홈으로ArticlesAll Issue
Articles2FA-SF: Two-Factor Assessment-Based Secure Framework for Clinically Distributed Multicenter Study
  • Jaedong Lee1, Phillip Park2,3, Sumi Ryu3, and Hyosoung Cha3,*

Human-centric Computing and Information Sciences volume 11, Article number: 47 (2021)
Cite this article 1 Accesses
https://doi.org/10.22967/HCIS.2021.11.047

Abstract

When using personal information, researchers face difficulty complying with Korea’s Personal Information Protection Act. Therefore, a clinical common data model (CDM)-based research methodology for multi-institutional sharing of code and statistical analysis results has been used. However, the current multi-institutional CDM study environment lacks the considerations of personal information protection or institutional arrangements. Therefore, we propose a two-factor secure framework for the clinical distributed multicenter study environment. In this framework, two-factor (security status and security awareness) are considered. The security status is based on applying objective security factors and technologies to the clinically distributed multicenter study infrastructure and related systems. The security awareness is based on objective security factors for a user-oriented security application to a clinically distributed multicenter study environment. This two-factor assessment-based approach identifies objective factors for complex clinically distributed multicenter study environments, research procedures, and users, as well as applies security factors in detail. The proposed framework investigates the thoughts of users who use the CDM and are known to be safe so far. It compares and analyzes the security status of the CDM and reflects it in the framework design to enhance security and support a smooth clinical data use environment.


Keywords

Common Data Model, Data Protection, Security Perception


Introduction

Multi-institutional sharing of clinical data by directly integrating raw data is challenged by various regulations on personal information protection [13]. To address this problem, a research methodology based on the common data model (CDM) has been adopted to determine data analysis outcomes without exposing raw data [47]. In Korea, CDM is used in clinical trials more intensely than in other countries due to the Korean government’s rigorous application of the Personal Information Protection Act. Observational Health Data Sciences and Informatics (OHDSI) and Observational Medical Outcomes Partnership (OMOP) CDM data are widely used, and participating institutions share data structures and analysis queries via the OHDSI community.
The CDM has been used in various global clinical trials on the effects of antidiabetic drugs on patients with diabetes [8], in next-generation pharmacovigilance signal detection platform design [9], and in applying reusable data among the healthcare data used in the CDM and distributed network environment [10]. In addition, the medical record database was transformed into a CDM in analytics research [11] and model validation was performed using CDM datasets in a study to develop and test a patient-level model for mortality prediction using population-level claims data [12].
In Korea, a CDM has been used in various clinical fields [1324]: e.g., multi-institutional genomic analysis [13], studies of coronavirus disease 2019 (COVID-19) mortality [14], and studies on public health policy based on medical checkup data [15]. The CDM is used in a wide variety of applications. It is an open system and uses the same database specification or entity-relationship diagrams, including information that needs protection. However, CDM-based clinically distributed multicenter research activities are not supported by sufficient considerations regarding personal information and general data protections. In addition, to the best of our knowledge, the security perception and status of a CDM-based clinically distributed multicenter research has not been investigated before. We propose a secure framework based on two-factor assessment to address the above problems. Security awareness with associated users and security status in a clinical distributed multicenter study environment are key factors in our proposed framework. The contributions of this paper are as follows:

By examining users’ thoughts using a clinically distributed multicenter study environment that is known to be safe, the security status of a clinically distributed multicenter study environment is compared and reflected in the framework design.

We collected CDM security control items by extracting common items from ISO/IEC 27001, KS X ISO/IEC 27006, ISO/IEC 29151. Based on the results, we design information security control items for a secure framework by reflecting the opinions of an expert group.

According to the proposed framework, we investigate and analyze the differences in the security awareness and status of the general users and administrators of the clinically distributed multicenter study environment. Then, unlike the general system, we objectively confirm and apply the security technology that the clinically distributed multicenter study environment lacks.

The remainder of this paper is structured as follows: Section 2 discusses the works related to our research and analyzes security perception and security status in clinically distributed multicenter study researchers. Section 3 describes our secure framework for a clinically distributed multicenter study. Section 4 compares and analyzes the proposed frameworks. Finally, Section 5 summarizes this study’s main findings and the concluding remarks.


