Retrospective checking of compliance with practice guidelines for acute stroke care: a novel experiment using openEHR’s Guideline Definition Language

BACKGROUND: Providing scalable clinical decision support (CDS) across institutions that use different electronic health record (EHR) systems has been a challenge for medical informatics researchers. The lack of commonly shared EHR models and terminology bindings has been recognised as a major barrier to sharing CDS content among different organisations. The openEHR Guideline Definition Language (GDL) expresses CDS content based on openEHR archetypes and can support any clinical terminologies or natural languages. Our aim was to explore in an experimental setting the practicability of GDL and its underlying archetype formalism. A further aim was to report on the artefacts produced by this new technological approach in this particular experiment. We modelled and automatically executed compliance checking rules from clinical practice guidelines for acute stroke care. METHODS: We extracted rules from the European clinical practice guidelines as well as from treatment contraindications for acute stroke care and represented them using GDL. Then we executed the rules retrospectively on 49 mock patient cases to check the cases’ compliance with the guidelines, and manually validated the execution results. We used openEHR archetypes, GDL rules, the openEHR reference information model, reference terminologies and the Data Archetype Definition Language. We utilised the open-sourced GDL Editor for authoring GDL rules, the international archetype repository for reusing archetypes, the open-sourced Ocean Archetype Editor for authoring or modifying archetypes and the CDS Workbench for executing GDL rules on patient data. RESULTS: We successfully represented clinical rules about 14 out of 19 contraindications for thrombolysis and other aspects of acute stroke care with 80 GDL rules. These rules are based on 14 reused international archetypes (one of which was modified), 2 newly created archetypes and 51 terminology bindings (to three terminologies). Our manual compliance checks for 49 mock patients were a complete match versus the automated compliance results. CONCLUSIONS: Shareable guideline knowledge for use in automated retrospective checking of guideline compliance may be achievable using GDL. Whether the same GDL rules can be used for at-the-point-of-care CDS remains unknown

Exploring openEHR-based clinical guidelines in acute stroke care and research

Largely speaking, health information systems today are not able to exchange data between each other and understand the data’s meaning automatically by means of their information technology components. This lack of ‘interoperability’ also leads to patients experiencing an undesired discontinuity in their care. This thesis is a part of a health informatics field which tackles interoperability barriers by offering standardised information models for electronic health records. More specifically, this work explores possibilities of combining standardised information models offered by the openEHR interoperability approach with knowledge from evidence-based clinical practice guidelines. The applied methodology includes openEHR archetypes, the openEHR reference information model, standard medical terminologies such as SNOMED CT, the international stroke treatment registry SITS, a newly developed model for representing guideline knowledge (the ‘Care Entry-Network Model’), and rules authored in the Guideline Definition Language, a formalism recently endorsed by openEHR as a part of its specifications. The study design used is based on evaluating the work done by means of retrospectively checking the compliance of completed patient cases with guidelines from the domain of acute stroke management in Europe, both experimentally and using thousands of real patient cases from SITS. Our overall findings are that i) the Care Entry-Network Model facilitates an intermediate step between narrative guideline text and computer-interpretable guidelines to be deployed in openEHR systems, ii) the Guideline Definition Language is practicable for creating