During the last two decades we have experienced a revolution in digital and wireless technology that can be used in the management of type 1 diabetes. Continuous glucose monitoring (CGM) and sensor augmented insulin pumps (SAP) are examples of technologies that have revolutionized how people with diabetes and health care professionals (HCP) understand and manage diabetes.
CGM and insulin pump data can be used and analyzed by both people with diabetes and health care professionals with the help of various apps and platforms. Users of insulin pumps and CGM can upload their data to a central server, via a smartphone or a computer using an app that communicates with the pump and/or the CGM sensor. This allows both patients themselves, and their health care professionals to view their information in a more comprehensive way. Most patients with diabetes in Norway allow health care professionals to view their pump and CGM data mainly with the help of either Diasend (Glooko) or Medtronics Carelink. The data provided can be aggregated and analyzed to reveal trends, which can further enhance the understanding of diabetes.
Problem and Objective
Due to cybersecurity issues, IT departments at Norwegian hospitals do not currently permit the direct transfer of CGM data or insulin pump data from third party systems such as Diasend (Glooko) or Medtronic Carelink to the hospitals’ electronic patient record (EPR) systems. This means that data has to be transferred to the hospital EPR by a more complicated and time- consuming process by entering data manually.
The Norwegian Diabetes Register for Adults (NDR-A) is a national quality register that aims to improve the quality of diabetes care by giving feedback- and benchmarking reports to diabetes clinics. The NDR-A collects a large range of variables including CGM and insulin pump data from the hospitals’ EPR systems. By participating in the HEIR project, the NDR-A/NSE hope to improve the cybersecurity surrounding the transfer of CGM data from third party systems and thereby enable direct import to hospital EPR systems and the NDR-A in the future.
Another important issue regarding the transfer of CGM/insulin pump data is that patients ought to be able to specify who they wish to share these personal data with (health-care professionals, diabetes register, researchers or others).
The NSE/NOKLUS-Use Case:
In this use case the two Norwegian HEIR partners’ the Norwegian Centre for E-healthresearch (NSE) and the Norwegian Diabetes Registry for Adults (NOKLUS) work together and examine the cross-domain aspect of data exchange between patients’ representatives (The Norwegian Diabetes Association), health data registry representatives (NOKLUS) and researchers (NSE/NOKLUS).
The HEIR project aims to demonstrate secure data exchange and storage as well as the interaction between citizens, research institutions, the Norwegian Diabetes Registry (NOKLUS) and other stakeholders inside a trusted environment.
NSE/NOKLUS have partnered with the Finnish company “Sensotrend”, which has developed a solution, that inherits some of the components of an open-source platform, called “Tidepool”. Tidepool supports the upload of data from most CGMs and insulin pumps by the patient to a trusted platform.
In this pilot, data is being gathered by the patient on her mobile device and sensor, and further shared between her and her clinicians for clinical purposes:
https://www.youtube.com/watch?v=7lWG2EPZ5pM
The system comprises individual servers hosting different components, such as the Kubernetes solutions like Sensotrend, HL7 FHIR server, and HEIR components like Fybrik (Privacy-Aware framework).
The Privacy Aware Framework:
A privacy aware framework enables users to define a set of privacy policies which describe who is entitled to access the data in their medical profile. As part of the demonstration in the second half of the project, NSE/NOKLUS use case defined a consent management system for patient-generated health data gathered via Sensotrend using HL7 FHIR.
This H2020 project uses a Privacy-aware Framework built on top of the Open-Source project, Fybrik. NSE/NOKLUS works on a proof-of-concept that allows NOKLUS and/or third-party researchers to request data on a patient representatives (NSE) server, subject to the policy-defined data constraints.
More information about the privacy aware framework can be found here.
Conclusion:
The rapid proliferation of mobile devices that can provide useful personal medical information to servers at medical institutions has given rise to a range of privacy and security issues. Our project’s primary objective – and the primary task of the NSE/NOKLUS use case is to make the exchange of medical data between patients’ wearable devices and researchers/clinicians more secure as well as giving patients the opportunity to freely decide which data they want to share with whom.