Related Research

Clinically Distributed Multicenter Study and Security
In medical institutions, information systems are used for patient care, but since the amount, quality, and structure (treatment pattern, storage type, medical term) of data held by each medical institution are different, conducting multicenter research using these data requires more time and money [25, 26]. Consequently, the idea of formatting the data of each hospital to the CDM, which uses a uniform format and conducting various clinical studies with the CDM has emerged. Based on this standardized data, much research using distributed research networks has been actively conducted [1724].
Medical institutions where research is conducted generally hold sensitive and diverse bio-information such as a patient’s health status. The CDM handling such data should be robust against information leaks and hacking while being flexible regarding data type, implementation, use, etc. However, the CDM focuses on increasing the amount of data through inter-organizational connections, and its verification systems for security issues and data quality are poor. It is not possible to check for data duplication or loss due to security issues and the absence of data duplication and verification steps; therefore, resolving security issues and quality through separate data-wide periodic management is crucial [27, 28].

Fig. 1. Bar graphs of security status.


Security Status of CDM
In a Korean clinically distributed multicenter study, Fig. 1 shows the analysis results of the current security status. Regarding the website login function, 60.6% (20/33) of the user group, 42.9% (12/28) of the administrator group, and 83.3% (20/24) of the user-administrator group confirmed the existence of the login function. Regarding the access to the web service from outside of the institution, 20.7% (6/20), 26.1% (6/23), and 43.5% (10/23) of the user, administrator, and user-administrator groups, respectively, confirmed its possibility.
Regarding the database security status, 79.2% (19/24), 88.9% (16/18), and 86.4% (19/22) of the user, administrator, and user-administrator groups, respectively, answered that the administrator and user had separate accounts, and 41.7% (10/24), 27.8% (5/18), and 27.3% (6/22) of the user, administrator, and user-administrator groups, respectively, answered that personally identifiable data existed within the CDM database. Lastly, 8.3% (2/24), 38.9% (7/18), and 45.5% (10/22) of the user, administrator, and user-administrator groups, respectively, confirmed the absence of a CDM data export control policy.
Regarding the user security status, 100% (33/33), 78.6% (22/28), and 75% (18/24) of the user, administrator, and user-administrator groups confirmed the absence of security incident prevention and response policy, and 63.6% (21/33) of the user group confirmed the lack of security personnel. However, 70.8% (17/24) of the user-administrator group verified security departments or personnel. Lastly, 78.8% (26/33), 67.9% (19/28), and 79.2% (19/24) of the user, administrator, and user-administrator groups, respectively, confirmed the absence of security education.

Security Perception of CDM
In a Korean clinically distributed multicenter study, Fig. 2 shows the analysis results of the current security perception. Responses to each question item were a mixture of single, multiple, and conditional. Regarding website security perception, 90.9% (30/33) of the user group, 89.3% (25/28) of the administrator group, and 100% (24/24) of the user-administrator group agreed that login was necessary for access. Regarding accessing web services through the Internet outside the institution, 69.0% (20/29) of the user group, 52.2% (12/23) of the administrator group, and 52.2% (12/23) of the user-administrator group found it necessary.
Regarding CDM database security perception, 79.2% (19/24) of the user group, 100% (18/18) of the administrator group, and 77.3% (17/22) of the user-administrator group agreed to the need to change the initially set account password. With regard to the need for separate administrator and user accounts, 100% (24/24) of the user group, 100% (18/18) of the administrator group, and 90.9% (20/22) of the user-administrator group found it necessary. Concerning the authorization of data use, 95.8% (23/24) of the user group, 100% (18/18) of the administrator group, and 100% (22/22) of the user-administrator group found an authorization procedure necessary. To reduce the risk of data recognition, 75% (18/24) of the user group, 94.4% (17/18) of the administrator group, and 90.0% (20/22) of the user-administrator group found a data validation process necessary. Lastly, as for the use of CDM data outside the institution, only 20.8% (5/24) of the user group found it inadequate, much lower than the administrator group (44.4%; 8/18) and the user-administrator group of the administrator group (27.3%; 6/22).
Regarding the security perception of users, most participants in the user and user-administrator groups—93.9% (31/33) and 100% (24/24), respectively—agreed to the need of preventing CDM security incidents by providing an appropriate security management system. Specifically, 100% (24/24) of the user-administrator group found security personnel necessary, and 100% of the user and user-administrator groups (33/33 and 24/24, respectively) found security education necessary.

