GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Dr Ed Conley1 and Matthias Pocs2

1 SHiELD Horizon 2020 and Connected Health Cities Projects, AIMES, Liverpool Innovation Park, L7 9NJ, United Kingdom.

2 SHiELD Horizon 2020 Project, Stelar Security Technology Law Research 21035 Hamburg, Germany

18th International HL7 Interoperability ConferencePortsmouthJuly 12th 2018

North West Coast CHC Footprint North of England CHC Footprint

Connected Health Cities (CHC)Learning Health through Trustworthy Research Environments

2

OpenNCPCore

Technology Providers Use Case Providers

Shared Infrastructure - Enabling Exchange

Embedded cybersecurity,Privacy, Data

Protection Extensions

DEPLOY SecureDevOps

OpenNCP uses the HL7 International Patient Summary model to exchange information

3

National Contact Point (NCP) RelayUses HL7 IPS to exchange information internally

Mapping between epSOS and C-CDA CCD is completed and will not be updated.

UKPS

ESPS

ITPS

4

Packaging operational systems at run-timeAnalysis à Design à Deploy à Run

LEGALPRIVACY

SecDevOps

Driven by GDPR Principles Privacy-by-Design” and “Data Protection by Default”

5

OpenNCP CoreExtensionsby SHiELD

àGDPR principlesof “Privacy-by-Design”and “Data Protectionby Default” embeddingthreat mitigation & dynamic policy tools

6

OpenNCP Core

Comprehensive Security Threats Modelling / Mitigation in Use Cases• Asset inventoryComprehensive records kept of assets and applications.

• Configuration managementVulnerability modelling, logging access

• Counteraction measuresThreat-associated rules that trigger threat counteraction mechanisms

• Documentation of policies/procedures

• Cross-border regulatory managementMaintaining compatibility

• Novel security technologies Data hiding/masking and sensitive data analysis; anonymisation/pseudonymisation

• Security training for developers

• Software module dependency tracking modular computational workflow (e.g. data minimizing)

• Streamlining processesMinimising errors through other legal obligations

• Test typesStatic, dynamic, interactive and runtime - data application of security tests

• Traceability of lessons learnedTracking past software

• Vulnerability points analysisAccess control-related, protection for device-related, consent-related

7

HL7, ISO and NIST privilege management and access control

(PMAC) principles require explicit, ontology-based formal

(machine-processable) policies

In the 21st Century, we need flexible, automated

and intelligent solutions for interoperability.

The Shift to Automated Interoperability

For security, privacy and trust, static pre-definition will be

replaced by run-time computed bindings of policies (contextual

rules for processes) continuously calculating risks / trust scores…

8

What damage is GDPR trying to prevent?Controllers must assess the “likelihood and severity of the risk” of any personal data processing operation

relating to any use that “from personal data processing could lead to physical, material or non-material damage”.

DAMAGE EXAMPLES DAMAGE EXAMPLES

9

SHiELD System Vulnerability/Security Modelling

10

Domain Knowledge Interoperability “Interoperability is not just about exchanging data”

Use case and requirements methodology needs to evolve to provide the right knowledge to run processes in human contexts…

This is not a data formats challenge, its about learning how people who use the system think…

Understanding the real stakeholder concerns first through domain knowledge ontologies à each use case can be combined with those created in the past and future

11

Consistent Matching of Information Governance Requirements to Data Processing

(a) Typical LHSuse case

(b) IG ZoningSymbols

12

(b) IG ZoningSymbols

(c) Infrastructureassembledand deployedat run-time

13

Researcher view of a Trustworthy Research Environment (TRE)

14

Shared responsibilities and roles under the GDPRThe data processing agreement and other expectations

15

When the data processor needs to invoke a separate data processing service to fulfil the use case and IG requirements

16

The GDPR seeks to uphold data subject rights

A Key Reminder: Privacy is a Right

17

The Journey Begins

18

GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Dr Ed Conley1 and Matthias Pocs2

1 SHiELD Horizon 2020 and Connected Health Cities Projects, AIMES, Liverpool Innovation Park, L7 9NJ, United Kingdom.

2 SHiELD Horizon 2020 Project, Stelar Security Technology Law Research 21035 Hamburg, Germany

18th International HL7 Interoperability ConferencePortsmouthJuly 12th 2018