NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

An Infrastructure for Secure Data Sharing: A Clinical Data Implementation

Published

Author(s)

Joanna DeFranco, Joshua Roberts, David Ferraiolo, Daniel Compton

Abstract

Objective: To address database interoperability challenges to improve collaboration among disparate organizations. Materials and Methods: We developed a lightweight system to allow broad but well-controlled data sharing while preserving local data protection policies. We used 2 NIST-developed technologies—Next-generation Database Access Control (NDAC) and the Data Block Matrix (DBM)— to create a proof-of-concept system called the Secure Federated Data Sharing System (SFDS). NDAC controls access to database resources down to the field level based on attributes assigned to users. The DBM manages and shares authoritative user-attribute assignments across a federation of organizations, implemented using a modified open-source permissioned blockchain, to manage and share authoritative user- attribute assignments across a federation of organizations. We used synthetic data to demonstrate a clinical research data-sharing use case using the SFDS. Results: We demonstrated, through consent, the onboarding of previously unknown users into NDAC via assignments to their DBM-validated attributes, allowing those users policy-preserving access to local database resources. The SFDS main system components—NDAC and DBM— also showed excellent performance metrics. Discussion: The SFDS provides a generic data-sharing infrastructure that effectively and securely achieves data-sharing objectives. It is completely transparent to the otherwise normal business operations of participating organizations. It requires no changes to database management systems or existing methods of authenticating and authorizing local user access to local resources. Conclusion: This efficiency, flexibility of deployment, and granularity of control make this new infrastructure solution practical for meeting the data-sharing and protection objectives of the clinical research community.
Citation
Journal of the American Medical Informatics Association
Volume
7
Issue
2
Pub Type
Journals

Download Paper

https://doi.org/10.1093/jamiaopen/ooae040
Local Download

Keywords

Distributed Ledgers, Data Sharing, Access Control, Privacy, Security
Information technology

Citation

DeFranco, J. , Roberts, J. , Ferraiolo, D. and Compton, D. (2024), An Infrastructure for Secure Data Sharing: A Clinical Data Implementation, Journal of the American Medical Informatics Association, [online], https://doi.org/10.1093/jamiaopen/ooae040, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956770 (Accessed October 21, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 15, 2024, Updated July 1, 2024
Was this page helpful?