and automatically running openEHR-based computer-interpretable guidelines, where we also provide detailed accounts of our employed GDL technologies, and iii) the Guideline Definition Language combined with real patient data from patient data registries can generate new clinical knowledge, which in our case has benefited stroke carers and researchers working with acute stroke thrombolysis. In conclusion, using our methodology, health care stakeholders would get evidence-based knowledge components in their electronic health records based on shareable, well maintainable information and knowledge models in the form of archetypes and GDL rules respectively. However, our approach still needs to be tested at the point of clinical decision making and compared to other approaches for providing exchangeable computer-interpretable guidelines

A national clinical decision support infrastructure to enable the widespread and consistent practice of genomic and personalized medicine

<p>Abstract</p> <p>Background</p> <p>In recent years, the completion of the Human Genome Project and other rapid advances in genomics have led to increasing anticipation of an era of genomic and personalized medicine, in which an individual's health is optimized through the use of all available patient data, including data on the individual's genome and its downstream products. Genomic and personalized medicine could transform healthcare systems and catalyze significant reductions in morbidity, mortality, and overall healthcare costs.</p> <p>Discussion</p> <p>Critical to the achievement of more efficient and effective healthcare enabled by genomics is the establishment of a robust, nationwide clinical decision support infrastructure that assists clinicians in their use of genomic assays to guide disease prevention, diagnosis, and therapy. Requisite components of this infrastructure include the standardized representation of genomic and non-genomic patient data across health information systems; centrally managed repositories of computer-processable medical knowledge; and standardized approaches for applying these knowledge resources against patient data to generate and deliver patient-specific care recommendations. Here, we provide recommendations for establishing a national decision support infrastructure for genomic and personalized medicine that fulfills these needs, leverages existing resources, and is aligned with the <it>Roadmap for National Action on Clinical Decision Support </it>commissioned by the U.S. Office of the National Coordinator for Health Information Technology. Critical to the establishment of this infrastructure will be strong leadership and substantial funding from the federal government.</p> <p>Summary</p> <p>A national clinical decision support infrastructure will be required for reaping the full benefits of genomic and personalized medicine. Essential components of this infrastructure include standards for data representation; centrally managed knowledge repositories; and standardized approaches for leveraging these knowledge repositories to generate patient-specific care recommendations at the point of care.</p

What Role Can Process Mining Play in Recurrent Clinical Guidelines Issues? A Position Paper

[EN] In the age of Evidence-Based Medicine, Clinical Guidelines (CGs) are recognized to be an indispensable tool to support physicians in their daily clinical practice. Medical Informatics is expected to play a relevant role in facilitating diffusion and adoption of CGs. However, the past pioneering approaches, often fragmented in many disciplines, did not lead to solutions that are actually exploited in hospitals. Process Mining for Healthcare (PM4HC) is an emerging discipline gaining the interest of healthcare experts, and seems able to deal with many important issues in representing CGs. In this position paper, we briefly describe the story and the state-of-the-art of CGs, and the efforts and results of the past approaches of medical informatics. Then, we describe PM4HC, and we answer questions like how can PM4HC cope with this challenge? Which role does PM4HC play and which rules should be employed for the PM4HC scientific community?Gatta, R.; Vallati, M.; Fernández Llatas, C.; Martinez-Millana, A.; Orini, S.; Sacchi, L.; Lenkowicz, J.... (2020). What Role Can Process Mining Play in Recurrent Clinical Guidelines Issues? A Position Paper. International Journal of Environmental research and Public Health (Online). 