Development of a Trusted Third Party at a Large University Hospital: Design and Implementation Study.

Background: Pseudonymization has become a best practice to securely manage the identities of patients and study participants in medical research projects and data sharing initiatives. This method offers the advantage of not requiring the direct identification of data to support various research processes while still allowing for advanced processing activities, such as data linkage. Often, pseudonymization and related functionalities are bundled in specific technical and organization units known as trusted third parties (TTPs). However, pseudonymization can significantly increase the complexity of data management and research workflows, necessitating adequate tool support. Common tasks of TTPs include supporting the secure registration and pseudonymization of patient and sample identities as well as managing consent. Objective: Despite the challenges involved, little has been published about successful architectures and functional tools for implementing TTPs in large university hospitals. The aim of this paper is to fill this research gap by describing the software architecture and tool set developed and deployed as part of a TTP established at Charité - Universitätsmedizin Berlin. Methods: The infrastructure for the TTP was designed to provide a modular structure while keeping maintenance requirements low. Basic functionalities were realized with the free MOSAIC tools. However, supporting common study processes requires implementing workflows that span different basic services, such as patient registration, followed by pseudonym generation and concluded by consent collection. To achieve this, an integration layer was developed to provide a unified Representational state transfer (REST) application programming interface (API) as a basis for more complex workflows. Based on this API, a unified graphical user interface was also implemented, providing an integrated view of information objects and workflows supported by the TTP. The API was implemented using Java and Spring Boot, while the graphical user interface was implemented in PHP and Laravel. Both services use a shared Keycloak instance as a unified management system for roles and rights. Results: By the end of 2022, the TTP has already supported more than 10 research projects since its launch in December 2019. Within these projects, more than 3000 identities were stored, more than 30,000 pseudonyms were generated, and more than 1500 consent forms were submitted. In total, more than 150 people regularly work with the software platform. By implementing the integration layer and the unified user interface, together with comprehensive roles and rights management, the effort for operating the TTP could be significantly reduced, as personnel of the supported research projects can use many functionalities independently. Conclusions: With the architecture and components described, we created a user-friendly and compliant environment for supporting research projects. We believe that the insights into the design and implementation of our TTP can help other institutions to efficiently and effectively set up corresponding structures.

Consistency of reports of violence from northern Rakhine state in August 2017.

BACKGROUND: In August 2017, Myanmar's Armed Forces, the Tatmadaw, launched an orchestrated attack on hundreds of Rohingya-majority villages in northern Rakhine state. This study seeks to validate the consistency of previous reports of violence against the Rohingya people in the region carried out by the Tatmadaw, Border Guard Police, and Rakhine villagers in the late summer and early fall of 2017. METHODS: Internal validation data is from a three-armed study. Data analyzed in the external triangulation was sourced through a literature review of known, publicly available surveys and interviews. Both sets of data documented instances of violence against the Rohingya people in northern Rakhine state during the late summer and early fall of 2017. Consistency was evaluated across five indicators of violence: arson, presence of mass graves, reports of sexual violence and human injuries, as well as human fatalities, across 611 locales in northern Rakhine state. Further analysis was conducted to measure consistency of reports by locale and across locales by indicator. RESULTS: Overall, an internal validation of 94 hamlets found that 98% of these locales were consistent across at least four of the five indicators (80% + consistency). Arson and reports of human injuries were the most consistent indicators across locales (100% and 99% consistency, respectively) and sexual violence was the least consistent indicator, with 84% of participating locales exhibiting consistent reports of sexual violence between the qualitative and quantitative data. Similarly, an external validation of 57 locations found that 50 of the 57 locations (88%) were consistent across indicators. Arson was the most consistent across sources (96%), whereas source agreement across locations was the least consistent for reports of sexual violence (58%). CONCLUSION: The government of Myanmar has denied involvement in the 2017 attacks on Rohingya communities in northern Rakhine state and purports that reports of the violence and destruction are overstated. However, consistent reporting from multiple sources on the same locales clearly underscores the veracity of the evidence documented, both by investigative groups and as recounted by Rohingya survivors of violence. It is our hope that this cataloging and comparison of available data, along with this study's assessment of its consistency, will aid ongoing accountability efforts.