In the past few years, IBM Research – Haifa has been working on different types of obfuscation technologies. One of these technologies is the Data Masking Toolkit. This technology can be used to preserve the data owner privacy, to enforce the data owners consent and comply with legal regulation (such as GDPR). Data masking is the process by which sensitive data is replaced, possibly in a reversible manner, with data that is unintelligible to receiver. The masked data is usually sensitive data, such as personally identifiable information (PII), health information, names, addresses, and so on. As part of the Shield project, IBM Research – Haifa has made several advancements to the toolkit. These include improvements to the service Rest API’s, providing persistency for masking policies, developing of a new GUI for managing and testing policies as well as advancements in the deployment processes. Next, we will be focused on successfully applying the data masking toolkit to the use case requirements (e.g. Clinical Document in epSOS format).Find out more »
CEN/TC 251 is a standardization body that works on the development of EU standards for Health Information and Communications Technology. These standards focus on interoperability and compatibility of Electronic Health Record systems. On the CEN workshop entitled “International Patient Summary (IPS) and GDPR” on 13 September 2018 in Brussels, there will be two presentations by SHiELD partners. The first presentation will be given by Matthias Pocs (Stelar) (chairman of CEN/TC 251/WG I - Enterprise and Information). The second presentation by Ed Conley (AIMES) will detail SHiELD’s vision on IPS and GDPR.Find out more »
In the SHiELD project an entire work package is devoted to GDPR related issues. It includes: a) analysis of relevant legal and regulatory requirements concerning data protection in eHealth interoperability; b) specification of procedures for privacy by design and interoperability in eHealth; c) preparation of legal recommendations for policymakers and regulators.
This year the 25th EuroAsiaSPI conference (5-7 September 2018) was hosted in Bilbao. The main purpose of this conference series is to facilitate the communication between the research, industry and publishers. The programme of the conference was intense with ten workshops, keynotes and numerous presentations (http://2018.eurospi.net/). At the EuroSPI Conference Xabier Larrucea from Tecnalia presented a keynote speech entitled “Cyber risks and GDPR implications in an eHealth domain: a case study”. Healthcare systems have been improved in order to provide support in cross-border situations where a citizen from one country travels to another country and requires the use of their health records. Several initiatives have been carried out to tackle this problem such as the OpenNCP which is supported by the European Commission. It provides a common infrastructure to connect different national healthcare systems. These kind of systems require not only a vulnerability based analysis of this infrastructure, but also an analysis with respect to the recently released General Data Protection Regulation (GDPR).Find out more »
In the SHiELD project IT Innovation Centre (Southampton, UK) is responsible for the development of security modelling tools that enable the analysis of health data privacy and security requirements. With these tools users can compose models of multiple health care systems and devices between which health data is exchanged. Furthermore the users can identify potential threats and regulatory compliance requirements, and to specify security measures to address both.Find out more »
A joint paper by AIMES and Stelar was published in a peer-reviewed European Journal of Biomedical Informatics entitled "GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)".The paper addresses the issue of personal data protection in the context of eHealth. The paper highlights the importance of compliance with GDPR that is applicable for all providers operating in the EU. The paper focuses on two principles of GDPR these are “data protection by design” and “data protection by default”.Find out more »
The 10th International Conference on e-Health was held in Madrid 17-19 July 2018 under the auspices of MCCSIS 2018 (http://ehealth-conf.org). The SHiELD partners working at Ospedale San Raffele have presented paper “GDPR Impact on Health Data Exchange in European Digital Environment”, authored by: Paola Aurucci, Eleonora Ciceri, Mariet Nouri Janian, Andrea Micheletti and Alberto Sanna.Find out more »
Health Level Seven International (HL7) is responsible for the development of standards for health applications. At the July summit Ed Conley (AIMES) presented a paper co-authored by Matthias Pocs (Stelar) in which they outlined SHiELD’s approach to GDPR and standardization related topics. Title of the paper: “GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)”Find out more »
At the Edinburgh meeting in June 2018 Symphonic Software successfully demonstrated an implementation of the “Consent Module”. This suite of access management software allows patient consent data to be captured and converted via configurable policies into data access permit or deny decisions. Consent data is captured via a GUI or API allowing for easy input, viewing and updating of the patient consent data. A database and Policy Information Point facilitates the storage and sharing of consent information throughout the component. Data access policies can be defined in a high level language through the Symphonic Policy Administration Point (PAP) GUI or API. A Symphonic Decision engine operates on the consent data using policies defined in the PAP to produce permit and deny decisions for data access requests.Find out more »
A PDF fact sheet detailing the role of citizens patients, digital security experts and e-health business within SHiELD.Find out more »
DevOps plays an important role in SHiELD. DevOps facilitate a close collaboration between software development and operation. This approach enables more rapid and frequent deployment of software into the production environment. The keyword in DevOps philosophy is continuity in respect to integration, testing and deployment. The SHiELD DevOps tools enable: a) modelling of security and privacy threats at design time; b) software patterns of security and privacy aware applications, data storage and data exchange; c) monitoring tools that enable to counter cyber threats at runtime.
The OpenNCP/eHDSI bootcamp 25-26 April 2018 in Brussels was attended by Tecnalia. The aim of eHealth Digital Service Infrastructure (eHDSI) initiative is to deploy and operate services that enable to exchange of health data across national borders. This bootcamp was a useful event for providing a forum for exchanging ideas and best practices about various aspects of OpenNCP. The main topics of the bootcamp were: deployments on the national level, software architectures, networking and security aspects.Find out more »
Dr. Eleonora Ciceri from FCSR presented a lecture at Università Vita-Salute in Ospedale San Raffaele. The lecture was offered to psychology students, and was focused on the topics of privacy and security for clinical data. The aim of the cycle of lectures in which this was presented was meant to raise awareness on the technologies involved in the treatment of patients and their data. For what concerns privacy and security, particularly, professionals in the health sector often focus only on the aspects related to their discipline, and ignore the need of maintaining the security of data and IT systems. Hence, in this lecture, the main threats to clinical data and the General Data Protection Regulation were presented. SHiELD technologies were presented as one of the possible solutions to handle the management of clinical data in a privacy-compliant way.
Xabier Larrucea from Tecnalia with the project manager of Konfido (http://www.konfido-project.eu/konfido/) organised a joint session at the ISCIS Security Workshop workshop in London on February 26-27, 2018. The main themes of the workshop were: security of distributed system, Internet of Things, Health Informatics Systems, Digital Cities, Digital Economy and Mobile Networks.Find out more »
Technical experts of participating Countries get a first hands-on session for the installation/configuration of the OpenNCP components.Find out more »
European security in health data exchange. A challenge at emergency departments.Find out more »