The ability to share database resources among collaborating organizations is highly desirable. However, sharing data continues to be a challenge when it comes from different types of database management systems (DBMSs) due to different schemas and data formats. Another challenge that is limiting collaboration is being able to enforce the home organizations local data protection policies while sharing data. For example, can a patient’s condition details be shared with an outside research organization - for a limited time - without sharing the patient’s sensitive diagnosis? Can it be shared without data integrity concerns? Some of the issues are not related to the technology but to the trust of the system. Trust is integral when allowing someone to directly query your database.
Current industry attempts have challenges addressing these data sharing problems. The current solutions are a hodgepodge of approaches and do not effectively and securely achieve all data-sharing objectives. The Secure Federated Data Sharing System (SFDS*) was designed to be more comprehensive and transparent to the otherwise normal business operations of participating organizations. It is a practical solution in that it requires no changes to an organizations DBMS, nor existing methods of authenticating and authorizing local user access to local resources. The SFDS authenticates external users by the validating mandatory attributes and ultimately assigning discretionary attributes to access local data.
Using a clinical research use case (see figure below), the SFDS technology can demonstrate the facilitation of secure data sharing among disparate organizations while enforcing local data access/protection policies at a granular level – without disruption of normal business operations. In other words, data can be shared with outside organizations while leaving the data at the home organization – rather than exchanging or being centrally stored. The SFDS is an effective, lightweight solution to a pervasive database resource sharing problem.
*The SFDS was a finalist in the IEEE Standards Association's 3rd annual Telehealth Tech Pitch Competition, which centered on challenges in digital health innovations. Out of 52 submissions from 23 countries, the SFDS stood out. Please watch this 3- minute video summarizing the SFDS clinical research use case.
Security and Privacy: access control, authentication, privacy, zero trust