Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)
Dr Ed Conley1 and Matthias Pocs2
1 SHiELD Horizon 2020 and Connected Health Cities Projects, AIMES, Liverpool Innovation Park, L7 9NJ, United Kingdom.
2 SHiELD Horizon 2020 Project, Stelar Security Technology Law Research 21035 Hamburg, Germany
18th International HL7 Interoperability ConferencePortsmouthJuly 12th 2018
North West Coast CHC Footprint North of England CHC Footprint
Connected Health Cities (CHC)Learning Health through Trustworthy Research Environments
2
OpenNCPCore
Technology Providers Use Case Providers
Shared Infrastructure - Enabling Exchange
Embedded cybersecurity,Privacy, Data
Protection Extensions
DEPLOY SecureDevOps
OpenNCP uses the HL7 International Patient Summary model to exchange information
3
National Contact Point (NCP) RelayUses HL7 IPS to exchange information internally
Mapping between epSOS and C-CDA CCD is completed and will not be updated.
UKPS
ESPS
ITPS
4
Packaging operational systems at run-timeAnalysis à Design à Deploy à Run
LEGALPRIVACY
SecDevOps
Driven by GDPR Principles Privacy-by-Design” and “Data Protection by Default”
5
OpenNCP CoreExtensionsby SHiELD
àGDPR principlesof “Privacy-by-Design”and “Data Protectionby Default” embeddingthreat mitigation & dynamic policy tools
6
OpenNCP Core
Comprehensive Security Threats Modelling / Mitigation in Use Cases• Asset inventoryComprehensive records kept of assets and applications.
• Configuration managementVulnerability modelling, logging access
• Counteraction measuresThreat-associated rules that trigger threat counteraction mechanisms
• Documentation of policies/procedures
• Cross-border regulatory managementMaintaining compatibility
• Novel security technologies Data hiding/masking and sensitive data analysis; anonymisation/pseudonymisation
• Security training for developers
• Software module dependency tracking modular computational workflow (e.g. data minimizing)
• Streamlining processesMinimising errors through other legal obligations
• Test typesStatic, dynamic, interactive and runtime - data application of security tests
• Traceability of lessons learnedTracking past software
• Vulnerability points analysisAccess control-related, protection for device-related, consent-related
7
HL7, ISO and NIST privilege management and access control
(PMAC) principles require explicit, ontology-based formal
(machine-processable) policies
In the 21st Century, we need flexible, automated
and intelligent solutions for interoperability.
The Shift to Automated Interoperability
For security, privacy and trust, static pre-definition will be
replaced by run-time computed bindings of policies (contextual
rules for processes) continuously calculating risks / trust scores…
8
What damage is GDPR trying to prevent?Controllers must assess the “likelihood and severity of the risk” of any personal data processing operation
relating to any use that “from personal data processing could lead to physical, material or non-material damage”.
DAMAGE EXAMPLES DAMAGE EXAMPLES
9
SHiELD System Vulnerability/Security Modelling
10
Domain Knowledge Interoperability “Interoperability is not just about exchanging data”
Use case and requirements methodology needs to evolve to provide the right knowledge to run processes in human contexts…
This is not a data formats challenge, its about learning how people who use the system think…
Understanding the real stakeholder concerns first through domain knowledge ontologies à each use case can be combined with those created in the past and future
11
Consistent Matching of Information Governance Requirements to Data Processing
(a) Typical LHSuse case
(b) IG ZoningSymbols
12
(b) IG ZoningSymbols
(c) Infrastructureassembledand deployedat run-time
13
Researcher view of a Trustworthy Research Environment (TRE)
14
Shared responsibilities and roles under the GDPRThe data processing agreement and other expectations
15
When the data processor needs to invoke a separate data processing service to fulfil the use case and IG requirements
16
The GDPR seeks to uphold data subject rights
A Key Reminder: Privacy is a Right
17
The Journey Begins
18
GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)
Dr Ed Conley1 and Matthias Pocs2
1 SHiELD Horizon 2020 and Connected Health Cities Projects, AIMES, Liverpool Innovation Park, L7 9NJ, United Kingdom.
2 SHiELD Horizon 2020 Project, Stelar Security Technology Law Research 21035 Hamburg, Germany
18th International HL7 Interoperability ConferencePortsmouthJuly 12th 2018