GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Conley, Ed; Pocs, Matthias

doi:10.24105/ejbi.2018.14.3.7

Cited by 10 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to Article 32 of the GDPR, systems should be properly secure with measures to ensure a security level appropriate to the concrete risks. 33 The protection against unauthorized access or unlawful processing, accidental loss, disclosure, destruction or damage, and identity theft or fraud, should be granted in each EHR system (Conley and Pocs, 2018). Auditing and archiving of the access and back-up mechanisms are common security measures for interoperable EHR systems.…”

Section: E3-6mentioning

confidence: 99%

“…34 According to Article 25 of the GDPR, EHR technologies should integrate DPbD and by default technical and organizational measures. The data protection by design obligation plays a major role in the development of EHRs (Conley and Pocs, 2018). The systems and standard formats should be designed to effectively implement the various data protection principles, to guarantee the compliance with the law, and to protect the rights of data subjects.…”

Section: E3-6mentioning

confidence: 99%

See 1 more Smart Citation

Data protection issues in cross-border interoperability of Electronic Health Record systems within the European Union

Bincoletto

2020

Data & Policy

View full text Add to dashboard Cite

This study investigates the data protection concerns arising in the context of the cross-border interoperability of Electronic Health Record (EHR) systems in the European Union. The article first introduces the policies on digital health and examines the related interoperability issues. Second, the work analyses the latest Recommendation of the European Commission on this topic. Then, the study discusses the rules and the obligations settled by the General Data Protection Regulation to be taken into account when developing interoperable EHRs. According to the data protection by design and by default provision, EHR systems should be designed ex ante to guarantee data protection rules.

show abstract

Section: E3-6mentioning

confidence: 99%

Section: E3-6mentioning

confidence: 99%

Data protection issues in cross-border interoperability of Electronic Health Record systems within the European Union

Bincoletto

2020

Data & Policy

View full text Add to dashboard Cite

show abstract

“…It is worth outlining that this paper explicitly addresses the problem of proposing a methodology to support security and privacy issues in a technical way, clearly identifying privacy and security requirements and to suggest related countermeasures. For what regards the compliance to actual regulation, like GDPR, especially in terms of legal aspects compliance, few concrete experiences are available (as an example [17]), and we hold over the topic for a future work.…”

Section: Security and Privacy Slas In Cloudmentioning

confidence: 99%

Service level agreement‐based GDPR compliance and security assurance in(multi)Cloud‐based systems

et al. 2019

View full text Add to dashboard Cite

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.

show abstract

“…The reputation of a research institution encourages individuals to participate in research (Conley and Pocs, 2018 ). Any unaddressed concerns or privacy incidents can severely affect participation, which voluntary research on data from human subjects relies heavily upon (Kelsey, 1981 ; Couper et al, 2008 ).…”

Section: Introductionmentioning

confidence: 99%

“…Interoperability and collaboration are often required in large projects where collaborators join at a later stage (Conley and Pocs, 2018 ). Often subjects are not aware of these future collaborators.…”

Section: Introductionmentioning

confidence: 99%

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

et al. 2021

View full text Add to dashboard Cite

Researchers and researched populations are actively involved in participatory epidemiology. Such studies collect many details about an individual. Recent developments in statistical inferences can lead to sensitive information leaks from seemingly insensitive data about individuals. Typical safeguarding mechanisms are vetted by ethics committees; however, the attack models are constantly evolving. Newly discovered threats, change in applicable laws or an individual's perception can raise concerns that affect the study. Addressing these concerns is imperative to maintain trust with the researched population. We are implementing Lohpi: an infrastructure for building accountability in data processing for participatory epidemiology. We address the challenge of data-ownership by allowing institutions to host data on their managed servers while being part of Lohpi. We update data access policies using gossips. We present Lohpi as a novel architecture for research data processing and evaluate the dissemination, overhead, and fault-tolerance.

show abstract

GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Cited by 10 publications

References 11 publications

Data protection issues in cross-border interoperability of Electronic Health Record systems within the European Union

Data protection issues in cross-border interoperability of Electronic Health Record systems within the European Union

Service level agreement‐based GDPR compliance and security assurance in(multi)Cloud‐based systems

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

Contact Info

Product

Resources

About