In healthcare a multiplicity of actors needs to access and share patients’ data while being compliant with policies defined by data protection legislation. Building frameworks to enable stakeholders to design and develop data-sharing mechanisms in compliance with legislations is a challenging task. In this work, we propose a methodology and a platform called CHINO, inspired by Privacy by Design principles, to guide the involved stakeholders during the definition of data-sharing processes by using visual representations such as Business Process Modelling (BPM). BPM enables the stakeholders to reason and share their understanding about privacy aspects from early analysis phases, while CHINO platform provides the execution framework for the defined BPM processes and privacy policies. To prove the CHINO efficacy, we show how policies extracted from legislations can be modelled and executed and we report our studies with end-users with whom we validated the system usability. We analyse also CHINO from a legal point of view and its compliance with data protection legislations.
Enabling Privacy by Design in Medical Records Sharing / Stevovic, Jovan; Bassi, Eleonora; Giori, Alessio; Casati, Fabio; Armellin, Giampaolo. - STAMPA. - 20:(2015), pp. 385-406. [10.1007/978-94-017-9385-8_16]
Enabling Privacy by Design in Medical Records Sharing
Stevovic, Jovan;Bassi, Eleonora;Casati, Fabio;
2015-01-01
Abstract
In healthcare a multiplicity of actors needs to access and share patients’ data while being compliant with policies defined by data protection legislation. Building frameworks to enable stakeholders to design and develop data-sharing mechanisms in compliance with legislations is a challenging task. In this work, we propose a methodology and a platform called CHINO, inspired by Privacy by Design principles, to guide the involved stakeholders during the definition of data-sharing processes by using visual representations such as Business Process Modelling (BPM). BPM enables the stakeholders to reason and share their understanding about privacy aspects from early analysis phases, while CHINO platform provides the execution framework for the defined BPM processes and privacy policies. To prove the CHINO efficacy, we show how policies extracted from legislations can be modelled and executed and we report our studies with end-users with whom we validated the system usability. We analyse also CHINO from a legal point of view and its compliance with data protection legislations.File | Dimensione | Formato | |
---|---|---|---|
327993_1_En_16_Reviewed.pdf
accesso aperto
Descrizione: articolo principale
Tipologia:
Post-print referato (Refereed author’s manuscript)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
575.58 kB
Formato
Adobe PDF
|
575.58 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione