e-health and the Practical Realization of Data Security and Genome Database (Examples in Estonia)
Presented in International Symposium - Thoughts for National Identification Number System, Tokyo, Jaapan, 14.02.2013
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
Â
Practical realization of e-health data security and genome database
1. Practical realization of e-Health
Data Security and Genome
Database
Erkki Leego
Head of IT Department
Estonian Genome Center,
University of Tartu
2. Biobanks
• Biobank
– An organized collection of human biological
material and associated information stored for one
or more research purposes
• Population biobank
– The collection has a population basis
– To supply biological materials or data derived
therefrom for multiple future research projects
– It contains biological materials and associated
personal data
3. Genetic research
• Most complex diseases are caused by a large
number of combined effects from genes,
lifestyle, and the environment
• New discoveries and development of tools
depend on studies of large collections of well-
documented, up-to-date epidemiological and
clinical data accompanied by biological
material from individuals
4. Background of the Estonian
Biobank
• Research institute of the University of Tartu
• Longitudinal, prospective, population based
biobank, established in 2000
• 52,000 gene donors recruited
• 5% of the adult population
– 18 years and older
• Supported directly by the government
• The project is conducted according to the
Estonian Human Genes Research Act
6. Data “infrastructure” for
research
• Good quality data collection
– Biomedical data (DNA, plasma, WBC)
– Phenotype
– Genealogy
– Epidemiology data
– Genotypes
• Open to various research projects
• Well defined procedures for data release
• Usable next 30 years
7. Questionnaire of
EGCUT
Personal data
Place of birth
Place of residence
Nationality
Education
Occupation
Genealogy
Parents
Children
Siblings
Grandparents
Health behavior
Smoking and
alcohol
Personality
inventory NEO-
PI-3
Physical activity
EQ-5D
Nutrition
Health self-
assessment
Chronotype
questionnaire
MCTQ
Diseases
Diagnosis
ICD – 10
Treatment
ATC
Psychiatry module
M.I.N.I. and SSP
Questions about
diabetes
Questions
about c/v diseases
Objective data
Height & weight
Blood pressure
Pulse
Handedness
Waist
Hip
8. Diagnoses in the database
(50155 participants)
64245
8928
3106
12677
10766
11833
19918
13833
40209
60778
39490
12585
37322
21170
3352
134
1405
3202
5710
1610
619
0 10000 20000 30000 40000 50000 60000 70000
Certain Infectious And Parasitic Diseases A00-B99
Neoplasms C00-D48
Diseases Of Blood And Blood-Forming Organs And Certain…
Endocrine, Nutritional And Metabolic Diseases E00-E90
Mental, Behavioural Disorders F00-F99
Diseases Of The Nervous System G00-G99
Diseases Of The Eye And Adnexa H00-H59
Diseases Of The Ear And Mastoid Process H60-H95
Diseases Of The Circulatory System I00-I99
Diseases Of The Respiratory System J00-J99
Diseases Of The Digestive System K00-K93
Diseases Of The Skin And Subcutaneous Tissue L00-L99
Diseases Of The Musculoskeletal System And Connective Tissue…
Diseases Of The Genitourinary System N00-N99
Pregnancy, Childbirth And The Puerperium O00-O99
Certain Conditions Originating In The Perinatal Period P00-P96
Congenital Malformations, Deformations, And Chromosomal…
Symptoms, Signs And Abnormal Clinical And Laboratory Findings,…
Injury, Poisoning And Certain Other Consequences Of External…
Factors Influencing Health Status And Contact With Health Services…
External Causes Of Morbidity And Mortality V01-Y98
•In average a participant has
reported 7.8 different diagnoses
•98.3% of participants have
reported at least one disease
9. Education: the Estonian population vs. EGCUT
(50155 participants)
0 10 20 30
Education unknown
No elementary education
Elementary education
Basic education
Secondary education
Professional secondary
education
Higher education
Scientific degree
%
Estonian population EGCUT
12. Network of recruiters
• Primary care
providers (PCPs)
• Network of 640
recruiters
– 454 GPs (56% of all
GPs in Estonia)
– 186 senior nurses and
nurses
• 30h training
– genetics,
biobanking, data
protection, ethics &
law
13. Data and sample collection
Courier
Filled questionnaires
Personal data, health data, genealogy data.
Consent. Transportation code.
Information encrypted.
Consent(paperform).
Biologicalsamples.
