{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T13:43:20Z","timestamp":1762177400722,"version":"build-2065373602"},"reference-count":47,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T00:00:00Z","timestamp":1614297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Unit\u00e9 de Soutien SRAP du Qu\u00e9bec","award":["SUI-139759"],"award-info":[{"award-number":["SUI-139759"]}]},{"DOI":"10.13039\/501100000024","name":"Canadian Institutes of Health Research","doi-asserted-by":"publisher","award":["NDP-160882"],"award-info":[{"award-number":["NDP-160882"]}],"id":[{"id":"10.13039\/501100000024","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Given the ever-growing body of knowledge, healthcare improvement hinges more than ever on efficient knowledge transfer to clinicians and patients. Promoted initially by the Institute of Medicine, the Learning Health System (LHS) framework emerged in the early 2000s. It places focus on learning cycles where care delivery is tightly coupled with research activities, which in turn is closely tied to knowledge transfer, ultimately injecting solid improvements into medical practice. Sensitive health data access across multiple organisations is therefore paramount to support LHSs. While the LHS vision is well established, security requirements to support them are not. Health data exchange approaches have been implemented (e.g., HL7 FHIR) or proposed (e.g., blockchain-based methods), but none cover the entire LHS requirement spectrum. To address this, the Sensitive Data Access Model (SDAM) is proposed. Using a representation of agents and processes of data access systems, specific security requirements are presented and the SDAM layer architecture is described, with an emphasis on its mix-network dynamic topology approach. A clinical application benefiting from the model is subsequently presented and an analysis evaluates the security properties and vulnerability mitigation strategies offered by a protocol suite following SDAM and in parallel, by FHIR.<\/jats:p>","DOI":"10.3390\/computers10030025","type":"journal-article","created":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T06:47:20Z","timestamp":1614322040000},"page":"25","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Sensitive Data Access Model in Support of Learning Health Systems"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1864-1813","authenticated-orcid":false,"given":"Thibaud","family":"Ecarot","sequence":"first","affiliation":[{"name":"Centre Interdisciplinaire de Recherche en Informatique de la Sant\u00e9, Universit\u00e9 de Sherbrooke, Sherbrooke, QC J1K 2R1, Canada"}]},{"given":"Beno\u00eet","family":"Fraikin","sequence":"additional","affiliation":[{"name":"Centre Interdisciplinaire de Recherche en Informatique de la Sant\u00e9, Universit\u00e9 de Sherbrooke, Sherbrooke, QC J1K 2R1, Canada"}]},{"given":"Luc","family":"Lavoie","sequence":"additional","affiliation":[{"name":"Centre Interdisciplinaire de Recherche en Informatique de la Sant\u00e9, Universit\u00e9 de Sherbrooke, Sherbrooke, QC J1K 2R1, Canada"}]},{"given":"Mark","family":"McGilchrist","sequence":"additional","affiliation":[{"name":"Centre Interdisciplinaire de Recherche en Informatique de la Sant\u00e9, Universit\u00e9 de Sherbrooke, Sherbrooke, QC J1K 2R1, Canada"},{"name":"Department of Health and Clinical Services, University of Dundee, Dundee DD1 4HN, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9408-0109","authenticated-orcid":false,"given":"Jean-Fran\u00e7ois","family":"Ethier","sequence":"additional","affiliation":[{"name":"Centre Interdisciplinaire de Recherche en Informatique de la Sant\u00e9, Universit\u00e9 de Sherbrooke, Sherbrooke, QC J1K 2R1, Canada"}]}],"member":"1968","published-online":{"date-parts":[[2021,2,26]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1053\/ejvs.2002.1813","article-title":"How many claudicants should be prescribed statins?","volume":"25","author":"Harrison","year":"2003","journal-title":"Eur. J. Vasc. Endovasc. Surg."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1160","DOI":"10.1001\/jamacardio.2019.3066","article-title":"Effectiveness of Interventions Aimed at Increasing Statin-Prescribing Rates in Primary Cardiovascular Disease Prevention: A Systematic Review of Randomized Clinical Trials","volume":"4","author":"Sparrow","year":"2019","journal-title":"JAMA Cardiol."},{"key":"ref_3","unstructured":"Institute of Medicine, and Roundtable on Evidence-Based Medicine (2007). The Learning Healthcare System: Workshop Summary, The National Academies Press."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Cumyn, A., Barton, A., Dault, R., Cloutier, A.M., Jalbert, R., and Ethier, J.F. (2019). Informed consent within a learning health system: A scoping review. Learn. Health Syst., 4.","DOI":"10.1002\/lrh2.10206"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"312","DOI":"10.1017\/S0963180115000614","article-title":"How Should Health Data Be Used?: Privacy, Secondary Use, and Big Data Sales","volume":"25","author":"Kaplan","year":"2016","journal-title":"Camb. Q. Healthc. Ethics"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"148","DOI":"10.14505\/\/jarle.v11.1(47).18","article-title":"Legal Regulation in Digital Medicine","volume":"11","author":"Osadchuk","year":"2020","journal-title":"J. Adv. Res. Law Econ."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"380","DOI":"10.1136\/medethics-2020-106189","article-title":"Research using free text data in medical records could benefit from dynamic consent and other tools for responsible governance","volume":"46","author":"Morrison","year":"2020","journal-title":"J. Med. Ethics"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Holzinger, A., Kieseberg, P., Tjoa, A.M., and Weippl, E. (2020). The European Legal Framework for Medical AI. Machine Learning and Knowledge Extraction, Springer International Publishing.","DOI":"10.1007\/978-3-030-57321-8"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"961526","DOI":"10.1155\/2015\/961526","article-title":"Translational Medicine and Patient Safety in Europe: TRANSFoRm\u2014Architecture for the Learning Health System in Europe","volume":"2015","author":"Delaney","year":"2015","journal-title":"Biomed. Res. Int."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1109\/TCOM.1980.1094702","article-title":"OSI Reference Model-the ISO model of architecture for open systems interconnection","volume":"COM-28","author":"Zimmermann","year":"1980","journal-title":"IEEE Trans. Communication (USA)"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Jessadapattharakul, R., Prom-on, S., Tanprasert, C., and Achalakul, T. (2015, January 29\u201331). Data exchange protocol for healthcare service in Thailand. Proceedings of the 2015 Fourth International Conference on Future Generation Communication Technology (FGCT), Luton, UK.","DOI":"10.1109\/FGCT.2015.7300246"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Vito, D., Casagrande, G., Bianchi, C., and Costantino, M.L. (2016, January 29\u201331). An interoperable common storage system for shared dialysis clinical data. Proceedings of the 2016 IEEE EMBS International Student Conference (ISC), Ottawa, ON, Canada.","DOI":"10.1109\/EMBSISC.2016.7508626"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"103183","DOI":"10.1016\/j.jbi.2019.103183","article-title":"The European cross-border health data exchange roadmap: Case study in the Italian setting","volume":"94","author":"Nalin","year":"2019","journal-title":"J. Biomed. Informatics"},{"key":"ref_14","unstructured":"Swanink, R. (2016). Persistent Effects of Man-in-the-Middle Attacks. [Bachelor\u2019s Thesis, Radboud University]."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G., and Palter, B. (2021, February 26). Layer Two Tunneling Protocol (L2TP). Technical Report, RFC 2661, August 1999. Available online: https:\/\/tools.ietf.org\/html\/rfc2661.","DOI":"10.17487\/rfc2661"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Singh, A.K., Samaddar, S.G., and Misra, A.K. (2012, January 15\u201317). Enhancing VPN security through security policy management. Proceedings of the 2012 1st International Conference on Recent Advances in Information Technology (RAIT), Dhanbad, India.","DOI":"10.1109\/RAIT.2012.6194494"},{"key":"ref_17","unstructured":"Dameff, C., Bland, M., Levchenko, K., and Tully, J. (2021, February 26). Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives. Available online: https:\/\/acsweb.ucsd.edu\/~mbland\/pestilential_protocol.pdf."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bender, D., and Sartipi, K. (2013, January 20\u201322). HL7 FHIR: An Agile and RESTful approach to healthcare information exchange. Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, Porto, Portugal.","DOI":"10.1109\/CBMS.2013.6627810"},{"key":"ref_19","first-page":"20","article-title":"Health4Afrika - Implementing HL7 FHIR Based Interoperability","volume":"264","author":"Baskaya","year":"2019","journal-title":"Stud. Health Technol. Informatics"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Boussadi, A., and Zapletal, E. (2017). A Fast Healthcare Interoperability Resources (FHIR) layer implemented over i2b2. BMC Med Informatics Decis. Mak., 17.","DOI":"10.1186\/s12911-017-0513-6"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Pfiffner, P.B., Pinyol, I., Natter, M.D., and Mandl, K.D. (2016). C3-PRO: Connecting ResearchKit to the Health System Using i2b2 and FHIR. PLoS ONE, 11.","DOI":"10.1371\/journal.pone.0152722"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Suga, Y. (2018, January 27\u201330). Status Survey of SSL\/TLS Sites in 2018 After Pointing Out About \u201cSearch form\u201d Issues. Proceedings of the 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW), Takayama, Japan.","DOI":"10.1109\/CANDARW.2018.00093"},{"key":"ref_23","unstructured":"De Carnavalet, X.d.C., and van Oorschot, P.C. (2020). A survey and analysis of TLS interception mechanisms and motivations. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Baek, J., Kim, J., and Susilo, W. (2020, January 5\u20139). Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan.","DOI":"10.1145\/3320269.3372199"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Radivilova, T., Kirichenko, L., Ageyev, D., Tawalbeh, M., and Bulakh, V. (2018, January 24\u201327). Decrypting SSL\/TLS traffic for hidden threats detection. Proceedings of the 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), Kyiv, UKraine.","DOI":"10.1109\/DESSERT.2018.8409116"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Sherry, J., Lan, C., Popa, R.A., and Ratnasamy, S. (2015, January 17\u201321). Blindbox: Deep packet inspection over encrypted traffic. Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, New York, NY, USA.","DOI":"10.1145\/2785956.2787502"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Frolov, S., and Wustrow, E. (2019, January 24\u201327). The use of TLS in Censorship Circumvention. Proceedings of the NDSS, Network and Distributed Systems Security (NDSS) Symposium 2019, San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23511"},{"key":"ref_28","unstructured":"(2021, February 26). Automatization of MitM Attack for SSL\/TLS Decryption. Available online: https:\/\/dspace.vutbr.cz\/handle\/11012\/62154?show=full."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Pinho, L.M.P., Karl, W., Cohen, A., and Brinkschulte, U. (2015). Anonymous-CPABE: Privacy Preserved Content Disclosure for Data Sharing in Cloud. Architecture of Computing Systems\u2014ARCS 2015, Springer International Publishing.","DOI":"10.1007\/978-3-319-16086-3"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Mitton, N., Loscri, V., and Mouradian, A. (2016). A Privacy-Preserving Remote Healthcare System Offering End-to-End Security. Ad-hoc, Mobile, and Wireless Networks, Springer International Publishing.","DOI":"10.1007\/978-3-319-40509-4"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Danezis, G., and Goldberg, I. (2009, January 17\u201320). Sphinx: A Compact and Provably Secure Mix Format. Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2009.15"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"2171642","DOI":"10.1177\/155014772171642","article-title":"Preserving Patient\u2019s Anonymity for Mobile Healthcare System in IoT Environment","volume":"12","author":"Baek","year":"2016","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"B\u00f6hme, R., Brenner, M., Moore, T., and Smith, M. (2014). The Bitcoin P2P Network. Financial Cryptography and Data Security, Springer.","DOI":"10.1007\/978-3-662-44774-1"},{"key":"ref_34","unstructured":"Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., and Mittal, P. (2015). RAPTOR: Routing attacks on privacy in tor. 24th USENIX Security Symposium (USENIX Security 15), USENIX."