Providing a Network of Trust in Processing Health Data for Research

Similar documents
DATA PROTECTION POLICY

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ACEA PRINCIPLES OF DATA PROTECTION IN RELATION TO CONNECTED VEHICLES AND SERVICES

European Commission initiatives on e- and mhealth

ECRIN (European Clinical Research Infrastructures Network)

Data Privacy in the Cloud E-Government Perspective

INTERNET AND SECURITY

Article 29 Working Party Issues Opinion on Cloud Computing

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

Cloud Computing and Privacy Laws! Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

University of Limerick Data Protection Compliance Regulations June 2015

Synapse Privacy Policy

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Personal Data Handling and Sharing Policy

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Portable Devices and Removable Media Acceptable Use Policy v1.0

INTERNATIONAL PHARMACEUTICAL PRIVACY CONSORTIUM COMMENTS IN RESPONSE TO THE CALL FOR EVIDENCE ON EU DATA PROTECTION PROPOSALS

How To Protect Your Data In European Law

Appendix 11 - Swiss Data Protection Act

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

INERTIA ETHICS MANUAL

Global Alliance for Genomics & Health Data Sharing Lexicon

PRIVACY POLICY (LAST UPDATED: )

Secondary use and de-identification through safe havens. Clive Thomas NIGB Workshop 6 th June 2011

SUPPORT TO KOSOVO INSTITUTIONS IN THE FIELD OF FOR PROTECTION OF PERSONAL DATA

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Data Sharing Protocol

The potential legal consequences of a personal data breach

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Information Sharing Policy

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers

Health and Social Care Information Centre

Office 365 Data Processing Agreement with Model Clauses

CORK INSTITUTE OF TECHNOLOGY

Information for patients and the public and patient information about DNA / Biobanking across Europe

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

Data Protection Act Guidance on the use of cloud computing

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

T-Identity Protector (T-IP)

Data Management Plan ehcobutler Project

New Relic EU Data Protection Whitepaper

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

DATA PROTECTION POLICY

Statutory Instruments 2007: No. 2199

National Quality Assurance Programme in Radiology Information Governance Policy

that it has no right to have access to the Software in source code form;

Application Programming Interface (API) Application (app) - The API app is the connector between epages and the developers service.

Privacy Impact Assessment: care.data

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

SECURITY MEASURES IN THE PERSONAL DATA PROTECTION RULES: TECHNOLOGICAL SOLUTIONS AND LEGAL ADAPTATION

ABPI GUIDELINES FOR THE SECONDARY USE OF DATA FOR MEDICAL RESEARCH PURPOSES

HIPAA PRIVACY AND SECURITY AWARENESS

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

Information Governance White Paper EDGE Programme

Secondary Use of the EHR via Pseudonymisation

Draft Code of Conduct on privacy for mobile health applications

The Manitowoc Company, Inc.

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Microsoft Online Services - Data Processing Agreement

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

CONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE. Version: August 2015

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy

Matthias Hauss- SRC Security Research & Consulting GmbH October PCI DSS Requirements in the Context of European Data Protection Law

Johnson Controls Privacy Notice

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Data Processing Agreement for Oracle Cloud Services

Privacy Issues of Provenance in Electronic Healthcare Record Systems

Data Compliance. And. Your Obligations

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Practical Overview on responsibilities of Data Protection Officers. Security measures

DGPeterson, LLC. HIPAA Security Auditors Report. Prepared for: Vigilant Medical, LLC Date: January 28, HIPAA Privacy & Security Consulting

Third Party Security Requirements Policy

Estée Lauder Companies Global Jobs Website Privacy Policy

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

So the security measures you put in place should seek to ensure that:

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

Last updated: 30 May Credit Suisse Privacy Policy

DATA PROTECTION POLICY

Multiple SSL Certificates on a single IP address without losing any backward compatibility

The SHARE & DMP-SS Projects: secure private cloud for health research

THE EHR4CR PLATFORM AND SERVICES

Data Protection in Ireland

JOB APPLICANT PRIVACY NOTICE

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Wellesley College Written Information Security Program

Amalgamated Life Privacy Statement

PRIVACY AND DATA SECURITY MODULE

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

Science Europe Position Statement. On the Proposed European General Data Protection Regulation MAY 2013

For ONC S&I DS4P. Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012

Cyberprivacy and Cybersecurity for Health Data

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Information Governance Checklist and Privacy Impact Assessments

Transcription:

Providing a Network of Trust in Processing Health Data for Research Iheanyi Nwankwo (LUH), Elias Neri (Custodix) 1

Outline Legal framework for processing health data Technical and organisational measures in protecting sensitive data The CHIC data protection framework 2

Bridging the silos of medical data The global healthcare challenges: - Rising cost - Management of chronic diseases with an unpredictable nature (Cancer, Parkinson s) - Individual differences = tailored treatment 3

Digital Patient Reserach in developing a Digial Patient - Models that will accurately predict each patient s condition with his/her health data - The last mile towards achieving personalised medicine http://www.digital-patient.net/index.html 18.11. 2014 EICAR Conference, Frankfurt 4

Unlocking data for research The digital patient represents medical data (much of which are undiscovered, locked in various silos) Rules governing the processing of sensitive data impact medical research 5

Medicial data and research The Problem: Sharp divide between personal data and non-personal data Retrospective data and issues of informed consent Sometimes the aim of research requires a link-back to the data subject (eg. for validation, incidental findings etc) 6

Data security What data security measures? the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing (Art 17 DPD) 7

The CHIC Approach CHIC Network of Trust 8

CHIC Data Protection Framework Pseudonymisation and De Facto Anonymisation of Data Pseudonymisation Tools Upload Tool Custodix Anonimisation Tool & Services (CATS) CHIC Contractual Obligations Dedicated Center for Data Protection (CDP) Use of Trusted Third Party Security Authentication, Authorisation & Auditing Encryption 9

Example Data upload from hospital to CHIC platform 10

CHIC Computational Horizons in Cancer 11

Export of Patient Data - Anonymisation 12

Export of Patient Data Link back 18.11. 2014 13 EICAR Conference, Frankfurt

Export of Patient Data - Pseudonymisation 14

Export of Patient Data De Facto Anonymisation 15 TTP

DPF Data Flow 16

Implementation Pseudonymisation Engine Model-drive approach Define a privacy profile (transformations) once.. Apply it to different data sources 17

Implementation - CAT 18

Implementation - CATS Service-oriented CAT Hosted service (TTP) or appliance (installed in-house) Easy integration into workflows Provides Local and central de-identification or a combination hereof Central management of privacy profiles Compatible with CAT-generated profiles Centralised audit tracking of de-identification requests for compliance & fault management 19

Data Transfer Create Privacy Profiles 20

Data Transfer - CSV 21

Data Transfer Privacy Profile Generic Model & Mapping from CSV Privacy Operations 22

Data Transfer Privacy Profile 18.11. 2014 23 EICAR Conference, Frankfurt

Data Transfer Process and Upload Data 24

Data Transfer - Result Original Pseudonymised 25

ACKNOWLEDGMENT This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under Grant Agreement No 600841. www.chic-vph.eu 26

The CHIC Consortium 18.11.2014 EICAR Conference, Frankfurt 27

Thank you for your attention 28

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information