Information technologies, systems and computing paradigms have enabled healthcare organisations to advance the medical science in ways that society can benefit. This includes primarily the analysis of huge amounts of health data that is collected either from clinical reports or examination lab data. These, with the help of statistical methods and big data analytics, can provide valuable knowledge to researches which try to identify correlations, causes and ways to prevent diseases. While, in terms of research, health data from hospitals and care centres possess extreme value, it also equally important that the sensitive personal identifiable information (PII) is not disclosed to unauthorised parties. The data privacy of the patients is of outmost importance due to societal reasons and also due to legal reasons which may affect organisations who exchange and process data. The GDPR aims at creating a framework that will govern the relations of citizens and patients with data controllers (i.e. data requesters), as well as obligations of data controllers when requesting, acquiring and storing such data. In that sense, it is crucial that stakeholders who exchange health data, do so in the most appropriate manner in respecting the privacy of the patient/citizen, as well as the directives of GDPR. To this end, organisations need innovative solutions to aid and inform them in assessing and managing privacy risks as these emerge from the exchange of highly sensitive health data.
Scenario. The Fundacio Privada Hospital Asil De Granollers (FPHAG) uses the MyHealthMyData platform which facilitates the exchange of health data for research purposes with third-parties, such as universities and research groups. The hospital needs to post the description of the data package that is going to provide to the MHMD [14] network. The data needs to be anonymised effectively in the hospitals’ information systems and reach the required privacy readiness state before it is exchanged. The hospitals’ managers decide to assess these privacy challenges in order to make sure that the whole procedure is fully compliant with GDPR. The Asset Discovery Tool (ADT) creates the necessary ontology which maps the health data to the organisations systems and personnel. This will aid the Privacy Assessment Tool (PAT) to evaluate and identify possible privacy violations to GDPR. PAT first checks the data anonymisation procedure. Indeed, as the hospital employs the MHMD anonymiser, the data is in the desired state to be exchanged. Also, the Health Professional Application (HPA) is used to publish the data description to the MHMD network. PAT provides the final privacy risk analysis to the CUREX Private Blockchain (PrB) which is stored permanently. Using the MHMD network, a research group from the department of neurobiology of the Karolinska Institute (KI), publishes a research case along with an enquiry about specific health which needs to be used for the research analysis. The MHMD platform facilitates the connection between the research group and FPHAG. However, in order for the exchange to take place, FPHAG requests that the general practise of data usage and their information systems that are going to be employed in order to store and process this data, are evaluated in terms of privacy compliance. For that reason, the research group will have to use PAT. The latter evaluates, through interactive interviews, the specific details that concern that exact use of data, as well as maps the complete information system stack of the group. PAT provides the final analysis which shows that the group possesses the proper safeguards making the exchange acceptable. In that sense, PAT stores the risk analysis to PrB. Both risk analysis reports are available to the stakeholders through HPA, which in turn, after the exchange confirmation from the hospital, generates the Smart Contract which contains the privacy and security details of the transaction that is going to take place between the hospital and the research group.
