Health systems advance towards personalized, preventive, predictive, participative precision (5P) medicine, considering the individual's health status, contexts and conditions. This results in fully distributed, highly dynamic, highly complex business systems and processes with multiple, comprehensively cooperating actors from different specialty and policy domains, using their specific methodologies, terminologies, ontologies, knowledge and skills. Rules and regulations governing the business process as well as the organizational, legal and individual conditions, thereby controlling the behavior of the system, are called policies. Trust and confidence needed for running such system are strongly impacted by security and privacy concerns controlled by corresponding policies. The most comprehensive policy dealing with security and privacy requirements and principles in any business collecting, processing and sharing personal identifiable information (PII) is the recently implemented European General Data Protection Regulation (GDPR). This paper investigates how GDPR supports healthcare transformation and how this can be implemented based on international standards and specifications.

• Klíčová slova
• European data protection, governing, privacy,
• MeSH
• lékařství * MeSH
• osobní údaje MeSH
• poskytování zdravotní péče * MeSH
• soukromí MeSH
• zabezpečení počítačových systémů * MeSH
• Publikační typ
• časopisecké články MeSH

Today, the Intelligent Transportation Systems (ITS) are already in deep integration phase all over the world. One of the most significant enablers for ITS are vehicle positioning and tracking techniques. Worldwide integration of ITS employing Dedicated Short Range Communications (DSRC) and European standard for vehicular communication, known as ETSI ITS-G5, brings a variety of options to improve the positioning in areas where GPS connectivity is lacking precision. Utilization of the ready infrastructure, next-generation cellular 5G networks, and surrounding electronic devices together with conventional positioning techniques could become the solution to improve the overall ITS operation in vehicle-to-everything (V2X) communication scenario. Nonetheless, effective and secure communication protocols between the vehicle and roadside units should be both analyzed and improved in terms of potential attacks on the transmitted positioning-related data. In particular, said information might be misused or stolen at the infrastructure side conventionally assumed to be trusted. In this paper, we first survey different methods of vehicle positioning, which is followed by an overview of potential attacks on ITS systems. Next, we propose potential improvements allowing mutual authentication between the vehicle and infrastructure aiming at improving positioning data privacy. Finally, we propose a vision on the development and standardization aspects of such systems.

• Klíčová slova
• GDPR, Intelligent Transportation Systems, authentication, data privacy, positioning,
• Publikační typ
• časopisecké články MeSH

Healthcare data held by state-run organisations is a valuable intangible asset for society. Its use should be a priority for its administrators and the state. A completely paternalistic approach by administrators and the state is undesirable, however much it aims to protect the privacy rights of persons registered in databases. In line with European policies and the global trend, these measures should not outweigh the social benefit that arises from the analysis of these data if the technical possibilities exist to sufficiently protect the privacy rights of individuals. Czech society is having an intense discussion on the topic, but according to the authors, it is insufficiently based on facts and lacks clearly articulated opinions of the expert public. The aim of this article is to fill these gaps. Data anonymization techniques provide a solution to protect individuals' privacy rights while preserving the scientific value of the data. The risk of identifying individuals in anonymised data sets is scalable and can be minimised depending on the type and content of the data and its use by the specific applicant. Finding the optimal form and scope of deidentified data requires competence and knowledge on the part of both the applicant and the administrator. It is in the interest of the applicant, the administrator, as well as the protected persons in the databases that both parties show willingness and have the ability and expertise to communicate during the application and its processing.

• Klíčová slova
• EHDS, GDPR, anonymization, de-identification, health data,
• MeSH
• anonymizace dat * MeSH
• důvěrnost informací * MeSH
• lidé MeSH
• soukromí MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH

A common Authentication and Authorisation Infrastructure (AAI) that would allow single sign-on to services has been identified as a key enabler for European bioinformatics. ELIXIR AAI is an ELIXIR service portfolio for authenticating researchers to ELIXIR services and assisting these services on user privileges during research usage. It relieves the scientific service providers from managing the user identities and authorisation themselves, enables the researcher to have a single set of credentials to all ELIXIR services and supports meeting the requirements imposed by the data protection laws. ELIXIR AAI was launched in late 2016 and is part of the ELIXIR Compute platform portfolio. By the end of 2017 the number of users reached 1000, while the number of relying scientific services was 36. This paper presents the requirements and design of the ELIXIR AAI and the policies related to its use, and how it can be used for serving some example services, such as document management, social media, data discovery, human data access, cloud compute and training services.

