“ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementNo690211”
DeliverableNumber:D7.7,version:2.0
DataManagementPlan-interimversion
CAREGIVERSPRO-MMDPROJECT
Ref. Ares(2017)3305207 - 30/06/2017
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page2of90
Documentinformation
ProjectNumber 690211 Acronym CAREGIVERSPRO-MMD
Fulltitle Self-managementinterventionsandmutualassistancecommunityservices,helpingpatientswithdementiaandcaregiversconnectwithothersforevaluation,supportandinspirationtoimprovethecareexperience
Projectcoordinator UniversitatPolitècnicadeCatalunya-BarcelonaTech
Prof.UlisesCortés,[email protected]
ProjectURL http://www.caregiversprommd-project.eu
Deliverable Number D7.7 Title DataManagementPlan-interimversion
Workpackage Number WP7 Title Dissemination,Communication,ExploitationandBusinessPlanning
Dateofdelivery Contractual 31/06/2017 Actual 30/04/2016
Nature ReportþDemonstratorpOtherp
DisseminationLevel PublicþConsortiump
Keywords
Authors(Partner) AtiaCortés(UPC),CristianBarrué(UPC),UlisesCortés(UPC),GabrielVerdejo(UPC),ParaskeviZafeiridi(UHull),AnastasiaMatonaki(QPL),IoannisPagliokas
(CERTH),IsabelleLandrin(CHU),RafadeBofarull(MDA)
ResponsibleAuthor CristianBarrué Email [email protected]
Partner UPC Phone +34934134011
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page3of90
DocumentVersionHistory
Version Date Status Author Description
1.0 26-06-2016 Draft AtiaCortés(UPC) IntegrationofEthicssectiontopreviousversion(D7.3)
1.1 07-07-2016 Draft CristianBarrué(UPC) Integration of anonymisationsection
1.2 15-07-2016 Draft Cristian Barrué (UPC),AtiaCortés(UPC)
IntegrationofPIA
1.5 30-11-2016 Draft Cristian Barrué (UPC),all
IntegrationofDatasets
1.6 13-01-2017 Draft UPC Annex 2: description ofdatasetsDocumentreview
1.7 20-04-2017 Draft Consortium, CristianBarrue (UPC), Rafa deBofarull(MDA)
UpdateofAnnex2,changesinthedatasets
1.8 15-05-2017 Draft UPC Integrationofnewsectionsforsecurity and data breachprocedures
1.9 01-06-2017 Draft UPC UpdateofAnnex2, reworkofsection3accordingly
2.0 26-06-2017 Draft Ioannis Pagliokas(CERTH), AnastasiaMatonaki (QPL),Paraskevi Zafeiridi (UHull), Marco antomarini (COOS), Isabelle Landrin (CHU), Cristian Barrué (UPC)
Review of the document,dataset refinement.Integration.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page4of90
Executivesummary
This isa livedocumentthatdescribesthedifferentprocessesregardingdatamanagement,storage and exploitation that are to be agreed and adopted by every member of theCAREGIVERSPRO-MMD Consortium. Over the course of the project this document will bereviewedandupdated.Additionalinformationonthedatastructureorthemethodology,achangeinresponsibilityforataskorinthebudget,maybeincludedinfutureversionsoftheDataManagementPlan. This is the seconddeliverableof thisdocument, includingprivacyimpactassessment,ethicalaspectsofthedata,databreachprotocols,datasetsdefinitionatdatabaselevelandmoredetailsonthesharingpolicies.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page5of90
ListofAcronyms
Acronym Title
AB AdvisoryBoard
CERIF CommonEuropeanResearchInformationFormat
CERTH CenterforResearchandTechnologyHellas
CHU CentreHospitalierUniversitairedeRouen
CNIL CommissionNationaledel’InformatiqueetdesLibertés
COOS CooperativaSocialeCOOSSMarche
C-MMD CAREGIVERSPRO-MMD
DMP DataManagementPlan
DoA DescriptionofAction
FUB Fundació-UniversitatdelBages
HONCode HealthOntheNetCode
HUL UniversityofHull
ICO InformationCommissioners’Office
MDA MobileDynamics
PIA PrivacyImpactAssessment
PLWD PersonLivingWithDementia
QA QualityAssurance
QC QualityControl
UPC UniversitatPolitècnicadeCatalunya
VM VirtualMachine
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page6of90
ListofTablesTable1ProjectFactSheet.......................................................................................................10
Table2PersonalDataset.........................................................................................................11
Table3ScreeningDataset.......................................................................................................13
Table4AdverseEventsDataset..............................................................................................15
Table5TreatmentDataset......................................................................................................16
Table6InterventionDataset...................................................................................................18
Table7DisseminationDataset................................................................................................20
Table8UserInteractionDataset............................................................................................20
Table9MedicalReportDataset.............................................................................................21
Table10UserGamificationModelDataset............................................................................23
Table11BackendGamificationModelDataset......................................................................24
Table12UserInterfaceDataset.............................................................................................26
Table13RecommenderDataset............................................................................................27
Table14PilotDataDataset.....................................................................................................28
Table15InterventionFeedbackDataset................................................................................30
Table16UserGamificationInteractionHistoryDataset.........................................................31
Table17GameHistoryDataset..............................................................................................32
Table18NotificationsDataset...............................................................................................33
Table19DatasetSummary.....................................................................................................34
ListofFiguresFigure1Anonymisation&SecuritySchema...........................................................................45
Figure2C-MMDInformationOverview..................................................................................57
Figure3C-MMDDataFlowdiagram.......................................................................................58
Figure4IfRestrictedDataispresentonthecompromisedsystem,theCriticalIncidentResponse(CIR)isfollowed..............................................................................................84
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page7of90
Tableofcontents
1 INTRODUCTION 9
2 PROJECTINFORMATION 10
3 DATA,MATERIALS,RESOURCESCOLLECTIONINFORMATION 113.1 DESCRIPTIONOFTHEDATA 11
PERSONALDATASET 11SCREENINGDATASET 13ADVERSEEVENTDATASET 15TREATMENTDATASET 16INTERVENTIONDATASET 18DISSEMINATIONDATASET 20USERINTERACTIONDATASET 20MEDICALREPORTDATASET 21USERGAMIFICATIONMODELDATASET 23BACKENDGAMIFICATIONMODELDATASET 24USERINTERFACEDATASET 26RECOMMENDERDATASET 27PILOTDATADATASET 28INTERVENTIONFEEDBACKDATASET 30USERGAMIFICATIONINTERACTIONHISTORYDATASET 31GAMEHISTORYDATASET 32NOTIFICATIONSDATASET 33DATASETSUMMARY 34
3.2 QUALITYASSURANCEPROCESS 39
4 PRIVACYANDSECURITYOFTHEDATA 404.1 INFRASTRUCTURE 404.2 ADOPTEDSECURITYMEASURES 414.3 OVERVIEWOFROLES 424.4 INFORMATIONSYSTEMARCHITECTUREANDDATA 434.5 PRIVACYIMPACTASSESSMENT 454.6 SECURITY/DATABREACHMANAGEMENT 474.7 ANONYMISATION 47
ANONYMISATIONIMPLEMENTATIONINC-MMD 48DATADISSEMINATION 49
5 ETHICS,INTELLECTUALPROPERTY,CITATION 495.1 ETHICS 495.2 INTELLECTUALPROPERTY 515.3 CITATION 51
6 ACCESSANDUSEOFINFORMATION 52
7 STORAGE,BACKUPSANDDATARECOVERY 52
8 ARCHIVINGANDFUTUREPROOFINGOFINFORMATION 53
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page8of90
8.1 BESTPRACTICESFORFILEFORMATS 54PROPRIETARYVSOPENFORMATS 54GUIDELINESFORCHOOSINGFORMATS 54SOMEPREFERREDFILEFORMATS 54
9 AUDITS 55
10RESOURCINGOFDATAMANAGEMENT 5510.1 ROLESINDATAMANAGEMENT 5510.2 FINANCIALDATAMANAGEMENTPROCESS 55
11REVIEWOFDATAMANAGEMENTPROCESS 55
ANNEX1-C-MMDPRIVACYIMPACTANALYSIS 56A1.1IDENTIFYINGTHENEEDFORAPIA 56A1.2DESCRIBINGINFORMATIONFLOWS 56
A1.2.1INFORMATIONOVERVIEW 56A1.3IDENTIFYINGPRIVACYANDRELATEDRISKS 58A1.4IDENTIFYINGANDEVALUATINGPRIVACYSOLUTIONS 63
ANNEX2-C-MMDDATASETS 66
ANNEX3-SECURITY/DATABREACHMANAGEMENTPROTOCOL 83
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page9of90
1 IntroductionThis document presents the second version of the DataManagement Plan (DMP) for theCAREGIVERSPRO-MMDproject.ProjectsfundedbyintheHorizon2020OpenResearchDataPilotare required todevelopseveralversionsofaDMP, inwhich theywill specify,amongothers,what datawill be kept for the longer term. In the case of CAREGIVERSPRO-MMD,which isnotparticipating in theOpenResearchDataPilot, theDMP ispresentedasa toolthat can improve pilot preparation and result analysis. The Consortium will follow theguidelines described in the OpenAire1 platform and the document “Guidelines on DataManagement in Horizon 2020”. A DMP describes the data management life cycle for alldatasetstobecollected,processedorgeneratedbyaresearchproject.Itmustcover:
• themanagementofresearchdataduring&aftertheproject;
• whatdatawillbecollected,processedorgenerated;
• whatmethodology&standardswillbeapplied;
• whetherdatawillbeshared/madeopenaccess&how;
• howdatawillbecurated&preserved.
The Data Management Plan has been updated during the project lifetime since versionpresented in D7.3. New versions of the DMP are also developed whenever significantchangesariseintheproject(mainlysubjecttoethicalapproval)suchas:
• newdatasets;
• changesinconsortiumpolicies;
• externalfactors.
1https://www.openaire.eu/opendatapilot-dmp
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page10of90
2 ProjectInformation
Inthissectionweprovideabrieffactsheetoftheprojectdetailsandassociateddatamanagementrequirements
Table1ProjectFactSheet
ProjectTitle CAREGIVERSPRO-MMD
ProjectDuration 36months(01/01/16-31/12/18)
Partners
• UniversitatPolitècnicadeCatalunya(UPC,Spain)• MobileDynamics(MDA,Spain)• UniversityofHull(HUL,UK)• Q-PLANInternationalLTD(QPL,Greece)• CooperativaSocialeCOOSSMarche(COO,Italy)• Fundació-UniversitatdelBages(FUB,Spain)• CentreHospitalierUniversitairedeRouen(CHU,
France)• CenterforResearchandTechnologyHellas(CERTH,
Greece)
BriefDescription
Self-management interventions and mutual assistance
community services, helping patients with dementia and
caregiversconnectwithothers forevaluation,supportand
inspirationtoimprovethecareexperienceUniversityRequirementsforDataManagement
UPCisresponsibleforallocatingdatainasafeenvironment,
maintainingback-upsandprocessingthedatageneratedFundingBody EuropeanCommission(Horizon2020PHC-25-2105)
GrantNumber 690211
Budget 4.087.198,75€
FundingBodyRequirementsforDataManagement
ForOpenDataprojects,theonesspecifiedinGuidelinesonDataManagementinHorizon20202.
2https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/oa_pilot/h2020-hi-oa-data-mgt_en.pdf
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page11of90
3 Data,Materials,ResourcesCollectionInformation
Thepurposeofthissectionistoprovideafulldescriptionofthedatathatwillbegeneratedand stored during this project. The information provided below might be adapted orupdatedinfutureversionsofthisdocument.
3.1 Descriptionofthedata
Most of the datawill be generated through the use of the CAREGIVERSPRO-MMD onlineplatformbydifferentusergroups,i.e.healthandsocialprofessionals,caregiversandpeoplelivingwith dementia (PLWD). Each user categorywill have access to personalised contentand will be able to generate different types of information according to the permissionsgranted.
Foreachuseroftheplatform,differentdatasetsdescribedinthissectionmaybegenerated.Additionaldatasetsmaybegenerated in the future.Thedatawill alsobecollectedbeforeandafterthepilotphaseoftheprojectatthescreeningandbaselineresearchvisits.
Theplatformwillalsoprovidemeanstoassessandstoredatanotdirectlyproducedbyusersi.e. the interaction among users and the evolution on their activity in the social network,whichwillalsobesubjecttofurtheranalysis.
AnopensourcesurveyingtoolLimeSurvey3hasbeenconfiguredanddeployedtostoretheresults of the screening sessions that clinicians will perform every six months with pilotparticipants.Thistoolwillonlybeaccessedbyauthorisedhealthandsocialprofessionals.
PersonalDataset
Table2PersonalDataset
Datasetreferenceandname
C-MMD-Personal
Datasetdescription
This data set contains all the personal, demographic, medical and social datacaptured through the registration tools integrated in the C-MMDplatform for thedyad (PLWD and caregiver) and the health professionals. The registration toolcollectsstandard personal information. i.e. as described in EU Data ProtectionDirective(95/46/EC)4:
"Personaldata”shallmeanany informationrelatingtoan identifiedor identifiablenaturalperson ('DataSubject');an identifiableperson isonewhocanbe identified,directlyorindirectly,inparticularbyreferencetoanidentificationnumberortooneormore factors specific tohisphysical,physiological,mental,economic, culturalor
3http://www.limesurvey.org4http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page12of90
socialidentity.
Therefore,thenatureofthedatacorrespondstothevaluesusedtorepresentsuchconcepts (e.g. text, integers). The specifics of the captured data is described insection2.3.1ofdocumentD1.3ScreeningStrategy.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
Datawillbestoredeachtimeauser(beitaPLWD,caregiverorhealthprofessional)registerstotheplatformormodifieshis/herprofile. It isexpectedthatdatawillbestored in aMySQL database, using noSQL database for complementary purposes.Recordswillalsoberelated(andidentified)withotherdatasetsandthedatewhenthedatawasrecorded.
Metadatawillincludeinformationabouttheprofilecreationtime,rangeofpossiblevalues, etc. This metadata will beassociated to each table and will follow theCommonEuropeanResearchInformationFormat(CERIF)metadatastandard5.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.Onlytheuser,peopleauthorisedbyhim/her(e.g.caregiver)andauthorisedpersonnelof theConsortiumpartner responsible for theuser,canaccesstherecord.
Platform
Datawill be available to the user and people authorised by them through the C-MMD platform. A small part of the dataset will be openly accessible by platformusers (i.e. name and profile picture or avatar) to enable social networking.Authorisedpersonnel6ofthepilotpartnergeneratingthedatawillbeabletoaccessaggregateddatainperiodicreportsandwillbeabletoaccessrawdatadumpedfromthe database in csv files or through aweb service.Each accesswill beidentifiableand traceable. The platform software will process the raw dataset to offer theplannedservices(seeD3.1DetailedsystemArchitecture).
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearch purposes to be used for the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Eachparticipant(e.g.PLWD,caregiver,healthcareprofessional)willsignaninformed
5http://www.eurocris.org/cerif/main-features-cerif6Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page13of90
consentatrecruitmentphaseauthorizingaccesstoalloftheirdata(raw,aggregated,anonymised)intheconditionsdescribedhereby.Userswillagreetotheanonymisedandaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeintheC-MMDhostintheUPCpremises(moredetailsaregiven in section 6). UPC, CERTH andMDA software components will process thisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
ScreeningDataset
Table3ScreeningDataset
Datasetreferenceandname
C-MMD-Screening
Datasetdescription
Thisdatasetcontainsalltheclinicalandsocialdatacapturedthroughthescreeningtools integrated in the C-MMD platform for the dyad (PLWD and caregiver). Thescreening tools implementstandard evaluation scales for different conditions(physical, psychosocial, neurological, functional,etc.). Therefore, the nature of thedatacorrespondstothevaluesusedtoevaluatesuchscales.Detailsofthescreeningstrategy can be found in the documentD1.3 Screening Strategy,where the list ofusedscalesisdetailed
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard numeric scales defined by eachscreening tooleach timethatauser (be itPLWD,caregiverorhealthprofessional)usesoneofthescreeningtools.ThedatawillbestoredinaMySQLdatabase,usingnoSQL database for complementary purposes. Records will also be related (andidentified)withtheusertowhichtherecordeddatabelongandthedatewhenthedatawasrecorded.