Security Requirements
Information security for clinical distributed multicenter study should consider three aspects: administrative, technical, and institutional. In addition, security threats and vulnerabilities existed for each element, so they had to meet detailed security requirements.
In terms of management, security threats and vulnerabilities might occur due to information leaks and misuse. Regular security level diagnosis, security awareness enhancement, and control over information access rights were required to prevent these threats.

Fig. 2. Bar graph of security perception.


In terms of technology, it was divided into four elements: network, server, database, and application. First, security threats or vulnerabilities such as unauthorized intrusion attempts, data eavesdropping, and harmful traffic transmission might occur within the networks. To prevent such threats, it was necessary to separate the internal and external networks, control unauthorized access, block unnecessary services, perform vulnerability checks on network equipment environment settings and vulnerabilities, encrypt all data transfers, and block abnormal packets.
Second, in the server field, vulnerabilities in operating systems and security threats in the operation of unnecessary applications might appear. To prevent them, access management for users and information resources, server user account management, superuser authority control, configuration and setting errors check (environment file setup), and patch and upgrade checks were required.
Third, security threats or vulnerabilities such as access control bypass, data leaks, and forgery might appear in the databases. To prevent such threats, a security control item was required to set the access control policy for the database, grant privileges for each user, prevent unauthorized users, encrypt data, and place controls so that only the application system and authorized users could perform decryption.
Fourth, in the application field, security threats and vulnerabilities such as web page hacking attempts, structured query language injection vulnerability attacks, and web page denial of service attacks might occur. To prevent these threats, security manager checks and complete server configuration, vulnerability exposure of web server information, buffer overflows, the possibility of executing malicious commands or system execution, the exposure of backup files and hard-coded information, file upload vulnerability, database connection information, query transmission control through parameters, excessive traffic control for specific IP, detection, and blocking of known worms/viruses, and network resource monitoring were required.
Fifth, within the overall system, security threats and vulnerabilities might appear due to non-compliance. To prevent such threats, when personal information was retained, it had to comply with the guidelines related to personal data, and a management procedure that did not contain personal information had to be prepared.


Two-Factor Assessment-based Secure Framework for Clinically Distributed Multicenter Study

Architecture
This section describes the structure of the proposed framework used to types of clinical research data. And the proposed framework supports the security of clinically distributed multicenter research. As Fig. 3 shows, the proposed framework was divided into two-factors and four components with several processes.
Factor1 for the distributed multi-institutional clinical research environment oversaw the security status and was responsible for the essential three security elements: confidentiality, integrity, availability, and security functions such as authentication, access control, encryption, and backup. Factor2 was responsible for the security awareness and consisted of compliance, the key element, questionnaire system, assessment component, and integration component. Furthermore, it was responsible for assessing Factor1 and Factor2 and integrating results.
The key element was a component that contained the primary and core constraints for information system security. This component consisted of three domestic and international standards: ISO/IEC 27001, KS X ISO ISO/IEC 27006, ISO/IEC 29151. In the questionnaire system, items were first extracted from the security status and security awareness evaluation through compliance and key elements. The extracted items were selected as final evaluation items through an expert group.
Compliance was a component of regulations and guidelines that had to be followed when using data. In addition, if the developed technology complied with all legal rules or policies, it had to incorporate many common values and ethics rules to be prepared for the possibility of infringing on the rights of data subjects.
The assessment component was located above the key fundamental element and compliance components, and it evaluated security status and awareness using the primary CDM security item and information security questionnaire. Detailed security control-related questionnaires estimated the evaluation for each security domain. The evaluation result for the questionnaire was divided into items that were individually highlighted or not highlighted.

Fig. 3. Architecture of proposed framework.


Service Scenario
This section focuses on a service scenario that provides a secure clinically distributed multicenter study environment with the proposed framework application. Table 1 introduces some abbreviations used in the description of the service scenario, and Fig. 4 illustrates the action flow of the proposed framework. This was applied to each of the 10 stages, which are explained below.