17(18):1-19. https://doi.org/10.3390/ijerph17186616S1191718Guyatt, G. (1992). Evidence-Based Medicine. JAMA, 268(17), 2420. doi:10.1001/jama.1992.03490170092032Hripcsak, G., Ludemann, P., Pryor, T. A., Wigertz, O. B., & Clayton, P. D. (1994). Rationale for the Arden Syntax. Computers and Biomedical Research, 27(4), 291-324. doi:10.1006/cbmr.1994.1023Peleg, M. (2013). Computer-interpretable clinical guidelines: A methodological review. Journal of Biomedical Informatics, 46(4), 744-763. doi:10.1016/j.jbi.2013.06.009Van de Velde, S., Heselmans, A., Delvaux, N., Brandt, L., Marco-Ruiz, L., Spitaels, D., … Flottorp, S. (2018). A systematic review of trials evaluating success factors of interventions with computerised clinical decision support. Implementation Science, 13(1). doi:10.1186/s13012-018-0790-1Rawson, T. M., Moore, L. S. P., Hernandez, B., Charani, E., Castro-Sanchez, E., Herrero, P., … Holmes, A. H. (2017). A systematic review of clinical decision support systems for antimicrobial management: are we failing to investigate these interventions appropriately? Clinical Microbiology and Infection, 23(8), 524-532. doi:10.1016/j.cmi.2017.02.028Greenes, R. A., Bates, D. W., Kawamoto, K., Middleton, B., Osheroff, J., & Shahar, Y. (2018). Clinical decision support models and frameworks: Seeking to address research issues underlying implementation successes and failures. Journal of Biomedical Informatics, 78, 134-143. doi:10.1016/j.jbi.2017.12.005Garcia, C. dos S., Meincheim, A., Faria Junior, E. R., Dallagassa, M. R., Sato, D. M. V., Carvalho, D. R., … Scalabrin, E. E. (2019). Process mining techniques and applications – A systematic mapping study. Expert Systems with Applications, 133, 260-295. doi:10.1016/j.eswa.2019.05.003Bhargava, A., Kim, T., Quine, D. B., & Hauser, R. G. (2019). A 20-Year Evaluation of LOINC in the United States’ Largest Integrated Health System. Archives of Pathology & Laboratory Medicine, 144(4), 478-484. doi:10.5858/arpa.2019-0055-oaLee, D., de Keizer, N., Lau, F., & Cornet, R. (2014). Literature review of SNOMED CT use. Journal of the American Medical Informatics Association, 21(e1), e11-e19. doi:10.1136/amiajnl-2013-001636TROTTI, A., COLEVAS, A., SETSER, A., RUSCH, V., JAQUES, D., BUDACH, V., … COLEMAN, C. (2003). CTCAE v3.0: development of a comprehensive grading system for the adverse effects of cancer treatment. Seminars in Radiation Oncology, 13(3), 176-181. doi:10.1016/s1053-4296(03)00031-6Daniel, C., & Kalra, D. (2019). Clinical Research Informatics: Contributions from 2018. Yearbook of Medical Informatics, 28(01), 203-205. doi:10.1055/s-0039-1677921Marco-Ruiz, L., Pedrinaci, C., Maldonado, J. A., Panziera, L., Chen, R., & Bellika, J. G. (2016). Publication, discovery and interoperability of Clinical Decision Support Systems: A Linked Data approach. Journal of Biomedical Informatics, 62, 243-264. doi:10.1016/j.jbi.2016.07.011Marcos, C., González-Ferrer, A., Peleg, M., & Cavero, C. (2015). Solving the interoperability challenge of a distributed complex patient guidance system: a data integrator based on HL7’s Virtual Medical Record standard. Journal of the American Medical Informatics Association, 22(3), 587-599. doi:10.1093/jamia/ocv003Wulff, A., Haarbrandt, B., Tute, E., Marschollek, M., Beerbaum, P., & Jack, T. (2018). An interoperable clinical decision-support system for early detection of SIRS in pediatric intensive care using openEHR. Artificial Intelligence in Medicine, 89, 10-23. doi:10.1016/j.artmed.2018.04.012Chen, C., Chen, K., Hsu, C.-Y., Chiu, W.-T., & Li, Y.-C. (Jack). (2010). A guideline-based decision support for pharmacological treatment can improve the quality of hyperlipidemia management. Computer Methods and Programs in Biomedicine, 97(3), 280-285. doi:10.1016/j.cmpb.2009.12.004Anani, N., Mazya, M. V., Chen, R., Prazeres Moreira, T., Bill, O., Ahmed, N., … Koch, S. (2017). Applying openEHR’s Guideline Definition Language to the SITS international stroke treatment registry: a European retrospective observational study. BMC Medical Informatics and Decision Making, 17(1). doi:10.1186/s12911-016-0401-5Eddy, D. M. (1982). Clinical Policies and the Quality of Clinical Practice. New England Journal of Medicine, 307(6), 343-347. doi:10.1056/nejm198208053070604Guyatt, G. H. (1990). Then-of-1 Randomized Controlled Trial: Clinical Usefulness. Annals of Internal Medicine, 112(4), 293. doi:10.7326/0003-4819-112-4-293CHALMERS, I. (1993). The Cochrane Collaboration: Preparing, Maintaining, and Disseminating Systematic Reviews of the Effects of Health Care. Annals of the New York Academy of Sciences, 703(1 Doing More Go), 156-165. doi:10.1111/j.1749-6632.1993.tb26345.xWoolf, S. H., Grol, R., Hutchinson, A., Eccles, M., & Grimshaw, J. (1999). Clinical guidelines: Potential benefits, limitations, and harms of clinical guidelines. BMJ, 318(7182), 527-530. doi:10.1136/bmj.318.7182.527Grading quality of evidence and strength of recommendations. (2004). BMJ, 328(7454), 1490. doi:10.1136/bmj.328.7454.1490Guyatt, G. H., Oxman, A. D., Vist, G. E., Kunz, R., Falck-Ytter, Y., Alonso-Coello, P., & Schünemann, H. J. (2008). GRADE: an emerging consensus on rating quality of evidence and strength of recommendations. BMJ, 336(7650), 924-926. doi:10.1136/bmj.39489.470347.adHill, J., Bullock, I., & Alderson, P. (2011). A Summary of the Methods That the National Clinical Guideline Centre Uses to Produce Clinical Guidelines for the National Institute for Health and Clinical Excellence. Annals of Internal Medicine, 154(11), 752. doi:10.7326/0003-4819-154-11-201106070-00007Qaseem, A. (2012). Guidelines International Network: Toward International Standards for Clinical Practice Guidelines. Annals of Internal Medicine, 156(7), 525. doi:10.7326/0003-4819-156-7-201204030-00009Rosenfeld, R. M., Nnacheta, L. C., & Corrigan, M. D. (2015). Clinical Consensus Statement Development Manual. Otolaryngology–Head and Neck Surgery, 153(2_suppl), S1-S14. doi:10.1177/0194599815601394De Boeck, K., Castellani, C., & Elborn, J. S. (2014). Medical consensus, guidelines, and position papers: A policy for the ECFS. Journal of Cystic Fibrosis, 13(5), 495-498. doi:10.1016/j.jcf.2014.06.012Clinical Practical Guidelineshttp://www.openclinical.org/guidelines.htmlHaynes, A. B., Weiser, T. G., Berry, W. R., Lipsitz, S. R., Breizat, A.-H. S., Dellinger, E. P., … Gawande, A. A. (2009). A Surgical Safety Checklist to Reduce Morbidity and Mortality in a Global Population. New England Journal of Medicine, 360(5), 491-499. doi:10.1056/nejmsa0810119Grigg, E. (2015). Smarter Clinical Checklists. Anesthesia & Analgesia, 121(2), 570-573. doi:10.1213/ane.0000000000000352Hales, B., Terblanche, M., Fowler, R., & Sibbald, W. (2007). Development of medical checklists for improved quality of patient care. International Journal for Quality in Health Care, 20(1), 22-30. doi:10.1093/intqhc/mzm062Greenfield, S. (2017). Clinical Practice Guidelines. JAMA, 317(6), 594. doi:10.1001/jama.2016.19969Vegting, I. L., van Beneden, M., Kramer, M. H. H., Thijs, A., Kostense, P. J., & Nanayakkara, P. W. B. (2012). How to save costs by reducing unnecessary testing: Lean thinking in clinical practice. European Journal of Internal Medicine, 23(1), 70-75. doi:10.1016/j.ejim.2011.07.003Drummond, M. (2016). Clinical Guidelines: A NICE Way to Introduce Cost-Effectiveness Considerations? Value in Health, 19(5), 525-530. doi:10.1016/j.jval.2016.04.020Prior, M., Guerin, M., & Grimmer-Somers, K. (2008). The effectiveness of clinical guideline implementation strategies - a synthesis of systematic review findings. Journal of Evaluation in Clinical Practice, 14(5), 888-897. doi:10.1111/j.1365-2753.2008.01014.xWatts, C. G., Dieng, M., Morton, R. L., Mann, G. J., Menzies, S. W., & Cust, A. E. (2014). Clinical practice guidelines for identification, screening and follow-up of individuals at high risk of primary cutaneous melanoma: a systematic review. British Journal of Dermatology, 172(1), 33-47. doi:10.1111/bjd.13403Woolf, S., Schünemann, H. J., Eccles, M. P., Grimshaw, J. M., & Shekelle, P. (2012). Developing