Metadata will include information about the scale recorded, range of possible
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page14of90
values,etc.ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.Onlytheuser,peopleauthorisedbyhim/her(e.g.caregiver)andauthorisedpersonnelof theConsortiumpartner responsible for theuser,canaccesstherecord.
Platform
Datawill be available to the user and people authorised by them through the C-MMD platform. A small part of the dataset will be openly accessible by platformusers (i.e. name and profile picture) to enable social networking. Authorisedpersonnel7ofthepilotpartnergeneratingthedatawillbeabletoaccessaggregateddata in periodic reports and will be able to access raw data dumped from thedatabase in csv files or through aweb service.Each accesswill beidentifiable andtraceable.Theplatformsoftwarewillprocess therawdataset inorder tooffer theplannedservices(seeD3.1DetailedsystemArchitecture).
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearch purposes to be used for the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Eachparticipant(e.g.PLWD,caregiver,healthcareprofessional)willsignaninformedconsentatrecruitmentphaseauthorizingaccesstoallhis/herdata(raw,aggregated,anonymised)intheconditionsdescribedhereby.Userswillagreetotheanonymisedandaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeintheC-MMDhostintheUPCpremises(moredetailsaregiven in section 6). UPC, CERTH andMDA software components will process thisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
7Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page15of90
AdverseEventDataset
Table4AdverseEventsDataset
Datasetreferenceandname
C-MMD-AdverseEvent
Datasetdescription
This data set contains all the recorded adverse events for each user capturedthrough the specific tool integrated in the C-MMDplatform for that purpose. Theadverse events dataset records the description of the event, the starting and enddates,theseverityandoutcomes.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
ItisexpectedthatdatawillbestoredinaMySQLdatabase,usingnoSQLdatabaseforcomplementary purposes. Records will also be related (and identified) with otherdatasetsandthedatewhenthedatawasrecorded.
Metadatawill includeinformationabouttheeventcreationtime,rangeofpossiblevalues, etc. This metadata will beassociated to each table and will follow theCommonEuropeanResearchInformationFormat(CERIF)metadatastandard8.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.Onlytheuser,peopleauthorisedbyhim/her(e.g.caregiver)andauthorisedpersonnelof theConsortiumpartner responsible for theuser,canaccesstherecord.
Platform
DatawillbeavailabletothehealthcareprofessionalandpeopleauthorisedbythemthroughtheC-MMDplatform.Authorisedpersonnel9ofthepilotpartnergeneratingthedatawillbeabletoaccessanonymiseddatainperiodicreportsandwillbeableto access raw data dumped from the database in csv files or through a webservice.Each access will beidentifiable and traceable. The platform software willprocess the raw dataset to offer the planned services (see D3.1 Detailed systemArchitecture).
8http://www.eurocris.org/cerif/main-features-cerif9Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page16of90
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearch purposes to be used for the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Eachparticipant(e.g.PLWD,caregiver,healthcareprofessional)willsignaninformedconsentatrecruitmentphaseauthorizingaccesstoallhis/herdata(raw,aggregated,anonymised)intheconditionsdescribedhereby.Userswillagreetotheanonymisedandaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeintheC-MMDhostintheUPCpremises(moredetailsaregiven in section 6). UPC, CERTH andMDA software components will process thisdatasetanonymisedinordertooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
TreatmentDataset
Table5TreatmentDataset
Datasetreferenceandname
C-MMD-Treatment
Datasetdescription
This dataset contains all the treatment information for each dyad. The treatmentinformationwillcomefrom:(1)aspecifictoolsetintegratedintheplatformforthatpurpose, (2) through the API to connect with national healthcare systems wherepossible. The nature of the data corresponds to medication descriptions, doses,schedules and follow-up of the adherence.More details on treatment adherenceserviceand information tobegatheredcanbe foundonsections10.2and10.3ofdeliverableD1.1AccessibilityReport.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
Thedatawillbestoredfollowingthenumeric/textstandardseachtimethatauser(be it PLWD, caregiver or health professional) uses the treatment managementinterface to introduceormodify informationabout thepharmacological treatmentbeingfollowedandtheadherenceregimetothetreatment.Thedatawillbestored
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page17of90
inaMySQLdatabase,usingnoSQLdatabaseforcomplementarypurposes.Recordswillalsoberelated(andidentified)withtheusertowhichtherecordeddatabelongandthedatewhenthedatawasrecorded.
Metadatawillincludeinformationaboutthedatarecorded,rangeofpossiblevalues,etc. This metadata will beassociated to each table and will follow the CERIFmetadatastandard.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.Onlytheuser,peopleauthorisedbyhim/her(e.g.caregiver)andauthorisedpersonnelof theConsortiumpartner responsible for theuser,canaccesstherecord.
Platform
Datawill be available to the user and people authorised by them through the C-MMD platform. A small part of the dataset will be openly accessible by platformusers (i.e. name and profile picture) to enable social networking. Authorisedpersonnel10ofthepilotpartnergeneratingthedatawillbeabletoaccessaggregateddata in periodic reports and will be able to access raw data dumped from thedatabase in csv files or through aweb service.Each accesswill beidentifiable andtraceable.Theplatformsoftwarewillprocess therawdataset tooffer theplannedservices(seeD3.1DetailedsystemArchitecture).
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearch purposes to be used for the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Eachparticipant(e.g.PLWD,caregiver,healthcareprofessional)willsignaninformedconsentatrecruitmentphaseauthorizingaccesstoallhis/herdata(raw,aggregated,anonymised)intheconditionsdescribedhereby.Userswillagreetotheanonymisedandaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeintheC-MMDhostintheUPCpremises(moredetailsaregiven in section 6). UPC, CERTH andMDA software components will process thisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
10Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page18of90
See§7and§8.
InterventionDataset
Table6InterventionDataset
Datasetreferenceandname
C-MMD-Intervention
Datasetdescription
This data set contains all the intervention contents created by the consortiummembers during the lifetime of the project. These intervention contents includeposts,articles,tips,multimedia,tutorials,webinars,cognitivegamesandanykindofeducational content produced to support the caregiving process and the healthyageing lifestyle following the strategy outlined in deliverable D1.3 InterventionStrategy and Contents. These intervention contents will be introduced in theplatform through a specific tool designed for that purpose by the consortium.Standards inmultimediaand textposts storagewillbe followed.Tobenoted thatinteractive interventions (e.g. Serious Games) are settled in this dataset as well.Those interventions followadifferent route toupload their content and finallybeavailabletousers:theyareauthoredusingsoftwaredevelopmenttoolsexternaltothe C-MMD platform and finally they will become available through the standardcontentmanagementtoolsusedforotherinterventionsbyprovidingalink.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page19of90
The data will be stored following the standard text/media formats following bestpracticesfordatamanagement(seesection6).Thedatawillbestored inaMySQLdatabase,usingnoSQLdatabase forcomplementarypurposes.Recordswillalsoberelated(andidentified)withtheuserauthoringthecontentsandthedatewhenthedatawasrecorded.
As explained in section 5.1 of DoA and later in this document in section 4, allcontentscreatedwillfollowtheHONCodeandwillprovideatraceablereviewboard.Ifthe interventionisnotanoriginalcreationoftheconsortium,theoriginalsourcewillbeproperlycitedandreferenced.
Metadatawillincludeinformationabouttheinterventionrecordedandalistoftagsorkeywordsthatrelatethecontentwithspecificsymptoms,conditionsorproblemsthat the content refers to (e.g. a video about Alzheimer could have the tagsAlzheimer,dementia,cognitivedecline,etc.)ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
EachdatasetrecordbelongstotheConsortiumpartnerresponsibleforcreatingitifitisoriginalcontent.AlltheConsortiumandsuitableusers11areauthorisedtoaccesstherecordedcontents.Datawillbeavailabletousersandpeopleauthorisedbythemthrough the C-MMD platform. Aggregated data about the amount of contentsgeneratedandspecificmetadata(e.g.tags)willbeavailableaswellasaccesstorawdatadumpedfromthedatabaseinfilestoselectedConsortiummembers.
Datasetrecords,particularlyaggregateddata,willbesharedamongtheConsortiumpartnersforresearchpurposestobeusedinthetasksoftheproject.
Original contents may be commercially exploited under internal ConsortiumagreementstobedefinedinthefutureD7.9.BusinessPlan–finalversion.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in§6).UPC,CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
11Inthecaseofpatientsorcaregivers,contentsshouldbeavailabledependingontheirspecificneeds
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page20of90
DisseminationDataset
Table7DisseminationDataset
Datasetreferenceandname
C-MMD-Dissemination
Datasetdescription
This data set contains all the dissemination contents created by the consortiummembers during the lifetime of the project. These dissemination contents includescientificpapers,newsletters,multimedia,pressarticles,listsofevents,contactlistsand any kind of dissemination content produced to support the communicationactivitiesof theproject anddisseminationof results. These contents created fromdifferentsourceswillbestoredinadatabase/filesystem.
Standardsandmetadata
The data will be stored following the standard text/media formats following bestpractices for data management (see section 6). Records will also be related (andidentified)with the user authoring the contents and the datewhen the datawasrecorded.
Metadatawillincludeinformationaboutthedisseminationdatarecorded,thetargetaudience, identifier (i.e. DOI, URI), authors, title of the publication, time ofpublication, related event (e.g. conference, forum, etc.) and a list of tags orkeywords that relate thecontentwith specific topicsor results.ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
EachdatasetrecordbelongstotheConsortiumpartner/sresponsibleforcreatingit.Thesecontentsareopenforaccess.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsin§6).
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
UserInteractionDataset
Table8UserInteractionDataset
Datasetreferenceandname
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page21of90
C-MMD-UserInteraction
Datasetdescription
Thisdatasetcontainstheaggregationofallthecontentcreatedbytheuserswhileinteractingwith C-MMD’s social network during the lifetime of the project. Theseusergeneratedcontentsincludenumberofposts,numberofcomments,numbersoflikes,numberofscalestaken,etc.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard text/media formats following bestpractices for data management (see section 6). Records will also be related (andidentified)with the user authoring the contents and the datewhen the datawasrecorded.
Metadatawill includeinformationaboutthecontentrecorded,thetargetaudience(e.g.friends),contextwhereitwaspublished,dateofpublishing,etc.ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
Eachdatasetrecordbelongstotheuserresponsible forcreating it.Thesecontentsareopen foraccess to theaudiencewhich thecreatoruserhasgrantedaccess to,and the members of the consortium for moderation and research purposes. Thedatasetisanonymised.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in§6).UPC,CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
MedicalReportDataset
Table9MedicalReportDataset
Datasetreferenceandname
C-MMD-MedicalReport
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page22of90
Datasetdescription
Thisdata set containsall the content createdby the system integratingdata fromthe PLWD/caregiver’s personal, screening and treatment datasets. These recordscontain aggregated data of the evolution of the user for health professionalevaluation. These contents created from different sources will be stored in adatabase/filesystem.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard numeric scales defined by theaggregationofdatacoming fromthescreening toolsaswellas the treatment tooleachtimethatthesystemperiodicallygeneratesareportforaPLWD/caregiver.ThedatawillbestoredinaMySQLdatabase,usingnoSQLdatabaseforcomplementarypurposes. Recordswill also be related (and identified)with the user towhich therecordeddatabelongandthedatewhenthedatawasrecorded.
Metadata will include information about the scales aggregated, range of possiblevalues,graphicalrepresentations,etc.ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.Onlytheuser,peopleauthorisedbyhim/her(e.g.caregiver)andauthorisedpersonnelof theConsortiumpartner responsible for theuser,canaccesstherecord.
Platform
Datawill be available to the user and people authorised by them through the C-MMDplatform.Authorisedpersonnel12ofthepilotpartnergeneratingthedatawillbeabletoaccessaggregateddatainperiodicreportsandwillbeabletoaccessrawdatadumped from thedatabase incsv filesor throughaweb service.Eachaccesswillbeidentifiableandtraceable.Theplatformsoftwarewillprocesstherawdatasettooffertheplannedservices(seeD3.1DetailedsystemArchitecture).
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearchpurposesinordertobeusedforthetasksoftheproject.Anonymisationisthestandardprocedurefollowedtopreserveconfidentialityofparticipants.
12Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page23of90
Eachparticipant(e.g.PLWD,caregiver,healthcareprofessional)willsignaninformedconsentatrecruitmentphaseauthorizingaccesstoallhis/herdata(raw,aggregated,anonymised)intheconditionsdescribedhereby.Userswillagreetotheanonymisedandaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsin§6). UPC, CERTH and MDA software components will process this datasetanonymisedinordertooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
UserGamificationModelDataset
Table10UserGamificationModelDataset
Datasetreferenceandname
C-MMD-UserGamificationModel
Datasetdescription
Thisdatasetcontainsalltheinformationrelatedtothegamificationmodelofeachuser (gamification profile). This profile may contain data records like role in thegame, games enrolled, metrics, rules or earned rewards. An initial gamificationprofile should created -as an extension to the existing user profile- when a userentersinthesystemandevolveswiththeparticipationoftheuserintheplatform.There is an additional short gamification model to be used for limited but fastreferencestothegamificationstatusofaregistereduser.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
Aninitialprofilewillbestoredeachtimeauser(beitPLWDoracaregiver)registersto the platformormodifies their profile settings. This process of user registrationand enrolment in one or more gamification proposals (‘games’) is madeprogrammatically from the social platform using the gamification API. From atechnicalpointofview,gamificationcanbeappliedonlytoregisteredusers.
DatawillbestoredinaMySQLdatabase.Recordswillalsoberelated(andidentified)withotherdatasetsandthedatewhenthedatawasrecorded.Theprofileanddatarecordedchangesastheuserparticipatesinthegamifiedplatform(e.g.gettingpoint
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page24of90
andbadgeswhenfollowingthewishedbehaviour,achievinggoals,etc.).
Metadatawillincludeinformationabouttheprofilecreationtime,thesetoggamesauserisenrolled,etc.Thismodelisinternaltothegamificationengine.
Datasharing
The user gamification model is defined by HCP and administrators and is not accessibleopenlyintheplatformtotheusers.Eachdatasetrecordbelongspartiallytotheuserandto the platform itself that auto-generates some recorded data. Only the user’s HCP,people authorised by him/her, administrators of the platform and authorisedpersonneloftheConsortiumpartnerresponsiblefortheusercanaccesstherecord.DatawillbeavailablethroughthegamificationcomponentoftheC-MMDplatform.
Dataset records will be shared among the Consortium partners anonymised forresearch purposes to be used in the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant will sign an informed consent at recruitment phase authorizingaccess to all his/her data (raw, aggregated, anonymised). Users will agree to theanonymisedandaggregateddatabeingused for researchandpossiblycommercialexploitation.
Thedata repositorywill be allocated in the gamificationhost in theUPCpremises(more details in section 6). CERTH and MDA software components will process thisdatasetanonymisedtooffertheplatformservices.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
BackendGamificationModelDataset
Table11BackendGamificationModelDataset
Datasetreferenceandname
C-MMD-BackendGamificationModel
Datasetdescription
Thisdatasetcontainsalltheinformationrelatedtothebackendgamificationmodelfor each ‘game’. This profile may contain data records like game rules, actionsrelatedtothesocialplatform,detailsoftheawardingsystem,etc.Aninitialprofileiscreatedwhenagame-master(game-creator)entersthegamificationfront-endandcreatesagameforagroupofCMMDplatformusers.
DetailsonthisdatasetcanbefoundinAnnex2.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page25of90
Standardsandmetadata
Aninitialprofilewillbestoredeachtimeagame-mastercreatesanewgame.DatawillbestoredinaMySQLdatabase.Thegameprofileanddatarecordedchangesasthe game-creators make changes in the core elements of the game (number ofpointsearnedforeachuseraction,detailsofquests,numberandtypeofrules,etc.).
Metadata will include information about the profile creation time, targeted usergroups,etc.Thismodelisinternaltothegamificationengine.
Datasharing
General
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurityreasons.EachdatasetrecordbelongstotheuserandtotheConsortiumpartnerresponsiblefor the user. Only the user, people authorised by him/her (e.g. caregiver) and authorisedpersonneloftheConsortiumpartnerresponsiblefortheuser,canaccesstherecord.