Coding center
Memory stick
Consent forms. Questionnaires.
Receptionist
New barcode
High security area Access to database
Scientists
Health data.
No identification
data.
Health data and
identification
data
National Digital Health
Record DB & registries
Operative database
Phenotype database
Data collector IS
Communication server
Laboratory IS
Cryo Preservation – MAPI
Coding center IS
14. Coding challenges
EXTERNAL DATABASES
data collecting
BIOSAMPLES DATA
management
PERSONAL-, GENEALOGY-,
HEALTH DATA
Formatting for integration,
deindentification
DKOOD
I U T L
I
HEALTH DATA
data collecting
I T
PHENOTYPES
integration, quality control,
analysis
U L
CODING CENTRE
H
GENOTYPES
raw data, , quality control,
analysis
U L
PROJECT-BASED RESEARCH
L
CODE RELATIONS
U D L V
genotypes, fenotypes,
biosamples, analysis
D V
BIOSAMPLES DATA
analysis
L
IKOOD UKOOD TKOOD LKOOD VKOOD
FOLLOW UP
coordination
D
FEEDBACK
PERSONALIZED MEDICINE
genotypes, fenotypes,
biosamples, analysis
DATA REALEASE
BIOSAMPLES DATA
logistics
LT
H
HKOOD
D V
D V
15. Data updates
• Follow-up and re-examining participant
• National registries
– Citizen Registry
– Estonian Causes of Death Registry
– Estonian Cancer Registry
– Estonian Tuberculosis Registry
• Hospitals
• National Health Insurance Fund
• Estonian National Health Information System
16. National Digital Health
Record DB
Online access to
database
Scientists
Health data.
No identification
data
Phenotype database
Patient Portal
National DHR
Cancer Registry
Citizen Registry
Causes of Death Registry
Participant
Participant
Participant
Participant
Participant
Participant
Participant
EGCUT database
Personal health
information
Additional
questions.
Timeline data
Updated
phenotype
data
Participant
Data
release
EGCUT IS 2011-2015
Primary care physician
...
Ver. 5.0
17. Human Genes Research Act
Enforced 08.01.2001
• HGRA regulates
– scientific research on human genetics
– establishment and maintenance of the biobank
– use of genetic information (informed consent)
– legislation is forbidding third party access to the database (police,
employers, insurance companies etc.)
• HGRA protects
– confidentiality of the gene donor
– public from the misuse of the genetic information
– gene donor from the genetic discrimination
• HGRA allows re-contacting and collection of health data from other
registries
• Gene donors have the right to get feedback on their genetic information
• feedback should be accompanied by clinical counseling
18. Public opinion very positive and
awareness high
38% 39% 40%
36%
43%
39%
44%
33%
35% 36%
30%
33%
18%
16%
13%
19% 18%
16%
22%
33%
28%
36%
59%
55%
32%
35%
33%
30%
18% 17%
20% 20%
22%
15%
29% 28%
5%
3%
8% 9%
14%
19%
8% 8% 9%
7%
4%
10%
3% 3% 3% 3% 4%
7%
4% 5%
3% 4%
6% 5%4% 4% 3% 4% 4%
2% 2% 2% 3% 2% 2% 2%
June,
2001
Sept,
2002
Feb,
2002
March,
2003
March,
2004
Sept,
2004
Dec,
2005
May,
2007
Apr,
2008
July,
2009
June,
2010
April,
2011
Never
heard of
EGCUT
In favor of
the idea of
EGCUT
Wait-and-
see-attitude
Need more
information
Cannot
comment
Against it
Linear (In
favor of the
idea of
EGCUT)
19. Illumina
Genome
Analyser
10 Gbit Network10 Gbit Network
EGCUT Network High Perfomance Computing Centre
10Gbit
Coding Centre
Infrastructure
Servers
DATABASES
Data Colletor
Phenotype Database
Laboratory IS
Infrastructure
Servers
24 Core,
192GB RAM,
1,76TB HDD
System Storage
System Storage Tape
Library
1,2PB storage
Coding
Centre IS
Analyser server
24 Core, 48GB RAM
(Clone off-site)
BC/MAX
Backup Server
16 Core
1,2TB HDD
24GB RAM
EGCUT servers and storage
June 2012
· 15 servers
· Datastorage 1,1 PB harddrives
· 1,2 PB system storage tape library
MAPI
Hamilton ASM
ASM Store
ASM Server
Datastorage
with servers
1,1 PB HDD
19 2318 2217 2116 2011 159 13 10 148 123 71 5 2 6402498-B24
System x3650 M3
1 2
3 4
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
System x3650 M3
1 2
3 4
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
19 2318 2217 2116 2011 159 13 10 148 123 71 5 2 6402498-B24
Computing power
· 3100 processor core
· 6,2 TB RAM
Operative
Database
HPC Cluster
„Aurumasin“
52 node,
512 Core,
2,3TB RAM,
50TB HDD
HPC Cluster
„Vedur“
80 node,
2560 Core,
3,75TB RAM,
110TB HDD
Serverite ĂĽlevaade 2012-05-30a RHansson
