© Springer International Publishing Switzerland 2015
Nikolaos S. Voros and Christos P. Antonopoulos (eds.)Cyberphysical Systems for Epilepsy and Related Brain Disorders10.1007/978-3-319-20049-1_66. Data Management Processes
(1)
Embedded System Design and Application Laboratory, Computer and Informatics Engineering Department, Technological Educational Institute of Western Greece, Antirio, Greece
Abstract
Complete end-to-end security support in the context of a complex CPS system in context of sensitive medical applications goes beyond pure technical countermeasures, hardware and techniques. Especially since highly sensitive medical data will be created, accesses, stored, processes and transferred it is of paramount importance to define accurate and comprehensive data management processes. Critical objectives achieved from accurate and comprehensive data management processes definition include:
Data privacy involving the right of any individuals to expect that personal information collected about them will be processed securely and will not be disseminated in any form without their written consent.
Data protection consists of a framework of security measures designed to guarantee that data are handled in such a manner as to ensure that they are safe from unforeseen, unintended, unwanted or malevolent use. Data protection is the technical mechanism to ensure data privacy.
Data management processes, as seen in this document, comprise be rules, actions to be taken in specific event as well as guidelines assuring adequate security level provision both in normal operation conditions (i.e. no threat is apparent) as well as in cases where specific security threat is identified.
A critical aspect necessitating the definition of such rules is the fact that the human factor is always in the loop in the context of respective systems’ operation which may comprise the weak link from the security point view. Therefore, these rules mainly concern actions taken by humans concerning data management (e.g. password policy and account creation), algorithm configuration (e.g. acceptable encryption policy and security credential policy), equipment management policy (e.g. equipment disposal policy and removable media policy) etc. Another critical aspect is to highlight relevant legal and legislative requirements and extract significant principles, concerns and recommendations with respect to up to data literature.
6.1 Identifying the Need for Data Management Processes
In the context of ARMOR project the compilation of an Ethics Blueprint document was of cornerstone importance as a survey of the principles and legal requirements pertaining to work in ARMOR where biomedical data is incorporated into an ICT research and development project. In this section the most important ethics and data protection issues relevant to Cyberphysical systems for Epilepsy and related Brain Disorders and respective recommendation are extracted and presented.
As was the case in the ARMOR project, the development of a respective CPS platform involves multiple development steps, some of which will require pre-existing or prospectively-acquired data from patients, in order to develop and test the end-to-end platform. In such cases the issue of anonymised data utilization which cannot be linked to personal identifiers by any member of the research team is crucial. A critical clarification concerns the distinction between the terms data, personal data and sensitive personal data. The terms Data, Personal Data, Sensitive Personal Data are defined in detail in the UK Data Protection Act 1988 [1], but similar provisions apply in other EU jurisdictions.
Conditions that must be met whenever personal data are processes include: The individual who the personal data is about, has consented to the processing. The processing is necessary in relation to a contract which the individual has entered into; or because the individual has asked for something to be done so they can enter into a contract. The processing is necessary to protect the individual’s “vital interests”. This condition only applies in cases of life or death, such as where an individual’s medical history is disclosed to a hospital’s A&E department treating them after a serious road accident. The processing is necessary for administering justice, or for exercising statutory, governmental, or other public functions. The processing is in accordance with the “legitimate interests” condition. Furthermore, it is important to identify which aspects involve “sensitive personal data”, and hence participants must give consent and data must be handled with appropriate arrangements and which has no personal identifiers and no means to link the data to personal identifiers—hence falls outside the scope of legislation concerning personal data.
It is noted that in the context of the ARMOR project, the consortium consulted the Research and Development Departments of Guy’s and St Thomas’s NHS Foundation Trust (GST) and King’s College Hospital NHS Foundation Trust (KCH), the clinical departments from which data will be collected in ARMOR, and the following critical advice was provided and respectively followed.
(1)
Data collected during the normal routine of clinical investigation, which was identified as suitable for ARMOR by members of the care team (such as Profs Koutroumanidis and Richardson), were anonymised by members of the care team and contains no identifying information, could be passed to members of the ARMOR consortium to be used freely, without requiring consent from the patient or any additional regulatory approval.
(2)
Data collected during previous approved research projects, which has been anonymised, could be passed to members of the ARMOR consortium to be used freely, without requiring consent from the patient or any additional regulatory approval.