clinical practice guidelines: types of evidence and outcomes; values and economics, synthesis, grading, and presentation and deriving recommendations. Implementation Science, 7(1). doi:10.1186/1748-5908-7-61Legido-Quigley, H., Panteli, D., Brusamento, S., Knai, C., Saliba, V., Turk, E., … Busse, R. (2012). Clinical guidelines in the European Union: Mapping the regulatory basis, development, quality control, implementation and evaluation across member states. Health Policy, 107(2-3), 146-156. doi:10.1016/j.healthpol.2012.08.004Rashidian, A., Eccles, M. P., & Russell, I. (2008). Falling on stony ground? A qualitative study of implementation of clinical guidelines’ prescribing recommendations in primary care. Health Policy, 85(2), 148-161. doi:10.1016/j.healthpol.2007.07.011Yang, W.-S., & Hwang, S.-Y. (2006). A process-mining framework for the detection of healthcare fraud and abuse. Expert Systems with Applications, 31(1), 56-68. doi:10.1016/j.eswa.2005.09.003Kose, I., Gokturk, M., & Kilic, K. (2015). An interactive machine-learning-based electronic fraud and abuse detection system in healthcare insurance. Applied Soft Computing, 36, 283-299. doi:10.1016/j.asoc.2015.07.018Pryor, T. A., Gardner, R. M., Clayton, P. D., & Warner, H. R. (1983). The HELP system. Journal of Medical Systems, 7(2), 87-102. doi:10.1007/bf00995116Shahar, Y., Miksch, S., & Johnson, P. (1998). The Asgaard project: a task-specific framework for the application and critiquing of time-oriented clinical guidelines. Artificial Intelligence in Medicine, 14(1-2), 29-51. doi:10.1016/s0933-3657(98)00015-3Boxwala, A. A., Peleg, M., Tu, S., Ogunyemi, O., Zeng, Q. T., Wang, D., … Shortliffe, E. H. (2004). GLIF3: a representation format for sharable computer-interpretable clinical practice guidelines. Journal of Biomedical Informatics, 37(3), 147-161. doi:10.1016/j.jbi.2004.04.002Terenziani, P., Molino, G., & Torchio, M. (2001). A modular approach for representing and executing clinical guidelines. Artificial Intelligence in Medicine, 23(3), 249-276. doi:10.1016/s0933-3657(01)00087-2Sutton, D. R., & Fox, J. (2003). The Syntax and Semantics of the PROformaGuideline Modeling Language. Journal of the American Medical Informatics Association, 10(5), 433-443. doi:10.1197/jamia.m1264Musen, M. A., Tu, S. W., Das, A. K., & Shahar, Y. (1996). EON: A Component-Based Approach to Automation of Protocol-Directed Therapy. Journal of the American Medical Informatics Association, 3(6), 367-388. doi:10.1136/jamia.1996.97084511Ciccarese, P., Caffi, E., Quaglini, S., & Stefanelli, M. (2005). Architectures and tools for innovative Health Information Systems: The Guide Project. International Journal of Medical Informatics, 74(7-8), 553-562. doi:10.1016/j.ijmedinf.2005.02.001Shiffman, R. N., & Greenes, R. A. (1994). Improving Clinical Guidelines with Logic and Decision-table Techniques. Medical Decision Making, 14(3), 245-254. doi:10.1177/0272989x9401400306Peleg, M., Tu, S., Bury, J., Ciccarese, P., Fox, J., Greenes, R. A., … Stefanelli, M. (2003). Comparing Computer-interpretable Guideline Models: A Case-study Approach. Journal of the American Medical Informatics Association, 10(1), 52-68. doi:10.1197/jamia.m1135Karadimas, H., Ebrahiminia, V., & Lepage, E. (2018). User-defined functions in the Arden Syntax: An extension proposal. Artificial Intelligence in Medicine, 92, 103-110. doi:10.1016/j.artmed.2015.11.003Peleg, M., Keren, S., & Denekamp, Y. (2008). Mapping computerized clinical guidelines to electronic medical records: Knowledge-data ontological mapper (KDOM). Journal of Biomedical Informatics, 41(1), 180-201. doi:10.1016/j.jbi.2007.05.003German, E., Leibowitz, A., & Shahar, Y. (2009). An architecture for linking medical decision-support applications to clinical databases and its evaluation. Journal of Biomedical Informatics, 42(2), 203-218. doi:10.1016/j.jbi.2008.10.007Marcos, M., Maldonado, J. A., Martínez-Salvador, B., Boscá, D., & Robles, M. (2013). Interoperability of clinical decision-support systems and electronic health records using archetypes: A case study in clinical trial eligibility. Journal of Biomedical Informatics, 46(4), 