Advertisement

Building an Ethical Framework for Cross-Border Applications: The KONFIDO Project

  • G. Faiella
  • I. Komnios
  • M. Voss-Knude
  • I. Cano
  • P. Duquenoy
  • M. Nalin
  • I. Baroni
  • F. Matrisciano
  • F. Clemente
Open Access
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 821)

Abstract

Innovative eHealth technologies and solutions are changing the way healthcare is delivered, raising many challenges regarding the ethical concerns that need to be addressed. There is a growing demand for tools that enable the assessments of the ethical impact in order to assure compatibility or highlight areas of incompatibility. This paper aims to address the ethical challenges that will arise during KONFIDO EU-funded project. KONFIDO project aims to develop tools and procedures to create a paradigm for secure inner and cross-border exchange of healthcare data in a legal and ethical way at both national and European level. The paper proposes an ethical framework that consists of a set of ethical principles derived from recent literature and European regulation and a supporting checklist. The ethical framework represents a concrete and practical guidance for healthcare professionals and developers in order to build ethically acceptable KONFIDO solutions.

Keywords

eHealth Cross-border healthcare data exchange Ethical framework 

1 Introduction

Recent European level plans in healthcare include the means to implement cross-border healthcare solutions in the European Union. This raises awareness towards the need for secure interoperable eHealth technologies and solutions, including electronic health records (EHRs), electronic prescribing (ePrescription), mobile health (mHealth) devices and applications [1, 2]. The related documents can include sensitive information that patients might not wish to reveal. The need for a pragmatic approach and tools for handling ethical access issues has been well recognized in the health research community. eHealth research projects are conducted by large consortia formed of public-private partnerships that operate in multinational settings that are increasingly attempting to bring together large data sets utilising patient’s computerised medical record data for cross-border applications. The EU-funded KONFIDO project (http://konfidoproject.eu/) [8, 9, 10] presented in the present volume [7], aims to develop tools and procedures to create a scalable and holistic paradigm for secure inner and cross-border exchange of healthcare data in a legal and ethical way at both national and European level. KONFIDO requires assessing the ethical dimensions that concerns the collection, storage, transmission and dissemination of personal data. As a result, the KONFIDO landscape of potential ethics issues is very complex. In order to address these issues, an ethical framework and other supporting tools were defined as a guide to provide a direction on the cross-border eHealth applications involved into KONFIDO.

2 Building the Ethical Framework: The Methodology

In order to understand what ethical principles have already been identified and discussed in the context of eHealth, a comprehensive analysis of recent literature and European Regulations (see Table 1) has been conducted in order to identify relevant references related to the ethical aspects of eHealth using specific search terms (e.g., eHealth ethics & framework, ethics & cross-border healthcare, etc.).
Table 1.

Ethical principles in literature findings

Document title

Ethical principles

de Lusignan et al. [3]

1. Autonomy

2. Respect rights and dignity of patients

3. Respect clinical judgment of clinician

4. Duty to provide care

5. Protection of the public from harm

6. Beneficence

7. Justice

8. Non-maleficence

9. Reciprocity

10. Solidarity

11. Stewardship

12. Trust

13. Lawfulness

14. Transparent project approval process

ETHICAL Project

(EHTEL - ETHICAL Principles for eHealth - Briefing Paper) [4]

1. Trust in data sharing

2. Privacy and security

3. Ownership and data control

4. Dignity

5. Equity

6. Proportionality

eHealth Code of Ethics [5]

1. Candor & Honesty

2. Quality

3. Informed Consent

4. Privacy

5. Professionalism

6. Accountability

General Data Protection Regulation

(Regulation (EU) 2016/679) [2]

1. Lawfulness, Fairness & transparency

2. Purpose limitation & Data minimization

3. Data accuracy

4. Storage limitation

5. Data integrity

6. Data confidentiality

7. Accountability

8. Data protection by design and by default

The main findings in Table 1 can be aggregated for similarity of concepts as shown in Fig. 1. The ethical principles that are highlighted in grey are those included into KONFIDO ethical framework. They are described in the following with suggested actions.
Fig. 1.

