Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain

  • Vasiliki Diamantopoulou
  • Konstantinos Angelopoulos
  • Julian Flake
  • Andrea Praitano
  • José Francisco Ruiz
  • Jan Jürjens
  • Michalis Pavlidis
  • Dimitri Bonutto
  • Andrès Castillo Sanz
  • Haralambos Mouratidis
  • Javier García Robles
  • Alberto Eugenio Tozzi
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10518)

Abstract

Development of Information Systems that ensure privacy is a challenging task that spans various fields such as technology, law and policy. Reports of recent privacy infringements indicate that we are far from not only achieving privacy but also from applying Privacy by Design principles. This is due to lack of holistic methods and tools which should enable to understand privacy issues, incorporate appropriate privacy controls during design-time and create and enforce a privacy policy during run-time. To address these issues, we present VisiOn Privacy Platform which provides holistic privacy management throughout the whole information system lifecycle. It contains a privacy aware process that is supported by a software platform and enables Data Controllers to ensure privacy and Data Subjects to gain control of their data, by participating in the privacy policy formulation. A case study from the healthcare domain is used to demonstrate the platform’s benefits.

Keywords

Privacy management Data protection Privacy level agreement eHealth Telemedicine VisiOn Privacy Platform 
This is a preview of subscription content, log in to check access.

Notes

Acknowledgement

This research was supported by the Visual Privacy Management in User Centric Open Environments (VisiOn) project, supported by the EU Horizon 2020 programme, Grant Agreement No. 653642.

References

  1. 1.
    European commission: Directive 95/46/ec of the european parliament and of the council. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046. Accessed 14 Jun 2017
  2. 2.
    European commission: Directive 2002/58/ec of the European parliament and of the council, July 2002. http://ec.europa.eu/justice/data-protection/law/files/recast_20091219_en.pdf. Accessed 14 Jun 2017
  3. 3.
    European commission: Proposal for a regulation of the european parliament and of the council, January 2012. http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:52012PC0011. Accessed 14 Jun 2017
  4. 4.
    European commission: Eurobarometer 431 - data protection report. Technical report (2015)Google Scholar
  5. 5.
    European parliament: Regulation (eu) 2016/679 of the european parliament and of the coucil of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation) (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=en. Accessed 14 Jun 2017
  6. 6.
    Forum-pa - osservatori digital innovation del politecnico di milano: Che cos’è il fascicolo sanitario elettronico e come utilizzarlo, December 2016Google Scholar
  7. 7.
    Colombo, P., Ferrari, E.: Towards a modeling and analysis framework for privacy-aware systems. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT), and 2012 International Conference on Social Computing (SocialCom), pp. 81–90. IEEE (2012)Google Scholar
  8. 8.
    CSA: Privacy level agreement outline for the sale of cloud services in the European Union. Technical report, Cloud Security Alliance, Privacy Level Agreement Working Group, February 2013Google Scholar
  9. 9.
    DErrico, M., Pearson, S.: Towards a formalised representation for the technical enforcement of privacy level agreements. In: 2015 IEEE International Conference on Cloud Engineering (IC2E), pp. 422–427. IEEE (2015)Google Scholar
  10. 10.
    Drogkaris, P., Gritzalis, S., Lambrinoudakis, C.: Employing privacy policies and preferences in modern e-government environments. Int. J. Electr. Governance 6(2), 101–116 (2013)CrossRefGoogle Scholar
  11. 11.
    Earp, J., Anton, A., Jarvinen, O.: A social, technical, and legal framework for privacy management and policies. In: AMCIS 2002 Proceedings, p. 89 (2002)Google Scholar
  12. 12.
    Ebrahim, Z., Irani, Z.: e-Government adoption: architecture and barriers. Bus. Process Manage. J. 11(5), 589–611 (2005)CrossRefGoogle Scholar
  13. 13.
    Farzandipour, M., Sadoughi, F., Ahmadi, M., Karimi, I.: Security requirements and solutions in electronic health records: lessons learned from a comparative study. J. Med. Syst. 34(4), 629–642 (2010)CrossRefGoogle Scholar
  14. 14.
    Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O., Toval, A.: Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inform. 46(3), 541–562 (2013)CrossRefGoogle Scholar
  15. 15.
    Greenhalgh, T., Hinder, S., Stramer, K., Bratan, T., Russell, J.: Adoption, non-adoption, and abandonment of a personal electronic health record: case study of healthspace. BMJ 341, c5814 (2010)CrossRefGoogle Scholar
  16. 16.
    ISO/IEC: 27000:2016 information technology - security techniques - information security management systems - overview and vocabulary. Technical report (2016)Google Scholar
  17. 17.
    Jürjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 395–409. Springer, Heidelberg (2000). doi: 10.1007/3-540-44618-4_29 CrossRefGoogle Scholar
  18. 18.
    Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRefGoogle Scholar
  19. 19.
    Li, J.S., Zhou, T.S., Chu, J., Araki, K., Yoshihara, H.: Design and development of an international clinical data exchange system: the international layer function of the dolphin project. J. Am. Med. Inform. Assoc. 18(5), 683–689 (2011)CrossRefGoogle Scholar
  20. 20.
    Mahfuth, A., Dhillon, J.S., Drus, S.M.: A systematic review on data security and patient privacy issues in electronic medical records. J. Theoret. Appl. Inform. Technol. 90(2), 106 (2016)Google Scholar
  21. 21.
    Otto, B., Auer, S., Cirullies, J., Jürjens, J., Menz, N., Schon, J., Wenzel, S.: Industrial data space: digital souvereignity over data. Technical report, Technical Report, Fraunhofer-Gesellschaft (2016)Google Scholar
  22. 22.
    Rezaeibagha, F., Win, K.T., Susilo, W.: A systematic literature review on security and privacy of electronic health record systems: technical perspectives. Health Inform. Manage. J. 44(3), 23–38 (2015)CrossRefGoogle Scholar
  23. 23.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Software Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  24. 24.
    (W3C), W.W.W.C.: Platform for privacy preferences (p3p) project (2016). https://www.w3.org/TR/P3P11/. Accessed 14 Jun 2017

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Vasiliki Diamantopoulou
    • 1
  • Konstantinos Angelopoulos
    • 1
  • Julian Flake
    • 2
  • Andrea Praitano
    • 3
  • José Francisco Ruiz
    • 4
  • Jan Jürjens
    • 2
    • 5
  • Michalis Pavlidis
    • 1
  • Dimitri Bonutto
    • 6
  • Andrès Castillo Sanz
    • 7
  • Haralambos Mouratidis
    • 1
  • Javier García Robles
    • 4
  • Alberto Eugenio Tozzi
    • 6
  1. 1.University of BrightonBrightonUK
  2. 2.Fraunhofer-Institute for Software and Systems EngineeringDortmundGermany
  3. 3.Business-eRomeItaly
  4. 4.AtosMadridSpain
  5. 5.University of Koblenz-LandauKoblenzGermany
  6. 6.Ospedale Pediatrico Bambino GesùRomeItaly
  7. 7.International University of La Rioja UNIRMadridSpain

Personalised recommendations