WP 5 – Secure Access Status update

Christian Ohmann and Klaus Kuhn First BioMedBridges Annual General Meeting

11-12 March 2013, Düsseldorf

WP 5: Two main Working Tasks

¡ Develop a security and ethical / legal framework for the envisioned Data Bridges between different e-Infrastructures

(Christian Ohmann)

¡ Develop a comprehensive security infrastructure (Klaus Kuhn)

2

WP 5: Members

3

Name Institution Infractructure J. P. Overington, A. Brazma, U. Sarkans, J. McMurray, J. Chambers, A. Faulconbridge, D. Arendt, J. Ellenberg, A. Keppler

EMBL-EBI EU-Openscreen, ELIXIR, Euro-BioImaging

A. Woollard, C. Morris, M. Winn STFC INSTRUCT

C. Ohmann, W. Kuchinke, T. Karakoyun, S. Seufert, M. Eckert, UDUS ECRIN

K. Kuhn, R. Blaser, S. Brunner, F. Kohlmayer, W. Mann TUM-MED BBMRI

S. Klein, W. Niessen ErasmusMC Euro-BioImaging

P. Gormanns, C. Lengger, H. Maier, M. Raess, J. Ertel HMGU Infrafrontier

K. Helbing, R. Krause, J. Drepper, S. Semler, E. Witt TMF EU-Openscreen

H. Raoul Inserm

H. Edgren, I. Västrik UH EATRIS

WP 5:Deliverables and milestones

¡ Completed deliverable: none so far ¡ Future deliverable Del 5.1 (Mo. 18):

Report on regulations, privacy and security requirements ¡  Basis: analysis of the ethical, legal and regulatory conditions for all

e-Infrastructures concerning: a) sharing and transfer of b) access to data and biomaterial

¡  Completed milestone: none so far ¡  Future milestone MS13 (Mo. 18): Report has been completed on regulations, privacy, security, and IP requirements

4

WP 5: Meetings and TCs

¡  WP5-Workshop (Düsseldorf, 12.0.72013)

¡  WP5-Participation at kick-off meeting (05.-06.03.2012)

¡  WP5-Participation at WP3/4-Technical Workshop (25.-27.09.2012) and WP8-Workshop (17.01.2013)

¡  WP5 TCs (13.09.2012, 30.10.2012, 26.11.2012, 20.02.2013)

¡  WP5 Subgroup TCs (e.g. 17.12.2013,18.12.2013, 20.12.2013 )

5

WP 5: Progress achieved so far

¡ WP5-Masterplan (August 2012)

¡ WP5-Consensus document: “Points to consider” (July 2012)

¡ WP5 data survey: security and ethics-related questions (September 2012)

¡ ongoing work on Del 5.1: Report on regulations, privacy and security requirements (Draft Version 0.20 from March 2013)

¡ ongoing work on Usage scenarios as part of Del. 5.1 (n=5)

6

WP 5: Points to consider

7

8

WP5 data survey: security and ethics-related questions

Serving/providing data

¡  Do you serve data or metadata related to humans ¡  5 yes (3 entire RI), 9 no, 1 skipped

¡  Is the data you serve on the level of individuals ¡  5 yes (3 entire RI), 10 skipped

¡  Do the data/objects contain personal health information ¡  3 yes (3 entire RI), 2 no, 10 skipped

¡  Do the data/objects you serve require informed consent ¡  5 yes (3 entire RI), 10 skipped

¡  Do the data/objects you serve need to be protected ¡  5 yes (different options, 3 entire RI), 10 skipped

9

WP5 data survey: security and ethics-related questions

Using data

¡  Do you want to use data or metadata related to humans ¡  11 yes (5 entire RI), 3 no, 1 skipped

¡  Is the data you want to use on the level of individuals ¡  10 yes (5 entire RI), 1 no, 4 skipped

¡  Do the data/objects contain personal health information ¡  8 yes (4 entire RI), 1 no, 1 not sure, 5 skipped

¡  Do you need confirmation that consent was obtained ¡  6 yes (4 entire RI), 2 don‘t know, 7 skipped

¡  Can you provide protection ¡  6 yes (different options, 3 entire RI), 2 don‘t know, 7 skipped

WP 5: Necessity for usage scenarios

¡ Use cases will be available only after Del 5.1 completion

¡ Thus, necessary information is missing to develop the ethical / legal requirements and the security infrastructure for the Data Bridges

¡ Joint development of the usage scenarios to gather basic information and specifications of the envisioned Data Bridges

¡  Usage scenarios are simplified use case descriptions, which contain the necessary information for mapping security and

ethical/legal requirements to the Data Bridge description

10

WP 5: Procedure for Usage scenarios

¡  Description of usage scenarios and actors via a survey of use case members to provide information for the corresponding usage scenarios (questionnaire, Nov. 2012)

¡  Specifications about data sources and provision of data flow diagram

¡  Improvement and better understanding via telephone conferences with use case members (Dec. 2012 until Feb. 2013)

11

12

WP  5

##

Development  of    Domain  Scenario  Biomedbridges

Development  of  BioMedBridges  Usage  Scenarios

Domain  Scenario:  

BioMedBridges

Usage  Scenarios  BioMedBridges

Usage  Scenario1

Deliverable  5.1.Report  on  regulations,  privacy  and  security  

requirements

Usage  Scenario3

Tool  for  assessment  of  regulatory  ant  ethical  

requirements(TMF)  

Time

M12

M0

M24

M18

Usage  Scenario2

Usage  Scenario4

Analysis  of  Regulations  and  security  issues  

regarding  security  of  biosamples

LegendComponent:  Input/Output  of  process  task

Process  task

Component  with  delivery  date

Development  Survey  WP  5

Survey  WP  5

Evaluation  of  Survey

Analysis  of  DOW

Analysis  of  Regulations  and  security  issues  regarding  animal  protection  (TMF)

Analysis  of  Regulations  and  

privacy  requirements  for  using  data  bridges  &  accessing  data

Analysis  of  Rules  and  regulations  regarding  data  connected  to  intellectual  property  

and  licences    

Requirements  ClusterPrivacy

Requirements  Cluster

 IP  and  Licences

Requirements  ClusterAnimal  

Protection

Requirements  Cluster

 Biosamples

Analysis  of  Rules  and  regulations  for  

security  requirements

Requirements  ClusterSecurity

Development  of  a  tool  for  assessment  of  ethical  and  legal  requirements  and  supporting  documents  

Security  requirements  for  an  e-­‐infrastructure  

addressing  the  use  cases  (TUM)

Report  describing  the    security  architecture  

and  framework  

Input  from  Use  Cases

M36Threat  and  risk  

analysis  for  sharing  data  or  biomaterials  

(TUM)

Design  of  the  security  architecture  and  

framework  

WP 5: Scenario

driven approach

WP5: The 5 usage scenarios (US)

¡ Personalized Medicine (related to WP 8)

¡ Structural Data (related to WP 9)

¡ Phenobridge (related to WP 7)

¡ Imaging (related to WP 6)

¡ Biological Sample Data Integration (related to WP 10)

13

Personalized Medicine (PM)

¡ Contributors ¡  Henrik Edgren (EATRIS)

¡ Aims and motivations ¡  Solve problem of access to and

integration of data on patients to enable better treatment decision for individual patients

¡ Status ¡  Advanced version available with

description of data sources, data types, flow diagram

¡ Action ¡  Specify Linkage/Transfer of data

and added value of data bridges; provide final version

14

Personalized Medicine (PM)

15

Structural Data ¡ Contributors

¡  Astrid Woollard (INSTRUCT) ¡ Aims and motivations

¡  Access to infrastructures that will provide structural and protein interaction data to gain better understanding of e.g. multi-protein complexes

¡ Status ¡  Advanced version available with

description of data sources, data types, linkage/transfer of data, flow diagram

¡ Action

16

o  Provide final version

Phenobridge ¡ Contributors

¡  Philipp Gormanns (Infrafrontier) ¡ Aims and motivations

¡  Connecting the different ontological phenotypic annotations of mouse and human to facilitate interspecies analysis of disease datasets

¡ Status ¡  Advanced version available with

description of data sources, data types, linkage/transfer of data, flow diagram

¡ Action ¡  Provide final version

17

Imaging ¡ Contributors

¡  Tanja Nikovic, Jean Ellenberg and Stefan Klein (EURO-BioImaging)

¡ Aims and motivations ¡  Provide ubiquitous access to

stored data and images, as well as to advanced analysis algorithms

¡ Status ¡  Advanced version available with

description of data sources, data types, flow diagram

¡ Action ¡  Provide final version

18

future

Biological Sample Data Integration

¡ Contributors ¡  Ugis Sarkans (EMBL-EBI),

Roland Krause and Elke Witt (EATRIS)

¡ Aims and motivations ¡  Large patient cohorts which can

be enlarged by sharing data via the Data Bridge

¡ Status ¡  Draft version available with

description of data sources, data types, flow diagram

¡ Action ¡  Provide advanced version

19

WP5 Usage scenarios: Next steps

¡  Telephone interviews with selected data source providers (March/April 2013)

¡  Completion and final harmonization of usage scenario descriptions

(March 2013)

¡  Mapping of security and ethical/legal requirements to usage scenario specifications (started, to be finished April 2013)

¡  Integration in Del. 5.1 (May 2013)

20

WP5 Del 5.1: Status

21

Section Maturity

Executive summary, Introduction Not done

General approach, domain scenario Done

Usage scenarios Under development

Introduction to regulatory terminology and dependencies Partly done

Requirements clusters Not done

Rules and regulations for access, processing and transfer of data Nearly done

Practices and policies for access, processing and transfer of data and of biosamples based on feedback from EU-infrastructures

Not done

Regulation and security issues regarding security of biosamples Nearly done

Rules and regulations regarding data connected to intellectual property and licences in e-Infrastructures

Nearly done

Results of the survey on security/privacy Nearly done

References, glossary Not done

Interactions with other WPs and dissemination

¡ WP 6-10

¡  All use case groups participated in the development of the usage scenarios

¡ WP 4 ¡  Julie McMurry (WP4) regularly

participates in discussions at WP5 telephone conferences

¡ WP 5 ¡  Participated in discussions at

WP 8´s first use case group meeting (Helsinki, Jan. 2013)

and the WP3/4 Technical Workshop (Hinxton, September, 2012)

22

BioMedBridges has been presented at ….

¡  Conferences/workshops ¡  eChallenge (Lisbon, October, 2012) ¡  Workshop of KKS Düsseldorf and CDISC (Düsseldorf, May, 2012)

¡  BMS RI meetings ¡  Report at ECRIN-IA TCs ¡  Link to EUDAT (via ECRIN)

Link of WP8 to p-medicine ¡  Link to Convergence Workshop of EU-funded projects

23

Points of discussion

¡ Provision of contact data of data source providers for the targeted individual telephone conferences?

¡ How to perform the mapping procedure of regulatory text to specifications of the usage scenarios?

¡ Clarify the role of partners as representatives of infrastructures

24