers.com/glossary/zone-of-privacy.html.
47. Loehr H., Sadeghi A.R., Vishik C., et al. Trusted privacy domains - challenges for trusted computing in privacy-protecting information sharing. Information Security Practice and Experience. 5th International Conference, ISPEC 2009: Proceedings, vol. 5451 2009.
48. Domingo-Ferrer J., Saygin Y. Recent progress in database privacy. Data Knowl. Eng. 2009, 68(11):1157-1159.
49. Malin B.A., Emam K.E., O'Keefe C.M. Biomedical data privacy: problems, perspectives, and recent advances (Editorial). J. Am. Med. Inform. Assoc. 2013, 20:2-6.
50. Ohno-Machado L., Bafna V., Boxwala A.A., Chapman B.E., et al. iDASH: integrating data for analysis, anonymization, and sharing. J. Am. Med. Inform. Assoc. 2012, 19:196-201.
51. CMS Centres for Medicare Medicaid Services: Harmonized Security and Privacy Framework - Exchange Reference Architecture Supplement. Version 1.0, August 1, 2012.
52. MITA Application Architecture, CMS Centres for Medicare Medicaid Services. May 8, 2006, Medicaid Info Technical Archive.
53. IPS: Security services for healthcare applications, Purdue University, Computer & Information Technology, 2007, available at: (accessed 23.08.14). http://www.cs.purdue.edu/homes/bertino/IIS-eHealth/ehealth.shtml.
54. Ruotsalainen P.S., Blobel B.G., Seppälä A.V., Sorvari H.O., Nykänen P.A. A conceptual framework and principles for trusted pervasive health. J. Med. Internet Res. 2012, 14(2):e52.
55. Cancer Biomedical Informatics Grid (caBIG): Data Sharing and Security Framework, available at: (accessed 23.08.14). https://wiki.nci.nih.gov/display/DSIC/Data+Sharing+and+Security+Framework.
56. Knoppers B.M., Harris J.R., Budin-Ljøsne I., Dove E.S. A human rights approach to an international code of conduct for genomic and clinical data sharing. Hum. Genet. 2014, 133:895-903.
57. Gray Weiskopf N., Weng C. Methods and dimensions of electronic health record data quality assessment: enabling reuse for clinical research. J. Am. Med. Inform. Assoc. 2013, 20:144-151.
58. Shareeful Islam, Jan Jürjens. Incorporating security requirements from legal regulations into UMLsec model. Available at: (accessed 23.08.14). http://www.secse.cs.tu-dortmund.de/jj/publications/papers/modsec08IJ.pdf.
59. Houmb S.H., Islam S., Knauss E., Jurjens J., Schneider K. Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec. Requirements Eng. 2010, 15:63-93.
60. Business Process Modeling Notation Specification. OMG Final Adopted Specification. Object Management Group (February 2006). Online available: (accessed: 23.08.14). http://www.omg.org/bpmn/Documents/OMG_Final_Adopted_BPMN_1-0_Spec_06-02-01.pdf.
61. Rodrigez A., Fernandez-Medina E., Piattini M. A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 2007, E90-D(4).
62. Brucker A.D., Hang I., Lückemeyer G., Ruparel R. SecureBPMN: modeling and enforcing access control requirements in business processes. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT '12) 2012, 123-126.
63. Gymrek M., McGuire A.L., Golan D., Halperin E., Erlich Y. Identifying personal genomes by surname inference. Science 2013, 339(6117):321-324.
64. Ohm P. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Rev. 2010, 57:1701-1711.
65. Jürjens J. Secure Systems Development with UML 2010, Springer-Verlag, Heidelberg.
66. Rahmouni H.B., Solomonides T., Mont M.C., Shiu S. Privacy compliance and enforcement on European healthgrids: an approach through ontology. Philos. Trans. A Math. Phys. Eng. Sci. 2010, 368(1926):4057-4072.
67. Rahmouni H.B., Solomonides T., Casassa Mont M., Shiu S. Modelling and enforcing privacy for medical data disclosure across Europe. Stud. Health Technol. Inform. 2009, 150:695-699.
68. Wolter C., Menzel M., Schaad A., Miseldine P., Meinel C. Model-driven business process security requirement specification. J. Syst. Architect. 2009, 55:211-223.
69. Dimitropoulos L., Rizk S. A state-based approach to privacy and security for interoperable health information exchange. Health Aff. (Millwood) 2009, 28(2):428-434.