The "Guideline for Data Protection in Medical Research Projects - TMF's generic solutions 2.0" represents a comprehensive, agreed-upon guideline for establishing medical research consortiums with appropriate data protection measures. For some of the central IT components required by the guideline, there are already freely available implementations; by reusing these, unnecessary duplicate development time can be avoided. However, they do not cover all functions described in the concept. The aim of this project is to develop the most important missing functionalities in the areas of identity management (cf. 6.1 in the guideline), rights management (cf. 6.2) and consent management (c.f. 6.6.6) on the basis of already existing software and then make them available to the scientific community. For this, the project partner in Mainz will develop an authentication service (cf. 6.2) that makes the registration of users simpler and more secure. Not only will it be possible to manage users (with secure, encrypted passwords, expiry dates, email verification, etc.), it will also supplement federated authentication for the reuse of already existing accounts (for example, those of each of the home institutions). The project partner will also expand Mainzelliste [1] with thus far missing functions for patient lists (cf. 6.1.1.1) and a pseudonymisation service (cf. 6.1.1.2). The result will be a complete identity management solution (cf. 6.1). The project partner in Greifswald will analyse the existing glCS tool [2] in view of its fulfilment of the TMF guideline and will expand it into a complete consent management solution in accordance with the guideline (cf. 6.6.6). For all software indicated, the partners will create documentation that not only facilities use, but also further development. With the help of open interface descriptions, interoperability will be established. In addition, the use cases that are to be covered will be defined during the first months of the project with the help of the guideline. The project partner in Heidelberg will evaluate the tools named above in terms of their suitability for implementation in the use cases as well as the interoperability of the open interfaces. In this way, it will be ensured that the software can be widely used by the scientific community. The project partner in the TMF office will guide the project and check that the guideline is adhered to. For this, continuous coordination with the Data Privacy Protection and ITQM working groups is planned. Finally, the software will be offered in the IT Service Portal as recommended implementations for authentication, identify management and consent management in medical research consortiums. [1] http://www.mainzelliste.de [2] https://mosaic-greifswald.de/werkzeuge-und-vorlagen/einwilligungsmanagement-gics.html

DFG Programme Research Grants

Co-Investigators Dr. Martin Bialke; Andreas Borg; Dr. Johannes Drepper; Dr. Oliver Heinze; Dr. Torsten Leddig; Professor Dr. Frank Ückert