Report Open Access
Kohlmayer, Florian; Bild, Raffael; Västrik, Imre; Kuhn, Klaus; Rodriguez-Castro, Bene; Brunner, Sabine; Lamichhane, Ashish; Ohmann, Christian
The aim of this deliverable is to present a process specification for secure sharing of and access to personalized medicine (PM) data. The intention is that a producer of data can share and the user of the data can gain access to personalized medicine (PM) data in a secure and legal, yet easiest possible manner.
For the specification described in this deliverable, close cooperation with the Secure Access Work Package (WP) 5 has been of high relevance. Previous work in WP5 started with the specification of a usage scenario for PM, and the identification of regulations, privacy and security requirements, which were presented by deliverable D5.1 . Deliverable D5.2 further elaborated the work of D5.1 and published templates of relevant forms under http://www.biomedbridges.eu/deliverables/52-0. Next, a security architecture and framework has been developed in WP5 and described in deliverable D5.3. Secure access to and sharing of PM data is one of the most relevant use cases for this architecture. Deliverable D8.1 on its part will massively build upon D5.3.
As a follow-up, a proof of concept is planned, which will be covered by a forthcoming deliverable, D8.3. Cooperation with the Technical Integration Work Package 4 will be sought for this step.
Deliverable D8.1 relies on the security and privacy architecture which has been developed and put forward in deliverable D5.3 of the Secure Access Work Package 5. This architecture has been developed to support the security and privacy requirements of all the Use Case (UC) WPs, i.e., WP6-10, including WP8 the use case of personalized medicine.
Deliverable D8.1 revisits the generic security and privacy architecture presented in D5.3 to address the data management challenges of the BioMedBridges (BMB) project as a whole. It builds upon Usage Scenarios described in D5.1 and on the Data Flow Diagrams (DFDs) described in D5.3. Alltogether, D8.1 can be perceived as a particular “instantiation” of the general security architecture of BMB, with a specific focus on PM.
Deliverable D8.1 is structured as follows:
Section 3 provides an overview of the background of personalized medicine. Section 4 describes the methodology applied, which essentially follows the approach described in D5.3. Section 5 elaborates on the process specification conducted as a basis of a threat and risk analysis that is described in Section 6. Section 7 then explains the design of the security framework derived from the threat and risk analysis results. Section 8 puts forward processes for secure sharing of and access to personalized medicine data based on work carried out in WP5.