Skip to main content
SpringerLink
Log in

A Data Protection by Design Model for Privacy Management in Electronic Health Records

  • Conference paper
  • First Online:
Book cover Privacy Technologies and Policy (APF 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11498))

Included in the following conference series:

Abstract

Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See the official website of the Office of the National Coordinator for Health Information Technology (ONC) in the United States. https://www.healthit.gov/faq/what-are-advantages-electronic-health-records, last accessed 10\(^{th}\) Mar 2019.

  2. 2.

    For example, see in the United States Healthcare Informatics at https://www.healthcare-informatics.com/news-item/cybersecurity/2017-breach-report-477-breaches-56m-patient-records-affected. last accessed 10\(^{th}\) Mar 2019: “in 2017, there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) or the media, and information available for 407 of those incidents, which affected a total of 5.579 million patient records”.

  3. 3.

    For example, article 83 GDPR.

  4. 4.

    Recital 53, GDPR.

  5. 5.

    Article 9 (1), GDPR.

  6. 6.

    Article 25, GDPR.

  7. 7.

    Article 5, GDPR: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability.

  8. 8.

    Recital 78, GDPR.

  9. 9.

    Ibid.

  10. 10.

    Ibid.

  11. 11.

    Article 25 (1), GDPR.

  12. 12.

    Ibid.

  13. 13.

    Ibid.

  14. 14.

    Article 25 (3), GDPR.

  15. 15.

    Recital 78, GDPR.

  16. 16.

    Articles 26 and 28 of the GDPR.

  17. 17.

    Article 27 and 85, Regulation (EU) 2018/1725. For the purposes of this study, the formulations of these articles are equal to the article 25 of the GDPR.

  18. 18.

    Article 4 (15), GDPR.

  19. 19.

    Recital 35, GDPR.

  20. 20.

    Ibid.

  21. 21.

    Article 9 (2) (a) and Article 7, GDPR.

  22. 22.

    Article 9 (2) (c), GDPR.

  23. 23.

    Article 9 (2) (g), GDPR.

  24. 24.

    Article 9 (2) (i), GDPR.

  25. 25.

    The information to be provided to the data subject (Articles 13-14, GDPR), the rights of the data subject to be guarantee (Articles 15-23, GDPR), the general obligations of the controller and processor (Articles 24-31, GDPR), the norms on the security of the data (Articles 32-34, GDPR) and on the data protection impact assessment, the prior consultation with the authority and the data protection officer (Articles 35-39, GDPR).

  26. 26.

    Article 35, GDPR.

  27. 27.

    See Sect. 2.3.

  28. 28.

    Article 83, GDPR.

  29. 29.

    As previously stated, the data protection principles are listed in the article 5 of the GDPR mainly.

  30. 30.

    The secondary use of data for medical research is not illustrated in this work. However, the data collected in EHR systems are often anonymized before being used for secondary scientific research purposes.

  31. 31.

    Article 35, GDPR. As early stated, for EHRs the data protection impact assessment is highly recommended. The data controller of EHRs often process on a large scale personal health data.

  32. 32.

    See the various publications in the field of privacy technologies and the engineering approach at https://www.enisa.europa.eu/topics/data-protection/privacy-by-design, last accessed 10\(^{th}\) Mar 2019.

  33. 33.

    In the ENISA’s report “Reinforcing trust and security in the area of electronic communications and online services, sketching the notion of “state-of-the-art” for SMEs in security of personal data processing” of December 2018 it is underlined that several tools for encryption are available on the market and, as an example, it is recommended that in the context of a medical clinic “the server where patients’ comprehensive electronic health records are stored should be encrypted using robust and known weakness-free encryption algorithms”. https://www.enisa.europa.eu/publications/reinforcing-trust-and-security-in-the-area-of-electronic-communications-and-online-services, last accessed 10\(^{th}\) Mar 2019.

  34. 34.

    Ibid. An interesting polymorphic technique is there mentioned as a pseudonymization example in the health sector.

  35. 35.

    See for example ISO/IEC 19608, ISO/IEC 15408 and ISO/IEC DIS 27552, https://www.iso.org/standard/61186.html and https://www.iso.org/standard/71670.html, last accessed 10\(^{th}\) Mar 2019.

  36. 36.

    See the Italian Data Protection Authority’s Guidelines on the Electronic Health Record and the Health File, published in 2009: “to safeguard data subjects, the purposes in question should accordingly only consist in prevention, diagnosis, care and rehabilitation of the given data subject and exclude any other objective - in particular planning, managing, supervising and assessing health care activities, which can actually be performed in several circumstances without using personal data. This is without prejudice to any requirements arising under criminal law”. https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1672821, last accessed 10\(^{th}\) Mar 2019.

  37. 37.

    As stated above, the secondary use of data for medical research is not considered in this study.

  38. 38.

    See Article 9 (2) (a) (c) (g) (h) (i), GDPR. So the processing is allowed if there is/are: (a) explicit consent; (c) vital interest of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; (g) substantial public interest; (h) purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 capacity; (i) reasons of public interest in the area of public health.

  39. 39.

    Article 12 (7), GDPR includes standardised icon as possible mechanisms to provide information to the data subject.

  40. 40.

    Article 13 and 14, GDPR.

  41. 41.

    In the ENISA’s report “Reinforcing trust and security in the area of electronic communications and online services” (See footnote n. 32 for the complete reference) it is argued that “the number of required factors for each access control system should be proportionate to the sensitivity of IT systems and related information to be accessed”. The two-factor authentication is a widely adopted practice in cases of high risks as in the remote monitoring systems of patients. Therefore, there are already some experiences of multi-factor authentication in the health context.

  42. 42.

    Recital 63, GDPR: “A data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing. This includes the right for data subjects to have access to data concerning their health, for example the data in their medical records containing information such as diagnoses, examination results, assessments by treating physicians and any treatment or interventions provided (...)”.

  43. 43.

    See Sect. 4.1.

  44. 44.

    In these cases the typology of the medical visit or the related information of the scheduled controls could be obscured. Some health related inferences might be made by the administrative staff. Nevertheless, the employees are usually bound to confidentiality clauses.

  45. 45.

    See the website of the European Commission at https://ec.europa.eu/digital-single-market/en/interoperability-standardisation-connecting-ehealth-services, last accessed 10\(^{th}\) Mar 2019.

  46. 46.

    As article 25 GDPR suggests, the certification process for DPbD is possible. See for more articles 42 and 43, GDPR.

  47. 47.

    Article 37 (1) (c), GDPR.

  48. 48.

    Article 37 (3), GDPR.

References

  1. Commission of the European Communities: Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, E-Health - making healthcare better for European citizens: An action plan for a European e-Health Area. COM (2004) 356 final, Brussels (2004)

    Google Scholar 

  2. European Commission: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Commitee and the Commitee of the Regions on the Mid-Term Review on the implementation of the Digital Single Market Strategy, A Connected Digital Single Market for All. COM (2017) 228 final, Bruxelles (2017)

    Google Scholar 

  3. Article 29 Working Party: Working Document on the processing of personal data relating to health in electronic health records (EHR), WP 131, Brussels (2007)

    Google Scholar 

  4. Council of the European Union: Draft Council conclusions on Health in the Digital Society - making progress in data-driven innovation in the field of health. 14078/17, Bruxelles (2017)

    Google Scholar 

  5. 32nd International Conference of Data Protection and Privacy Commissioners: Resolution on privacy by design, Jerusalem, Israel, 27–29 October 2010

    Google Scholar 

  6. Lessig, L.: Code, Version 2.0. A Member of the Perseus Books Group/Basic Books, New York (2006)

    Google Scholar 

  7. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 4.5. (2016)

    Google Scholar 

  8. Cavoukian, A.: Privacy by Design. Information and Privacy Commissioner, Ontario (2009)

    Google Scholar 

  9. Cavoukian, A.: Operationalizing privacy by design: a guide to implementing strong privacy practices. Information and Privacy Commissioner, Ontario, Canada (2012)

    Google Scholar 

  10. Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change, Recommendations for Businesses and Policymaker. FTC Report (2012). https://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers. Accessed 10 Mar 2019

  11. Solove, D.J., Hartzog, W.: The FTC and the new common law of privacy. Colum. L. Rev. 114, 583 (2014)

    Google Scholar 

  12. Rubinstein, I.S.: Regulating privacy by design. Berkeley Tech. LJ 26, 1409 (2011)

    Google Scholar 

  13. Tamò-Larrieux, A.: Designing for Privacy and its Legal Framework. LGTS, vol. 40. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98624-1

    Book  Google Scholar 

  14. Lessig, L.: Code and Other Laws of Cyberspace. A Member of the Perseus Books Group. Basic Books, New York (1999)

    Google Scholar 

  15. Klitou, D.: Privacy-Invading Technologies and Privacy by Design, Safeguarding Privacy, Liberty and Security in the 21st Century. 25 Information Technology and Law Series. T.M.C. Asser Press, Hague (2014)

    Google Scholar 

  16. Mulligan, D.K., King, J.: Bridging the gap between privacy and design. U. Pa. J. Const. L. 14, 989 (2012)

    Google Scholar 

  17. Bernstein, G.: When new technologies are still new: windows of opportunity for privacy protection. Vill. L. Rev. 51, 921 (2006)

    Google Scholar 

  18. Schartum, D.W.: Making privacy by design operative. IJLT 24, 151 (2016)

    Google Scholar 

  19. Grimmelmann, J.: Privacy as product safety. Widener LJ 19, 793 (2010)

    Google Scholar 

  20. Cavoukian, A.: Privacy by design: the definitive workshop - a foreword by Ann Cavoukian. IDIS 3, 247 (2010)

    Article  Google Scholar 

  21. Kianieff, M.: The evolution of consumer privacy law: how privacy by design can benefit from insights in commercial law and standardization. CJLT 10, 1 (2012)

    Google Scholar 

  22. Hustinx, P.: Privacy by design: delivering the promises. IDIS 3, 253 (2010)

    Article  Google Scholar 

  23. Hartzog, W.: Reexamining privacy value: the value of modest privacy protections in a hyper social world. Colo. Tech. LJ 12, 333 (2014)

    Google Scholar 

  24. Tien, L.: Architectural regulation and the evolution of social norms. Yale J. L. Tech. 7, 1 (2004)

    Google Scholar 

  25. Koops, B.J., Leenes, R.: Privacy regulation cannot be hardcoded, a critical comment on the “privacy by design” provision in data-protection law. Int. Rev. Law Comput. Tech. 28, 1 (2013)

    Google Scholar 

  26. Kamara, I.: Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation “mandate”. EJLT 8(1) (2017)

    Google Scholar 

  27. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: 4th Conference on Computers Privacy and Data Protection, vol. 317 (2011)

    Google Scholar 

  28. Hintze, M.: Viewing the GDPR through a de-identification lens: a tool for compliance, clarification, and consistency. IDPL 8, 1 (2018)

    Google Scholar 

  29. Krebs, D.: “Privacy by design”: nice-to-have or a necessary principle of data protection law? JIPITEC 4, 2190 (2013)

    Google Scholar 

  30. Reidenberg, J.R.: Lex informatica: the formulation of information policy rules through technology. Tex. L. Rev. 76, 553 (1997–1998)

    Google Scholar 

  31. Hijmans, H.: The European Union as Guardian of Internet Privacy. LGTS, vol. 31. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-34090-6

    Book  Google Scholar 

  32. Gutwirth, S., Leenes, R., De Hert, P.: Data Protection on the Move, Current Developments in ICT and privacy/data protection. 24 Law, Governance and Technology Series. Springer, Netherlands (2016)

    Google Scholar 

  33. Pagallo, U.: On the principle of privacy by design and its limits: technology, ethics and the rule of law. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds.) European Data Protection: In Good Health?. Springer, Dordrecht (2012). https://doi.org/10.1007/978-94-007-2903-2_16

    Chapter  Google Scholar 

  34. Bair, J.L.: Electronic health records and respect for patient privacy: a prescription for compatibility. Vand. J. Ent. Tech. L. 13, 441 (2011)

    Google Scholar 

  35. European Union Agency for Network and Information Security (ENISA): Privacy by design in big data, an overview of privacy enhancing technologies in the era of big data analytics (2015). https://www.enisa.europa.eu/publications/big-data-protection. Accessed 10 Mar 2019

  36. Rubinstein, I.S., Good, N.: Privacy by design: a counterfactual analysis of Google and Facebook privacy incidents. Berkeley Tech. LJ 28, 1333 (2013)

