Great Valley software engineering professor addressing digital data security

Four people at the Healthcare Information and Management Systems Society conference

Joanna DeFranco, associate professor of software engineering and associate director of Penn State World Campus’ Doctor of Engineering program, has been working with three researchers at the National Institute of Standards and Technology to develop the Secure Federated Data Sharing system.

Credit: Joanna DeFranco

MALVERN, Pa. — Digitally stored data is vital to society and commercial industries; however, sharing data among disparate organizations can present challenges because of differing database schemas and formats, local access policies, security and privacy laws. Joanna DeFranco, associate professor of software engineering and associate director of Penn State World Campus’ Doctor of Engineering program, has been working with the National Institute of Standards and Technology (NIST) to address these issues.

DeFranco spent part of the 2020-21 academic year on sabbatical collaborating with researchers at NIST in the Computer Security Division on the Secure Federated Data Sharing (SFDS) system, which allows secure data access where the data resides, rather than exchanging or being centrally stored — eliminating the move of large volumes of data while preserving organization’s security and privacy policies.

DeFranco’s faculty appointment at NIST is ongoing to allow her; David Ferraiolo, project lead and computer scientist; Joshua Roberts, system architect and lead developer; and D. Chris Compton, cybersecurity specialist and clinical informatics advisor to develop and implement the SFDS, a secure, trusted and lightweight solution using two patented NIST technologies: Next Generation Data Access Control (NDAC) and the Data Block Matrix (DBM). NDAC provides a universal access control layer between applications and database management systems (DBMS) to enforce access policies at a granularity not typically available to DBMS products. The DBM is a new type of distributed ledger, with the hashed data integrity protection of a blockchain, but with the additional ability to edit and delete data.

“My collaboration at NIST directly relates to my research agenda as well as informs my teaching in Software Engineering,” said DeFranco, who spent over a decade working in the engineering industry prior to entering academia. “Working with the team at NIST on a vital real-world problem not only allows me to apply my engineering skills but also allows me to bring the results of solving a real-world engineering problem back to my students.”

While the SFDS can help a variety of industries, the team used clinical research data sharing as their proof-of-concept. Healthcare has distinct, complex data protection policies that regulate how patient information can be shared and disclosed — making it the perfect use case.

In April, the team presented the SFDS at the Healthcare Information and Management Systems Society (HIMSS) Global Health Conference & Exhibition, a highly influential health information technology event that delves into hot topics and innovative health tech products. Their presentation garnered a lot of positive feedback, including an invitation to submit a proposal for the 2024 HIMSS conference and the team being interviewed for a special episode of the GovCIO Media & Research podcast.

Now, DeFranco and the NIST team are focused on the next phase of the project, developing a full-scale pilot involving institutions that conduct clinical research with the goal of transitioning the SFDS from a research project to operational use. From there, the SFDS framework can help increase collaboration among healthcare organizations and across a variety of other industries.

“It’s amazing to have the opportunity to work with a NIST team on the design and implementation of a system that will have global benefits,” DeFranco said. “The SFDS can provide a way for organizations to collaborate by allowing trusted access to data to ultimately facilitate innovation.”