Authentication at the time of registration and login before participating in medical research, and our proposal on that topic: To participate in medical research, users need to register and login before using the system. Authentication is required for both registration and login, but considerations are necessary for each, separately. In this study, focusing on login (red frame), they propose two-factor authentication as a means of assuring that the user accesses the system of his/her own intent with preventing from impersonation. The arrows in the left diagram indicate the number of accesses. Credit: Kogetsu, Ogishima and Kato 2018)
With the increase in data volume and dissemination of ICT, online systems are being applied to medical research/treatment with high expectations, not only in the exchange of research data, but also various modes of communication, including the informed consent process. It is anticipated that individuals will proactively participate in research by their own volition, forming partnerships between researchers and participants.
At the same time, in order for individuals to participate in medical research/treatment without anxiety, the ethical, legal, and social issues (ELSI) associated with the implementation of electronic methods for medical research/treatment should be addressed in earnest. However, research on authentication systems have mostly been performed from a technical perspective, so ethical issues, such as proof of user intent, have not yet been fully discussed.
In this study, the researchers pointed out that authentication systems for medical research/treatment need not only to prevent impersonation, but also to prove intent of research participants and patients.
The researchers discussed authentication by separating "authentication at the time of registration" and "authentication at the time of login" (Figure). Focusing on the latter, the researchers clarified roles and set out methods of authentication. They discussed problems in current authentication systems from the ethical viewpoints of (1) respect for autonomy, (2) privacy protection, and (3) establishing a relationship of trust. Their research results were published in Frontiers in Genetics.
Lead author Atsushi Kogetsu said, "After much consideration, we proposed two-factor authentication as a workable solution, in which authentication is performed again using a one-off password after authentication via user ID and password. Some ICT specialists had proposed three-factor authentication, including biometrics, but we thought that biometrics had its own challenges and that current three-factor authentication might be cumbersome for users. Based on that, we also proposed the possibility of the necessity of biometrics and its requirements."
This group's achievements will contribute to building systems for medical research/ treatment in which individuals can participate free of anxiety. The research results will become a basis for discussion for ELSI not only about medical research/treatment using ICT, but also about ICT itself in various fields.
More information: Atsushi Kogetsu et al. Authentication of Patients and Participants in Health Information Exchange and Consent for Medical Research: A Key Step for Privacy Protection, Respect for Autonomy, and Trustworthiness, Frontiers in Genetics (2018). DOI: 10.3389/fgene.2018.00167
Provided by Osaka University
