Abstract
Clinical workflows consist of sets of tasks involving patients and healthcare professionals. In such an environment, maintaining the privacy of patient data is a significant challenge. Healthcare providers have to consider both legislative compliances with tightening privacy regulations and growing privacy concerns of individuals. Unlike data security, which aims at preventing unauthorized access, privacy focuses on providing individuals the ability to control when, how, and to what extent their data is used with a particular purpose. In this paper, we present our first steps on transforming existing non-privacy-aware clinical workflows into privacy-aware ones through algorithms based on privacy policies and privacy preferences.
Similar content being viewed by others
References
EU General Data Protection Regulation (GDPR). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119
Guarda P, Zannone N (2009) Towards the development of privacy-aware systems. Inf Softw Technol 51(2):337–350
European Commission (2015) Special Eurobarometer 431: Data protection. http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_431_en.pdf. Accessed 09 Jan 2019
Dijkman RM, Dumas M, Ouyang C (2007) Formal semantics and analysis of BPMN process models using Petri nets. Queensland University of Technology, Tech. Rep
Awad A, Decker G, Weske M (2008) Efficient compliance checking using BPMN-Q and temporal logic. In: International conference on business process management. Springer, pp 326–341
Vijfvinkel MM (2016) Technology and the right to be forgotten. Master’s thesis, Radboud University
Mülle J, von Stackelberg S, Böhm K (2011) Modelling and transforming security constraints in privacy-aware business processes. In: 2011 IEEE international conference on service-oriented computing and applications (SOCA). IEEE, pp 1–4
Labda W, Mehandjiev N, Sampaio P (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th annual ACM symposium on applied computing. ACM, pp 1399–1405
Bartolini C, Muthuri R, Santos C (2015) Using ontologies to model data protection requirements in workflows. In: JSAI international symposium on artificial intelligence. Springer, pp 233–248
Belaazi M, Rahmouni HB, Bouhoula A (2015) An ontology regulating privacy oriented access controls. In: International conference on risks and security of internet and systems. Springer, pp 17–35
Cranor L (2002) Web privacy with P3P. “O’Reilly Media, Inc.”
Ashley P, Hada S, Karjoth G, Powers C, Schunter M (2003) Enterprise privacy authorization language (EPAL). IBM Research
Agrawal R, Kiernan J, Srikant R, Xu Y (2002) Hippocratic databases. In: VLDB’02: Proceedings of the 28th international conference on very large databases. Elsevier, pp 143–154
LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D (2004) Limiting disclosure in hippocratic databases. In: Proceedings of the 30th international conference on very large databases. VLDB Endowment, pp 108–119
Massacci F, Mylopoulos J, Zannone N (2006) Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDBJ 15(4):370–387
Kalenkova AA, van der Aalst WMP, Lomazova IA, Rubin VA (2017) Process mining using BPMN: relating event logs and process models. Softw Syst Model 16(4):1019–1048
Acknowledgements
This work is supported by DFG Research Group “Service-oriented Architectures for the Integration of Software-based Processes, exemplified by Health Care Systems and Medical Technology” (SOAMED).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Besik, S.I., Freytag, JC. A formal approach to build privacy-awareness into clinical workflows. SICS Softw.-Inensiv. Cyber-Phys. Syst. 35, 141–152 (2020). https://doi.org/10.1007/s00450-019-00418-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00450-019-00418-5