Technical measures

The healthdata platform uses the eHealth platform as a Trusted Third Party and integrates electronic basic services of the eHealth platform in its basic architecture: the secure electronic mailbox; encryption, anonymisation & Trusted Third Party; eHealth certificates; integrated user and access management; and the system for end-to-end encryption.

By using eHealth's pseudonymisation, the healthdata platform will never receive the identity (or national identity number, surname, first name, etc.) of the patient. The medical and metadata is already encrypted before sending making it illegible to third parties.

A cascade of users and passwords were assigned to the healthdata platform, of only which a limited number of healthdata.be employees, have access to the most disclosed information.

The healthdata team stores the data of the various registers, that are in turn stored seperately on the internal datawarehouse. The pseudonymous eHealth identifiers are encrypted a second time with a specific algorithm register by the healthdata platform. By allowing access to data set for scientific analysis, the eHealthdata platform through pseudonymous identifiers are encrypted a second time by the healthdata platform with an analysis-specific algorithm.

On the extranet datawarehouse environment feedback reports are made available for authorized users and only aggregated data is stored. This disallows the identification of people.

The IBM InfoSphere Guardium software was installed on the healthdata.be platform. This monitors real-time database activity and protection is made possible. With this audit software, loggings are created, providing each user with access, activity and result.  The result is permanent storage and retrievable results.The software IBM InfoSphere Guardium provides an API (Application Programming Interface) allowing accessible login  through an online portal. Phase one started in 2015, when the healthdata.be team began with the development of this portal to inform the security consultants on the users and the use of their data on the healthdata.be platform. In 2016 this portal will go into production.

In 2015 healthdata.be asked an external, independent and specialized IT department to perform a technical audit on the developed applications and infrastructure. The so-called "vulnerability asessments" and "penetration tests" were tools that were both automated and manual. The results were reported and explained by the executers to project leaders and security responsibles of the healthdata.be platform.

Applications and data from the healthdata.be platform are managed by an exclusive infrastructure. This platform is the data center of the Directorate General of Statistics and Economic Information of the Federal Public Service Economy. Prior to this situation, a security officer of healthdata.be did a security and privacy audit. A service officer was appointed by healthdata.be, together with the Legal Service of the WIV-ISP, to shape the technical and non-technical aspects in the Cooperation Agreement. A Service Level Agreement was also signed between both parties.

Because the Federal Public Service of  Economy acts as a host, there is a physical separation of infrastructure and applications of healthdata.be's Trusted Third Party. The eHealth platform is managed by the datacenters of the NPO Smals.

Non-technical measures

A security manager and a designated doctor were recruited for WIV-ISP's service healthdata.be.

The security manager's responsibilities include a) the establishment of minimum standards concerning the physical and logical security of personal data; b) drawing up a checklist that allows verification of these minimum standards concerning the physical and logical security of registry; c) monitoring of the user(s) and accessibility to personal data; d) a commitment to confidentiality with each staff member, regardless of the employer, for implementating this agreement and having access to the healthdata platform; e) the audit of basic architecture, which includes data collecting, on the one hand, and datawarehouse, on the other hand, which deals with changes; f) an authourized preparation of  requests to the Sectoral Committee of Social Security and Health; and g) a preparation of unique files for the eHealth platform.

All internal and external staff, temporary or long-term, signed a Non-Disclosure Agreement (NDA) with the WIV-ISP as defined in d).

Healthdata.be's designated doctor is responsible a) for observing the confidentiality of personal data and to ensure that each staff member can have access to the healthdata.be platform; b) for monitoring the directive relating to small cell risk analysis and to ensure that it's possible on the basis of the personal data provided for non-identification of a particular patient; c) preparing applications for authorisation to the Sectoral Committee of Social Security and Health; and d) creating unique files for the eHealth platform.

In 2015, healthdata.be, at the request of the secretariat of the Sectoral Committee of Health, complied a group of external Small Cell Risk Analysis experts. The Sectoral Committee will include and assign in its deliberations on the projects, which are operated by the healthdata.be platform, one of the experts to describe the necessary measures. These available measures should include how the researcher avoids the re-identification concerning the foundation of pseudonymous personal data. In the course of 2016,  regulations for a common methodology shall be recorded amongst the external experts.