},{"key":"ref_35","first-page":"1","article-title":"Ethereum: A secure decentralised generalised transaction ledger","volume":"151","author":"Wood","year":"2014","journal-title":"Ethereum Proj. Yellow Paper"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Gencer, A.E., Basu, S., Eyal, I., Van Renesse, R., and Sirer, E.G. (2018). Decentralization in bitcoin and ethereum networks. International Conference on Financial Cryptography and Data Security, Springer.","DOI":"10.1007\/978-3-662-58387-6_24"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"3:1","DOI":"10.1147\/JRD.2019.2913621","article-title":"Supporting private data on hyperledger fabric with secure multiparty computation","volume":"63","author":"Benhamouda","year":"2019","journal-title":"Ibm J. Res. Dev."},{"key":"ref_38","first-page":"102407","article-title":"Blockchain-based electronic healthcare record system for healthcare 4.0 applications","volume":"50","author":"Tanwar","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Attia, O., Khoufi, I., Laouiti, A., and Adjih, C. (2019, January 24\u201326). An IoT-Blockchain Architecture Based on Hyperledger Framework for Healthcare Monitoring Application. Proceedings of the 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Canary Islands, Spain.","DOI":"10.1109\/NTMS.2019.8763849"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Moubarak, J., Filiol, E., and Chamoun, M. (2018, January 18\u201320). On blockchain security and relevant attacks. Proceedings of the 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM), Jounieh, Lebanon.","DOI":"10.1109\/MENACOMM.2018.8371010"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"101050","DOI":"10.1016\/j.pmcj.2019.101050","article-title":"Vulnerabilities on Hyperledger Fabric","volume":"59","author":"Andola","year":"2019","journal-title":"Pervasive Mob. Comput."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Kizza, J.M. (2020). Standardization and Security Criteria: Security Evaluation of Computer Products. Guide to Computer Network Security, Springer International Publishing.","DOI":"10.1007\/978-3-030-38141-7_16"},{"key":"ref_43","unstructured":"(2021, February 26). PARS3 Solutions GRIIS, 2020. Available online: https:\/\/griis.ca\/en\/solutions\/pars3\/."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Dahl, L.T., Katz, A., McGrail, K., Diverty, B., Ethier, J.-F., Gavin, F., McDonald, J.T., Paprica, P.A., Schull, M., and Walker, J.D. (2020). The SPOR-Canadian Data Platform: A national initiative to facilitate data rich multi-jurisdictional research. Int. J. Popul. Data Sci., 5.","DOI":"10.23889\/ijpds.v5i1.1374"},{"key":"ref_45","unstructured":"(2021, February 26). ReflexD Solutions GRIIS, 2020. Available online: https:\/\/griis.ca\/en\/solutions\/reflexd\/."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"e10037","DOI":"10.1002\/lrh2.10037","article-title":"The TRANSFoRm project: Experience and lessons learned regarding functional and interoperability requirements to support primary care","volume":"2","author":"Ethier","year":"2018","journal-title":"Learn. Health Syst."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., McGloin, M., and Hunt, P. (2021, February 26). OAuth 2.0 Threat Model and Security Considerations. RFC 6819, RFC Editor, 2013. Available online: https:\/\/tools.ietf.org\/html\/rfc6819.","DOI":"10.17487\/rfc6819"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/3\/25\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:29:12Z","timestamp":1760160552000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/10\/3\/25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,26]]},"references-count":47,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,3]]}},"alternative-id":["computers10030025"],"URL":"https:\/\/doi.org\/10.3390\/computers10030025","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2021,2,26]]}}}