Gap Analysis for Information Security in Interoperable Solutions at a Systemic Level: The KONFIDO Approach
In this paper, we present a gap analysis study focusing on interoperability of eHealth systems and services coupled with cybersecurity aspects. The study has been conducted in the scope of the KONFIDO EU-funded project, which leverages existing security tools and procedures as well as novel approaches and cutting-edge technology, such as homomorphic encryption and blockchains, in order to create a scalable and holistic paradigm for secure inner and cross-border exchange, storage and overall handling of healthcare data in compliance with legal and ethical norms. The gap analysis relied on desk research, expert opinions and interviews across four thematic areas, namely, eHealth interoperability frameworks, eHealth security software frameworks, end-user perspectives across diverse settings in KONFIDO pilot countries, as well as national cybersecurity strategies and reference reports. A standards-based template has been created as a baseline through which the analysis subjects have been analyzed. The gap analysis identified barriers and constraints as well as open issues and challenges for information security in interoperable solutions at a systemic level. Recommendations derived from the gap analysis will be brought into the forthcoming phases of KONFIDO to shape its technical solutions accordingly.
KeywordsGap analysis eHealth Interoperability Cross-border health data exchange Cybersecurity
The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 727528 (KONFIDO—Secure and Trusted Paradigm for Interoperable eHealth Services). This paper reflects only the authors’ views and the Commission is not liable for any use that may be made of the information contained therein.
Conflict of Interest
The authors declare that they have no conflict of interest.
- 1.The Antilope project: https://www.antilope-project.eu/. Accessed 6 Oct 2017
- 2.The epSOS project: http://www.epsos.eu/. Accessed 6 Oct 2017
- 3.The JASeHN project: http://jasehn.eu/. Accessed 6 Oct 2017
- 4.The SemanticHealthNet project: http://www.semantichealthnet.eu/. Accessed 6 Oct 2017
- 5.The DECIPHER project: http://www.decipherpcp.eu/. Accessed 6 Oct 2017
- 6.The OpenNCP project: https://openncp.atlassian.net/wiki/. Accessed 6 Oct 2017
- 7.The STORK 2.0 project: https://www.eid-stork2.eu/. Accessed 6 Oct 2017
- 8.European union agency for network and information security, security and resilience in eHealth: security challenges and risks, 18 Dec 2015Google Scholar
- 9.European union agency for network and information security, cyber security and resilience for smart hospitals, 24 Nov 2016Google Scholar
- 10.The ISO 27 k family of standards: http://www.iso27001security.com/. Accessed 6 Oct 2017