Table 1. Definition of terminology for service scenario
Term Definition Term Definition
KE Key Elements CSCI CDM Security Control Item
MDE Medical Data Expert SSP Security Status and Perception
ISQ Information Security Questionnaire system HL/NHL Highlighted/Non-highlighted

Stages 1 and 2: Primary CDM security control items were generated using KE standards. Success or failure was returned at each step.

Stages 3 and 4: ISQ was created by linking the standards of KE. The MDE reviewed the ISQ for compliance.

Stages 5 and 6: The confirmed ISQ was investigated among researchers. The results of SSP were derived based on the results of Stage 5 (the investigation).

Stage 7: In SSP, evaluation was performed through the investigated security status, security awareness, and primary CSCI. As the evaluation result, the secondary CSCI and HL/NHL were derived.

Stages 8, 9 and 10: After checking the derived secondary CSCI and HL/NHL, integration was performed on the final approved elements. The combined result became the final CSCI.



Fig. 4. Service scenario.


Comparison and Analysis

Analysis of Levels of Security Perception and Security Status
This study was conducted to investigate the differences between the levels of security perceptions of CDM users (researchers) and administrators and the actual security status in Korea. We divided the questionnaire into two main parts. First, to understand the level of security perception of subjects related to CDM, it was composed of questions inquiring about the perception of CDM from the perspective of information protection. Second, it consisted of questions about the security information protection applied to CDM to understand the level of applied security. To this end, we implemented a cross-sectional survey. We recruited study participants using or administering CDM among the participants at the OHDSI Symposium in Korea and encouraged participation of the Advisory Group to Korea Information Technology of Hospital Association. The study protocol was approved by the Institutional Review Board of National Cancer Center (No. NCC2020-0232).
We conducted a security perception survey of researchers working with CDM in hospitals, research centers, universities, etc. Initially, on the first page of the questionnaire, the background and purpose of the questionnaire, research period, and information about the principal investigator were presented, and space was provided for the participants to sign the consent to participate in the study. We conducted the questionnaire survey from the end of July 2020 through August 2020; whereby, we collected the names, mobile numbers, and bank details of participants to pay them advisory fees. At the end of the survey period, we collected the completed questionnaires from 85 participants.
We collected CDM security control items by extracting common items from representative information security management systems, viz. ISO/IES 27001, ISMS (Information Security Management System, KS X ISO/IEC27006), and ISO/IEC 29151, and designed an information security questionnaire tailored to CDM applications by reflecting the opinions of a medical data expert group [1921]. Thus, the 81 CDM security control items constructed were clustered into five security domains: administrative, physical, technical, cloud, and research. The questionnaire was structured to reveal the difference between CDM security status and perception and was composed of four basic institutional information items, six CDM-related basic information items, eight general information protection items, nine web service security items, 19 database security items, 12 user security items, and 23 administrator security items. Non-response and erroneous responses were treated as “NO.”
Data were analyzed using R (R core team, Vienna, Austria) and Microsoft Excel (Microsoft Corporation, WA, USA). The analyses were performed to compare the proportions of responses by CDM user, administrator, and user-administrator groups for each item. A chi-squared test was performed on security perception and security status in areas such as website security, database security, and administrator security to compare the differences between the security perception and status in each group. Items allowing multiple responses could not be included in statistical analysis by the group.
Table 2 shows the primary analysis results on security perception and status. Most of the participants reported a high level of security perception in most types; however, low levels of security status were reported. There was no statistically significant difference in the proportion of “Use outside the institution after creating the searched CDM data file.”

Table 2. Summary by perception and status
Type Security perception Security status p-value
Website login     <0.001
Yes 79 (92.9) 52 (61.2)  
No 6 (7.06) 33 (38.8)  
Accessing web services through the Internet outside the institution     0.001
Yes 44 (58.7) 22 (29.3)  
No 31 (41.3) 53 (70.7)  
Change of database passwords     <0.001
Yes 54 (84.4) 26 (40.6)  
No 10 (15.6) 38 (59.4)  
Separating administrator and user accounts in CDM database     0.034
Yes 62 (96.9) 54 (84.4)  
No 2 (3.12) 10 (15.6)  
Data usage rights procedure     0.021
Yes 63 (98.4) 55 (85.9)  
No 1 (1.56) 9 (14.1)  
Use outside the institution after creating the searched CDM data file     1
Yes 19 (29.7) 19 (29.7)  
No 45 (70.3) 45 (70.3)  
Prevention of CDM security incidents and appropriate countermeasures and regulations in case of a security incident     <0.001
Yes 80 (94.1) 12 (14.1)  
No 5 (5.88) 73 (85.9)  
Security department or person in charge of CDM information protection     <0.001
Yes 75 (88.2) 41 (48.2)  
No 10 (11.8) 44 (51.8)  
Education program for security incident prevention and response for CDM-related personnel     <0.001
Yes 82 (96.5) 21 (24.7)  
No 3 (3.53) 64 (75.3)  
Values are presented as number (%).

