SHiELD – European Security in Health Data Exchange will unlock the value of health data to European Citizens and businesses by overcoming security and regulatory challenges that today prevent this data being exchanged with those who need it.

Learn more » Contact Us »

For Digital Security Experts

SHiELD will provide models and analysis tools for automated identification of end-to-end security risks and compliance issues. The project will also provide faster and more cost effective methods to verify and monitor compliance with multiple sets of applicable regulations.

Learn more »

For Citizens and Patients

SHiELD case studies will address cross border scenarios in which a citizen needs to access their health data, which is held in their country of origin, as well as in the case of emergency care where a clinician needs to access data that resides in a source system in their home country.

Learn more »

For e-Health Businesses

SHiELD will also create opportunities for using health data to create such products and services addressing the common European Market. SHiELD will provide guidance in best practice to achieve end-to-end security and data protection compliance in health and health related applications.

Learn more »

Latest News View more

SHiELD at CEN standards workshop

CEN/TC 251 is a standardization body that works on the development of EU standards for Health Information and Communications Technology. These standards focus on interoperability and compatibility of Electronic Health Record systems. On the CEN workshop entitled “International Patient Summary (IPS) and GDPR” on 13 September 2018 in Brussels, there will be two presentations by SHiELD partners. The first presentation will be given by Matthias Pocs (Stelar) (chairman of CEN/TC 251/WG I - Enterprise and Information). The second presentation by Ed Conley (AIMES) will detail SHiELD’s vision on IPS and GDPR.

Find out more »


In the SHiELD project an entire work package is devoted to GDPR related issues. It includes: a) analysis of relevant legal and regulatory requirements concerning data protection in eHealth interoperability; b) specification of procedures for privacy by design and interoperability in eHealth; c) preparation of legal recommendations for policymakers and regulators.

Keynote at the 25th EuroSPI Conference

This year the 25th EuroAsiaSPI conference (5-7 September 2018) was hosted in Bilbao. The main purpose of this conference series is to facilitate the communication between the research, industry and publishers. The programme of the conference was intense with ten workshops, keynotes and numerous presentations ( At the EuroSPI Conference Xabier Larrucea from Tecnalia presented a keynote speech entitled “Cyber risks and GDPR implications in an eHealth domain: a case study”. Healthcare systems have been improved in order to provide support in cross-border situations where a citizen from one country travels to another country and requires the use of their health records. Several initiatives have been carried out to tackle this problem such as the OpenNCP which is supported by the European Commission. It provides a common infrastructure to connect different national healthcare systems. These kind of systems require not only a vulnerability based analysis of this infrastructure, but also an analysis with respect to the recently released General Data Protection Regulation (GDPR).

Find out more »