20. Tools and enablers of
information exchange
• One universal national identification code
– Registries and databases use same code to uniquely
identify persons
• National PKI infrastructure
• The Estonian ID card
– Smartcard with two digital certificates
• National Data Exchange Layer X-Road
• Obligatory national data security framework
• High public acceptance and trust
– No public incidents or misuses (10 years)
21. The Estonian ID card
• The ID card is a mandatory ID document for all
Estonian residents from the age of 15
• Enables secure digital authentication and signing
• A digital signature has the same legal
consequences as a hand-written signature
• Does not have any additional information
– No bank account, no health information etc.
• Active cards: 1 192 102 (08.02.2013)
– Estonian Population 1 286 540 (01.01.2013)
– Estonia has been issuing electronic ID cards from
January 1st 2002
22. Public Key Infrastructure PKI
• PKI or the public key infrastructure enables
secure digital authentication and signing
• The infrastructure also allows forwarding data
by using an encrypting key pair: a public
encryption key and a private decryption key
• In Estonia, this technology is used in relation
with electronic identity (ID card, mobile ID,
digital ID)
• Certification Service and Time-stamping
Service provider is non-governmetal
23. Data Exchange Layer X-Road
• Technical and organisational environment,
which enables secure Internet-based data
exchange between the state’s information
systems
24.
25. Some examples of systems
accessible with ID-card
• Government
– E-tax office
– Road Administration
– E-business register
– Real estate register
– E-toimik, Investigations info
– E-State Treasury
– Agricultural registers and
info
– Brand application portal
– Statistics of Estonia…
• Public services
– Eesti.ee - citizen and
businesses service portal
– E-Patient, patient portal
– Unemployment services
– E-School
– Retirement information
– Education Information
System
– ...
• Many businesses
– Banks, telecom operators,
utility companies (water,
heating, gas, electricity),
parking
– …
26. 5 main principles of security of
Estonian E-health system
1. A secure authentication of all users (ID-card)
2. A maximum accountability (transparency)
– All action will leave an unchangeable (and
unremovable) secure trail
3. Coding of personal data
– Separating of personal data from medical data
4. Encrypted database
– Allows to remove the confidentiality risk from the
technical administrators
5. Effective monitoring tool
– All actions are monitored and corresponding counter-
measures are applied
27. Personal control as security
measure
• People have easy and universal access with ID-
card
– No need for usernames or other access methods
• People can see what data is available about
them
• People can see who has been accessing their
data
• People can give legal commands online (ID-card)
– For example: Person can close doctors access to
his/hers EHR data in Patient Portal
28. National data security framework
• Legislation
– Public Information Act
– Personal Data Protection Act
– Electronic Communication Act
• Three-level IT baseline security framework ISKE
– Government Regulation, obligatory for Public sector
• Supervision
– Data Protection Inspectorate defends citizens constitutional
rights
– Estonian Information Systems’s Authority inspects the
security of the information systems of state and local
government agencies and providers of vital services
– Computer Emergency Response Team (CERT) Estonia
29. Conclusions
• Estonia has great potential to implement state
level personalized medicine solutions
– Genetic research with 5% of population genetic
and continuously updated phenotype information
– Nation wide Health Information Exchange platform
– 10 years of experience of national level e-services
(PKI, X-Road, ID-card, security framework)
– High level public trust and acceptance
30. Thank you!
• Additional information:
– Erkki Leego, erkki.leego@ut.ee
– http://www.geenivaramu.ee/en/ (Estonian Genome
Center, University of Tartu)
– https://www.ria.ee/en/ (State Information System)
– http://www.e-tervis.ee/ (Estonian E-Health
Foundation)