Schema Security Details

The Oncospace database was designed with patient privacy in mind. Both of these servers are internal only and cannot be accessed from outside the host institution without VPN, or the specifically designated read-only user OncoRemote, whose authorization will be shared with collaborators.

For most studies, only users identified in the IRB will have access to the database. There will be one administrator who will have an additional administrator login (oncoadmin) to be used infrequently when it may be necessary. The web-based interface is behind SiteMinder and restricted only to specific authorized database users. All database access requires a username/password and access is logged.

The database primary key is the Oncospace patient ID which has no relation to the MRN and is a key only used within the Oncospace database. The MRN is not accessible except to the database administrator. Oncospace PatientID (non-PHI) is displayed whenever an identifier is needed.

The database isolates Private Health Information (PHI) in a single table that is protected to administrator privileges only. The only thing we store in the PHI table is the Medical Record Number and a reference date so that we can extract additional data from our Oncology Information System (OIS) to it. It is also needed when data is transferred from disparate systems like our treatment planning system and Teramedica PACS to be able to link the data to the correct patient.

For longitudinal data, we store dates relative to the reference date in the PHI table (in days from reference) so that all encounter dates are also hidden. The reference date is needed in the PHI data table so relative dates of new data can be computed on import of additional data from the OIS.

The system is set up so once a patient is in the system, the users cannot see any PHI, but simply can pull the additional data from the OIS by asking it to pull data for the patients in the database. It is a full electronic transfer of specified data elements. Therefore the system including the data transfer is completely anonymous when access to the PHI table is restricted.

Oncospace data comes from two sources, planning systems, and treament systems. The our data comes from 3 such systems. The MOSAIQ Oncology information system houses our diagnosis and pathology data, structured clinical assessments such as CTCAE toxicities and our electronic quality of life survey instruments. Data from MOSAIQ are electronically transferred to the Oncospace database via an SQL base ETL layer that converts the dates. It also contains our radiation prescription.

The treatment planning data is stored in the Teremedica PACS and can be in either DICOM RT or in a proprietary archive format from our Pinnacle planning system. The planning data is pushed into Oncospace from either format. The tools we have built to push the data into Oncospace process the raw format and extract radiation dosimetry, and contoured structure information and push it into Oncospace. The processed data contains no PHI. The MRN and other PHI is visible at the time of the data push, but after that it is hidden in the PHI Table.

The workflow for collecting data begins with the treatment planning data. When we push the planning data a patient gets created in Oncospace. After that, the electronic transfer of data from MOSAIQ occurs without access to PHI where the underlying software obtains the MRN from the DB and then pulls the data from MOSAIQ and processes the dates.

Security Access Levels

Oncospace database access occurs at four distinct security levels.

  • Oncoremote – read-only access of non-PHI data via select Stored Procedures approved for remote consortium users
  • Oncoguest – read-only access of non-PHI data in tables. Used by researchers within a collaborating institution who have access to all the non-PHI research data.
  • Oncoimport – write only access of PHI. Used by individuals populating the Oncospace databases from treament and planning systems. Read more at Data Import
  • Oncoadmin – read/write of all Oncospace data. Granted to PIs and trusted individuals.