Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Anonymity & Pseudonymity in eResearch

A peer reviewed poster paper presented at a major annual e-research conference in 2009.

"Anonymity & Pseudonymity in eResearch via smartcards and Public Key Infrastructure"

eResearch Australasia, Manly (Sydney), November 2009

This paper explains how Lockstep Technologies' Stepwise digital ID solution can be applied towards anonymity or pseudonymity in health and social science studies, by strongly de-identifying study subjects. Thus we protect their privacy and confidentiality while enhancing study integrity.

Extract

A great deal of research in healthcare and the social sciences requires that study subjects remain anonymous (or pseudonymous). Tensions arise between privacy, authenticity and integrity: without compromising confidentiality, there must be assurances that reported data truly corresponds to real subjects, and that data has not been corrupted either accidentally of deliberately. Further, eResearch is conducted in an increasingly stringent regulatory environment, with legislated privacy requirements, and raised confidentiality expectations especially in the USA with strict FDA and health record privacy rules.

Lockstep Technologies R&D into PKI-based identity and access management has led to an anonymous records system called “Stepwise” which can be applied to ensure anonymity or pseudonymity of research subjects. The proposed solution is especially applicable when study data is collected and managed electronically throughout its lifecycle. Stepwise securely encapsulates identifiers within anonymous digital certificates issued to a subject’s smartcard or similar device. Stepwise isolates each identifier, removes all extraneous personal detail and linkages, and ensures that when any identifier is presented online, we can be confident that it is legitimate and that was used with consent.

This presentation details how Stepwise can be applied to ensure anonymity or pseudonymity of study subjects in the exemplar of a clinical trial. The solution leverages increasingly widespread public key infrastructure services in the tertiary sector, and can be deployed using a wide range of authentication devices including smartcards and USB keys.