Access point for cataloguing oncological findings

About 350,000 people diagnosed with cancer currently live in Austria. Due to the general increase in life expectancy, but also due to increased screening and improved diagnostic methods, survival rates have improved and the number continues to rise. In this project an access point is set up in Lower Austria, to open up oncological findings for scientific use. This serves to research the molecular basis of cancer diseases and to develop new diagnostics, therapeutics and innovative therapeutic strategies. The Access Point serves as a central contact point for industry and science.

Oncology Information System (OIS)

The existing Oncology Information System (OIS) is used to document all diagnosed and treated cancer diseases in the 27 provincial and university hospitals in Lower Austria. For the first time all medically relevant information on diagnosis, therapy and course of disease is recorded in an Austrian province making it a valuable source for research.

Data protection requirements

As patient data is sensitive, data protection is of the utmost importance. The challenge is to enable secure data access through anonymisation/pseudonymisation and while ensuring data quality for the scientific preparation and evaluability of the data. To achieve this, new approaches to complex data processing and provision are needed.

Technical Structure

As scientific partner in the project, St Pölten UAS is responsible for the technical design of the access point. An essential aspect is the creation of a query interface between the requesting agency and the central OIS database. The developing of the underlying architecture follows the "Privacy by Design" concept. In addition, the interface anonymizes the data according to predefined criteria. A catalogue of basic criteria is developed in the course of this project. In order to prevent weakened data protection or even de-anonymisation, the interface stores queries to the OIS and allows this knowledge to influence future extractions. This serves to prevent collusion attacks by continuous and intertwined queries.

Detecting unauthorized data transfer

Another aspect is data leak detection, i.e. the integration of methods for detecting unauthorized data transfer. In the event that a data record appears, it should be possible to prove who originally requested it in order to initiate appropriate steps. Existing algorithms and techniques, which were partly developed at St. Pölten UAS, are evaluated with regard to their applicability in the environment of the OIS queries.

This safeguarding not only fulfils legal requirements regarding data protection and the GDPR (European General Data Protection Regulation), it is also essential in order to achieve the acceptance and cooperation of all parties involved.