OLV Hospital in Aalst works on widely deployable solution for de-identification and pseudonymisation

An incredible amount of data is available in healthcare. The challenge lies in using it in the best possible way: for policy support, clinical research, improving care, working more efficiently… The potential applications are endless, and the list gets longer by the day.

In all this, there is one thing that must always be kept firmly in mind: if you unlock patient data to an external party or software, you need to make that data available in a secure way, and respect privacy laws. This includes ensuring that individuals in a dataset cannot be identified. In other words, you have to strip the data of all identifiable personal information, and make it available to the third party in an encrypted or pseudonymised form.

Very often today, this is done on an ad hoc basis. But this takes time and effort, because you have to start at the beginning for each case.

One solution for multiple scenarios

The IT department of OLV Hospital in Aalst wants to move away from this case-by-case approach. They are collaborating with Amaron to develop a generic solution: one that can be deployed in different scenarios, and that leaves nothing to chance in terms of data privacy.

“At our hospital, we currently have several different use cases in the pipeline. On the IT-side, we want to be ready to connect new AI services quickly, as soon as needed,” says Goedele Antonissen, IT director at OLV Hospital.

“We have created a building block that can be reused for different cases, which can save a lot of time. But the solution is also much more secure, and we can use a unique pseudonym for each service without any extra work. As a result, different exports can never be linked to each other.”
Goedele Antonissen, IT director OLV Hospital.

Three components

The de-identification and pseudonymisation solution consists of three components:

1. Pseudonymisation component: automatically removes a patient’s identifiers and links the patient to a code – a different code is used for each different service.
2. Audit component: logs all interactions with personal data, for example, an employee comparing input and output files for a quality check. Users carrying out decryptions (i.e., tracing the real patient by using the pseudocode), will also  be saved in the audit log.
3. Governance component: allows you to document and oversee the internal GDPR process. You can tailor the process to your hospital’s operation, and adapt it according to the specific requirements of a case. “You can go as far into detail as you want or, alternatively, keep it simple,” says Goedele Antonissen.
   Possible steps in this process could include:
   > The legal officer indicates that there is a contract with the supplier;
   > The DPO confirms that the supplier addendum is OK;
   > The IT department confirms that the necessary measures have been taken to ensure secure data transfer;
   > The ethics committee approves the data release.

Added value for the hospital

“In my opinion, the combination of these three components makes the solution unique. The fact that you can automate the process and, above all, make it demonstrable is a great added value for the hospital.”
Goedele Antonissen

This wide-ranging solution can be used to manage all kinds of applications:

• forwarding images for analysis in the cloud;
• pseudonymising data for studies;
• analysing unstructured text;
• exporting part of the medical record to a data warehouse, etc.

“While we aren’t quite there yet, we do know that these applications will only grow in significance. So it is important to be prepared with a solution that is well designed, including technically,” Goedele Antonissen continues.

The components for pseudonymisation and audit are almost ready, and are now being extensively tested by the DPO. The governance component is gradually also taking shape.

“For us, it was a logical choice to work with Amaron. As an integrator, they know all the software applications running in hospitals, and how to link everything together perfectly. They understand the subject matter inside out, and they also have a lot of experience with imaging. They just need half a word to understand what you mean. As far as we are concerned, Amaron is the ideal partner to build the solution for de-identification and pseudonymisation,” concludes Goedele Antonissen.

Advantages of the generic solution for de-identification and pseudonymisation: New pseudonymisation projects can be set up quickly. You save a lot of time because you do not have to work out a solution for each case separately. A different identifier is used for each project. In case of a data leak, combining multiple projects will not reveal any additional information enabling anyone to identify the patient. The entire governance process is documented, executable, and therefore demonstrable. You are working with a partner with unrivalled knowledge and experience in the field of interoperability in the healthcare sector.

More information, a demonstration or a quote?