The use of IT enabled health services such as an electronic patient summary, ePrescription or telemedicine (commonly called eHealth services) are subject to differing degrees of legal regulation across Europe. This article presents the legal challenges facing further diffusion of eHealth services across Europe, based on the results of a study funded by the European Commission. Challenges of electronic identification and authentication are examples, alongside questions regarding healthcare professional liability, patient consent and data storage. The answers EU Member States have found to these challenges are illustrated in this contribution.In addition, efforts by the EC funded large scale pilot project epSOS concerning cross-border patient summary and ePrescription services are described, notably the ep-SOS approach of framework agreements to address challenges resulting from different legal systems at national level.
Health data exchange is a major challenge due to the sensitive information and the privacy issues entailed. Considering the European context, in which health data must be exchanged between different European Union (EU) Member States, each having a different national regulatory framework as well as different national healthcare structures, the challenge appears even greater. Europe has tried to address this challenge via the epSOS ("Smart Open Services for European Patients") project in 2008, a European large-scale pilot on crossborder sharing of specific health data and services. The adoption of the framework is an ongoing activity, with most Member States planning its implementation by 2020. Yet, this framework is quite generic and leaves a wide space to each EU Member State regarding the definition of roles, processes, workflows and especially the specific integration with the National Infrastructures for eHealth. The aim of this paper is to present the current landscape of the evolving eHealth infrastructure for cross-border health data exchange in Europe, as a result of past and ongoing initiatives, and illustrate challenges, open issues and limitations through a specific case study describing how Italy is approaching its adoption and accommodates the identified barriers. To this end, the paper discusses ethical, regulatory and organizational issues, also focusing on technical aspects, such as interoperability and cybersecurity. Regarding cybersecurity aspects per se, we present the approach of the KONFIDO EU-funded project, which aims to reinforce trust and security in European cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption, photonic Physical Unclonable Functions (p-PUF), a Security Information and Event Management (SIEM) system, and blockchainbased auditing. In particular, we explain how KONFIDO will test its outcomes through a dedicated pilot based on a realistic scenario, in which Italy is involved in health data exchange with other European countries.European country has its own national regulatory framework as well as its National Healthcare System infrastructures/organizations/roles, etc., hampering efficient health data exchange.Thus, this paper outlines the current landscape regarding the establishment and deployment of an interoperable and secure crossborder health data exchange framework in Europe. First, it outlines the strategy that the Europe Union (EU) has undertaken since 2008 to build a framework for interoperable exchange of eHealth information within
BackgroundIncreased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients’ and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit.MethodsOur methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability.ResultsAccording to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework.ConclusionsOur study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.Electronic supplementary materialThe online version of this article (10.1186/s12911-018-0664-0) contains supplementary material, which is available to authorized users.
With the worldwide growth of open telecommunication networks and in particular the Internet, the privacy and security concerns of people using these networks have increased. On the one hand, users are concerned about their privacy, and desire to anonymously access the network. On the other hand, some organizations are concerned about how this anonymous access might be abused. This paper intends to bridge these conflicting interests, and proposes a solution for revocable anonymous access to the Internet. Moreover, the paper presents some legal background and motivation for such a solution. However, the paper also indicates some difficulties and disadvantages of the proposed solution, and suggests the need for further debate on the issue of online anonymity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.