Aggregation of literature findings: KONFIDO ethical principles.

Trust

The ethical principle of trust is based on consent and confidentiality principles.

Data subjects should be informed when their identifiable data are sent or compromised abroad and an informed consent should be obtained for sharing identifiable data or for sharing data across a network that may be unsecure. Another aspect of trust is related to data quality. In fact, this principle ensures that individuals cannot be incorrectly identified and false conclusions cannot be drawn.

Suggested Actions

In order to respect the principle of trust, the software processing systems should include appropriate data quality mechanisms and integrity checks. Data needs to be collected in a standardised way so that it can be comparable and usable. The healthcare organisation should provide, in clear and understandable language, general descriptions of policies and practices regarding the collection, storage, and use of identifiable health care information. Moreover, it has to inform the patients regarding potential breaches of data security.

Privacy and Security

Privacy and Security principles are related to two main areas of consent and confidentiality. The eHealth solution developer should perform a risk analysis in order to identify the security measures to protect data. The patient has to receive a document (e.g., information sheet) with details regarding the security mechanisms in place.

Suggested Actions

Perform a risk analysis to identify the principle dangers and related remedies. Prepare an information sheet with details about the security measures.

Proportionality

The principle of proportionality is fundamental when considering eHealth applications with specific reference to data collection, use and storage. According to the proportionality principle healthcare data should not be stored longer than necessary in the recipient country in order to avoid risk of disclosure and the data should be shared via an unsecured network only in life-threatening emergencies. Those responsible for the deployment of eHealth applications will need to balance the excessive use of security and other procedural protection that can greatly increase the cost of providing eHealth solutions and introduce delay.

Suggested Actions

The data sharing mechanisms should guarantee that the data are not stored longer than necessary in the recipient country and the information is unobstructed when there is an urgent need to obtain data, particularly to prevent loss of life.

Ownership and Data control

The patients are the owners and controllers of their healthcare data, with the right to make decisions over access and to be informed about how it will be used.

Suggested Actions

The patients have to be informed about the processing of the personal data and they must authorise data manipulation (e.g., provide authorisation for the cross-boarding data sharing).

Equity

eHealth applications have the potential to promote equality and reduce inequalities in healthcare. The provision of tools for self-management enables people with chronic diseases to have more control over their conditions. Remote monitoring can also improve the quality of life for certain groups in society enabling them to keep living in their own homes rather than being treated or cared for in nursing homes or other care centres. All of these features can work towards reducing health inequities.

Suggested Actions

KONFIDO services should contribute to equality in healthcare and it should be suitable to be used in every EU member country.

Dignity

There is no doubt that eHealth has the potential to bring significant benefits. However, there is a risk that the human aspects are ignored and the patients do not have the power to influence the development of eHealth applications and become a simple component in an eHealth machine. In order to prevent this, eHealth applications need to be reviewed with input from end-users that should have the accountability to give their feedback about the data management system.

Suggested Actions

Design KONFIDO without ignoring the human aspects, with the patient at the centre of the healthcare processes. Introduce mechanisms that enable a continuous revision of KONFIDO applications according to end users feedbacks.

3 Ethical Framework Flowchart

The ethical framework is proposed in the form of a flowchart based on the H2020 Guidance—How to complete your ethics self-assessment v5.2 [6]. In the flowchart (Fig. 2), the grey boxes represent the activity performed by KONFIDO applications and the dotted boxes contain the suggested actions and the support documents. The implementation of ethical principles should include a participatory and person-centred approach. In this sense, three documents are introduced: an informed consent, an information sheet (i.e., storage procedure, data security measures) and data-sharing authorisation.
Fig. 2.

