Wirth Felix N, Abu Attieh Hammam, Prasser Fabian
Berlin Institute of Health at Charité - Universitätsmedizin Berlin, Center of Health Data Science, Berlin, Germany.
Front Med (Lausanne). 2024 May 16;11:1378866. doi: 10.3389/fmed.2024.1378866. eCollection 2024.
The open-source software offered by the Observational Health Data Science and Informatics (OHDSI) collective, including the OMOP-CDM, serves as a major backbone for many real-world evidence networks and distributed health data analytics platforms. While container technology has significantly simplified deployments from a technical perspective, regulatory compliance can remain a major hurdle for the setup and operation of such platforms. In this paper, we present OHDSI-Compliance, a comprehensive set of document templates designed to streamline the data protection and information security-related documentation and coordination efforts required to establish OHDSI installations.
To decide on a set of relevant document templates, we first analyzed the legal requirements and associated guidelines with a focus on the General Data Protection Regulation (GDPR). Moreover, we analyzed the software architecture of a typical OHDSI stack and related its components to the different general types of concepts and documentation identified. Then, we created those documents for a prototypical OHDSI installation, based on the so-called Broadsea package, following relevant guidelines from Germany. Finally, we generalized the documents by introducing placeholders and options at places where individual institution-specific content will be needed.
We present four documents: (1) a record of processing activities, (2) an information security concept, (3) an authorization concept, as well as (4) an operational concept covering the technical details of maintaining the stack. The documents are publicly available under a permissive license.
To the best of our knowledge, there are no other publicly available sets of documents designed to simplify the compliance process for OHDSI deployments. While our documents provide a comprehensive starting point, local specifics need to be added, and, due to the heterogeneity of legal requirements in different countries, further adoptions might be necessary.
由观察性健康数据科学与信息学(OHDSI)组织提供的开源软件,包括OMOP通用数据模型(OMOP-CDM),是许多真实世界证据网络和分布式健康数据分析平台的主要支柱。虽然容器技术从技术角度显著简化了部署,但合规性仍然是此类平台设置和运营的主要障碍。在本文中,我们介绍了OHDSI合规文档,这是一套全面的文档模板,旨在简化建立OHDSI装置所需的数据保护和信息安全相关文档及协调工作。
为确定一组相关文档模板,我们首先分析了法律要求及相关指南,重点关注《通用数据保护条例》(GDPR)。此外,我们分析了典型OHDSI堆栈的软件架构,并将其组件与所确定的不同一般概念类型和文档相关联。然后,我们根据德国的相关指南,基于所谓的Broadsea包为原型OHDSI装置创建了这些文档。最后,我们通过在需要特定机构内容的地方引入占位符和选项,对文档进行了通用化处理。
我们展示了四份文档:(1)一份处理活动记录,(2)一个信息安全概念,(3)一个授权概念,以及(4)一个涵盖维护堆栈技术细节的运营概念。这些文档在宽松许可下可公开获取。
据我们所知,没有其他公开可用的文档集旨在简化OHDSI部署的合规流程。虽然我们的文档提供了一个全面的起点,但需要添加本地细节,并且由于不同国家法律要求的异质性,可能需要进一步采用。