Platform
Datawillbeavailabletothegame-masters(normallyonepersonperpilotsite)andpeopleauthorised by them through the C-MMD platform. Authorised personnel13 of the pilotpartnergenerating thedatawillbeable toaccessaggregateddata inperiodic reportsandwill be able to access raw data dumped from the database in csv files or through awebservice.Eachaccesswillbeidentifiableandtraceable.Theplatformsoftwarewillprocesstherawdatasettooffertheplannedservices(seeD3.1DetailedsystemArchitecture).
Consortium
DatasetrecordswillbesharedamongdefinedConsortiumpartnersanonymisedforresearchpurposestobeusedforthetasksoftheproject.Anonymisation isthestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant (e.g. PLWD, caregiver, healthcare professional) will sign an informedconsent at recruitment phase authorizing access to all his/her data (raw, aggregated,anonymised) in the conditions described hereby. Userswill agree to the anonymised andaggregateddatabeingusedforresearchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsin§6).CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partners producingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
13Pilotresponsiblewillbeinchargeofauthorisingpersonnel,employeesoftheConsortium.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page26of90
UserInterfaceDataset
Table12UserInterfaceDataset
Datasetreferenceandname
C-MMD-UserInterface
Datasetdescription
Thisdatasetcontainsalltheinformationrelatedtotheuserinterfaceconfigurationprofileofeachuser.Theseprofilesmaycontaindatarecordslikecomplexitydegree,coloursettings,brightnessandalphasettings,etc.Aninitialprofileiscreatedwhenauserentersinthesystemandcanbeeitherre-configuredorenrichedbytheuserorbyanadministrator.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
An initial profilewill be storedeach timeauser (be it patient, caregiverorhealthprofessional)registerstotheplatformormodifieshis/herprofilesettings.Althoughat this moment the registering tool and profile management tool have not beendefinedyet,itisexpectedthatdatawillbestoredinaMySQLdatabase,usingnoSQLdatabaseforcomplementarypurposes.Theprofileanddatarecordedchangesastheuser re-configures it to fit their needs or preferences (e.g. changing theme,simplifyingtheUI,changingcolourpalette,etc).
Metadatawillincludeinformationabouttheprofilecreationtime,rangeofpossiblevalues,etc.ThismetadatawillbeassociatedtoeachtableandwillfollowtheCERIFmetadatastandard.
Datasharing
Thisdatasetisonlyavailabletotheuserownerofthedataandtheadministratorsoftheplatform(i.e.theyarerequestedtomodifysomeparametersoftheuserUI).NopartofthedatasetwillbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons.Eachdataset recordbelongs to theuserand to theplatformitselfthatauto-generatessomerecordeddata.Onlytheuser,peopleauthorisedbyhim/her (i.e. caregiver), administrators of the platform and other authorisedpersonneloftheConsortiumpartnerresponsiblefortheusercanaccesstherecord.DatawillbeavailabletousersandpeopleauthorisedbythemthroughtheC-MMDplatform.
Dataset records will be shared among the Consortium partners anonymised forresearch purposes to be used in the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant will sign an informed consent at recruitment phase authorizing
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page27of90
access to all his/her data (raw, aggregated, anonymised). Users will agree to theanonymisedandaggregateddatabeingused for researchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsin§6).CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partners producingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
RecommenderDataset
Table13RecommenderDataset
Datasetreferenceandname
C-MMD-Recommender
Datasetdescription
This data set contains all the information related to the recommendation engineprofile of each user that provides tailored educational contents to them. Theseprofilesmaycontaindatarecordssuchaspreferences,past likedcontents,contentevaluations,visitedcontents,etc.An initialprofile iscreatedwhenauserenters inthesystemandevolveswiththeparticipationoftheuserintheplatform.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
An initial profile will be stored each time a user (be it PLWD, caregiver or healthprofessional)registerstotheplatformormodifiestheirprofilesettings.Datawillbestored in aMySQL database, using noSQL database for complementary purposes.Recordswillalsoberelated(andidentified)withotherdatasetsandontologiesandthedatewhenthedatawasrecorded.Theprofileanddatarecordedchangesastheuserparticipatesintheplatform(e.g.readingarticles,commenting,likingproposed
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page28of90
contents,fillingscreeningtasksthatfirerecommendations,etc).
Metadatawillincludeinformationabouttheprofilecreationtime,rangeofpossiblevalues, etc. This metadata will beassociated to each table and will follow theCommonEuropeanResearchInformationFormat(CERIF)metadatastandard14.
Datasharing
Thisdatasetisinternaltotherecommendersystemandwillnotbesharedwiththeusersof theplatform.Someaggregated informationof thisdatasetmaybesharedfortechnicalevaluationwiththeadministratorsandsomewillbeintegratedwiththeperiodic report for the HCP. Thewhole dataset will not be shared outside of theConsortiumboundariesforethicalandsecurityreasons.Eachdatasetrecordbelongspartially to theuser and to theplatform itself that auto-generates some recordeddata.
Dataset records will be shared among the Consortium partners anonymised forresearch purposes to be used in the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant will sign an informed consent at recruitment phase authorizingaccess to all his/her data (raw, aggregated, anonymised). Users will agree to theanonymisedandaggregateddatabeingused for researchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsinsection6).UPCsoftwarecomponentswillprocessthisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
PilotDataDataset
Table14PilotDataDataset
Datasetreferenceandname
C-MMD-PilotData
Datasetdescription
14http://www.eurocris.org/cerif/main-features-cerif
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page29of90
Thisdatasetcontainsalltheclinicalandsocialdatacapturedthroughthepilottool(see3.1)thatcollectsthedatathatclinicalpractitionersintroduceafterascreeningsessionwiththePLWD/caregiver.Thescreeningdataintroducedcorrespondstotheevaluations specified in the study protocol (physical, psychosocial, neurological,functional,etc.).Therefore,thenatureofthedatacorrespondstothevaluesusedtoevaluatesuchscales.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard numeric scales defined by eachscreeningtooleachtimethatanauthorisedpilot’spersonintroducesdataofauser(beitPLWDorcaregiver)capturedduringaface-to-facescreeningsession.ThedatawillbestoredinaMySQLdatabase.Recordswillalsoberelated(andidentified)withtheusertowhichtherecordeddatabelongandthedatewhenthedatawasrecorded.TheLimesurveydatabaseisnotconnectedinanywaywiththeC-MMDplatformdatabase.
Metadata will include information about the scales recorded, range of possiblevalues, identity of the person introducing the data, etc. This metadata willbeassociated to each table and will follow the Common European ResearchInformationFormat(CERIF)metadatastandard15.
Datasharing
ThisdatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurity reasons. Each dataset record belongs to the user and to the Consortiumpartnerresponsiblefortheuser.OnlyauthorisedpersonneloftheConsortiumpilotpartnerresponsiblefortheusercanaccesstherecord.Authorisedpersonnelofthepilotpartnergenerating thedatawillbeable toaccessaggregateddata in reportsandwillbeabletoaccessrawdatadumpedfromthedatabaseincsvfilesorthroughawebservice.Eachaccesswillbeidentifiableandtraceable.
Dataset records will be shared among the Consortium partners anonymised forresearch purposes to be used in the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant will sign an informed consent at recruitment phase authorizingaccess to all his/her data (raw, aggregated, anonymised). Users will agree to theanonymisedandaggregateddatabeingused for researchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetailsinsection6).TheLimesurveyinstanceismanagedbyFUB,theclinicalleaderoftheproject.
15http://www.eurocris.org/cerif/main-features-cerif
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page30of90
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
InterventionFeedbackDataset
Table15InterventionFeedbackDataset
Datasetreferenceandname
C-MMD-InterventionFeedback
Datasetdescription
Thisdatasetcontainsalltheinformationrelatedtothefeedbackprovidedbyausertoaninterventionthathasbeenproposedtohim.Thesefeedbackreferencesiftheinterventionhasbeenshared,ifhasbeenviewed,timespentconsumingit,etc.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
Aninitialfeedbackdatasetwillbecreatedeachtimeaninterventionisprovidedtoauser (be it PLWD, caregiver or health professional) and it will update as the userinteracts with the intervention through time. The data will be stored in aMySQLdatabase. Records will also be related (and identified) with other datasets andontologiesandthedatewhenthedatawasrecorded.
Metadata will include information about the feedback creation time, range ofpossible values, etc. Thismetadatawill beassociated toeach tableandwill followtheCommonEuropeanResearchInformationFormat(CERIF)metadatastandard16.
Datasharing
Thisdatasetisinternaltotheplatformandtherecommendersystemandwillnotbesharedwiththeusersoftheplatform.Someaggregatedinformationofthisdatasetmay be shared for technical evaluation with the administrators and somewill beintegratedwiththeperiodicreportfortheHCP.ThewholedatasetwillnotbesharedoutsideoftheConsortiumboundariesforethicalandsecurityreasons.Eachdatasetrecord belongs partially to the user and to the platform itself that auto-generatessomerecordeddata.
Dataset records will be shared among the Consortium partners anonymised forresearch purposes to be used in the tasks of the project. Anonymisation is thestandardprocedurefollowedtopreserveconfidentialityofparticipants.
Each participant will sign an informed consent at recruitment phase authorizing16http://www.eurocris.org/cerif/main-features-cerif
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page31of90
access to all his/her data (raw, aggregated, anonymised). Users will agree to theanonymisedandaggregateddatabeingused for researchandpossiblycommercialexploitation.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in section6).UPC ,CERTHandMDAsoftwarecomponentswillprocess thisdatasetanonymisedtooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
UserGamificationInteractionHistoryDataset
Table16UserGamificationInteractionHistoryDataset
Datasetreferenceandname
C-MMD-UserGamificationInteractionHistory
Datasetdescription
ThisdatasetcontainsalltheinteractionsmadebyauserinthegamificationcontextwhileinteractingwiththeC-MMDplatformduringthelifetimeoftheproject.Theseusergeneratedcontentsincludepiecesofinformationrelatedtowishedbehaviourslike typeofactionsperformed,pointsawardedby theseactions,enter/drop/winagame,etc.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard text/media formats following bestpractices for data management (see section 6). Records will also be related (andidentified)with the user authoring the contents and the datewhen the datawasrecorded.
Metadatawillincludeinformationaboutthedatetimeanactiontookplace,thedatacomingwiththisactionandtheresultsgeneratedbythisaction(asoutput).This isaninternaltothegamificationenginedatamodel.
Datasharing
Eachdatasetrecordbelongstotheuserresponsible forcreating it.Thesecontents
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page32of90
areopen foraccess to theaudiencewhich thecreatoruserhasgrantedaccess to,and the members of the consortium for moderation and research purposes. Thedatasetisanonymised.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in§6).UPC,CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedinordertooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
GameHistoryDataset
Table17GameHistoryDataset
Datasetreferenceandname
C-MMD-GameHistory
Datasetdescription
Thisdatasetcontainsalltheactionsperformedinagamificationproposal(‘game’)during the lifetimeof theproject.Thecontentsof thisdataset include informationrelatedtothechangesperformedintherulesofagame,theseasons(timeperiodsthe game was active), the time it was created and was set enabled/disabled,datetimesof‘reset’actions,etc.
DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard text/media formats following bestpractices for data management (see section 6). Records will also be related (andidentified)with the user authoring the contents and the datewhen the datawasrecorded.
Metadatawillincludeinformationaboutthedatetimeanactiontookplace,thedatacomingwiththisactionandtheresultsgeneratedbythisaction(asoutput).This isaninternaltothegamificationenginedatamodel.
Datasharing
Eachdatasetrecordbelongstotheuserresponsible forcreating it.Thesecontents
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page33of90
areopen foraccess to theaudiencewhich thecreatoruserhasgrantedaccess to,and the members of the consortium for moderation and research purposes. Thedatasetisanonymised.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in§6).UPC,CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedinordertooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
NotificationsDataset
Table18NotificationsDataset
Datasetreferenceandname
C-MMD-GamificationNotification
Datasetdescription
This data set contains all the information regarding the gamification notificationsystemandwill store in thedatabaseall thenotifications automatically generatedduring the lifetimeof theproject.Thecontentsof thisdataset include informationrelatedtothetitleandtextofthenotification,theduration(timeperiodtobeinthe‘hottopics’list,etc.).DetailsonthisdatasetcanbefoundinAnnex2.
Standardsandmetadata
The data will be stored following the standard text/media formats following bestpractices for data management (see section 6). Records will also be related (andidentified)with the user authoring the contents and the datewhen the datawasrecorded.
Metadatawillincludeinformationaboutthedatetimeanactiontookplace,thedatacomingwiththisactionandtheresultsgeneratedbythisaction(asoutput).This isaninternaltothegamificationenginedatamodel.
Datasharing
Eachdatasetrecordbelongstotheuserresponsible forcreating it.Thesecontents
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page34of90
areopen foraccess to theaudiencewhich thecreatoruserhasgrantedaccess to,and the members of the consortium for moderation and research purposes. Thedatasetisanonymised.
ThedatarepositorywillbeallocatedintheC-MMDhostintheUPCpremises(moredetails in§6).UPC,CERTHandMDAsoftwarecomponentswillprocessthisdatasetanonymisedinordertooffertheplatformservices.
Specific data exchange agreements have been signed between the partnersproducingsoftwareandeachpilot.
Archivingandpreservation(includingstorageandbackup)
See§7and§8.
DatasetSummary
Table19DatasetSummary
Dataset Who Ownership Access17
PersonalDataset
User Yes Yes,full
Partner(recruiting)
Yes Yes,fulltoauthorisedpersonnel
Others in theplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
ScreeningDataset
User Yes Yes,full
Partner(recruiting)
Yes Yes,fulltoauthorisedpersonnel
Othersintheplatform
No Onlyauthorisedbytheuser
17UserscangrantAccesstosomeoralloftheirprofileinformationtotheplatformuserstheyliketoundertheirownresponsibility.Thisaccesscanonlybegrantedinsidetheplatform.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page35of90
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
AdverseEventsDataset
User Yes Yes,full
Partner(recruiting)
Yes Yes,fulltoauthorisedpersonnel
Othersintheplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
TreatmentDataset
User Yes Yes,full
Partner(recruiting)
Yes Yes,fulltoauthorisedpersonnel
Othersintheplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
InterventionDataset
User No Yes,dependingontheirneeds
Partner(authoring)
Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No Yes,fulltoauthorisedpersonnel
World No Limitedanddependingonprojectneedsandexploitationpolicies
UserInteraction
User Yes Yes,full
Partner Yes Yes,fulltoauthorised
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page36of90
dataset (recruiting) personnel
Othersintheplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
DisseminationDataset
User No Yes
Partner(authoring)
Yes Yes
RestofConsortium
No Yes
World No Yes
MedicalReportDataset
User Yes Yes
Partner(dyadmanager)
Yes Yes,fulltoauthorisedpersonnel
Othersintheplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
UserGamificationModelDataset
User Yes No
Partner(admin) Yes Yes,fulltoauthorisedpersonnel
Othersintheplatform
No No
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
Backend User Yes Yes
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page37of90
GamificationModelDataset
Partner(admin) Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
Othersintheplatform
No Onlyauthorisedbytheuser
UserInterfaceDataset
User Yes Yes
Partner(admin) No Yes,fulltoauthorisedpersonnel
Othersintheplatform
No Onlyauthorisedbytheuser
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
RecommenderDataset
User Yes No
Partner(admin) No Yes,fulltoauthorisedpersonnel
Othersintheplatform
No No
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
PilotDataDataset
User Yes No
Partner(authoring)
Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page38of90
InterventionFeedbackDataset
User Yes No
Partner(authoring)
Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
UserGamificationInteractionHistoryDataset
User Yes No
Partner(authoring)
Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No Yes,onlyanonymisedandaggregateddata
World No No
GameHistoryDataset
Gamecreator Yes Yes
Partner(authoring)
Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No No
World No No
NotificationsDataset
Users Yes Yes
Partner(admin) Yes Yes,fulltoauthorisedpersonnel
RestofConsortium
No No
World No No
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page39of90
3.2 QualityAssuranceProcess
Data collection process is susceptible to contamination in the absence of adequatepreventive measures. Data contamination results from a process or phenomenon, otherthantheoneofinterest,whichcanaffectthevariablevalues.Datacontaminationresultsinerroneousvaluesinthedataset.Ingeneral,therearetwotypesoferrorsthatcanoccurinadata set. Firstly,errorsof commission are the resultof incorrector inaccuratedatabeingincluded in the data set. This may happen because of a malfunctioning instrument thatproducesfaultyresults,datathataremistypedduringentry,orotherproblems.