Ethical framework

4 KONFIDO Architecture Review: A Preliminary Checklist

In order to check if KONFIDO architecture is compliant with the ethical principles, a preliminary survey was developed with the checklist reported in Table 2.
Table 2.

Preliminary survey for the review of KONFIDO architecture

5 Conclusions

Across Europe there is a growing demand for tools that enable ethical impact assessments and comparative analysis of ethical principles related to eHealth solutions for cross-border applications.

This paper proposes an Ethical framework and a set of tools that will enable KONFIDO project to be compliant with a set of ethical principles extracted from recent literature and European Regulation. For each ethical principle, a set of suggested actions have been listed and included into a flowchart that analyses three different operational levels of KONFIDO applications (i.e., collection, storage and sharing).

Notes

Acknowledgements

The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 727528 (KONFIDO—Secure and Trusted Paradigm for Interoperable eHealth Services).

References

  1. 1.
    eHealth Task Force Report: Redesigning health in Europe for 2020. Publications Office of the European Union (2012)Google Scholar
  2. 2.
    Chassang, G.: The impact of the EU general data protection regulation on scientific research. Ecancermedicalscience 11, 709 (2017)CrossRefGoogle Scholar
  3. 3.
    de Lusignan, S., Liyanage, H., Di Iorio, C.T., Chan, T., Liaw, S.T.: Using routinely collected health data for surveillance, quality improvement and research: framework and key questions to assess ethics, privacy and data access. J. Innov. Health Inform. 22(4), 426–432 (2016)CrossRefGoogle Scholar
  4. 4.
    European Health Telematics Association (EHTEL): ETHICAL principles for eHealth: conclusions from the consultation of the ethics experts around the globe (2012). A briefing paper. http://www.ehtel.org/publications/ehtel-briefing-papers/ETHICAL-briefing-principlesfor-ehealth/view
  5. 5.
    Rippen, H., Risk, A.: eHealth code of ethics (May 24). J. Med. Internet Res. 2(2), e9 (2000)CrossRefGoogle Scholar
  6. 6.
    H2020 Guidance: How to complete your ethics self-assessment: V5.2 – 12.07.2016Google Scholar
  7. 7.
    Gelenbe, E.: Some current research on cybersecurity in Europe. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 1–10. Springer, Cham (2018)Google Scholar
  8. 8.
    Staffa, M., et al.: KONFIDO: an OpenNCP-based secure ehealth data exchange system. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 11–27. Springer, Cham (2018)Google Scholar
  9. 9.
    Akriotou, M., et al.: Random number generation from a secure photonic physical unclonable hardware module. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 28–37. Springer, Cham (2018)Google Scholar
  10. 10.
    Castaldo, L., Cinque, V.: Blockchain based logging for the cross-border exchange of E-health data in Europe. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 46–56. Springer, Cham (2018)Google Scholar

Copyright information

© The Author(s) 2018

<SimplePara><Emphasis Type="Bold">Open Access</Emphasis> This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.</SimplePara> <SimplePara>The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.</SimplePara>

Authors and Affiliations

  • G. Faiella
    • 1
  • I. Komnios
    • 2
  • M. Voss-Knude
    • 3
  • I. Cano
    • 4
  • P. Duquenoy
    • 5
  • M. Nalin
    • 6
  • I. Baroni
    • 6
  • F. Matrisciano
    • 1
  • F. Clemente
    • 1
    • 7
  1. 1.Fondazione Santobono Pausilipon OnlusNaplesItaly
  2. 2.Exus Software Ltd.LondonUK
  3. 3.Sundhed.dkCopenhagenDenmark
  4. 4.IDIBAPS, Hospital Clinic de BarcelonaUniversitat de BarcelonaBarcelonaSpain
  5. 5.Department of Computer ScienceMiddlesex UniversityLondonUK
  6. 6.Telbios S.r.l.MilanItaly
  7. 7.CNR-Istituto di CristallografiaRomeItaly

Personalised recommendations