(3)
Data to be collected during ARMOR platform integration and evaluation required Research Ethics Committee approval.
Note that in (1) and (2) the key issues are that the data is anonymised and that the researchers cannot link the data back to any personal identifiers; and that no additional research-specific procedures are needed as part of the ARMOR project.
Another invaluable source of aspects concerning ethical and data privacy issues in the context of research in the context of highly sensitive medical conditions is the FP7 Ethical Guidelines manuscript [2]. Taking into consideration respective indications it is the purpose of this chapter to satisfactorily identify the central ethical considerations as well as indicating the measures required to prevent unnecessary exposure to risk for the participants and researchers in relative research efforts. A critical statement indicates that, “researchers have a duty to alert public authorities to the ethical and practical implications of their ICT research outcomes, as and when particular issues become apparent within the research process”. With this in mind researchers must respect each volunteer’s right to remain anonymous.
It is further emphasized that informed consent is required from all research participants, and the consent given must be voluntary and “based on knowledge of the purpose, procedures and outcomes of the research”. In order to satisfy the knowledge requirements of a satisfactory consent, all those considering participating in the study should have a private discussion with an appropriate member of the research team, be given an information sheet that they can read and reflect upon, have the freedom to ask questions about the project (both prior to agreeing to participate and throughout their participation, as needed) as well as knowing that they are free to leave the project whenever they wish without the need to give an explanation and without this action having a detrimental effect on the standard of medical care that they receive. Furthermore, each participant must be aware of their freedom to access the data gathered (specifically about themselves) as well as the power to have this information permanently deleted should they so wish. During the time that a participant is involved in the research, they ought to be informed of any and all changes in the method, application, funding, etc. of the study to a sufficient level in order to ensure a fully informed and valid consent. All information conveyed to those involved (those considering participation, those participating, and those that leave the study) must be communicated in the clearest way possible, and every effort should be made to ensure that all information has been adequately understood; this will avoid uninformed consent being given due to excessively technical language being used, or other such complications. The autonomy of the participant will be respected throughout the entire process of the study.
Additionally, aforementioned guidelines require that the personal privacy of participants be respected, especially as ICT in the context of healthcare is “likely to raise privacy issues”. For this reason, the reporting of research outcomes must be conducted in a manner which protects participant privacy and complies with all relevant data protection requirements. All data gathered should, therefore, be anonymised wherever possible and, furthermore, access to any sensitive data should be restricted. Access to such data will be granted to those that have a legitimate need to process the information in a way relevant to the research conducted and certain safeguards will be in place.
Specific aspects and issues of paramount important in any Cyberphysical systems design in highly sensitive medical application include:
Human dignity: Human dignity is inviolable. It must be respected and protected. The dignity of each participant will be respected, particularly by properly following consent procedures, by appreciating the voluntary nature of their participation, and by ensuring the security of any personal data gathered.
Right to the integrity of the person: 1. Everyone has the right to respect for his or her physical and mental integrity. 2. In the fields of medicine and biology, the following must be respected in particular: the free and informed consent of the person concerned, according to the procedures laid down by law, […] the prohibition on making the human body and its parts as such a source of financial gain. Any wearable device will be designed with a respect for the integrity of the participant in mind. No unauthorized information will be gathered, nor will the device interfere with normal functioning in any way without consent. The device will pose no serious risk to long-term health. Procedures will be in place to identify any possibility of misuses or abuses of data as soon as they arise, and safeguards will be applied to prevent this occurring.
Respect for private and family life: Everyone has the right to respect for his or her private and family life, home and communications. Restrictions will be in place to ensure data sharing only with appropriate persons (see above), and wherever necessary data will be fully anonymised. Any wearable device will be fitted with an off function to guarantee the wearer privacy whenever they wish.
Protection of personal data: Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority.
Right to respect for private and family life: Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
List of Recommendations
Provide all participants with an appropriate information form and ensure informed and on-going (continuing) consent.
For consent to be full and valid data subjects must agree (in principle) to the transfer of their personal data amongst involved countries (all are EU member states and so are bound by Directive 95/46/EC etc.)
All data that is to be collected must be relevant (and not excessive) to the research project and to the stated purpose.Related posts:
Stay updated, free articles. Join our Telegram channel
Full access? Get Clinical Tree
