-
Je něco špatně v tomto záznamu ?
GDPR compliance challenges for interoperable health information exchanges (HIEs) and trustworthy research environments (TREs)
Ed Conley, Matthias Pocs
Jazyk angličtina Země Česko
- Klíčová slova
- GDPR,
- MeSH
- automatizované zpracování dat normy MeSH
- interoperabilita zdravotnických informací normy MeSH
- řízení zdravotnických informací * metody MeSH
- zabezpečení počítačových systémů normy MeSH
- zdravotnické informační systémy normy MeSH
Background: We present our current approaches to improving personal data protection in (i) large (regional/ national/international) scale health information exchanges (HIEs) and (ii) UK NHS IG toolkit and ISO 27001-compliant trustworthy research environments (TREs) for discovery science communities. In particular we examine impacts of the General Data Protection Regulation (GDPR) on these technology designs and developments and the responses we have made to control complexity. Methods: The paper discusses multiple requirements to implement the key GDPR principles of “data protection by design” and “data protection by default”, each requiring new capabilities to embed multiple security tests and data protection tools in common deployable infrastructures. Methods are presented for consistent implementation of diverse data processing use cases. Results: We describe how modular compositions of GDPRcompliant data processing software have been used to implement use case(s) and deliver information governance (IG) requirements transparently. Security surveillance analysis is embedded throughout the application lifecycle, namely at design, implementation and operation (runtime) phases. A solution is described to the challenge of integrating coherent research (analytic) environments for authorized researchers to access data and analytic tools without compromising security or privacy. Conclusion: We recognise the need for wider implementation of rigorous interoperability standards concerning privacy and security management. Standards can be disseminated within low-cost commodity infrastructures that are shared across consortium partners. Comprehensive model-based approaches to information management will be fundamental to guaranteeing security and privacy in challenging areas such as ethical use of artificial intelligence in medicine. The target architecture is still in evolution but needs a number of communitycollaborative API developments to couple advanced specifications fulfilling all IG requirements.
Citace poskytuje Crossref.org
Literatura
- 000
- 00000naa a2200000 a 4500
- 001
- bmc18026530
- 003
- CZ-PrNML
- 005
- 20200416114841.0
- 007
- cr|cn|
- 008
- 180724s2018 xr a fs 000 0|eng||
- 009
- eAR
- 024 7_
- $a 10.24105/ejbi.2018.14.3.7 $2 doi
- 040 __
- $a ABA008 $d ABA008 $e AACR2 $b cze
- 041 0_
- $a eng
- 044 __
- $a xr
- 100 1_
- $a Conley, Edward C., $d 1958- $7 xx0246790 $u SHiELD Horizon 2020 and Connected Health Cities Projects, AIMES, Liverpool Innovation Park, L7 9NJ, United Kingdom
- 245 10
- $a GDPR compliance challenges for interoperable health information exchanges (HIEs) and trustworthy research environments (TREs) / $c Ed Conley, Matthias Pocs
- 504 __
- $a Literatura
- 520 9_
- $a Background: We present our current approaches to improving personal data protection in (i) large (regional/ national/international) scale health information exchanges (HIEs) and (ii) UK NHS IG toolkit and ISO 27001-compliant trustworthy research environments (TREs) for discovery science communities. In particular we examine impacts of the General Data Protection Regulation (GDPR) on these technology designs and developments and the responses we have made to control complexity. Methods: The paper discusses multiple requirements to implement the key GDPR principles of “data protection by design” and “data protection by default”, each requiring new capabilities to embed multiple security tests and data protection tools in common deployable infrastructures. Methods are presented for consistent implementation of diverse data processing use cases. Results: We describe how modular compositions of GDPRcompliant data processing software have been used to implement use case(s) and deliver information governance (IG) requirements transparently. Security surveillance analysis is embedded throughout the application lifecycle, namely at design, implementation and operation (runtime) phases. A solution is described to the challenge of integrating coherent research (analytic) environments for authorized researchers to access data and analytic tools without compromising security or privacy. Conclusion: We recognise the need for wider implementation of rigorous interoperability standards concerning privacy and security management. Standards can be disseminated within low-cost commodity infrastructures that are shared across consortium partners. Comprehensive model-based approaches to information management will be fundamental to guaranteeing security and privacy in challenging areas such as ethical use of artificial intelligence in medicine. The target architecture is still in evolution but needs a number of communitycollaborative API developments to couple advanced specifications fulfilling all IG requirements.
- 650 _2
- $a interoperabilita zdravotnických informací $x normy $7 D000073892
- 650 _2
- $a zdravotnické informační systémy $x normy $7 D063005
- 650 _2
- $a zabezpečení počítačových systémů $x normy $7 D016494
- 650 _2
- $a automatizované zpracování dat $x normy $7 D001330
- 650 12
- $a řízení zdravotnických informací $x metody $7 D063025
- 653 00
- $a GDPR
- 700 1_
- $a Pocs, Matthias $u SHiELD Horizon 2020 Project, Stelar Security Technology Law Research, 21035 Hamburg, Germany
- 773 0_
- $t European journal for biomedical informatics $x 1801-5603 $g Roč. 14, č. 3 (2018), s. 48-61 $w MED00173462
- 856 41
- $u http://www.ejbi.org/ $y domovská stránka časopisu - plný text volně přístupný
- 910 __
- $a ABA008 $b online $y p $z 0
- 990 __
- $a 20180723130211 $b ABA008
- 991 __
- $a 20200416114835 $b ABA008
- 999 __
- $a ok $b bmc $g 1320751 $s 1023460
- BAS __
- $a 3 $a 4
- BMC __
- $a 2018 $b 14 $c 3 $d 48-61 $i 1801-5603 $m European Journal for Biomedical Informatics $n Eur. J. Biomed. Inform. (Praha) $x MED00173462
- LZP __
- $c NLK189 $d 20200331 $a NLK 2018-14/vt