Errorsofomissionarethesecondtypeoferrors.Theseresultfromdataormetadatabeingomitted. Situations that result in omission errors occur when data are inadequatelydocumented,whentherearehumanerrorsduringdatacollectionorentry,orwhenthereareanomaliesinthefieldthataffectthedata.
Quality assurance/quality control (QA/QC) activities should be an integral part of anyinventorydevelopmentprocessesastheyimprovetransparency,consistency,comparability,completenessandaccuracy.
Qualitycontrol(QC) isdefinedasasystemofcheckstoassessandmaintainthequalityofthe data inventory being compiled. Quality control procedures are designed to provideroutinetechnicalcheckstomeasureandcontrolthedataconsistency,integrity,correctnessandcompleteness;andtoidentifyandaddresserrorsandomissions.Qualitycontrolchecksshould cover everything from data acquisition and handling, application of approvedprocedures andmethods, and documentation. Examples of general quality control checksinclude:
• checkingfortranscriptionerrorsindatainput,introducingtwiceeachvariable;• checkingthatscalemeasuresarewithintherangeofacceptablevalues;• checkingthatproperconversionfactorsareused;• revisitingintroduceddata
In future versions of this document we will provide more details on the QC protocolsadoptedduringtheprojectlifetime.
Quality assurance (QA) is a planned system of review procedures conducted outside theactual inventory compilation by personnel not directly involved in the inventorydevelopment process. It is a non-biased, independent review of methods and/or datasummariesthatensuresthatthe inventorycontinuesto incorporatecorrectlythescientificknowledge and data generated. Quality assurance procedures may include expert peerreviewsofdatasummariesandauditstoassessthequalityoftheinventoryandtoidentifywhere improvements could be made. If deemed necessary, selected members of theAdvisoryBoard(AB)mayperformthistaskinthecourseoftheprojectlifecycle.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page40of90
4 PrivacyandSecurityofthedata4.1 Infrastructure
The purpose of this subsection if to provide an overview of the resources and securitymechanisms involved in the hosting of the IT system for the CAREGIVERSPRO-MMD EUfundedprojectthatperformsprocessingofsensitivepersonalinformationinthepremisesofUniversitatPolitècnicadeCatalunya–BarcelonaTech(UPC).
ThisITsystemishostedinadedicatedhardwarepurchasedspecificallyfortheproject:
1xDellNetworkingN4032 (networkconnectivity)
2xPowerEdgeR320 (hardwareredundancy)
TheserverislocatedintheUPCcampusDataCenter(CPD).Thisdatacenterisadedicated250m2 facility with controlled access, personal ID cards for authorized staff and videosurveillance 24x7. The server has dedicated bandwidth and backup power system toguarantee availability. Our Data Center has two different sensor systems to detect andrespond electrical or fire problems. The first monitor system is an optical-heat detectionschemeandthesecondoneislaserbasedtoextinguishfireusingHFC227gas.
This hardware hosts different software modules developed by three partners of theCAREGIVERSPRO-MMDproject,amongthemUPC.
The company MobilesDynamics develops the core software module that gathers,processes and stores highly sensitive information fromusers of different EU countries(UnitedKingdom,Spain,Italy,France).Thedataincludes:
● personaldata(e.g.name,age,postalcode,etc.)● medicaldata(e.g.diseases,comorbities,allergies,etc.)● treatmentdata(e.g.medications,schedules,etc.)● Othernon-sensibledata
TheUPCdevelopsasoftwaremodulethatprocessesanonymiseddatathatcomesfromtheaforementionedsoftwaredevelopedbyMobilesDynamics.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page41of90
The Centre for Research and TechnologyHellas (CERTH), develops a softwaremodulethat processes anonymised data that comes from the aforementioned softwaredevelopedbyMobilesDynamics.
4.2 AdoptedSecurityMeasures
Securityruleshadbeenadoptedatdifferentsystemlevelstoprovidesafeguardstotheoperatingsystem,webapplications,databasesanduserdata.
• OperatingSystem(OS)level:OurLinuxsystemshaveanIPfirewallconfiguredinordertomonitorandgrantaccessonlytoauthorisedprotocolsandverifiedIPaddresses.WeprovideonlySecureShell(SSH18)protocoltomakecyphercommunicationsmandatoryend-to-end.DenyHostsservicehasbeenconfiguredtodetect“bruteforce”passwordattacks.Whenawronguserlog-inpasswordisusedthreetimes,thesystemwillblockanyconnectionfromthesourceIPaddressandlogstheaction.
• Webserverapplicationlevel:WeuseonlytheHyperTextTransferProtocolSecure(HTTPS)foruserconnectionstoencryptdatainterchangebetweentheusersandthewebapplication.
• Databaselevel:ThedatabaseserverisisolatedfromtheInternetandisconnectedonlytotheapplicationserver.Furthermore,theserverhasitsownIPfirewallservicetoallowonlyconnectionsfromthededicatednetworkbetweenthewebserverandthedatabaseserver.
• Physicalaccesslevel:OurserversareplacedinacontrolledenvironmentatUPCDataCenter.AnauthorisedpersonalcardisrequiredtoaccesstothefacilitiesandaCCTVsystemprovidesvideosurveillance.
We use a Linux based system (Ubuntu 16.04 LTS x64) as an operating system for theapplications and database servers. This Unix-like system ensures password encryption19services forevery systemuser.Moreover,a strict fileanddirectorypermissionsystem20 isimplemented as a system default behaviour to ensure data protection between differentsystemusers.18https://en.wikipedia.org/wiki/Secure_Shell
19http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
20https://wiki.archlinux.org/index.php/File_permissions_and_attributes
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page42of90
Legal regulationsaboutdataprivacy (LORTAD) require to identifyandkeepavailable foratwo year period of time the accounting files of the server’s access services. We haveidentifiedthisrequiredinformationinthefollowinglogfiles:
/var/log/syslog
/var/log/authlog
/var/log/denyhosts
/var/log/nginx/error.mmd.log
TheSecurityChief(see4.3:OverviewOfroles)willbenotifiedmonthlyabouttheselectedlogfilesandthebackupprocedures.
The system administrator (root) canmanage thewhole system and change/revoke user’saccessrightsifrequested.Italsocreatesanddeletesystemusers.Ayearlypasswordchangepolicyisadoptedforsecurityregulations.
Thedifferentservicesaremonitoredthoughaplethoraofcomplementarysystemsprovidingalarmsandreactivesolutions(e.g.):
• Cloudservices(virtualization):OpenNebula
• Servers:PandoraFMS
• Datanetwork:Cacti/RRDtool
4.3 OverviewofRoles
The machines where software is hosted and data is stored can be accessed by the nextstakeholders:
○ Systemadministrators:theyhavefullaccesstothesystemandtheirroleisto keep the system running, update the operative system and othersoftwarestackpiecesas required,performbackups,ensure thesecurityofthesystem.
○ Security Chief: audit at least monthly the access control logs, the backupproceduresandothersecuritymeasuresandelaborateareportfortheDataOfficeratUPCMr.VictorHuerta.
○ Programmers: they have partial access to the machines, in repositorieswheretheycanupload/downloadcode.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page43of90
○ System owner: This role is filled by the staff member or managementmemberwhohasresponsibilityforthebusinessfunctionperformedbythesystem. In this case the system owner of the software that processessensibledataisMobilesDynamics.
○ Dataowner:Thisroleisfilledbythestaffmemberormanagementmemberwhohasresponsibilityforthedatastoredinthesystem.Inthiscase,itcanbeoneresponsiblefromeachCAREGIVERSPRO-MMDpilotsite.
○ Endusers:OnlythesoftwaredevelopedbyMobilesDynamicshasendusers.They access to this website through a specific static URL, introduce theirdataandreceiveservices.
Thesestakeholderswillbenotifiedwitha formabout their (different) responsibilitieswithregardssystemsecurityaswellastheconsequencesofnotbeingcompliantwiththem.
UPC
The management of the CPD (refrigeration, access control, electrical maintenance andwiring,etc.) isperformedbypersonnel from theUPCnetS.L. companycreatedbyUPC fortheICTservicesmanagement.TheCPDismonitored24/7byUPCnetpersonnel.
Theserverandservicesmanagement isperformedbyRDLabpersonnel,belongingtoUPC.OnlyauthorizedRDLabSystemadministratorsandSecurityChiefwillhavephysicalaccesstothehardwarestoredinthedatacenter.RDLabpersonnelprovidesservicesonworkdays(9-14h and 15-17hMonday to Thursday and Friday from 9-14h) and intensive timetable onmorningsofsummerseason.
Servicerequestscanbeperformed24/7throughtherdlab.cs.upc.eduwebsiteortheemailaddressrdlab@cs.upc.edu.
4.4 InformationSystemArchitectureandData
Theplatformserver isexecuted inavirtualmachine(VM1)thathasaccesstothe Internetand where end users will connect to the static platform URL through encrypted httpsconnections. The databases are stored in a different virtual machine (VM2) that has noaccess to the Internet, is allocated in a private network which only accessible by VM1.Consequently,dataisisolatedfromtheInternetandonlytheC-MMDplatformhassecuredaccesstoit.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page44of90
As we can see in blue in Figure 1, only the Personal Dataset (PD) dataset/table containspersonaldataand isnotanonymisedbecause theC-MMDplatformneeds toaccess thesedata.Ontheotherhand,therestofdatasets(ingreen)relatedwithC-MMDapplicationwillbe pseudo-anonymised just in case of intrusion into these particular datasets. Keys to re-identificationarekeptinPD.
VirtualMachines
Recommendersystem
The recommending system developed by UPC that processes C-MMD data, receivesanonymiseddatafromtheplatformfrompersonaldatasets,screeningdatasets,interventiondatasetsandstoresprocessedprofiles intherecommenderdataset.MoredetailsonthesedatasetscanbefoundintheannexeddocumentD7.3DataManagementPlan.Thesoftwareis hosted in a virtual server running a linux setup as described in section 2. The personresponsiblefortheseservicesisLuisOliva([email protected]).
GamificationandUIpersonalizationsystem
Thegamificationserver ishostedbyUPCandmanagedbyCERTH. It is installedinavirtualmachinewithWindows10(x64)Professionalwithfirewallinstalled,automaticupdatesandwindowsdefenderactive. Ithasdisabledall thewindows shared servicesandcanonlybeaccessed remotely via VNC with a specific IP range belonging to CERTH machines.Thissystem provides different services to the c-mmd platform processing anonymous datagathered via API.More details on these datasets can be found in the annexed documentD7.3 DataManagement Plan. The person responsible formanaging this service is IoannisPaliokas([email protected]).
ThePilotTool
Asinthepreviouscase,thePilotToolwillruninadedicatedvirtualserverVM3withaccessto the internet and data will be stored in a different virtual machine VM4 in a privatesubnetworkwithnointernetaccesswhereonlyVM3canaccess.Inthiscase,alldatasetsinPDD(inblue)willbepseudo-anonymised(i.e.usingkeyed-hashfunctionswithstoredsecretkey)withnopersonalidentificationsstored.Thekeysforre-identificationwillbekeptbytheCROofeachpilotsitefollowingthesecurityprotocolsstablishedbythem.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page45of90
Figure1Anonymisation&SecuritySchema
4.5 PrivacyImpactAssessment
The Privacy Impact Assessment is a tool used by organizations aiming to identify possiblerisks during the processing of personal data and tominimize its impact. According to theArticle35of the2016/679Regulation,"whereatypeofprocessing inparticularusingnewtechnologies, and taking into account the nature, scope, context and purposes of theprocessing,islikelytoresultinahighrisktotherightsandfreedomsofnaturalpersons,thecontroller shall, prior to the processing, carry out an assessment of the impact of theenvisaged processing operations on the protection of personal data. A single assessmentmayaddressa setof similarprocessingoperations thatpresent similarhigh risks." Privacy
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page46of90
impactassessmentwillhelptheC-MMDConsortiumtoidentifyandreducetheprivacyrisksoftheprojectwhileallowingthegoalsoftheprojecttobeachieved21.ThisPIAwillbeusedduring the development and implementation of the project through its managementprocesses.
PIAs are an integral part of the privacy by design approach, which is also one of theprinciplesof theDataPrivacyDirective22 and it is recommended to implement them fromthe early phase of a project. PIAs aim to promote good practices for personal dataprocessing, improveorganizations'transparencyandincreasethepublic'sunderstandingofhowtheirinformationisused.
AccordingtotheICOPIAscodeofpractice21,aPIAshouldincorporatethefollowingsteps:
• IdentifytheneedforaPIA• Describetheinformationflow• Identifytheprivacyandrelatedrisks• Identifyandevaluatetheprivacysolutions• SignoffandrecordthePIAoutcomes• Integratetheoutcomesintotheprojectplan• Consultwithinternalandexternalstakeholdersasneededthroughouttheprocess
Oneof themost critical points is the identificationof privacy risks. The ICOhas identifiedthreemain categories of possible risks: (i) risks to individuals; (2) corporate risks; and (3)compliancerisks.
TheCNIL23providesamethodforestimatingtherisklevelintermsofseverity(ormagnitudeoftherisk)and likelihood (orthepossibilityforarisktooccur).Moreover,theyproposeacyclicapproach,wherethePIAisevaluatedaftera4-stepprocessuntilthePIAisaccepted.Theapproachisstructuredasfollows:
1. Context:presentationof theprojectand itsobjectives,stakeholders,processingofpersonaldata
2. Controls:descriptionofthelegalcontrolfollowingtheDataPrivacyDirectiveandtheriskmanagementplandefinedbytheorganizationsinvolvedintheproject
3. Risks:detaileddescriptionof thepotential risksandthreats thatmayoccurduringtheprojectanddeterminetherisklevel.
4. Decision: to validate the PIA according to the preceding steps and, if accepted,prepareandactionplanforalltheplannedcontrols.
TheC-MMDPIAisfullydescribedinAnnex1.
21Conductingprivacyimpactassessmentscodeofpractice20140225(InformationCommissioners’Office)https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf22Directive95/46/ECandRegulation2016/67923ComissionNationaldel'Informatiqueetdeslibertés:https://www.cnil.fr/fr/node/15798
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page47of90
4.6 Security/DataBreachManagement
Organisations which process personal data must take appropriate measures againstunauthorisedorunlawfulprocessingandagainstaccidentalloss,destructionofordamagetopersonaldata24.Oneofthosemeasurescanbethedesignandadoptionofaprotocoltodealwithadatasecuritybreach.
Adatasecuritybreachcanhappenforseveralreasons,e.g.:
• Lossortheftofdataorequipmentonwhichdataisstored
• Inappropriateaccesscontrolsallowingunauthoriseduse
• Equipmentfailure
• Humanerror
• Unforeseencircumstancessuchasafireorflood
• Hackingattack
• Socialengineeringwhereinformationisobtainedbydeceivingtheorganisationwhoholdsit.
The C-MMD consortium will follow the data breach management protocol described inAnnex3.
4.7 Anonymisation
Directive95/46/EContheprotectionofindividualswithregardtotheprocessingofpersonaldata and on the free movement of such data defines "a personal data shall mean anyinformation relating to an identified or identifiable natural person ("data subject"); anidentifiable person is one who can be identified, directly or indirectly, in particular byreference to an identification number or to one or more factors specific to his physical,physiological,mental,economic,culturalorsocialidentity;"
Anonymisationandpseudonymizationconceptsrisefromtheneedtoprotecttheprivacyofthedatasubjectswhile theirdata isbeingprocessedor transferredby telecommunicationnetworks.Anonymisation is theprocessof turningdata intoa form thatdoesnot identifyindividualsandwhereidentificationisnotlikelytotakeplace.Thisallowsforamuchwideruseof the information25. For instance, in theC-MMDcontextwheredifferent researchersmustprocesspilotparticipant'sdatainordertoextractscientificconclusions,anonymisationisrequiredinordertoensuredataprivacyofthepilotusers.Amongthepersonaldata,wedistinguishPersonallyIdentifiableInformation(PII), informationthatcanbeusedonitsownorwith other information to identify, contact, or locate a single person, or to identify anindividualincontext26.
24https://ico.org.uk/media/for-organisations/documents/1562/guidance_on_data_security_breach_management.pdf25https://ico.org.uk/for-organisations/guide-to-data-protection/anonymisation/26https://en.wikipedia.org/wiki/Personally_identifiable_information
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page48of90
Inordertobeabletoprocessandresearchwithcollectedpersonaldata,theso-calledPIIiseitherbeingdeleted(anonymisation)orreplacedbyneutralidentifiers(pseudonymization).
