Privacy compliance decision support for medical data sharing in Europe: A rule–based approach

Abstract

The harmonization of data protection legislation in Europe has been theoretically achieved by means of the EU directive on data protection. In practice the harmonization is not absolute and conflicts and inconsistencies continue to exist in the way Member States are implementing the directive. The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. In this paper we present an approach to model and automate privacy requirements for the sharing of patient data across within a semantic knowledge base. Then we approach the usage of the model for the purpose of providing automated decision support mechanism which would help medical professional complying with legal privacy requirements. Our methods starts with the capturing and the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. These requirements are for the sharing of personal data between different European Member States. Our model reflects both similarities and conflicts, between the different Member States. We then use the resulting model in order to allow the reasoning on the safeguards a data controller should ask from an organization belonging to another Member State before disclosing medical data to them. This work shows that it is feasible; through the use of ontologies and semantic web technologies; to minimize unintentional breaches of privacy and data protection principles while sharing personal data on European healthgrid domains.

Document Downloads

Total Document Downloads