First, a remarkably high level of security perception was observed among both users and administrators. Most of the respondents answered that a login function was necessary at the website security level, and all respondents except one in the user group answered that authorization for data use was necessary. However, only one-fifth of users and user-administrators answered that external use of data should not be allowed. This reflected the wish of the users who wanted to use CDM data anywhere beyond the boundary of the intranet.
Second, an overview was gained on the security level of the institutions using the CDM. Regarding database security, only 8.3% of the user group confirmed the presence of CDM data export control policy, but higher proportions of the administrator and user-administrator groups (38.9% and 45.5%, respectively) confirmed its presence. Additionally, the same trend was observed regarding the presence of security incidents and security departments; their presence was confirmed by significantly higher proportions of the administrator and user-administrator groups compared to the user group. This difference was attributable to the wish of the user group to freely use data outside the intranet and the obligation of the administrator group to consider security control. Except for these areas, no significant intergroup differences were observed.
Third, a comparison of the CDM-related security perception and actual security status levels revealed that the current security status fell short of security perception in most of the areas. While more than 90% of the respondents found security incident prevention measures and security education necessary, the prevention measures and education were reported as existing only by 14.1% and 24.7% of administrators, respectively. These findings highlighted the need for an education scheme to minimize or prevent security incidents, though no CDM-related security incidents or personal information leaks had taken place so far. To solve these problems, there was an attempt in Korea to perform analysis by de-identifying the OMOP-CDM [27].
In other countries, CDM-related research attempts to increase data security have been made; e.g., generating and analyzing synthetic data to solve the issue of personal information protection in the use of medical data for research [28], an anonymization matrix of contextual anonymization to enable the secondary use of big data [29], and a theoretical analysis and feasibility study of personal information protection recording and grouping and consent management based on a public-private key signature scheme [30].

Security Comparison and Analysis
We compared the proposed framework with the two OMOP CDM schemes that used only domestic and international security standards and the normal OMOP CDM. It focused on differences in generating processes for the security control item and security factors. The proposed framework was designed to support the use of a clinical distributed multicenter study system and met all requirements listed in Table 3.

Table 3. Comparison of security frameworks
Item Proposed framework OMOP CDM with the security standard only OMOP CDM [9-15]
Do security controls exist for a clinical distributed multicenter? Yes Yes A little
Do security control items reflect domestic and international standards? Yes Yes No
Does it include security awareness and status? Yes A little No
Does it evaluate security status and awareness to reflect on security controls items in the clinical distributed multicenter study system? Yes No No


Conclusion

Clinical data use researchers must comply with the relevant standards when using data. A CDM-based clinical distributed multicenter research methodology for multicenter sharing of statistical analysis results was used. However, the current CDM-based clinically distributed multicenter research environment lacked consideration for information security and personal information protection. It was difficult to set all security control items mandatory for clinical distributed multicenter.
To solve the problems in a clinically distributed multicenter study, here, we proposed a framework based on two-factor assessment. According to the proposed framework we investigated and analyzed the differences in the security awareness and status of the general users and administrators of the clinically distributed multicenter study environment. Then, unlike the general system, we objectively confirmed and applied the security technology that the clinically distributed multicenter study environment lacked. The proposed framework supported a smooth clinical data use environment in CDM-based clinical distributed multicenter research while enhancing security.
In future research, we will study the security framework for a federated learning environment specializing in medical data, which is an advanced form of the method of sharing code or analysis results in a distributed multi-institutional clinical research environment.


Acknowledgments

Not applicable.


Author’s Contributions

Conceptualization, JD, HS. Funding acquisition, HS. Investigation and methodology, JD, PL. Project administration, HS. Resources, HS. Supervision, HS. Writing of the original draft, JD, PL. Writing of the review and editing, JD, PL. Validation, SM. Data curation, JD. Visualization, SM, PL.


Funding

This research was supported by the Korea Health Technology R&D Project through the Korea Health Industry Development Institute (KHIDI), funded by the Ministry of Health & Welfare, Republic of Korea (No. HI19C0839).


Competing Interests

The authors declare that they have no competing interests.


Author Biography

Author
Name: Jaedong Lee
Affiliation: Healthcare AI Team, National Cancer Center
Biography: Jaedong Lee received his Ph.D. degree in Graduate School of Department of Computer Science and Engineering, SeoulTech, Korea in 2021. He worked as a security manager at the National Cancer Center, Korea, Nov. 2014 – Jul. 2020. Now he has working a Data Scientist and Information Security Specialist, in Healthcare AI Team, National Cancer Center, Korea since Mar. 2019. His current research interests include exploring new trends and uses of machine learning to enhance security.

Author
Name: Phillip Park
Affiliation: Cancer Data Center, National Cancer Center
Biography: Mr. Phillip Park is currently an Assistant Scientist at the Data Open & Utilization Team, Cancer Data Center, National Cancer Center in Korea. He obtained his M.S. in Biology from Ajou University in 2017. His areas of interests are Digital Health Informatics, Biomedical Informatics and Health Bigdata.

Author
Name: Sumi Ryu
Affiliation: Cancer Data Center, National Cancer Center
Biography: Sumi Ryu is working a security scientist in Cancer Data Center, National Cancer in Korea since November 2020. She obtained her B.S. in Information Communication Engineering from Dongseo University in 2015. Her current research interests include enhance security of Health Bigdata.

Author
Name: Hyosoung Cha
Affiliation: Cancer Data Center, National Cancer Center
Biography: Dr. Cha is the head of data at the Cancer Big Data Center, National Cancer Center, Korea. He received his master's and doctorate degrees from the Department of Electronic Computer Science, Chungbuk National University. He previously worked for the Korea Centers for Disease Control and Prevention, and is currently working for the Cancer Big Data Center and AI Business Team at the National Cancer Center. Dr. Cha's research interests and activities include the use of clinical data governance, various analytic methods of clinical data, primarily specialized in cancer big data, and the use of artificial intelligence data.


