Skip to main content
SpringerLink
Log in

A formal approach to build privacy-awareness into clinical workflows

  • Special Issue Paper
  • Published:
SICS Software-Intensive Cyber-Physical Systems

Abstract

Clinical workflows consist of sets of tasks involving patients and healthcare professionals. In such an environment, maintaining the privacy of patient data is a significant challenge. Healthcare providers have to consider both legislative compliances with tightening privacy regulations and growing privacy concerns of individuals. Unlike data security, which aims at preventing unauthorized access, privacy focuses on providing individuals the ability to control when, how, and to what extent their data is used with a particular purpose. In this paper, we present our first steps on transforming existing non-privacy-aware clinical workflows into privacy-aware ones through algorithms based on privacy policies and privacy preferences.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. EU General Data Protection Regulation (GDPR). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119

  2. Guarda P, Zannone N (2009) Towards the development of privacy-aware systems. Inf Softw Technol 51(2):337–350

    Article  Google Scholar 

  3. European Commission (2015) Special Eurobarometer 431: Data protection. http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_431_en.pdf. Accessed 09 Jan 2019

  4. Dijkman RM, Dumas M, Ouyang C (2007) Formal semantics and analysis of BPMN process models using Petri nets. Queensland University of Technology, Tech. Rep

  5. Awad A, Decker G, Weske M (2008) Efficient compliance checking using BPMN-Q and temporal logic. In: International conference on business process management. Springer, pp 326–341

  6. Vijfvinkel MM (2016) Technology and the right to be forgotten. Master’s thesis, Radboud University

  7. Mülle J, von Stackelberg S, Böhm K (2011) Modelling and transforming security constraints in privacy-aware business processes. In: 2011 IEEE international conference on service-oriented computing and applications (SOCA). IEEE, pp 1–4

  8. Labda W, Mehandjiev N, Sampaio P (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th annual ACM symposium on applied computing. ACM, pp 1399–1405

  9. Bartolini C, Muthuri R, Santos C (2015) Using ontologies to model data protection requirements in workflows. In: JSAI international symposium on artificial intelligence. Springer, pp 233–248

  10. Belaazi M, Rahmouni HB, Bouhoula A (2015) An ontology regulating privacy oriented access controls. In: International conference on risks and security of internet and systems. Springer, pp 17–35

  11. Cranor L (2002) Web privacy with P3P. “O’Reilly Media, Inc.”

  12. Ashley P, Hada S, Karjoth G, Powers C, Schunter M (2003) Enterprise privacy authorization language (EPAL). IBM Research

  13. Agrawal R, Kiernan J, Srikant R, Xu Y (2002) Hippocratic databases. In: VLDB’02: Proceedings of the 28th international conference on very large databases. Elsevier, pp 143–154

  14. LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D (2004) Limiting disclosure in hippocratic databases. In: Proceedings of the 30th international conference on very large databases. VLDB Endowment, pp 108–119

  15. Massacci F, Mylopoulos J, Zannone N (2006) Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDBJ 15(4):370–387

    Article  Google Scholar 

  16. Kalenkova AA, van der Aalst WMP, Lomazova IA, Rubin VA (2017) Process mining using BPMN: relating event logs and process models. Softw Syst Model 16(4):1019–1048

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by DFG Research Group “Service-oriented Architectures for the Integration of Software-based Processes, exemplified by Health Care Systems and Medical Technology” (SOAMED).

Author information

Authors and Affiliations

  1. Department of Computer Science, Humboldt-Universität zu Berlin, Berlin, Germany

    Saliha Irem Besik & Johann-Christoph Freytag

Authors
  1. Saliha Irem Besik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johann-Christoph Freytag
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saliha Irem Besik.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Besik, S.I., Freytag, JC. A formal approach to build privacy-awareness into clinical workflows. SICS Softw.-Inensiv. Cyber-Phys. Syst. 35, 141–152 (2020). https://doi.org/10.1007/s00450-019-00418-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00450-019-00418-5

Keywords

Search

Navigation