• Klíčová slova
• GA4GH, GDPR, IAM, authentication, authorisation, data access,
• MeSH
• biomedicínský výzkum metody   MeSH
• lidé MeSH
• software * MeSH
• systémy řízení databází * MeSH
• uživatelské rozhraní počítače MeSH
• výpočetní biologie metody   MeSH
• výzkumní pracovníci MeSH
• zabezpečení počítačových systémů * MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH
• práce podpořená grantem MeSH

The new legislation, in particular the General Regulation on Personal Data Protection (GDPR), constitutes relatively demanding criteria on healthcare. However, the institute of medical secrets, which is an ancient medical practice and is part of various legal and professional regulations, contains many elements of today's protection of personal data and is not new among the professional medical public. Under the GDPR, however, there are steps that can be labelled as at least controversial. Such disputable measures have recently been to introduce electronic queue management systems, as we know from post offices. They are not a necessary measure for the protection of personal data in the waiting rooms of ambulances, they are not required by law, even with regard to GDPR and from the point of view of medical ethics are even at least problematic. If GDPR is applied in a similar way, it does not really benefit from the protection of personal data, and a useful tool like GDPR will be undoubtedly discredited. Keywords: electronic queue management systems, GDPR, medical ethics, personal data protection, patient.

• MeSH
• důvěrnost informací * MeSH
• lékařská etika * MeSH
• lidé MeSH
• poskytování zdravotní péče MeSH
• zabezpečení počítačových systémů * MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH

The European Union (EU) General Data Protection Regulation (GDPR) imposes legal responsibilities concerning the collection and processing of personal information from individuals who live in the EU. It has particular implications for the remote monitoring of cardiac implantable electronic devices (CIEDs). This report from a joint Task Force of the European Heart Rhythm Association and the Regulatory Affairs Committee of the European Society of Cardiology (ESC) recommends a common legal interpretation of the GDPR. Manufacturers and hospitals should be designated as joint controllers of the data collected by remote monitoring (depending upon the system architecture) and they should have a mutual contract in place that defines their respective roles; a generic template is proposed. Alternatively, they may be two independent controllers. Self-employed cardiologists also are data controllers. Third-party providers of monitoring platforms may act as data processors. Manufacturers should always collect and process the minimum amount of identifiable data necessary, and wherever feasible have access only to pseudonymized data. Cybersecurity vulnerabilities have been reported concerning the security of transmission of data between a patient's device and the transceiver, so manufacturers should use secure communication protocols. Patients need to be informed how their remotely monitored data will be handled and used, and their informed consent should be sought before their device is implanted. Review of consent forms in current use revealed great variability in length and content, and sometimes very technical language; therefore, a standard information sheet and generic consent form are proposed. Cardiologists who care for patients with CIEDs that are remotely monitored should be aware of these issues.

• Klíčová slova
• Cardiac implantable electronic device, Cybersecurity, Data controller, Data processor, EHRA, ESC Regulatory Affairs Committee, General Data Protection Regulation, Informed consent, Informed consent form, Joint data controller, Remote monitoring,
• MeSH
• elektronika MeSH
• kardiologie * MeSH
• lidé MeSH
• monitorování fyziologických funkcí MeSH
• poradní výbory MeSH
• zabezpečení počítačových systémů MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH
• práce podpořená grantem MeSH

BACKGROUND: The EURO-NMD Registry collects data from all neuromuscular patients seen at EURO-NMD's expert centres. In-kind contributions from three patient organisations have ensured that the registry is patient-centred, meaningful, and impactful. The consenting process covers other uses, such as research, cohort finding and trial readiness. RESULTS: The registry has three-layered datasets, with European Commission-mandated data elements (EU-CDEs), a set of cross-neuromuscular data elements (NMD-CDEs) and a dataset of disease-specific data elements that function modularly (DS-DEs). The registry captures clinical, neuromuscular imaging, neuromuscular histopathology, biological and genetic data and patient-reported outcomes in a computer-interpretable format using selected ontologies and classifications. The EURO-NMD registry is connected to the EURO-NMD Registry Hub through an interoperability layer. The Hub provides an entry point to other neuromuscular registries that follow the FAIR data stewardship principles and enable GDPR-compliant information exchange. Four national or disease-specific patient registries are interoperable with the EURO-NMD Registry, allowing for federated analysis across these different resources. CONCLUSIONS: Collectively, the Registry Hub brings together data that are currently siloed and fragmented to improve healthcare and advance research for neuromuscular diseases.

• Klíčová slova
• FAIR data, Neuromuscular Diseases, Rare Diseases, Registry, Registry Hub,
• MeSH
• lidé MeSH
• neuromuskulární nemoci * genetika   MeSH
• registrace MeSH
• vzácné nemoci MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH
• přehledy MeSH

Today, many modern cities adopt online smart parking services as best practices. Citizens can easily access these services using their smartphones or the infotainment panels in their cars. These services' primary objective is to give drivers the ability to quickly identify free parking slots, which should reduce parking time, save fuel, and relieve traffic in urban areas. However, the privacy offered by these services should be comparable to that of the standard paper-based parking solutions offered by parking ticket machines. On the other hand, a privacy-preserving smart parking service's design may raise a number of issues, including how to prevent double or multiple uses of parking tickets, how to prevent user tracking and profiling, how to revoke malicious users, how to handle data statistics without violating users' privacy, and how to comply with regulations like the General Data Protection Regulation (GDPR). In this article, we present multidisciplinary research on a comprehensive vehicle parking system that protects users' privacy. The research includes a range of topics, from the examination of regulatory compliance to the design of privacy-preserving parking registration and vehicle parking services to the implementation of privacy-preserving parking data processing features for data analysts. We provide a security analysis of our concept as well as several experimental results.

• Klíčová slova
• Intelligent infrastructure, Legislation, Parking services, Privacy by design, Privacy preserving statistical analysis, Privacy preserving technology,
• Publikační typ
• časopisecké články MeSH

PURPOSE: There is an annual incidence of 50,000 glioma cases in Europe. The optimal treatment strategy is highly personalised, depending on tumour type, grade, spatial localization, and the degree of tissue infiltration. In research settings, advanced magnetic resonance imaging (MRI) has shown great promise as a tool to inform personalised treatment decisions. However, the use of advanced MRI in clinical practice remains scarce due to the downstream effects of siloed glioma imaging research with limited representation of MRI specialists in established consortia; and the associated lack of available tools and expertise in clinical settings. These shortcomings delay the translation of scientific breakthroughs into novel treatment strategy. As a response we have developed the network "Glioma MR Imaging 2.0" (GliMR) which we present in this article. METHODS: GliMR aims to build a pan-European and multidisciplinary network of experts and accelerate the use of advanced MRI in glioma beyond the current "state-of-the-art" in glioma imaging. The Action Glioma MR Imaging 2.0 (GliMR) was granted funding by the European Cooperation in Science and Technology (COST) in June 2019. RESULTS: GliMR's first grant period ran from September 2019 to April 2020, during which several meetings were held and projects were initiated, such as reviewing the current knowledge on advanced MRI; developing a General Data Protection Regulation (GDPR) compliant consent form; and setting up the website. CONCLUSION: The Action overcomes the pre-existing limitations of glioma research and is funded until September 2023. New members will be accepted during its entire duration.

• Klíčová slova
• Advanced MRI, COST action, Glioma, Multi-disciplinary, Networking, Translational research,
• Publikační typ
• časopisecké články MeSH
• přehledy MeSH

Introduction: Treatment of autoimmune pancreatitis (AIP) is based solely on consensus and has yet to become standardized. Consequently, therapeutic regimens vary greatly between countries and centers, and largely depend on the experience of the physician. At this moment, the optimal regimen for inducing disease remission and preventing relapse is unknown. Objectives: The primary objective of this study is to describe current treatment regimens used in Europe, and to compare their effectiveness in inducing remission and preventing and treating relapse. The secondary objectives are: to identify risk factors for relapse; to assess the diagnostic accuracy of the Unified-AIP criteria; to assess the performance of the M-ANNHEIM score for predicting relapse; and to assess long-term outcomes including pancreatic exocrine insufficiency and pancreatic cancer. Methods: This is an international, retrospective, observational cohort study, performed in over 40 centers from 16 European countries. Eligible are all patients diagnosed with AIP from 2005 onwards, regardless of the used diagnostic criteria. Data on study subjects will be retrieved from the hospital's electronic medical records and registered with a standardized, web-based, electronic case report form (eCRF). To compare the effectiveness of treatment regimens in inducing remission, preventing relapse, and treating relapse, subjects will be stratified in groups based on: type of therapy; initial therapy dose; cumulative therapy dose; therapy tapering speed and duration; and having received maintenance therapy or not. Ethics and Dissemination: Ethical and/or institutional review board approvals are obtained by all participating centers according to local regulations. The study complies with the General Data Protection Regulation (GDPR). All manuscripts resulting from the study will be submitted to peer-reviewed journals. Conclusion: This is the first pan-European retrospective registry for AIP. It will produce the first large-scale data on treatment of European patients with AIP, providing answers on the use and effectiveness of treatment regimens. In the future, this collaboration may provide a network for continuation into a prospective European registry.

• Klíčová slova
• IgG4, IgG4 (autoimmune pancreatitis), autoimmune pancreatitis, cohort studies, glucococorticoids,
• Publikační typ
• časopisecké články MeSH