References

[1] X. Feng and C. Zhang, “Local differential privacy for unbalanced multivariate nominal attributes,” Human-centric Computing and Information Sciences, vol. 10, article no. 25, 2020. https://doi.org/10.1186/s13673-020-00233-x
[2] L. Megouache, A. Zitouni, and M. Djoudi, “Ensuring user authentication and data integrity in multi-cloud environment,” Human-centric Computing and Information Sciences, vol. 10, article no. 15, 2020. https://doi.org/10.1186/s13673-020-00224-y
[3] F. Xiao, M. Lu, Y. Zhao, S. Menasria, D. Meng, S. Xie, J. Li, and C. Li, “An information-aware visualization for privacy-preserving accelerometer data sharing,” Human-centric Computing and Information Sciences, vol. 8, article no. 13, 2018. https://doi.org/10.1186/s13673-018-0137-6
[4] H. Jeon, S. C. You, S. Y. Kang, S. I. Seo, J. L. Warner, R. Belenkaya, and R. W. Park, “Characterizing the anticancer treatment trajectory and pattern in patients receiving chemotherapy for cancer using harmonized observational databases: retrospective study,” JMIR Medical Informatics, vol. 9, no. 4, article no. e25035, 2021. https://doi.org/10.2196/25035
[5] PCORnet [Online]. Available: https://pcornet.org/data/.
[7] K. M. McTigue, R. Wellman, E. Nauman, J. Anau, R. Y. Coley, A. Odor, et al., “Comparing the 5-year diabetes outcomes of sleeve gastrectomy and gastric bypass: the National Patient-Centered Clinical Research Network (PCORNet) bariatric study,” JAMA Surgery, vol. 155, no. 5, article no. e200087, 2020. https://doi.org/10.1001/jamasurg.2020.0087
[8] R. Vashisht, K. Jung, A. Schuler, J. M. Banda, R. W. Park, S. Jin, et al., “Association of hemoglobin A1c levels with use of sulfonylureas, dipeptidyl peptidase 4 inhibitors, and thiazolidinediones in patients with type 2 diabetes treated with metformin: analysis from the observational health data sciences and informatics initiative,” JAMA Network Open, vol. 1, no. 4, article no. e181755, 2018. https://doi.org/10.1001/jamanetworkopen.2018.1755
[9] Y. Yu, K. J. Ruddy, N. Hong, S. Tsuji, A. Wen, N. D. Shah, and G. Jiang, “ADEpedia-on-OHDSI: a next generation pharmacovigilance signal detection platform using the OHDSI common data model,” Journal of Biomedical Informatics, vol. 91, article no. 103119, 2019. https://doi.org/10.1016/j.jbi.2019.103119
[10] S. Gold, A. Batch, R. McClure, G. Jiang, H. Kharrazi, R. Saripalle, et al., “Clinical concept value sets and interoperability in health data analytics,” AMIA Annual Symposium Proceedings, vol. 2018, pp. 480-489, 2018.
[11] G. Hripcsak, N. Shang, P. L. Peissig, L. V. Rasmussen, C. Liu, B. Benoit, et al., “Facilitating phenotype transfer using a common data model,” Journal of Biomedical Informatics, vol. 96, article no. 103253, 2019. https://doi.org/10.1016/j.jbi.2019.103253
[12] J. M. Reps, P. R. Rijnbeek, and P. B. Ryan, “Identifying the DEAD: development and validation of a patient-level model to predict death status in population-level claims data,” Drug Safety, vol. 42, no. 11, pp. 1377-1386, 2019.
[13] S. J. Shin, S. C. You, Y. R. Park, J. Roh, J. H. Kim, S. Haam, et al., “Genomic common data model for seamless interoperation of biomedical data in clinical practice: retrospective study,” Journal of Medical Internet Research, vol. 21, no. 3, article no. e13249, 2019. https://doi.org/10.2196/13249
[14] J. Park, S. H. Lee, S. C. You, J. Kim, and K. Yang, “Non-steroidal anti-inflammatory agent use may not be associated with mortality of coronavirus disease 19,” Scientific Reports, vol.11, article no. 5087, 2021. https://doi.org/10.1038/s41598-021-84539-5
[15] Y. Mun, J. Kim, K. J. Noh, S. Lee, S. Kim, S. Yi, et al., “An innovative strategy for standardized, structured, and interoperable results in ophthalmic examinations,” BMC Medical Informatics and Decision Making, vol. 21, article no. 9, 2021. https://doi.org/10.1186/s12911-020-01370-0
[16] Y. Seong, S. C. You, A. Ostropolets, Y. Rho, J. Park, J. Cho, et al., “Incorporation of Korean electronic data interchange vocabulary into observational medical outcomes partnership vocabulary,” Healthcare Informatics Research, vol. 27, no. 1, pp. 29-38, 2021.
[17] Y. Rho, D. Y. Cho, Y. Son, Y. J. Lee, J. W. Kim, H. J. Lee, S. C. You, R. W. Park, and J. Y. Lee, “Covid-19 international collaborative research by the health insurance review and assessment service using its nationwide real-world data: database, outcomes, and implications,” Journal of Preventive Medicine and Public Health, vol. 54, no. 1, pp. 8-16, 2021.
