The healthdata platform uses the eHealth platform as a Trusted Third Party and integrates electronic basic services of the eHealth platform in its basic architecture: the secure electronic mailbox; encryption, anonymisation & Trusted Third Party; eHealth certificates; integrated user and access management; and the system for end-to-end encryption.
By using eHealth's pseudonymisation, the healthdata platform will never receive the identity (or national identity number, surname, first name, etc.) of the patient. The medical and metadata is already encrypted before sending making it illegible to third parties.
A cascade of users and passwords were assigned to the healthdata platform, of only which a limited number of healthdata.be employees, have access to the most disclosed information.
The healthdata team stores the data of the various registers, that are in turn stored seperately on the internal datawarehouse. The pseudonymous eHealth identifiers are encrypted a second time with a specific algorithm register by the healthdata platform. By allowing access to data set for scientific analysis, the eHealthdata platform through pseudonymous identifiers are encrypted a second time by the healthdata platform with an analysis-specific algorithm.
On the extranet datawarehouse environment feedback reports are made available for authorized users and only aggregated data is stored. This disallows the identification of people.
The IBM InfoSphere Guardium software was installed on the healthdata.be platform. This monitors real-time database activity and protection is made possible. With this audit software, loggings are created, providing each user with access, activity and result. The result is permanent storage and retrievable results.The software IBM InfoSphere Guardium provides an API (Application Programming Interface) allowing accessible login through an online portal. Phase one started in 2015, when the healthdata.be team began with the development of this portal to inform the security consultants on the users and the use of their data on the healthdata.be platform. In 2016 this portal will go into production.
In 2015 healthdata.be asked an external, independent and specialized IT department to perform a technical audit on the developed applications and infrastructure. The so-called "vulnerability asessments" and "penetration tests" were tools that were both automated and manual. The results were reported and explained by the executers to project leaders and security responsibles of the healthdata.be platform.
Applications and data from the healthdata.be platform are managed by an exclusive infrastructure. This platform is the data center of the Directorate General of Statistics and Economic Information of the Federal Public Service Economy. Prior to this situation, a security officer of healthdata.be did a security and privacy audit. A service officer was appointed by healthdata.be, together with the Legal Service of the WIV-ISP, to shape the technical and non-technical aspects in the Cooperation Agreement. A Service Level Agreement was also signed between both parties.
Because the Federal Public Service of Economy acts as a host, there is a physical separation of infrastructure and applications of healthdata.be's Trusted Third Party. The eHealth platform is managed by the datacenters of the NPO Smals.