# OHDSI-compliance: a set of document templates facilitating the implementation and operation of a software stack for real-world evidence generation

**Authors:** Felix N. Wirth, Hammam Abu Attieh, Fabian Prasser

PMC · DOI: 10.3389/fmed.2024.1378866 · Frontiers in Medicine · 2024-05-16

## TL;DR

This paper introduces OHDSI-Compliance, a set of document templates to help streamline legal compliance for OHDSI-based health data analytics platforms.

## Contribution

The novel contribution is a publicly available set of document templates to simplify GDPR and data protection compliance for OHDSI deployments.

## Key findings

- OHDSI-Compliance includes four key documents for data protection and information security.
- The templates are based on a prototypical OHDSI installation using the Broadsea package.
- The documents are generalized with placeholders for institution-specific content.

## Abstract

The open-source software offered by the Observational Health Data Science and Informatics (OHDSI) collective, including the OMOP-CDM, serves as a major backbone for many real-world evidence networks and distributed health data analytics platforms. While container technology has significantly simplified deployments from a technical perspective, regulatory compliance can remain a major hurdle for the setup and operation of such platforms. In this paper, we present OHDSI-Compliance, a comprehensive set of document templates designed to streamline the data protection and information security-related documentation and coordination efforts required to establish OHDSI installations.

To decide on a set of relevant document templates, we first analyzed the legal requirements and associated guidelines with a focus on the General Data Protection Regulation (GDPR). Moreover, we analyzed the software architecture of a typical OHDSI stack and related its components to the different general types of concepts and documentation identified. Then, we created those documents for a prototypical OHDSI installation, based on the so-called Broadsea package, following relevant guidelines from Germany. Finally, we generalized the documents by introducing placeholders and options at places where individual institution-specific content will be needed.

We present four documents: (1) a record of processing activities, (2) an information security concept, (3) an authorization concept, as well as (4) an operational concept covering the technical details of maintaining the stack. The documents are publicly available under a permissive license.

To the best of our knowledge, there are no other publicly available sets of documents designed to simplify the compliance process for OHDSI deployments. While our documents provide a comprehensive starting point, local specifics need to be added, and, due to the heterogeneity of legal requirements in different countries, further adoptions might be necessary.

## Full-text entities

- **Diseases:** OHDSI (OMIM:603663)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC11137233/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/PMC11137233/full.md

## References

47 references — full list in the complete paper: https://tomesphere.com/paper/PMC11137233/full.md

---
Source: https://tomesphere.com/paper/PMC11137233