676-689. doi:10.1016/j.jbi.2013.05.004Marco-Ruiz, L., Moner, D., Maldonado, J. A., Kolstrup, N., & Bellika, J. G. (2015). Archetype-based data warehouse environment to enable the reuse of electronic health record data. International Journal of Medical Informatics, 84(9), 702-714. doi:10.1016/j.ijmedinf.2015.05.016Gooch, P., & Roudsari, A. (2011). Computerization of workflows, guidelines, and care pathways: a review of implementation challenges for process-oriented health information systems. Journal of the American Medical Informatics Association, 18(6), 738-748. doi:10.1136/amiajnl-2010-000033Quaglini, S., Stefanelli, M., Cavallini, A., Micieli, G., Fassino, C., & Mossa, C. (2000). Guideline-based careflow systems. Artificial Intelligence in Medicine, 20(1), 5-22. doi:10.1016/s0933-3657(00)00050-6Schadow, G., Russler, D. C., & McDonald, C. J. (2001). Conceptual alignment of electronic health record data with guideline and workflow knowledge. International Journal of Medical Informatics, 64(2-3), 259-274. doi:10.1016/s1386-5056(01)00196-4González-Ferrer, A., ten Teije, A., Fdez-Olivares, J., & Milian, K. (2013). Automated generation of patient-tailored electronic care pathways by translating computer-interpretable guidelines into hierarchical task networks. Artificial Intelligence in Medicine, 57(2), 91-109. doi:10.1016/j.artmed.2012.08.008Shabo, A., Parimbelli, E., Quaglini, S., Napolitano, C., & Peleg, M. (2016). Interplay between Clinical Guidelines and Organizational Workflow Systems. Methods of Information in Medicine, 55(06), 488-494. doi:10.3414/me16-01-0006Mulyar, N., van der Aalst, W. M. P., & Peleg, M. (2007). A Pattern-based Analysis of Clinical Computer-interpretable Guideline Modeling Languages. Journal of the American Medical Informatics Association, 14(6), 781-787. doi:10.1197/jamia.m2389Grando, M. A., Glasspool, D., & Fox, J. (2012). A formal approach to the analysis of clinical computer-interpretable guideline modeling languages. Artificial Intelligence in Medicine, 54(1), 1-13. doi:10.1016/j.artmed.2011.07.001Kaiser, K., & Marcos, M. (2015). Leveraging workflow control patterns in the domain of clinical practice guidelines. BMC Medical Informatics and Decision Making, 16(1). doi:10.1186/s12911-016-0253-zMartínez-Salvador, B., & Marcos, M. (2016). Supporting the Refinement of Clinical Process Models to Computer-Interpretable Guideline Models. Business & Information Systems Engineering, 58(5), 355-366. doi:10.1007/s12599-016-0443-3Decision Model and Notation Version 1.0https://www.omg.org/spec/DMN/1.0Ghasemi, M., & Amyot, D. (2016). Process mining in healthcare: a systematised literature review. International Journal of Electronic Healthcare, 9(1), 60. doi:10.1504/ijeh.2016.078745Rebuge, Á., & Ferreira, D. R. (2012). Business process analysis in healthcare environments: A methodology based on process mining. Information Systems, 37(2), 99-116. doi:10.1016/j.is.2011.01.003Rovani, M., Maggi, F. M., de Leoni, M., & van der Aalst, W. M. P. (2015). Declarative process mining in healthcare. Expert Systems with Applications, 42(23), 9236-9251. doi:10.1016/j.eswa.2015.07.040Rojas, E., Munoz-Gama, J., Sepúlveda, M., & Capurro, D. (2016). Process mining in healthcare: A literature review. Journal of Biomedical Informatics, 61, 224-236. doi:10.1016/j.jbi.2016.04.007Lenkowicz, J., Gatta, R., Masciocchi, C., Casà, C., Cellini, F., Damiani, A., … Valentini, V. (2018). Assessing the conformity to clinical guidelines in oncology. Management Decision, 56(10), 2172-2186. doi:10.1108/md-09-2017-0906Fernández-Llatas, C., Benedi, J.-M., García-Gómez, J., & Traver, V. (2013). Process Mining for Individualized Behavior Modeling Using Wireless Tracking in Nursing Homes. Sensors, 13(11), 15434-15451. doi:10.3390/s131115434Qu, G., Liu, Z., Cui, S., & Tang, J. (2013). Study on Self-Adaptive Clinical Pathway Decision Support System Based on Case-Based Reasoning. Frontier and Future Development of Information Technology in Medicine and Education, 969-978. doi:10.1007/978-94-007-7618-0_95Van de Velde, S., Roshanov, P., Kortteisto, T., Kunnamo, I., Aertgeerts, B., Vandvik, P. O., & Flottorp, S. (2015). Tailoring implementation strategies for evidence-based recommendations using computerised clinical decision support systems: protocol for the development of the GUIDES tools. Implementation Science, 11(1). doi:10.1186/s13012-016-0393-

Contributions to the privacy provisioning for federated identity management platforms

Identity information, personal data and user’s profiles are key assets for organizations and companies by becoming the use of identity management (IdM) infrastructures a prerequisite for most companies, since IdM systems allow them to perform their business transactions by sharing information and customizing services for several purposes in more efficient and effective ways. Due to the importance of the identity management paradigm, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused across different domains by allowing users simple session management, etc. In this way, users’ information is widely collected and distributed to offer new added value services and to enhance availability. Whereas these new services have a positive impact on users’ life, they also bring privacy problems. To manage users’ personal data, while protecting their privacy, IdM systems are the ideal target where to deploy privacy solutions, since they handle users’ attribute exchange. Nevertheless, current IdM models and specifications do not sufficiently address comprehensive privacy mechanisms or guidelines, which enable users to better control over the use, divulging and revocation of their online identities. These are essential aspects, specially in sensitive environments where incorrect and unsecured management of user’s data may lead to attacks, privacy breaches, identity misuse or frauds. Nowadays there are several approaches to IdM that have benefits and shortcomings, from the privacy perspective. In this thesis, the main goal is contributing to the privacy provisioning for federated identity management platforms. And for this purpose, we propose a generic architecture that extends current federation IdM systems. We have mainly focused our contributions on health care environments, given their particularly sensitive nature. The two main pillars of the proposed architecture, are the introduction of a selective privacy-enhanced user profile management model and flexibility in revocation consent by incorporating an event-based hybrid IdM approach, which enables to replace time constraints and explicit revocation by activating and deactivating authorization rights according to events. The combination of both models enables to deal with both online and offline scenarios, as well as to empower the user role, by letting her to bring together identity information from different sources. Regarding user’s consent revocation, we propose an implicit revocation consent mechanism based on events, that empowers a new concept, the sleepyhead credentials, which is issued only once and would be used any time. Moreover, we integrate this concept in IdM systems supporting a delegation protocol and we contribute with the definition of mathematical model to determine event arrivals to the IdM system and how they are managed to the corresponding entities, as well as its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to user profile management, we define a privacy-awareness user profile management model to provide efficient selective information disclosure. With this contribution a service provider would be able to accesses the specific personal information without being able to inspect any other details and keeping user control of her data by controlling who can access. The structure that we consider for the user profile storage is based on extensions of Merkle trees allowing for hash combining that would minimize the need of individual verification of elements along a path. An algorithm for sorting the tree as we envision frequently accessed attributes to be closer to the root (minimizing the access’ time) is also provided. Formal validation of the above mentioned ideas has been carried out through simulations and the development of prototypes. Besides, dissemination activities were performed in projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí