Innovative eHealth technologies and solutions are changing the way healthcare is delivered, raising many challenges regarding the ethical concerns that need to be addressed. There is a growing demand for tools that enable the assessments of the ethical impact in order to assure compatibility or highlight areas of incompatibility. This paper aims to address the ethical challenges that will arise during KONFIDO EU-funded project. KONFIDO project aims to develop tools and procedures to create a paradigm for secure inner and cross-border exchange of healthcare data in a legal and ethical way at both national and European level. The paper proposes an ethical framework that consists of a set of ethical principles derived from recent literature and European regulation and a supporting checklist. The ethical framework represents a concrete and practical guidance for healthcare professionals and developers in order to build ethically acceptable KONFIDO solutions.
- Cross-border healthcare data exchange
- Ethical framework
Recent European level plans in healthcare include the means to implement cross-border healthcare solutions in the European Union. This raises awareness towards the need for secure interoperable eHealth technologies and solutions, including electronic health records (EHRs), electronic prescribing (ePrescription), mobile health (mHealth) devices and applications [1, 2]. The related documents can include sensitive information that patients might not wish to reveal. The need for a pragmatic approach and tools for handling ethical access issues has been well recognized in the health research community. eHealth research projects are conducted by large consortia formed of public-private partnerships that operate in multinational settings that are increasingly attempting to bring together large data sets utilising patient’s computerised medical record data for cross-border applications. The EU-funded KONFIDO project (http://konfidoproject.eu/) [8,9,10] presented in the present volume , aims to develop tools and procedures to create a scalable and holistic paradigm for secure inner and cross-border exchange of healthcare data in a legal and ethical way at both national and European level. KONFIDO requires assessing the ethical dimensions that concerns the collection, storage, transmission and dissemination of personal data. As a result, the KONFIDO landscape of potential ethics issues is very complex. In order to address these issues, an ethical framework and other supporting tools were defined as a guide to provide a direction on the cross-border eHealth applications involved into KONFIDO.
2 Building the Ethical Framework: The Methodology
In order to understand what ethical principles have already been identified and discussed in the context of eHealth, a comprehensive analysis of recent literature and European Regulations (see Table 1) has been conducted in order to identify relevant references related to the ethical aspects of eHealth using specific search terms (e.g., eHealth ethics & framework, ethics & cross-border healthcare, etc.).
The main findings in Table 1 can be aggregated for similarity of concepts as shown in Fig. 1. The ethical principles that are highlighted in grey are those included into KONFIDO ethical framework. They are described in the following with suggested actions.
The ethical principle of trust is based on consent and confidentiality principles.
Data subjects should be informed when their identifiable data are sent or compromised abroad and an informed consent should be obtained for sharing identifiable data or for sharing data across a network that may be unsecure. Another aspect of trust is related to data quality. In fact, this principle ensures that individuals cannot be incorrectly identified and false conclusions cannot be drawn.
In order to respect the principle of trust, the software processing systems should include appropriate data quality mechanisms and integrity checks. Data needs to be collected in a standardised way so that it can be comparable and usable. The healthcare organisation should provide, in clear and understandable language, general descriptions of policies and practices regarding the collection, storage, and use of identifiable health care information. Moreover, it has to inform the patients regarding potential breaches of data security.
Privacy and Security
Privacy and Security principles are related to two main areas of consent and confidentiality. The eHealth solution developer should perform a risk analysis in order to identify the security measures to protect data. The patient has to receive a document (e.g., information sheet) with details regarding the security mechanisms in place.
Perform a risk analysis to identify the principle dangers and related remedies. Prepare an information sheet with details about the security measures.
The principle of proportionality is fundamental when considering eHealth applications with specific reference to data collection, use and storage. According to the proportionality principle healthcare data should not be stored longer than necessary in the recipient country in order to avoid risk of disclosure and the data should be shared via an unsecured network only in life-threatening emergencies. Those responsible for the deployment of eHealth applications will need to balance the excessive use of security and other procedural protection that can greatly increase the cost of providing eHealth solutions and introduce delay.
The data sharing mechanisms should guarantee that the data are not stored longer than necessary in the recipient country and the information is unobstructed when there is an urgent need to obtain data, particularly to prevent loss of life.
Ownership and Data control
The patients are the owners and controllers of their healthcare data, with the right to make decisions over access and to be informed about how it will be used.
The patients have to be informed about the processing of the personal data and they must authorise data manipulation (e.g., provide authorisation for the cross-boarding data sharing).
eHealth applications have the potential to promote equality and reduce inequalities in healthcare. The provision of tools for self-management enables people with chronic diseases to have more control over their conditions. Remote monitoring can also improve the quality of life for certain groups in society enabling them to keep living in their own homes rather than being treated or cared for in nursing homes or other care centres. All of these features can work towards reducing health inequities.
KONFIDO services should contribute to equality in healthcare and it should be suitable to be used in every EU member country.
There is no doubt that eHealth has the potential to bring significant benefits. However, there is a risk that the human aspects are ignored and the patients do not have the power to influence the development of eHealth applications and become a simple component in an eHealth machine. In order to prevent this, eHealth applications need to be reviewed with input from end-users that should have the accountability to give their feedback about the data management system.
Design KONFIDO without ignoring the human aspects, with the patient at the centre of the healthcare processes. Introduce mechanisms that enable a continuous revision of KONFIDO applications according to end users feedbacks.
3 Ethical Framework Flowchart
The ethical framework is proposed in the form of a flowchart based on the H2020 Guidance—How to complete your ethics self-assessment v5.2 . In the flowchart (Fig. 2), the grey boxes represent the activity performed by KONFIDO applications and the dotted boxes contain the suggested actions and the support documents. The implementation of ethical principles should include a participatory and person-centred approach. In this sense, three documents are introduced: an informed consent, an information sheet (i.e., storage procedure, data security measures) and data-sharing authorisation.
4 KONFIDO Architecture Review: A Preliminary Checklist
In order to check if KONFIDO architecture is compliant with the ethical principles, a preliminary survey was developed with the checklist reported in Table 2.
Across Europe there is a growing demand for tools that enable ethical impact assessments and comparative analysis of ethical principles related to eHealth solutions for cross-border applications.
This paper proposes an Ethical framework and a set of tools that will enable KONFIDO project to be compliant with a set of ethical principles extracted from recent literature and European Regulation. For each ethical principle, a set of suggested actions have been listed and included into a flowchart that analyses three different operational levels of KONFIDO applications (i.e., collection, storage and sharing).
eHealth Task Force Report: Redesigning health in Europe for 2020. Publications Office of the European Union (2012)
Chassang, G.: The impact of the EU general data protection regulation on scientific research. Ecancermedicalscience 11, 709 (2017)
de Lusignan, S., Liyanage, H., Di Iorio, C.T., Chan, T., Liaw, S.T.: Using routinely collected health data for surveillance, quality improvement and research: framework and key questions to assess ethics, privacy and data access. J. Innov. Health Inform. 22(4), 426–432 (2016)
European Health Telematics Association (EHTEL): ETHICAL principles for eHealth: conclusions from the consultation of the ethics experts around the globe (2012). A briefing paper. http://www.ehtel.org/publications/ehtel-briefing-papers/ETHICAL-briefing-principlesfor-ehealth/view
Rippen, H., Risk, A.: eHealth code of ethics (May 24). J. Med. Internet Res. 2(2), e9 (2000)
H2020 Guidance: How to complete your ethics self-assessment: V5.2 – 12.07.2016
Gelenbe, E.: Some current research on cybersecurity in Europe. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 1–10. Springer, Cham (2018)
Staffa, M., et al.: KONFIDO: an OpenNCP-based secure ehealth data exchange system. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 11–27. Springer, Cham (2018)
Akriotou, M., et al.: Random number generation from a secure photonic physical unclonable hardware module. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 28–37. Springer, Cham (2018)
Castaldo, L., Cinque, V.: Blockchain based logging for the cross-border exchange of E-health data in Europe. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 46–56. Springer, Cham (2018)
The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 727528 (KONFIDO—Secure and Trusted Paradigm for Interoperable eHealth Services).
Editors and Affiliations
© 2018 The Author(s)
About this paper
Cite this paper
Faiella, G. et al. (2018). Building an Ethical Framework for Cross-Border Applications: The KONFIDO Project. In: , et al. Security in Computer and Information Sciences. Euro-CYBERSEC 2018. Communications in Computer and Information Science, vol 821. Springer, Cham. https://doi.org/10.1007/978-3-319-95189-8_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95188-1
Online ISBN: 978-3-319-95189-8