According to ICO’s ‘Anonymisation: managing data protection risk’27, there are manyadvantagesofusinganonymisation:
• itprotectsagainstinappropriatedisclosureofpersonaldata;fewerlegalrestrictionsapply.
• itcanbeeasiertouseanonymiseddatainnewanddifferentwaysbecausethepurposelimitationrulesdonotapply;
• itallowsorganisationstomakeinformationpublicwhilestillcomplyingwiththeirdataprotectionobligations;and
• thedisclosureofanonymiseddataisnotadisclosureofpersonaldata–evenwherethedatacontrollerholdsthekeytoallowre-identificationtotakeplace.
Itmustbekeptinmindthatinthelastyears,technologyhasmadeitpossibletore-identifyanonymiseddata,matchinganonymiseddatabackwithindividualpersonswhosedatawasextractedfromorevenwhentheoriginaldatadidnotbelongtothedatasetassuch:
• Sweeney28 demonstrated that 87% of all Americans could be uniquely identifiedusingthreepiecesofdata:birthdate,sexandZIPcode.
• Horvát et al29 published a study on social networks proving that "using machinelearningonecanreacha85%predictionratewhethertwonon-membersknownbythe samememberof the social network are connectedor not. Thus showing thattheseeminglyinnocuouscombinationofknowledgeofconfirmedcontactsbetweenmemberson theonehandandtheiremail contacts tonon-memberson theotherhand provides enough information to deduce a substantial proportion ofrelationshipsbetweennon-members."
Consequently,theprojectconsortiumwillcarefullyconsiderre-identificationrisksinthePIAand implement the anonymisation procedures accordingly, performing re-identificationtests.
AnonymisationImplementationinC-MMD
InC-MMDcase,wearehandlinganopensocialnetworkthatmanagesseveraldatasetswithdifferentaccesslevels.Fromtheapplicationpointofview,datawillnotbeanonymisedasitwould oppose the social network philosophy andwhere access control ismanaged by itsownusers.Thus,C-MMDwillprovideallendusersthepossibilitytomanagetheaccesslevelof all the generated data related to them, be it personal data, questionnaires completed,informationabouttreatment,etc.MoredetailsondefaultsettingscanbefoundinAnnex1,wheredataflowisdescribed.
27https://ico.org.uk/media/for-organisations/documents/1042731/anonymisation_code_summary.pdf28NateAnderson.Anonymiseddatareallyisn’t—andhere’swhynot.September2009.Availableathttp://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-in-databases-of-ruin/29Emöke-ÁgnesHorvát,MichaelHanselmann,FredA.Hamprecht,KatharinaA.Zweig.OnePlusOneMakesThree(forSocialNetworks).April2012.Availableathttp://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0034740#pone.0034740-Jernigan1
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page49of90
Whenweleavebehindtheapplicationlevelandweconcentrateinthelowlevel(database,table,server,etc.),theproposedconfigurationcanbeseeninFigure1,wherewecanseeaclear separationbetweenC-MMDplatformand thePilot Tool30 in termsof execution anddatastorage.
DataDissemination
DatathathastobesharedoutsideoftheConsortiumboundariesforscientificdissemination(e.g. aggregated data in a scientific paper) will require stronger anonymisationmeasuresthanpseudo-anonymisation,as itcouldbethecasethatC-MMDdisseminateddatacanbecrossedwith other existing records anduser identity could bededuced. In order to avoidthis,wewillfollowanonymisationrecommendationsofArticle29DataProtectionWorkingParty31,combiningseveralstrategiesinordertoavoidtheweaknessesofeachapproach(i.e.randomizationandgeneralizationtechniques).Datadisseminationwillnothappenuntiltheend of the pilot experimentation, so the Consortium has time to prepare detailed andtailored anonymisation strategies to ensure that re-identification is not possible. Specifictechnicaldetailsofthesemeasureswillbedetailedinfutureversionsofthisdocument.Theobjectivesofanonymisingdatatobeopenlydisseminatedwillbetoavoid:
• Singlingout,thepossibilitytoisolatesomeorallrecordswhichidentifyanindividualdataset
• Linkability, the possibility to link, at least, two records concerning the same datasubjectoragroupofdatasubjects
Inference,thepossibilitytodeducewithsignificantprobabilitythevalueofanattributefromthevaluesofasetofotherattributes
5 Ethics,IntellectualProperty,Citation5.1 Ethics
The lack of ethical principles standardization at international levelmaypotentially lead tothe abuse of data collection, use and storage by exploiting differences between societieswith regard to established ethical standards. Ethics of data collection, and data use andstorage inmedicalapplications, isofgrowing importancesince thequalityandquantityofmedical data usage is growing quickly both in Europe andworldwide. Great concerns areraised about data protection and privacy issues in the area of biometric and healthapplications with growing markets that might be affected by insufficiently protectedsensitiveinformation.
The success of the C-MMD project depends greatly on having all project partners beingaware of the ethical challenges involved in the inception and implementation of the
30see3.131Opinion05/2014onanonymisationTechniques.http://ec.europa.eu/justice/data-protection/index_en.htm
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page50of90
proposedplatformandservices.TheC-MMDConsortiumwillrespecttheethicalguidelinesdescribedin:
• CharterofFundamentalRightsoftheEuropeanUnion(2012/C326/02);• ConventionfortheProtectionofHumanRightsandFundamentalFreedoms;• WorldMedicalAssociationDeclarationofHelsinki.EthicalPrinciplesforMedical
ResearchInvolvingHumanSubjects;• Directive2001/20/ECoftheEuropeanParliamentandoftheCouncilonthe
approximationofthelaws,regulationsandadministrativeprovisionsoftheMemberStatesrelatingtotheimplementationofgoodclinicalpracticeintheconductofclinicaltrialsonmedicinalproductsforhumanuse;
• ConventionfortheProtectionofHumanRightsandDignityoftheHumanBeingwithregardtotheApplicationofBiologyandMedicine:ConventiononHumanRightsandBiomedicine.
HerebywedescribeasummaryofthefundamentalconceptsrelevantforC-MMD:
Ondataprivacy
• Clinical trials with human subjects must ensure methods of protecting theindividual'sdignityandidentity.
• The protocol presented to the Ethic Committee shall include the process ofanonymisationofpersonaldataforlateranalysis.
Ontherightofbeinginformed
• The persons undergoing research have been informed of their rights and thesafeguardsprescribedbythelawfortheirprotection
• Human subjects have the right to be informed about the outcomes of the clinicaltrial.
Oninformedconsents
• People participating in clinical trials have the right to be informed about the risksandbenefitsofthestudy
• Peopleshallnotparticipateinaclinicalstudywithoutsigningaformalconsent• Peoplehavetherighttowithdrawtheclinicaltrialonceithascommenced.• Incaseofincapacitatedadultsorpeoplewithdementia,alegalrepresentativemust
consenttoparticipate.
Ontheaccesstohealthcare
• The main priority for clinicians shall be to guarantee their clients wellbeing andinterveneincaseofriskofadverseeffects.
• An individual has the right to continuewith its regularmedical treatment even iftheyhavewithdrawnconsenttoparticipateinthestudy.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page51of90
A full review on the above-mentioned list is provided in D8.3 Report on Legal andRegulatoryFramework.
5.2 IntellectualProperty
Regardingpropertyandownershipofmedicaldataandrecords,therearetwodistinctviews.From the standpointofpractitioners (i.e.,healthcareproviders,hospitals),patientmedicalrecordsare thepractitioner'spropertybecause theyare theoneswhowrite, compileandproduce the records (data producers). At the same time, patients tend to believe thatmedicalrecordsbelongtothemastheyprovidetherelevantinformation.
Nevertheless, the project will produce data assets that do not correspond to medicalrecords.Forinstance:
• Interventioncontentsandguidelines;• Gamificationreports;• Treatmentadherencereports;• Aggregatedmedicaldatareports;and• Reportsandstatisticsofplatformusage.
The resulting ownership agreementswill be compliantwith corresponding legislation (i.e.DataProtectionAct,Copyright,FreedomofInformationAct,etc.).
5.3 Citation
Anarticle,paperorpresentationthatrefersto,ordraws,informationfromadatasetshouldcite thedata set, just as itwould citeother sources suchasbooks andarticles.A citationgivesappropriatecredittothedatasetcreator(s),andallowsinterestedreaderstofindthedataset so theycanconfirmthedata isbeingcorrectly represented,orcanuse it in theirownwork.Thereisnouniversalstandardforformattingadatasetcitation.
Therearemanydifferentstylesforformattingcitations,suchasAPAandChicagoManualofStyle. In addition, most scientific publications have their own style, either unique tothemselves or based on an existing style. A few of these styles, such as APA 6th edition,specifyhowtocitedatasets.However,mostcitationstylemanualsdonotcurrentlycovercitingdatasets.Consequently,adaptationofthestyles’generalformatcanbeappliedtotheneedsofdatasets.
Atthisearlystage,theinformationusedtociteC-MMDdatasetscouldbe:
• Author(s)(theprincipalinvestigatorcanbeusedasthe“author”ofadataset)• Title• YearofPublication• Publisher(partnerproducingthedataset)
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page52of90
• Version• Accessinformation(doiorurl)
6 AccessandUseofInformation
OneoftheobjectivesoftheCAREGIVERSPRO-MMDprojectistodevelopthesolutionintoacommercialproduct.ThisisthemainreasonwhytheConsortiumhasdecidedthatselected,potentiallypublishablesummarydatawillnotbeavailableforopenaccessuntiltheendoftheproject,oncetheexploitationpathshavebeendefined.
However, results of the pilot execution and platform evaluation will be made publiclyavailablethroughthedeliverablesD6.1–Mid-Pilotpreliminaryanalysisreport,D6.2–FinalPilotanalysisreportandD6.3–Userfeedbackandusabilityreport.
Moredetailsonspecificdatasetaccessregimesaredefinedin§3.1.
7 Storage,BackupsandDataRecoveryInordertosafeguardtheappropriatepreservationofthedata,aportionofthebudgethasbeenallocatedtodatastorageandbackupsduringthelifespanoftheprojectandatleastforthetwoyears32followingthegrantduration.
The data will be stored in databases installed on the same server that holds theCAREGIVERSPRO-MMD platform. These Databases are only accessible locally (i.e. onlyavailabletotheserveritself)topreventanyconnectionfromoutside.Thesystemandserverconfigurationhavebeenarrangedtosupportlocaldataencryptiontoavoidphysicalaccesstotheharddiskdrive.Thismeasurewouldpreventaccesstothedataifthephysicalstoragewasstolenoraccesseddirectly.
TheserverhasalocalfirewallthatonlyallowssecurewebconnectionstotheInternetandverified IP addresses fordevelopment/updatesof theC-MMDapplication. Every access totheserverisrecordedatalocallogfile.
A daily backup procedure has been designed to ensure data integrity and recovery. Thisbackuphastwomainsubsystems:
1. File system backup: A daily copy of every file in the file system is stored incompressedformat.
2. Databasebackup:Adailydumpofeverydatabase/tableisstoredinasinglefileinthesameserver.
32InthecasethatanyoftheConsortiumpilotmembersrequiretokeepthedatastoredforalongerperiod,UPCwilltransfersecurelythecorrespondingdatatothepartnersoitcancontinuethecuration.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page53of90
The backup system that stores and holds a daily copy of file system and databases is anautonomous system to ensure security integrity of data. On one hand provides anindependent servicewith disk redundancy (RAID33), thus is not affected for any failure ormalfunctionofthemainstoragesystem.Ontheotherhand,itcontrolsandrestrictaccesstoproperITstaffbecauseithasaspecificrightsmanagement.
A25-30-daywindowbackupsystemhasbeenprogrammedandenoughdiskspacehasbeenreserved foramonthlyoperation.Theaccess to thebackupdata isonlyavailable forUPCsystemadministratorsandisalsologged.Therecoverytimedependsontheamountofdatatoberecovered,intheframeofworkday,canbefrom1to4hours.
Our Data Centre management staff provide a pay-per-use service for external backupplacementifneededforlegalregulations,privacyorsecurityissues.
8 ArchivingandFutureProofingofInformation
The national legislation (European compliant) of the server site (Spain) compels UPC topreservealldataandaccessrecordsfortwoyears34aftertheprojectcompletion.Theserverwillremaininthesamesafelocationtopreservephysicalandlogicalaccess.Consequently,thedatawillbekeptintheserverandwillbeaccessibleunderthesametermsthatwillbeagreedamongpartnersduringtheprojectlifespan.
All public project deliverables will be available at least for five years after the projectcompletionattheprojectportal.
Selected datasets, databases, standalone documents, and even software may be madepublicoropenforexploitationattheendoftheprojectifthatfactiscompliantwithethicsand data protection guidelines described in this document. These resources may proveuselesswithoutexplanatorynotes(metadata)accompanyingthem.Metadatawillbeclearlylinked to the materials so that they can adequately inform any future user about thematerial. For example, a published dataset will typically be accompanied by a metadatadocumentthatexplainsthevariousfields, theirusefulnessandsummarisesthepurposeofthe dataset in general. These documentswill be stored alongwith the dataset andmadeaccessible in the same manner as the dataset (e.g. online, or download). Contactinformation will be provided accordingly in case that the future user needs furtherclarification.
33https://en.wikipedia.org/wiki/RAID
34InthecasethatanyoftheConsortiumpilotmembersrequiretokeepthedatastoredforalongerperiod,UPCwilltransfersecurelythecorrespondingdatatothepartnersoitcancontinuethecuration.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page54of90
8.1 BestPracticesforFileFormats
Thefileformatsusedhaveadirectimpactontheabilitytoopenthosefileslaterandontheabilityofotherpeopletoaccessthosedata.
ProprietaryvsOpenFormats
Datashouldbesavedinanon-proprietary(open)fileformatwhenpossible.Ifconversiontoan open data formatwill result in some data loss from the files, it should be consideredsavingthedatainboththeproprietaryformatandanopenformat.Havingatleastsomeoftheinformationavailableinthefutureisbetterthanhavingnone.
Whenitisnecessarytosavefilesinaproprietaryformat,itwillbeincludedareadme.txtfilethatdocumentsthenameandversionofthesoftwareusedtogeneratethefile,aswellasthecompanywhomadethesoftware.
GuidelinesforChoosingFormats
Whenselectingfileformatsforarchiving,theformatsshouldideallybe:
§ Non-proprietary;§ Unencrypted;35§ Uncompressed;§ Incommonusagebytheresearchcommunity;§ Adherenttoanopen,documentedstandard:
o Interoperableamongdiverseplatformsandapplicationso Fullypublishedandavailableroyalty-freeo Fully and independently implementable bymultiple software providers on
multiple platforms without any intellectual property restrictions fornecessarytechnology
o Developedandmaintainedbyanopenstandardsorganizationwithawell-definedinclusiveprocessforevolutionofthestandard
SomePreferredFileFormats3637
• Containers:TAR,GZIP,ZIP• Databases:XML,CSV• Geospatial:SHP,DBF,GeoTIFF,NetCDF• Movingimages:MOV,MPEG,AVI,MXF• Sounds:WAVE,AIFF,MP3,MXF• Statistics:ASCII,DTA,POR,SAS,SAV• Stillimages:TIFF,JPEG2000,PDF,PNG,GIF,BMP• Tabulardata:CSV• Text:XML,PDF/A,HTML,ASCII,UTF-8• Webarchive:WARC
35DatawillbeencryptedintheUPCserverforsecurityreasons36http://www.digitalpreservation.gov/formats/37http://www.loc.gov/preservation/resources/rfs/data.html
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page55of90
9 AuditsAninternalauditprocedurewillbeperformedatleastevery18monthstoverifythatalltheaforementionedmeasuresareimplementedandarecompliantwithregulations.
10 ResourcingofDataManagement
This section outlines the staffing and financial details of the datamanagementwithin theCAREGIVERSPRO-MMDproject.Theformeraspectprovidesinformationabouttheroleandresponsibilitiesof thepartners thatgeneratethedataandthosewhocontrol it.The latteraspectdescribesthefinancingprocessfordatamanagementanddatastorage.
10.1 RolesinDataManagement
Eachpilotpartner(HUL,COO,FUB,CHU)isresponsibleforthedatageneratedintheirownpilotsbythedifferentstakeholdersoftheplatformasdataproducers.Eachpilotpartnerwillassigna responsibleperson fromhisorher institution for this task tobedesigned for thenextversionofthisdocument.
The UPC is responsible for all the aspects related with data storage and backup as dataprocessor.
MDAandCERTHasthemaindevelopersoftheC-MMDplatformwillberesponsibleasdataprocessorandserviceproviderofalltheaspectsrelatedwithdatagathering,dataintegrity,accesslogging,etc.,relatedtothesoftwarecomponentstheydevelop.
Asspecifiedin§5.1.3ofDoA,specificagreementswillbesignedamongpartnersinordertograntaccesstothedifferentdatasetsforthedifferentuses(datastorage,dataprocessing,serviceprovision).
10.2 FinancialDataManagementProcess
Asmentionedbefore,theConsortiumhasreservedaportionoftheprojectbudgetfordatahostingandbackup.
11 ReviewofDataManagementProcess
The follow-up of this plan will be reported in future versions of this document, wheredetailedprotocolsandmeasureswillbedescribedtoensurethecompliancewiththeplanalongwithpreliminary results on theobservedevolution.UPCasmain contributor to thisplan,supportedbytherolesdescribedinsection8.1,willperformthefollow-up.
ExternalreviewersoftheConsortiumaswellasselectedmembersoftheABwillsupportthepeer-reviewprocess.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page56of90
Annex1-C-MMDPrivacyImpactAnalysis
A1.1IdentifyingtheneedforaPIA
CAREGIVERSPRO-MMDprojectaimstobuildadigitalplatformtailoredforpeoplelivingwithdementiaandtheircaregivers,consideringthis"dyad"astheunitofcare.Theplatformwillofferbothavarietyofadvanced,personalizedservicesthatwillimprovethequalityoftheirlivesandenablethemtolivewellinthecommunityforaslongaspossible.
TheservicesofferedbytheCAREGIVERSPRO-MMDplatformwillbebasedonthecollectionandanalysisofdataprovidedbytheend-usersorgeneratedthroughtheir interactionwiththe system. Accessible through user-friendly and easy-to-use interfaces for smartphones,tabletsandwebbrowsers,theseserviceswillinclude:
• clinicalandpsychologicalscreening;• treatmentadherenceservices;• educationalinterventionstailoredtoeachuser'ssymptoms;• socialnetworkingwithotherpeoplelivingwithdementia,caregiversandclinicians;• a service for reporting to doctors and medical staff about treatment adherence
levelsandotherimportantclinicalinformation.
Inall,theC-MMDplatformisanITsystemthatwillbestoringsensiblepersonalandhealthdataofitsusers.Someofthisdatawillbesharedbetweensomeusers(i.e.PLWD-caregiverorPLWD-doctor).Thebulkof thecaptureddatawillalsobeused for researchstudiesandsomepartofthisdatamightbesharedwiththeresearchcommunityandsociety.
Thus,wehaveasystemthatwillbemanagingandstoringverysensibleinformationsubjecttoethicalandlegalconsiderationsandpotentiallysubjecttoprivacyrisks.Consequently,theConsortiumhasundergonethetaskofwritingaPIAthatdepictspossiblerisksandmitigationmeasures so it canbeused through thedevelopment and implementationof theC-MMDproject.
A1.2Describinginformationflows
A1.2.1InformationOverview
In previous sections we have described the different datasets that compose the C-MMDecosystemandinordertoperformamoredetailedPIA,weprovideadescriptionofhowtheinformationthatenrichesC-MMDisobtained,usedandretained.InError!Referencesourcenotfound.wecanseeaschemaofthedifferentstakeholders interactingwiththeC-MMDplatformandthePilotTool,whichdatasetsaretheygeneratingandfinallytheaccessroleofeachstakeholderonthosedatasets.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page57of90
Figure2C-MMDInformationOverview
WecanobservethatthemainstakeholdersinteractingandintroducingdataintheC-MMDplatformarePLWD,theircaregivers,healthprofessionalsandsocialworkers. It isassumedthat as in any IT system, administrators have access to the system andmay set up initialconfigurations for some services. In section 3.1we can find a description of the differentdatasetsandabroaddescriptionofownershipandaccess todatadepending if it isauser(PLWD-caregiver),aConsortiumpartnerco-owningthedata(healthorsocialprofessional,orresearcherworkingwiththeusersineachpilotsite),amemberoftherestoftheConsortiumor an external person of the project. In Figure 2we can seewhich stakeholder produceseach dataset and which stakeholder can access each of them. Where is stated ‘Partial’access,means thatnotall thedataset isavailable (i.e. a socialworkerwillonlybeable toaccessscreening informationrelatedtosocialaspects,butnotclinical). InFigure3wecanseethedataflowdiagramofC-MMD,wherestakeholders(inred)interactwiththeplatform,introducedatathatcomposesdatasets(boxesinlightred)andfireprocesses(purplecircles)thatcangeneratenewdatasets,logsorITdatarepositories.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page58of90
Figure3C-MMDDataFlowdiagram
A1.3Identifyingprivacyandrelatedrisks
Atthisstage,wehavedescribedthekindofinformationexchangedamongstakeholdersanditsrelevance.Withinthisscenario,wemustidentifywhichthreatsaremorelikelytooccuraswellastheirpossiblesourceandseverity.Sinceeachorganizationwillevaluatetherisksandthepossiblesolutionsaccordingtotheirowncharacteristicsandresourcestheoutcomeofthisstudyisnecessarilysubjective.
Severity38representsthemagnitudeofarisk.Itisprimarilyestimatedintermsoftheextentof potential impacts on data subjects, taking account of existing, planned or additionalcontrols.Theseveritylevelobtainedmayberaisedorloweredinrelationto(1)thelevelofidentification of personal data; (2) the nature of the risk source; (3) the number of
38DefinitionfromCNIL
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page59of90
interconnections (especially with foreign sites); (4) the number of recipients (whichfacilitatesthecorrelationbetweenoriginallyseparatedpersonaldata).
Likelihood39 represents the feasibility of a risk to occur and is estimated in terms ofvulnerabilities of the supporting assets involved and the capabilities of the risk source toexploitthem.ThejustificationofthelikelihoodisprovidedbytheproposedcontrolsolutionspresentedinA1.4.
According the guidelines provided by CNIL, there are three potential data breaches: (i)illegitimate access to personal data, (ii) unwanted modification of personal data and (iii)disappearance of personal data. The following table describes the possible threats thatmight be present in the C-MMD project categorized within the aforementioned databreaches.
39DefinitionfromCNIL
“ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementNo690211”
DATABREACH # TYPEOF
SUPORTINGASSET THREATS ACTION RISKSOURCES SEVERITY LIKELIHOOD JUSTIFICATION(oflikelihood)
Illegitimate
accessto
personaldata
1 HWinpilotsiteUncontrolledaccesstodata
byunauthorizedpersonalObserved
Internal/external
humanLimited
Dependson
eachpilot
Negligibleifpersonaldataisstoredinaroom
protectedbyaccesscode.Maximumincaseof
beinginunprotectedroomsorinpublicareas
2 HWinpilotsite
UseofUSBflashdrivesor
disksthatareill-suitedto
thesensitivityofthe
information
Used
inappropriatelyInternalhuman Negligible Negligible
Nodataexportmeansoutsidetheprotected
DBsorsecuredprotocolswillbeallowed
3 HWatUPCserver Lostofequipment(theft) LostInternal/external
humanLimited Negligible
Protectedroomwithcontrolledaccess.
Protectedserverwithphysicallock.Backup
andencryptionstrategiesfordataprotection
4 SWatUPCserverInfectionbymaliciouscode,
hackingDBAltered
Internal/external
humanornon-
humansource
Maximum Negligible Protectedaccess
5 SWatpilotsitesInfectionbymaliciouscode,
hackingDBAltered
Internal/external
humanornon-
humansource
SignificantDependson
eachpilot
Securitypolicyofeachpilotsitewill
determinethelikelihood
6 SWpilots&server
Errorsduringupdates,
configurationor
maintenance;replacement
ofcomponents
Altered
Internal/external
humanornon-
humansource
Limited Limited Accessrestrictedtoauthorizedtrainedstaff
D7.7DataManagementPlan-InterimVersionCAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page61of90
7
Peopleinpilots,
UPCserver
controllersand
technical
developers
Abuseofuseofpersonal
dataforotherpurposes
(transactional,navigationor
geo-localizationdata;
behaviourmonitoring,
profilinganddecision
making)
Manipulated Internalhuman Significant Negligible
Previoustrainingonethicalandregulatory
dispositionsmakesunlikelytheuseof
informationforunplannedandillegitimate
purposes
8
Peopleinpilots,
UPCserver
controllersand
technical
developers
Breachofconfidentialityof
personaldatabyemployees
oftheorganization
Observed Internalhuman Significant Negligible
Previoustrainingonethicalandregulatory
dispositionsmakesunlikelythedisclosureof
personalinformation
9
Peopleinpilots,
UPCserver
controllersand
technical
developers
Unauthorizedaccessto
personaldata
Used
inappropriatelyInternalhuman Limited Negligible Accessrestrictedtoauthorizedtrainedstaff
10 Peopleinpilotsite
Obtaininganinformed
consentdoubtful,corruptor
invalidforthetreatmentof
transferofpersonaldata;
hinderwithdrawalof
consentoroppositionto
treatmentordisposal
Used
inappropriatelyInternalhuman Limited Negligible
Clinicalpartnersarecommittedtothe
protocolpresentedandapprovedbyan
EthicalCommitteefollowingtheFundamental
HumanRights
Unwanted
modification
ofpersonal
data
11 HWatUPCserver
Uncontrolledaccesstodata,
noback-upstrategy,abuse
ofstorageperiod
Used
inappropriately
Internal/external
humanLimited Negligible
Serversstoredinaroomwithcontrolled
access.Backupprotocol
12
Computer
channelsatUPC
server
Man-in-the-middleattackor
otherattacks
Used
inappropriately
Non-human
sourceSignificant Negligible Allcommunicationchannelsareencrypted
D7.7DataManagementPlan-InterimVersionCAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page62of90
13 SWUnwantedmodificationson
DB,erasureoffiles
Used
inappropriately
Internal/external
humanLimited Limited Backupprotocol
14 SWpilots&server
ExceedingDBsize,injection
ofdataoutsidethenormal
rangeofvalues,denialof
serviceattack
Overload
Internalhuman
ornon-human
source
Negligible NegligibleAllDBmodificationsarecheckedbefore
commit
15 HWpilots&server
Storageunitfull,power
outage,processingcapacity
overload,overheating,
denialofserviceattack
Overload Internalhuman Negligible NegligibleServerallocatedindatacentrethatcoversall
thesecases
Disappearanc
eofpersonal
data
16Paperdocuments
inpilotsites
Replacementoforiginalfiles
(falsifications)Altered
Internal/external
human,non-
humansource
Significant LimitedProtectedroomswithbadgereaderand/or
accesscode.
17 Paperdocuments
Theftoffilesfromoffices,
mailfrommailboxesor
retrievalofdiscarded
documents
Lost
Internal/external
human,non-
humansource
Significant NegligibleProtectedroomswithbadgereaderand/or
accesscode.
18 HWandSW Technologyobsolescence OverloadNon-human
sourceNegligible Negligible
Toolsselectedtobevalidduringtheproject
lifetime
“ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementNo690211”
A1.4Identifyingandevaluatingprivacysolutions
RISK CONTROLS RESULT
1 1.Avoidpubliclocationsinsidehospitals(e.g.corridors,sharedworkingspaces) Reduced
21.Controlledaccesstodata
Eliminated2.Activitylog
3
1.Restrictedandcontrolledphysicalaccess
Eliminated2.Encryption
3.Externalbackup
4.PhysicalHWprotection
4,5,6
1.Securitypolicy
Reduced
2.Disciplinarysanctions
3.Encryption
4.Datadisassociation&anonymisation
5.Activitylog
7
1.Defineaprivacypolicyvisibleandaccessible
Reduced
2.Transparentreportingontheuseandpurposeofcookies
3.Dissuasivesanctions
8
1.Trainingondutiesandresponsibilitiesregardinginformationconfidentiality
Reduced
2.Datadisassociation&anonymisation
3.Disciplinarysanctionsforstaffmemberswhobreachthedutyofsecrecyandconfidentialitypoliciesoftheorganization
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page64of90
9
1.Promoteawarenessontheobligationofprofessionalsecretregardingpersonaldata
Eliminated
2.Disciplinarysanctions
3.Officialcommunicationchannelswiththoseworkersinformingabouttheresponsibilitiesandconsequencesofaccessingpersonaldata
4.Officialcommunicationchannelwithauthoritiesreportinganyconfidentialitybreach.
10
1.Promoteawarenessofgoodpractices
Reduced2.Disciplinarysanctionsforthosewhobreachtherightofrejectionorwithdrawalofhumansubjectsparticipatinginmedicalresearch
11
1.Identificationofauthorizedusers
Eliminated
2.Assignationofsecurityresponsible&securitypolicy
3.Activitylog
12
1.Securitypolicy
Reduced2.Officialcommunicationwithauthoritiesreportingtheattack
131.Activitylog
Eliminated2.Recoverystrategy
141.Initialestimationofrequirements
Accepted
2.Emergencyplan
151.Initialestimationofrequirements
Accepted
2.Emergencyplan
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page65of90
161.Securitypolicy(non-transferablepersonaldataamongpilots)2.Disciplinarysanctions Accepted
3.Datadisassociation&anonymisation
171.Physicalsecurity
Reduced2.Dissuasiveanddisciplinarysanctions
18 1.AddcriteriawhenconsideringHW/SWoptionsinthearchitecturedesign Eliminated
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page66of90
Annex2-C-MMDDatasets
PERSONALDATASET(personaldata,demographics,medical,social)
Personaldata
Property Description DataType Nullable Unique
User_permalink(autogenerated)*
Uniquealphanumericcoderepresentingtheuser
String False TRUE
User_Id(autogenerated)* AuniqueIdentifier(auto-increment) Longint FALSE TRUE
NickName* Auseridentifiertoappearinpublic String FALSE TRUE
Email* Theprimaryemailaddressofuservalidatedbythe
RFC5322Section3.2.3
String FALSE TRUE
City Nameofcity String FALSE FALSE
Province/County Nameofprovince String FALSE FALSE
ZIPCode Postalcode String False False
CountryCode Internationalcountrycodevalidatedbythe ISO3166-1
String FALSE FALSE
SHA256*(technical,auto-generated)
SecureHashAlgorithmCode String FALSE TRUE
SALT(technical,auto-generated)
Thesaltkeyfortheone-wayhashingofpassword
String FALSE FALSE
ConfirmationDate DatetheuseraccountwasconfirmedvalidatedbyISO8601
DateTime FALSE FALSE
RegistrationDate DatetheuseraccountwascreatedvalidatedbyISO8601
DateTime FALSE FALSE
Role_Id* Integerexpressionoftheuserrole:[0:normaluser,1:PWLD,2:caregiver;3:socialprofessional;4:healthprofessional]
Integer FALSE FALSE
Photo Imageoravatar Image FALSE FALSE
Demographics
Gender** ‘M’forMalesand‘F’forFemales.‘O’ Char FALSE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page67of90
usedforotherornull.
Birthdate** DateofbirthvalidatedbyISO8601 DateTime FALSE FALSE
PreferredLanguage PreferredlanguageoftheinterfacevalidatedbyISO639-1fromthelistofavailablelanguages
String FALSE FALSE
EducationLevel [ISCED2011]
Earlychildhoodeducation
Primaryeducation
Lowersecondaryeducation
Uppersecondaryeducation
Post-secondarynon-tertiaryeducation
Short-cycletertiaryeducation
Bachelor’sorequivalentlevel
Master’sorequivalentlevel
Doctoralorequivalentlevel
Byte TRUE FALSE
Livingstatus(where) [OnlyforPLWD]Ownhouse
Relative'shouse
SocialHousing
Shelteredaccommodation
Nursinghome
Byte TRUE FALSE
Livingstatus(withwhom) [ForPLWD]
alone
withthemaincaregiver(onlyas2)
withotherfamilymembers).[ForCG]
alone
withthecarereceiver(onlyas2)
withthecarereceiver(withothers)
Byte TRUE FALSE
Workingcondition [OnlyforCG]retired
housekeeper
fulltimeemployed
parttimeemployed
Byte TRUE TRUE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page68of90
free-lancer
unemployed(lookingforajob)
student
Workingbenefit [OnlyforworkingCG]Doyoubenefitofanymeasureforthoseprovidingcare(e.g.authorisedworkingpermitsforcaring)
Boolean TRUE TRUE
Othersupport [OnlyforCG]
Nosupport
Formalandprofessionalcarer(serviceprovidedbypublichealthandsocialsystem)
Formalandprofessionalcarer(serviceprovidedbyprivatehealthandsocialprovider)
Volunteersfromcommunitycharitiesandassociations
Otherrelatives
Byte TRUE FALSE
ICTorTechnologicaldevices Subjectiveestimationofcomputerdrivingskills
Willingtouse
Casual
Expert
Byte TRUE TRUE
Hobbies Animals/pets/dogs,Arts,Astrology,Astronomy,Baseball,Basketball,Beach/Suntanning,Birdwatching,Boating,BonsaiTree,CakeDecorating,Calligraphy,Camping,CasinoGambling,Ceramics,Church/churchactivities,Collecting,Music,Computeractivities,Cooking,Crafts,CrosswordPuzzles,Dancing,Photography,Dominoes,Drawing,Eatingout,EducationalCourses,Electronics,Exercise(aerobics,weights),Falconry,Fishing,Floorball,FloralArrangements,Football,Games,Gardening,Cinema,Golf,Guitar,HomeRepair,Internet,Puzzles,Macramé,Painting,Photography,Piano,Reading,Shopping,Spendingtimewithfamily/kids,StampCollecting,Swimming,Tennis,Traveling,TVwatching,VideoGames,Violin,
ArrayofStrings
TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page69of90
Volunteer,Walking,Writing,Yoga
Healthliteracy Abilitytoaccessinformationonmedicalorclinicalissues
Abilitytounderstandmedicalinformationandderivemeaning
Abilitytointerpretandevaluatemedicalinformation
Abilitytomakeinformeddecisionsonmedicalissues
Byte TRUE TRUE
Interests(self) D1.4Domains(binarytree,multipleselection)(p.35-39).SeesampleinDomainfieldofinterventions.TheseinterestsareselectedbythePLWDhim/herself
Array FALSE FALSE
Interests(caregiver) D1.4Domains(binarytree,multipleselection)(p.35-39).SeesampleinDomainfieldofinterventions.TheseinterestsareselectedbythePLWD’scaregiver.
Array FALSE FALSE
Interests(doctor) D1.4Domains(binarytree,multipleselection)(p.35-39).SeesampleinDomainfieldofinterventions.TheseinterestsareselectedbyPLWD’sdoctor.
Array FALSE FALSE
Medical
Cognitivedisorder MCI/Dementia String TRUE FALSE
Typeofdementia [Ifdementia]
AlzheimerDisease
FrontotemporalDementia
VascularDementia
UnknwontypeofDementia
Byte TRUE FALSE
Diagnosisdate DiagnosisdatevalidatedbyISO8601 Date TRUE FALSE
Disorder [OnlyHCP]
Belongstodisordergroup
• BloodConditiono Anemia
• Cardiovasculardiseaseso Atrialfibrillationo Arterial
Hypertension
ArrayList TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page70of90
o Heartfailureo Chronicmyocardic
ischemiao Recentmyocardic
infarctiono Cerebralvascular
diseaseo Peripherialarterial
disease• Endocrineandmetabolism
disorderso Diabeteswith
insulintreatmento DiabetesIIwith
oraltreatmento diabeteswith
complicationso Hypercholesterole
miao Hypothyroidismo Obesityor
overweighto Malnutritiono Dehydration
• Genitourinarydisorderso Urinarytract
infectiono Urinary
incontinence• Liverandgastrointestinal
disorderso Chronichepatitiso Gastritisorulcero Constipation
• NervousSystemdisorderso Parkinsondiseaseo Epilepsyo Strokesequellae
• Psychologicandpsychiatricdisorders
o Insomniao Anxietyo Depressiono Psychosiso Confusiono Apathyo Behaviour
disturbance• Rheumatologicdisorders
o Arthrosiso Jointpain
• Sensoryimpairmento Deafnesso Visualimpairment
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page71of90
• Toxico Alcoholismand
otheraddiction• Nephrology
o Chronicrenalinsuffiency
• Respiratorydiseaseo Chronicpulmonary
diseaseo Respiratory
infection• Cancer
o Malignancy
Dateofdiagnosis
UIimpact(gradedbyitsimpactseverity)
• Audioimpairment(influencingtheaccesstoplatformservices)
• Visualimpairment(influencingtheaccesstoplatformservices)
• Physicalimpairment(influencingthecaringactivities)
• Pharmacologicaltherapy
Weight Inkg/pound int TRUE FALSE
Height incm/feet int TRUE FALSE
Social
Relationships Idsofrelationshipswithotherusers.(primarycaregiveridisincludedtoo).
ArrayList TRUE FALSE
Privileges Privilegesofarelationship
• Readposts• Readscales• Readevents• Readmedicalinfo• Readactivity
ArrayList TRUE FALSE
PrimaryCaregiver_Id
(initialphase-->onlyonecaregiverperPLWD)
Idoftheuserwithprimaryresponsibilityofthecaregiving
Longint TRUE FALSE
Groups_Id Arrayofgroupnamestheuserparticipatesin
ArrayofStrings
TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page72of90
ConnectionDegree Thenumberofnodesdirectlyconnectedtothisnode(personalcircle’ssize)
Integer TRUE FALSE
Centrality Arrayofsocialnetworkcentralitymetricsastripletvectorsof:[GroupName,CentralityType,CentralityValue](Seebelowfordetails).
Array TRUE FALSE
SCREENINGDATASET
Inordertodevelopthesurveyengineformakingsurveysonline,thedatastructureusedisdescribedhere.
SurveyId Idofeachsurvey Integer
Participantsurveys Infoabouteachtimeaparticipantfulfillsasurvey
Location Placewherethesurveyhasbeentaken
Notes Commentsaboutthesurvey
Score Finalscoreofthesurvey,incaseitisperformedoffline
Status undone:0,in_course:1,finished:2
ParticipantSurveyPartialScores
Infoaboutpartialscoresofonesurvey,ifneeded
Name/domain Nametoidentifythepartialscore
Score Scoreforafragmentofasurvey
Participantanswers Answersofeachparticipanttoeachproposedsurveyanswer
Participantanswerid Belongstoaparticipantsurvey
Question_id Belongstoaquestion
Answerid Belongstoananswer
Content Freetextforafreetextanswer
Is_answered Trueifitisanswered,falseotherwise
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page73of90
ADVERSEEVENTSDATASET
Description Descriptionofadverseevent(adiagnosisispreferred)
String FALSE FALSE
Startdate DatevalidatedbyISO8601 DateTime FALSE FALSE
Enddate DatevalidatedbyISO8601 DateTime FALSE FALSE
Severity Severityoftheevent:YES/NO Boolean FALSE FALSE
Relatedtoinvestigationalproduct Relationshiptotheinvestigationalproduct
Boolean FALSE FALSE
HasmanyCountermeasures: Outcomes
• Ongoing• Resolved• Notresolved
Serious:YES/NO
ArrayList TRUE FALSE
TREATMENTDATASET
Medication Nameofthedrug String FALSE TRUE
Prescribeddate Datefortreatmentending.Askfordurationinstead.
DateTime FALSE FALSE
End_date Dateoftreatmentend DateTime FALSE FALSE
Dosage_array 7x4matrixindicatingnumberofpills/quantityforeachweekdayx4timesaday.
ArrayList TRUE FALSE
Condition Towhichdisorderthistreatmentisintendedfor(seelistinPersonaldataset)
String FALSE FALSE
atc Anatomical,Therapeutic,Chemicalclassificationsystem
String FALSE FALSE
Administrationroute
Oral
Intravenous
Nasal
Respiratory(inhalation)
Transdermal
Other
https://www.fda.gov/drugs/developmentapprovalprocess/formssubmissionrequirements/el
Byte FALSE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page74of90
INTERVENTIONDATASET
Intervention_ID AuniqueIdentifier(auto-increment) Longint FALSE TRUE
Dateofcreation Automatic Timestamp FALSE FALSE
Author Nameofcontentcreator String FALSE FALSE
Author_contact_details
Authorcontactdetails Srring FALSE FALSE
Author_qualification String FALSE FALSE
Language CodesofLanguages String FALSE FALSE
Intendedaudience Role-basedcontent Arrayofstrings
FALSE FALSE
Socialexchange Preventive/Palliativecontent String TRUE FALSE
DOMAIN D1.4Domains(binarytree,multipleselection)(p.35-39)
• Understandingdementiao Symptomso Diagnosiso Anxietyandconfusiono Memorylosso Physicalchangeso Progressiono Behaviourthatchallengeso Medicationo RecognisingIamacarer
• Dailylifeo Eatinganddrinkingo Livingathomeo Usingpublictoiletso Washinganddressingo Shoppingo Drivingo Goingtothetoiletand
continenceo Daysoutandholidayso Safetyo Communicationo Hidingthings
Array FALSE FALSE
ectronicsubmissions/datastandardsmanualmonographs/ucm071667.htm
Adherence eachrowisadosage(taken,nottaken,missinginfo)
Byte TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page75of90
o Copingwithmyreactions• Whocanhelp?
o Dementiasupportandgroups
o Otherhelpfulorganisationso Carers’supportandgroupso Paidcarerso Carehomeso GPsandothermedical
peopleo Hospitalo Moneyo Socialcareo Daycareo Plannedrespiteo Emergencyrespite
• Lookingaftermyselfo Appreciatethepresento Myhealtho Havingalaugho Frustrationo Stayingpositiveo “Me”timeo Calmo Sleepo Someonetotalkto
• MyRelationshipo Seeingthepersono Powerandcontrolo Maintainingindependenceo Maintainingarelationshipo Arguingo Caringatadistanceo Livingbetterwithdementiao Decidingthingstogethero Doingthingstogether
• FriendsandFamilyo Faithandcommunityo Supportgroupso Friendso Enjoyingafamilylifeo Helpingothersto
understando Supportfromfamily
memberso Enjoyingasociallifeo Keepingfriendshipsgoingo Dementiafriendly
communities• Planningforthefuture
o Endoflifeo Helpingmylovedoneto
acceptchangeso Decisions
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page76of90
o Gettinghelpo ManagingcarewhenIam
unwello Preparingforthefutureo Anticipatingchangeso Knowingmylimitso Plannedrespite
[TYPEOF]
• DementiaAdvisors• PostDiagnosticGroups• Signposting• PeerSupportGroups• Stress/Anxietymanagement• Reminiscence• AssistiveTechnology:adviceand
support• CognitiveTraining(CT)• PhysicalExercisetherapy• Fallprevention• Homemodification• MusicTherapy• Othercontents
Byte FALSE FALSE
format • Informationaboutlocalservices• Personaladvice• Practicalsuggestions• Seminar/conference• Trainingevent• Personalexperience• Monitoringtools• ExternalResources• Entertainmentsolutions• Rewardsystem
Array TRUE FALSE
delivery • Infographic• Video• How-to• Guideline• Casestudy• Tipsandtricks• Studies• Appsandgames
Array TRUE FALSE
frequency Frequencyindays(e.g.,every3days) Int TRUE FALSE
repetitions Amountoftimes(e.g.,once) int TRUE FALSE
Version Idofeachversionoftheintervention. String FALSE TRUE
Is_active Onlyoneofthedifferentversionsoftheinterventionispublished.
Boolean FALSE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page77of90
Editor_Notes Commentsandnotesabouttheintervention String TRUE FALSE
Tags Definedtags(disorders) Array TRUE FALSE
Sources Sourceofthecontent,referralsormentions String FALSE FALSE
content pathtorawfile,informationstructureofrichcontent
String FALSE TRUE
USERINTERACTIONDATASET
NoOfPosts Numberofmessageposts Integer TRUE FALSE
NoOfLikes NumberofLikes Integer TRUE FALSE
NoOfReviews NumberofReviews Integer TRUE FALSE
NoOfArticleViews Numberofarticlesviewedbytheuser Integer TRUE FALSE
NoOfArticleAuthored Numberofarticlesauthoredbytheuser Integer TRUE FALSE
NoOfScalesTaken NumberofScalestakenbytheuser Array TRUE FALSE
NoOfInvitationsReceived Numberofinvitationsreceived Integer TRUE FALSE
NoOfInvitationsSent Numberofinvitationssent Integer TRUE FALSE
[InteractionHistory] [Arrayofinteractions-logfile] Array TRUE FALSE
USERGAMIFICATIONMODELDATASET
User Theuserstable:user_id,nickname,role_id
ArrayList TRUE FALSE
Role TheRolestablestoresadescriptionoftheuser’sidaccordingtotherolesinphysicallifeandthehealthconditions:id,description
ArrayList TRUE FALSE
Games Thisisthetablecontainingthegamestheuserparticipatesin:game_id,title,description,etc.
ArrayList TRUE FALSE
Details Alltheinformationmentionedintheshortgamificationprofile,butorganizedpergametitle(points,badges,tangibleobjects,privileges).
ArrayList TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page78of90
GAMEMODELDATASET
Game_Id Auniqueidentifierforeachnewgame int TRUE FALSE
Metrics Thetableofmetricslistsallkindsofmetricsusedtomonitoruser’sactivityandawardingback:metric_id,name_metric,type_metric,description
ArrayList TRUE FALSE
Actions Containsthelistofactionandbasicdescriptors:actionId,title,description
ArrayList TRUE FALSE
Quests ListofquestIds(timedobjectivesfortheplayersproposedtotheminordertogainaspecificreward)withdescriptorslikequestId,title,startDate,endDate,rewardId.
ArrayList TRUE FALSE
Leaderboards Listofleaderboards,theirdetailsandtheirrangeinplayersandteam:leaderboard_Id,leaderboard_name,leaderboard__description,leaderboard_entity_type(players/team)
ArrayList TRUE FALSE
Rewards Thetypesofrewardstobeappliedinthegame:Reward_id,reward_type,reward_verb,reward_condition
ArrayList TRUE FALSE
CreationDate Thedatetimethegame-mastercreatedthisgame
Datetime TRUE FALSE
SHORTGAMIFICATIONMODELDATASET
[Game_Ids] ArrayofgameIDstheuserparticipatesin ArrayofIDs TRUE FALSE
TotalPoints Vectoroffourelements:Thesumofallpointsearnedinallgames(likeawalletwithpointsearnedbysocialnetworking,communicationactivities,treatmentadherenceandeducation/training).communicationactivities,pointsearnedbytreatmentadherenceandpointsearnedbyeducation/training
Array TRUE FALSE
Badges Arrayofallbadgesearnedinallgames Array TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page79of90
TangibleObjects Arrayofpairs:objectnameandquantity Array TRUE FALSE
Privileges Forfutureuse Array TRUE FALSE
RECOMMENDERDATASET
USER
USER_ID AuniqueIdentifier Longint FALSE TRUE
FEATUREVECTOR Representstheuserprofile Arrayofdoubles
FALSE FALSE
INTERVENTION
INTERVENTION_ID AuniqueIdentifier Longint FALSE TRUE
FEATUREVECTOR Representstheitem Arrayofdoubles
FALSE FALSE
PILOTDATADATASET(contentintroducedbyclinicpartners)
ScalesScores
Arrayofpairs[psychological,medicalandbehavioralscalesandscores]
Array TRUE FALSE
Additionalnotes Notesassociatedtoapilot’svisit String TRUE FALSE
INTERVENTIONSFEEDBACKDATASET
userId Identifiestheuserthathasprovidedfeedback
Longint FALSE TRUE
interventionId Identifiestheinterventionthathasreceivedsomefeedbackfromthegivenuser(includinginteractiveinterventionslikeSeriousGamesforcognitivetraining)
Longint FALSE TRUE
timeStamp Datetimeoftheintervention Datetime FALSE TRUE
shared Storesiftheuserhassharedtheinterventionornot
Boolean TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page80of90
Views Views(ortries)istheamountoftimestheuserhasconsumedtheintervention
Integer FALSE FALSE
links_used_counter Numberoftimesofusageforthelinksinsidetheinterventions
Integer FALSE FALSE
Consumptiontime Timespentbytheusertoconsumethisintervention.Incaseofinteractiveinterventionsthisisthetotaltimeofplayingagame.
Integer TRUE FALSE
Consumptiontimeforsubtask
Timespentbytheusertoperformeachsubtaskoftheintervention
Array TRUE FALSE
Successrate Numericdescriptorofthelevelofsuccess.Ininteractiveinterventionsthiswillbethemainperformanceindicator(e.g.75%completed).Foranarticlereadwithwillbeeither0%(notconsumed)or100%(fullyconsumed),oriftheinterventionhassubsectionsthentherateofthecompletedsubsectionstothetotalnumberofsubsections(e.g.75%for3outof5thingsdone).
Float TRUE FALSE
Score Numericexpressionofthesuccessrateifany.Inthecaseofgamesthisisthescore(numberofpointsearned).Incaseofaquestionnaireoraninterview(givenasintervention)thisnumbercouldbethenumberofquestionsansweredorthedegreeofuserparticipation.
Float TRUE FALSE
Other Generalpurposefieldrelatedtothetypeoftheintervention.Forexample,insomegameswemayneedstoretheAverageResponseTime.
USERGAMIFICATIONINTERACTIONHISTORYMODELDATASET
UserGamificationHistoryId Theidofaninteractionperformedbytheuser
Int FALSE TRUE
Timestamp Thedateandtimetheinteractionperformed
DateTime FALSE TRUE
userId Theidoftheuser(player)whoperformed Int FALSE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page81of90
theinteraction
gameId Theidofthegamethisinteractionwasperformed
int FALSE FALSE
actionId Theidoftheregisteredactionrelatedtothisinteraction
int FALSE FALSE
scoreEarned Thechangeinthesumpointsasaresultoftheinteraction
int TRUE FALSE
awardId Theidofanaward–ifany-gainedbytheuseratthetimeofthisinteraction
int TRUE FALSE
levelId Theidoftheleveltheuserwasplayingatthetimeoftheinteractionevent
int TRUE FALSE
questId Theidofthequestpossiblythisinteractionwasrelatedto
int TRUE FALSE
questStatus Anindicatoriftheinteractionresultedintheenrolmentoftheuserinaquest(value1),orthedrop-outofthequestbytheuser(value1)orthewinningofthequest(value2)
int TRUE FALSE
gameStatus Anindicatorifthegamestatusresultedbythisinteractionevent,enrolmentinthegame(value1),orthedrop-outofthegamebytheuser(value1)orthewinningofthegame(value2)
int TRUE FALSE
GAMEHISTORYDATASET
gameHistoryId Theidofaneventperformedonthegame int FALSE TRUE
Timestamp Thedatetimeaneventoccurredinagame Datetime FALSE TRUE
GameEventId Ashortdescriptionofthegameeventlike:
Enablegame,disablegame,notification,reset,additions,updatesanddeletionsofgameelements(e.g.rules,actions,awards,etc.).
ArrayList FALSE FALSE
userId Theidofthegame-masterwhomadethischangeonthegame
Int FALSE FALSE
Details Moreinformationdependingonthetypeofgameevent(e.g.contentofthenotification,
String TRUE FALSE
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page82of90
nameoftherule,etc.).
NOTIFICATIONSMODELDATASET
notificationId Theuserstable:user_id,nickname,role_id ArrayList TRUE FALSE
notificationCategory ArrayList TRUE FALSE
nbotificationTitle ArrayList TRUE FALSE
notificationText
lifecycle Time
notificationStatus ArrayList TRUE FALSE
userIds
Atypeissaidtobenullableifitcanbeassignedavalueorcanbeassignednull,whichmeansthetypehasnovaluewhatsoever.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page83of90
Annex3-Security/DataBreachManagementProtocol
Identification
The identification phase of incident response has as its goal the discovery of potentialsecurity incidents and the assembly of an incident response team that can effectivelycontainandmitigatetheincident:
a. Identifyapotentialincident.Theincidenthandlermaydosothroughmonitoringofsecurity sensors. Systemownersor systemadministratorsmaydo sobyobservingsuspicious system behaviour. Any user of the system may identify a potentialsecurity incident though external complaint/notification, or other knowledge ofimpermissibleuseordisclosureofRestrictedData.�
�
b. Notify: users of the system that suspect an IT system has been accessedwithoutauthorizationmustimmediatelyreportthesituationtordlab@cs.upc.edu.Oncetheincident handler is aware of a potential incident, s/he will alert local systemadministrators.
c. Quarantine:Theincidenthandlerwillquarantinecompromisedhostsatthetimeofnotification unless they are on the Quarantine Whitelist. If they are on theQuarantineWhitelist, the incident handler will promptly reach out to the systemadministratoror systemowner to createaplan to contain the incident.Note thatthe incident handler may notify on suspicious behaviour when they are notconfidentofasecuritycompromise;inthesecasestheydonotquarantinethehostimmediately,butwait24-48hoursandquarantineonly if the registeredcontact isunresponsive.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page84of90
Figure4IfRestrictedDataispresentonthecompromisedsystem,theCriticalIncidentResponse(CIR)isfollowed.
Verification
This phase also precedes Critical Incident Response (CIR), and has the primary goal ofconfirming that the compromise is genuine and presents sufficient risk to engage the CIRprocess:
a. Classify:TheCIRmustbeinitiatedif…i. The system owner or system administrator indicates that the system is a
high-criticalityassetii. OR the system owner or system administrator asserts that the system
containsRestrictedData.iii. ORsomeoneofappropriateauthority (forexample, theRector)with input
fromacognizantUPCofficerdeterminesthatthesystemposesauniqueriskthatwarrantsinvestigation.
b. Verify:TheCIRprocessshouldbeinitiatedONLYif…
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page85of90
i. Theincidenthandlerverifiesthatthetriggeringalert isnotafalsepositive.The incidenthandlerwilldouble-checkthetriggeringalert,andcorrelate itagainstotheralertingsystemswhenpossible.
ii. AND the type of data or system at risk is verified to be of an appropriateclassification, as determined above. The system owner or systemadministrator should provide a detailed description of the data at risk,including approximate numbers of unique data elements at risk, and thenumber,location,andtypeoffilesitisstoredin.
Theorderofthestepsabovecanvaryfromincidenttoincident,butfortheCIRprocesstobeinitiated the criticalityof theassetmustbe confirmed, and itmustbe confirmed that thetriggeringevent isnota falsepositive. Incaseswhere theCIRprocess isnot required, theincidenthandlercanresolvethecaseasfollows:
a. Obtain a written (email is acceptable and preferred) statement from the systemownerorsystemadministratordocumentingthatthesystemhasnoRestrictedDataandisnotahigh-criticalityasset.�
b. Obtainawrittenstatementfromthesystemownerorsystemadministratorthatthesystemhasbeenreinstalledorotherwiseeffectivelyremediatedbeforequarantineislifted.�
c. For incidents involving an unauthorized wireless access point, obtain a writtenstatementthattheaccesspointhasbeendisabled.
Containment
ThecontainmentphaserepresentsthebeginningoftheCIRworkflowandhasthefollowinggoals:
a. Ifthehostcannotimmediatelyberemovedfromthenetwork,theincidenthandlerwill initiateafull-contentnetworkdumptomonitortheattacker'sactivitiesandtodeterminewhetherinterestingdataisleakingduringtheinvestigation.�
b. Eliminateattackeraccess:Wheneverpossible, this isdonevia the incidenthandlerperforming network quarantine at the time of detection AND by the systemadministratorunpluggingthenetworkcable.Inrarecases,theincidenthandlermayrequestthatnetworkoperationsstaffimplementaport-blocktoeliminateattackeraccess. In cases where the impact of system downtime is very high, the incidenthandler will work with system administrators to determine the level of attackerprivilegeandeliminatetheiraccesssafely.�
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page86of90
c. Theincidenthandlerwillcollectdatafromsystemadministratorsinordertoquicklyassessthescopeoftheincident,including:
i. Preliminarylistofcompromisedsystems�ii. Preliminarylistofstoragemediathatmaycontainevidenceiii. Preliminaryattacktimelinebasedoninitiallyavailableevidence
d. Preserveforensicevidence:i. System administrators will capture first responder data if the system is
turnedon. The incidenthandlerwill provide instructions for capturing thisdatatotheindividualperformingthattask.�
ii. The incident handler will capture disk images for all media that aresuspected of containing evidence, including external hard drives and flashdrives.
iii. Theincidenthandlerwilldumpnetworkflowdataandothersensordataforthesystem.
iv. Theincidenthandlerwillcreateananalysisplantoguidethenextphaseoftheinvestigation.
This is the most time-sensitive and the most contextually dependent phase of theinvestigation.Theactionsthatneedtobetakenwilldependontheuptimerequirementsofthecompromisedsystem,thesuspectedlevelofattackerprivilege,thenatureandquantityofdataat risk,andthesuspectedprofileof theattacker.Themost importantgoalsof thisphasearetoeliminateattackeraccesstothesystem(s)asquicklyaspossibleandtopreserveevidenceforlateranalysis.
Additionally, this is thephasewhere the incidenthandlerworksmost closelywith systemadministratorsandsystemowners.Duringthisphase,theyareexpectedtotakeinstructionfrom the incident handler and perform on-site activities such as attacker containment,gatheringfirstresponsedata,anddeliveringhost-basedanalysisifrequired.
Analysis
Theanalysisphaseiswherein-depthinvestigationoftheavailablenetwork-basedandhost-based evidence occurs. The primary goal of analysis is to establish whether there isreasonable belief that the attacker(s) successfully accessed Restricted Data on thecompromisedsystem.Secondarygoalsaretogenerateanattacktimelineandascertaintheattackers'actions.
All analysis steps are primarily driven by the incident handler, who coordinatescommunications between other stakeholders, including system owners, system
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page87of90
administrators,andrelevantcomplianceofficers.Questionswhicharerelevanttomakingadeterminationaboutwhetherdatawasaccessedwithoutauthorizationinclude:
a. Suspicious Network Traffic: Is there any suspicious or unaccounted for networktrafficthatmayindicatedataexfiltrationoccurred?�
b. AttackerAccesstoData:Didattackershaveprivilegestoaccessthedataorwasthedataencryptedinawaythatwouldhavepreventedreading?�
c. Evidence that Data was Accessed: Are file access audit logs available or are filesystem mactimes intact that show whether the files have been accessed post-compromise?�
d. LengthofCompromise:Howlongwasthehostcompromisedandonline?�e. Method of Attack: Was a human involved in executing the attack or was an
automated"drive-by"attacksuiteemployed?Didthetools foundhavecapabilitiesusefulinfindingorexfiltratingdata?�
f. Attacker Profile: Is there any indication that the attackers were data-thieves ormotivatedbydifferentgoals?
InthecaseofapotentialBreachofsensibledata(SD),thisanalysiswillincludetheC-MMDCoordinator,theUPCDataOfficerandtheRDLabSecurityManager.Theywillconductariskassessment to determine the probability that the security or privacy of the C-MMDmachineshasbeencompromisedbasedonanevaluationoftheelementsaboveinadditiontothefollowingfourfactors:
a. thenatureandextentoftheSDinvolved, includingthetypesof identifiersandthelikelihoodofre-identification,�
b. theunauthorizedpersonwhousedtheSDortowhomthedisclosurewasmade,�c. whethertheSDwasactuallyacquiredorviewed,and�d. theextenttowhichtherisktotheSDhasbeenmitigated.
Usingthesefactors,UPCDataOfficerwilldeterminethedegreeoftechnicalprobabilitythatthesecurityorprivacyoftheSDhasbeencompromised,butthefinaldeterminationbelongstotheaffectedC-MMDPilotPartner.Inordertomakethisdetermination,theDataOfficerat theaffectedPilotPartnerwilldocumenteach impermissibleuseanddisclosureand theriskassessmentconductedforeach.
ExceptionstothedefinitionofaBreachofSDare:
a. Any unintentional acquisition, access, or use of protected health information by aworkforcemember or person acting under the authority of a covered entity or abusiness associate, if such acquisition, access, or usewasmade in good faith and
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page88of90
withinthecourseandscopeofauthorityanddoesnotresultinfurtheraccess,useordisclosure.�
b. Any inadvertent disclosure by a person who is otherwise authorized to accessprotected health information at a covered entity or business associate to anotherperson authorized to access protected health information at the same coveredentity or business associate, or organized health care arrangement in which thecovered entity participates, and the information received as a result of suchdisclosure is not further accessed, used or disclosed in a manner not permittedunderLOPD.�
c. A disclosure of protected health information where a covered entity or businessassociate has a good faith belief that an unauthorized person to whom thedisclosure was made would not reasonably have been able to retain suchinformation.
Attheconclusionoftheanalysis,butbeforethefinalreportiswritten,apeerreviewshouldbe requested of the other RDLab technical staff. Complete the write-up of the notes,including conclusions, and archive processed source materials (e.g., grep-results, file-timelines,andfilteredflow-records).Thepeerreviewmayresultinsomeissuesthatmustbeaddressedandsomeissuesthatmayoptionallybeaddressed.Allrecommendationsshouldberesolvedoracknowledgedanddeferred.Theincidenthandler'sroleistodetermine,fromatechnicalperspective,whetherthereisareasonablebeliefthatRestrictedData,includingSD,wasavailabletounauthorizedpersons.ThedeterminationofwhetherthecircumstanceswarrantaBreachnotificationwillbemade jointlyby theUPCDataOfficerconveneduponreviewoftheresultsoftheinvestigationandthetechnicalopinionofRDLab.
Recovery
The primary goal of the recovery phase is to restore the compromised host to its normalbusinessfunctioninasafemanner.
a. The system administratorswill remediate the immediate compromise and restorethe host to normal function. This is most often performed by reinstalling thecompromisedhost;although if the investigationconfirmsthat theattackerdidnothaveroot/administratoraccessotherremediationplansmaybeeffective.�
b. The system administratorswillmake short-term system, application, and businessprocesschangestopreventfurthercompromiseandreduceoperatingrisk.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page89of90
DataRetention
a. Theincidenthandlerwillarchivethefinalreportincaseitisneededforreferenceinthefuture;reportsmustberetainedforsix(6)years.�
b. Incidentnotesshouldberetainedforsix(6)monthsfromthedatethatthereportisissued. This includes the confluence investigation page, processed investigationmaterialslikegreppedfile-timelinesandfilterednetwork-flows,etc.�
c. Raw incident data should be retained for thirty (30) days from the date that thereport is issued. This includes disk-images, unfiltered netflow-content, raw file-timelines, and other data that was collected but deemed not relevant to theinvestigation.�
UserNotification
a. IftheriskassessmentdeterminesthataBreachhasoccurred,theUPCwillprovidewrittennoticewithoutunreasonabledelayandinnoeventlaterthansixty(60)daysfromincidentdiscovery,totheuseror:
i. Iftheuserisdeceased,thenextofkinorpersonalrepresentative.ii. Iftheuserisincapacitated/incompetent,thepersonalrepresentative.iii. Iftheuserisaminor,theparentorguardian.
b. Written notificationwill be in plain language at an appropriate reading levelwithclearsyntaxandlanguagewithnoextraneousmaterials.
c. Writtennotificationwillbesentbyfirst-classmailtothelastknownaddressofthepatient or, if deceased, the next-of-kin, or if specified by the user, by encryptedelectronicmail.
d. Writtennotificationwillcontain:i. AbriefdescriptionofwhatoccurredwithrespecttotheBreach,including,to
theextentknown,thedateoftheBreachandthedateonwhichtheBreachwasdiscovered;
ii. Adescriptionof the typesof compromiseddata thatwere involved in theBreach;
iii. A description of the steps the affected individual should take in order toprotecthimselforherselffrompotentialharmresultingfromtheBreach;
iv. A description of what the UPC is doing to investigate and mitigate theBreachandtopreventfutureBreaches;and
v. Contact procedures for individuals to ask questions or learn additionalinformation,whichwillincludeatelephonenumber,anemailaddress,Websiteorpostaladdress.
D7.7DataManagementPlan-InterimVersion
CAREGIVERSPRO-MMD
D7.7DataManagementPlan–InterimVersion:Page90of90
e. If theUPCdetermines theusershouldbenotifiedurgentlyofaBreachbecauseofpossible imminent misuse of compromised data, the UPC may, in addition toproviding notice as outlined in steps b-d above, contact the user by telephone orothermeans,asappropriate.