Sleep is an important factor in human health and is crucial for an effective immune system. Sleep disturbance – for example, due to cultural habits of the “24h-society” – might cause or worsen health issues such as cardiovascular diseases or mental disorders. On the other hand, many disorders can affect recreational sleep. This complex two-way interaction makes diagnosis in sleep medicine a complex task itself. The de-facto standard in sleep diagnosis is the overnight recording of several bio-signals, including among others electroencephalography, electrocardiography and breathing effort.
The aim of the HTW/Charite demonstrator is to enable storing sleep data encrypted in a cloud, whilst allowing these data to be searched and analysed. Through the demonstrator’s application, cloud storage of the bio-signals supports efficient and attribute-based data sharing with multiple actors across two scenarios. In the context of an inpatient scenario data are shared among experts for improved medical assessment and in the context of an outpatient scenario for secure sharing of data captured outside the clinic – even at the patient’s home. The sleep healthcare demonstrator is designed to provide a cloud based biomedical data storage platform, with extensions specifically for sleep research.
1. Architecture
The following figure shows a high-level overview of the sleep medicine demonstrator’s architecture.
The system builds upon an existing central data management system capable of storing sleep data that provides a comprehensive REST-API to communicate with a browser application and further backend components.
- Structured data are encrypted using the symmetric searchable encryption component (SSE).
- The SSE encrypts the data on the client side and sends them to the SSE-enabled cloud storage within the Data Management.
- The structured data stored in the cloud can then be securely queried based on a predefined set of SSE keys.
- Access to the search and the actual data retrieval is secured by attribute-based encryption (ABE) for fine-grained access rights on different pieces of structured data.
- Cloud storage of the unstructured data is handled in a way that the full file – in our case a bio signal recording stored in the EDF format – is encrypted before upload to a bucket storage. For large files (above 200 MB) search is performed based on the metadata: the structured metadata of the file header are automatically extracted and then handled as structured data in the way described above.
2. Key results from demonstrator
The popular open-source biomedical data repository XNAT platform served as the central data management system that was integrated with the ASCLEPIOS services for enhanced privacy and security. The following institutes participated in the assessment of the functionality of sensitive data transfer between collaborators: (a) Schlafmedizinisches Zentrum, Charité – Universitätsmedizin Berlin, Institut für Medizinische Informatik, (b) Universitätsmedizin Göttingen (UMG), and (c) the Hochschule für Technik und Wirtschaft in Berlin (HTW).
The exchanged data included home sleep recordings which contained parameters such as cardiac current flow, pulse oximetry, and respiratory flow.
- Charité and HTW successfully uploaded a total of 19 original raw EDF(+) (European Data Format) files (i.e. the sleep recordings) to the XNAT platform.
- Collaborators in both institutions were able to download all the data that was uploaded from the other institution.
- All uploaded data followed data privacy regulations and were encrypted with the Symmetric Searchable Encryption (SSE) scheme and provided access via the Attribute-Based Access Control (ABAC) and the Attribute-Based Encryption (ABE) services.
- All uploaded data could be successfully decrypted, downloaded, annotated, and reuploaded by collaborators in both institutions.
The platform provides the option to edit and annotate the uploaded data. Events that occurred in sleep recordings can be marked and labeled with the suspected relevant medical terms. For example, respiratory flow events can be segmented into critical periods for further analysis. These annotations are subsequently visible for all other collaborating partners and can be amended if the annotations are incorrect. This is an especially important function in terms of quality control.
Overall, the multi-level encryption platform developed by the ASCLEPIOS project allowed institutions to keep sensitive patient data encrypted whilst being able to collaborate on the same patient data.
3. Where to from now?
Over the course of the ASCLEPIOS project the CBMI Somnonetz platform has developed new features and improvements to the core application. We plan to continue this development and transfer this knowledge to other projects related to the storage and sharing of bio-signal data. Additionally, we will continue to improve in-house implementations of cryptographic tools that were based off work conducted in ASCLEPIOS and continue exploring use cases in the field of sleep medicine and other fields that deal with the secure processing and sharing of bio-signal data.