[18] J. Park, S. H. Lee, S. C. You, J. Kim, and K. Yang, “Effect of renin-angiotensin-aldosterone system inhibitors on Covid-19 patients in Korea,” PloS One, vol. 16, no. 3, article no. e0248058, 2021. https://doi.org/10.1371/journal.pone.0248058
[19] S. Ko, H. Kim, J. Shinn, S. J. Byeon, J. H. Choi, and H. S. Kim, “Estimation of sodium‐glucose cotransporter 2 inhibitor–related genital and urinary tract infections via electronic medical record–based common data model,” Journal of Clinical Pharmacy and Therapeutics, vol. 46, no. 4, pp. 975-983, 2021.
[20] J. H. Kim, C. N. Ta, C. Liu, C. Sung, A. M. Butler, L. A. Stewart, et al., “Towards clinical data-driven eligibility criteria optimization for interventional COVID-19 clinical trials,” Journal of the American Medical Informatics Association, vol. 28, no. 1, pp. 14-22, 2021.
[21] J. H. Kim, S. W. Lee, D. K. Yon, E. K. Ha, H. M. Jee, M. Sung, et al., “Association of serum lipid parameters with the SCORAD index and onset of atopic dermatitis in children,” Pediatric Allergy and Immunology, vol. 32, no. 2, pp. 322-330, 2021.
[22] H. I. Kim, S. Y. Park, and H. P. Shin, “Incidence and management patterns of alcohol-related liver disease in Korea: a nationwide standard cohort study,” Scientific Reports, vol. 11, article no. 6648, 2021. https://doi.org/10.1038/s41598-021-86197-z
[23] S. A. Choi, H. Kim, S. Kim, S. Yoo, S. Yi, Y. Jeon, H. Hwang, and K. J. Kim, “Analysis of antiseizure drug‐related adverse reactions from the electronic health record using the common data model,” Epilepsia, vol. 61, no. 4, pp. 610-616, 2020.
[24] R. Brauer, I. C. K. Wong, K. K. Man, N. L. Pratt, R. W. Park, S. Y. Cho, et al., “Application of a Common Data Model (CDM) to rank the paediatric user and prescription prevalence of 15 different drug classes in South Korea, Hong Kong, Taiwan, Japan and Australia: an observational, descriptive study,” BMJ Open, vol. 10, no. 1, article no. e032426, 2020. https://doi.org/10.1136/bmjopen-2019-032426
[25] C. L. Chen, P. T. Huang, Y. Y. Deng, H. C. Chen, and Y. C. Wang, “A secure electronic medical record authorization system for smart device application in cloud computing environments,” Human-centric Computing and Information Sciences, vol. 10, article no. 21, 2020. https://doi.org/10.1186/s13673-020-00221-1
[26] A. R. Javed, M. U. Sarwar, M. O. Beg, M. Asim, T. Baker, and H. Tawfik, “A collaborative healthcare framework for shared healthcare plan with ambient intelligence,” Human-centric Computing and Information Sciences, vol. 10, article no. 40, 2020. https://doi.org/10.1186/s13673-020-00245-7
[27] S. Jeon, J. Seo, S. Kim, J. Lee, J. H. Kim, J. W. Sohn, J. Moon, and H. J Joo, “Proposal and assessment of a de-identification strategy to enhance anonymity of the observational medical outcomes partnership common data model (OMOP-CDM) in a public cloud-computing environment: anonymization of medical data using privacy models,” Journal of Medical Internet Research, vol. 22, no. 11, article no. e19597, 2020. https://doi.org/10.2196/19597
[28] A. R. Benaim, R. Almog, Y. Gorelik, I. Hochberg, L. Nassar, T. Mashiach, et al., “Analyzing medical research results based on synthetic data and their relation to real data results: systematic comparison from five observational studies,” JMIR Medical Informatics, vol. 8, no. 2, article no. e16492, 2020. https://doi.org/10.2196/16492
[29] J. Rumbold and B. Pierscionek, “Contextual anonymization for secondary use of big data in biomedical research: proposal for an anonymization matrix,” JMIR Medical Informatics, vol. 6, no. 4, article no. e7096, 2018. https://doi.org/10.2196/medinform.7096
[30] S. Jonas, S. Siewert, and C. Spreckelsen, “Privacy-preserving record grouping and consent management based on a public-private key signature scheme: theoretical analysis and feasibility study,” Journal of Medical Internet Research, vol. 21, no. 4, article no. e12300, 2019. https://doi.org/10.2196/12300

About this article
Cite this article

Jaedong Lee1, Phillip Park2,3, Sumi Ryu3, and Hyosoung Cha3,*, 2FA-SF: Two-Factor Assessment-Based Secure Framework for Clinically Distributed Multicenter Study, Article number: 11:47 (2021) Cite this article 1 Accesses

Download citation
  • Recived24 June 2021
  • Accepted12 December 2021
  • Published30 December 2021
Share this article

Anyone you share the following link with will be able to read this content:

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords