Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain

Development of Information Systems that ensure privacy is a challenging task that spans various fields such as technology, law and policy. Reports of recent privacy infringements indicate that we are far from not only achieving privacy but also from applying Privacy by Design principles. This is due to lack of holistic methods and tools which should enable to understand privacy issues, incorporate appropriate privacy controls during design-time and create and enforce a privacy policy during run-time. To address these issues, we present VisiOn Privacy Platform which provides holistic privacy management throughout the whole information system lifecycle. It contains a privacy aware process that is supported by a software platform and enables Data Controllers to ensure privacy and Data Subjects to gain control of their data, by participating in the privacy policy formulation. A case study from the healthcare domain is used to demonstrate the platform’s benefits.

[1]  Costas Lambrinoudakis,et al.  Employing privacy policies and preferences in modern e–government environments , 2013 .

[2]  Maryam Ahmadi,et al.  Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study , 2010, Journal of Medical Systems.

[3]  Jaspaljeet Singh Dhillon,et al.  A systematic review on data security and patient privacy issues in electronic medical records , 2016 .

[4]  Siani Pearson,et al.  Towards a Formalised Representation for the Technical Enforcement of Privacy Level Agreements , 2015, 2015 IEEE International Conference on Cloud Engineering.

[5]  Kenji Araki,et al.  Design and development of an international clinical data exchange system: the international layer function of the Dolphin Project , 2011, J. Am. Medical Informatics Assoc..

[6]  Jan Jürjens,et al.  Secure Information Flow for Concurrent Processes , 2000, CONCUR.

[7]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[8]  Zahir Irani,et al.  E-government adoption: architecture and barriers , 2005, Bus. Process. Manag. J..

[9]  Willy Susilo,et al.  A Systematic Literature Review on Security and Privacy of Electronic Health Record Systems: Technical Perspectives , 2015, Health information management : journal of the Health Information Management Association of Australia.

[10]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[11]  T. Greenhalgh,et al.  Adoption, non-adoption, and abandonment of a personal electronic health record: case study of HealthSpace , 2010, BMJ : British Medical Journal.

[12]  Annie I. Antón,et al.  A SOCIAL, TECHNICAL, AND LEGAL FRAMEWORK FORPRIVACY MANAGEMENT AND POLICIES , 2002 .

[13]  Elena Ferrari,et al.  Towards a Modeling and Analysis Framework for Privacy-Aware Systems , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[14]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.