A Model-driven Privacy Compliance Decision Support for Medical Data Sharing in Europe

OBJECTIVES Clinical practitioners and medical researchers often have to share health data with other colleagues across Europe. Privacy compliance in this context is very important but challenging. Automated privacy guidelines are a practical way of increasing users' awareness of privacy obligations and help eliminating unintentional breaches of privacy. In this paper we present an ontology-plus-rules based approach to privacy decision support for the sharing of patient data across European platforms. METHODS We use ontologies to model the required domain and context information about data sharing and privacy requirements. In addition, we use a set of Semantic Web Rule Language rules to reason about legal privacy requirements that are applicable to a specific context of data disclosure. We make the complete set invocable through the use of a semantic web application acting as an interactive privacy guideline system can then invoke the full model in order to provide decision support. RESULTS When asked, the system will generate privacy reports applicable to a specific case of data disclosure described by the user. Also reports showing guidelines per Member State may be obtained. CONCLUSION The advantage of this approach lies in the expressiveness and extensibility of the modelling and inference languages adopted and the ability they confer to reason with complex requirements interpreted from high level regulations. However, the system cannot at this stage fully simulate the role of an ethics committee or review board.

[1]  Arie Hasman,et al.  Recommendations of the International Medical Informatics Association (IMIA) on Education in Biomedical and Health Informatics , 2010, Methods of Information in Medicine.

[2]  Vincent Breton,et al.  The Healthgrid White Paper , 2005, HealthGrid.

[3]  J. Dumortier Directive 98/48/EC of the European Parliament and of the Council , 2006 .

[4]  Marco Casassa Mont,et al.  Privacy compliance in european healthgrid domains: An ontology-based approach , 2009, 2009 22nd IEEE International Symposium on Computer-Based Medical Systems.

[5]  D Kalra,et al.  Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF) , 2003, Methods of Information in Medicine.

[6]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[7]  Marco Casassa Mont,et al.  Privacy compliance and enforcement on European healthgrids: an approach through ontology , 2010, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[8]  M. Brady,et al.  MammoGrid--a prototype distributed mammographic database for Europe. , 2007, Clinical radiology.

[9]  Simon Wessely,et al.  Consent, confidentiality, and the Data Protection Act , 2006, BMJ : British Medical Journal.