    Google Scholar 

  37. U.S. Department of Health, Education & Welfare: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems, Records Computers and the Rights of citizens, United States (1973)

    Google Scholar 

  38. Rotenberg, M.: Fair information practices and the architecture of privacy (what Larry doesn’t get). Stan. Tech. L. Rev. 2001, 1 (2001)

    Google Scholar 

  39. European Data Protection Supervisor (EDPS): Preliminary Opinion on privacy by design. Opinion 5/2018 (2018)

    Google Scholar 

  40. Commission Nationale de l’Informatique et des Libertés (CNIL): La forme des choix, Données personnelles, design et frictions désirables. Cahier IP 6 (2019). http://linc.cnil.fr. Accessed 10 Mar 2019

  41. Article 29 Data Protection Working Party: The Future of Privacy, Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data. WP 168 02356/09/EN (2009)

    Google Scholar 

  42. Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data Protection by Design and by Default. EDPL 4, 2 (2018)

    Google Scholar 

  43. Bygrave, L.A.: Data Protection by design and by default: deciphering the EU’s legislative requirements. Oslo L. Rev. 4, 105 (2017)

    Article  Google Scholar 

  44. Voigt, P., Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide. Springer, Netherlands (2017)

    Book  Google Scholar 

  45. Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/ECText with EEA relevance, PE/31/2018/REV/1. OJ L 295, 21 November 2018

    Google Scholar 

  46. De Hert, P., Papakonstantinou, V.: The proposed data protection Regulation replacing Directive 95/46/EC: a sound system for the protection of individuals. CLSR 28, 130 (2012)

    Google Scholar 

  47. European Union Agency for Fundamental Rights: Handbook on European data protection law (2018). http://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law. Accessed 10 March 2019

  48. European Commission and Milieu Ltd.: eHealth: Digital health and care Project, Overview of the national laws on electronic health records in the EU Member States (2014). https://ec.europa.eu/health/ehealth/projects/nationallaws_electronichealthrecords_it. Accessed 10 Mar 2019

  49. European Union Agency for Network and Information Security (ENISA): Privacy and data protection in mobile applications. A study on the app development ecosystem and the technical implementation of GDPR (2018). https://www.enisa.europa.eu/publications/privacy-and-data-protection-in-mobile-applications. Accessed 10 Mar 2019

  50. Danezis, G., et al.: European Union Agency for Network and Information Security (ENISA): Privacy and Data Protection by Design, from policy to engineering (2015). https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design. Accessed 10 Mar 2019

  51. Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: International Workshop on Privacy Engineering - IWPE 2016, San Jose, CA, USA (2016)

    Google Scholar 

  52. European Union Agency for Network and Information Security (ENISA): Handbook on Security of Personal Data Processing (2018). https://www.enisa.europa.eu/publications/handbook-on-security-of-personal-data-processing. Accessed 10 Mar 2019

  53. ISO/TS 17975:2015: Health informatics - Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information (2015). https://www.iso.org/home.html. Accessed 10 Mar 2019

  54. Carro, G., Masato, S., Parla, M.D.: La privacy nella sanità. Giuffrè, Torino (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Bologna - CIRSFID, 40121, Bologna, Italy

    Giorgia Bincoletto

  2. University of Luxembourg - FDEF, Luxembourg City, Luxembourg

    Giorgia Bincoletto

Authors
  1. Giorgia Bincoletto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giorgia Bincoletto .

Editor information

Editors and Affiliations

  1. Università di Roma - Tor Vergata, Rome, Italy

    Maurizio Naldi

  2. LUISS Guido Carli University, Rome, Italy

    Giuseppe F. Italiano

  3. Goethe University Frankfurt, Frankfurt, Germany

    Kai Rannenberg

  4. Universitat Politècnica de Catalunya, Barcelona, Spain

    Manel Medina

  5. ENISA, Heraklion, Greece

    Athena Bourka

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bincoletto, G. (2019). A Data Protection by Design Model for Privacy Management in Electronic Health Records. In: Naldi, M., Italiano, G., Rannenberg, K., Medina, M., Bourka, A. (eds) Privacy Technologies and Policy. APF 2019. Lecture Notes in Computer Science(), vol 11498. Springer, Cham. https://doi.org/10.1007/978-3-030-21752-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21752-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21751-8

  • Online ISBN: 978-3-030-21752-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation