Title : Visualization of Privacy Path in eHealth & m-health: Regulatory & Policy Frameworks

Project Lead : Sylvia Kierkegaard From : International Association of IT Lawyers (IAITL) (Denmark)

Dates : from -- to 2015-02-11 13:19:06

Description :

Motivation and objectives :
This project aims to understand how information flows within and between the health provider organisations and patients and a way of identifying vulnerabilities that compromise privacy of health data. E-Health has a huge potential to alleviate the problems of the health systems and provides numerous opportunities for innovative health solutions to improve the quality of health care. The combined use of the Internet and mobile technologies is leading to major changes in how individuals and healthcare providers communicate, conduct business transactions and access resources. Mobile phones are now the most widely used communication technology in the world. The use of mobile phones, tablet computers and personal digital assistants (PDAs) for direct communication with health providers or accessing health-related information provides unprecedented opportunities to apply mobile technology. But at the moment it is not clear how digital technologies can be made secure so that consumers can reap the benefits from improved information flows at the point of care, knowing that their privacy will be protected. This proliferation of services has put large quantities of private health information in the hands of the health service providers, who in many cases have mishandled the information, either intentionally or unintentionally, to the detriment of consumer privacy. Privacy is a fundamental principle underpinning quality healthcare. Consumers trust in the appropriate handling of personal health information must be maintained as the health sector moves to adopt and implement new technologies. Visualisation will provide a clear identification of the explicit structure of patients record data. Adopting new, tech-enabled health care approaches which can deliver high quality, patient-centric, healthcare to EU citizens requires trust and assurance in the system The medical sector, policy makers and patients will also be hesitant to discard the traditional system that has worked well in the past and embrace the digital revolution. Clarification and guidance for applying the legal framework will stimulate a market for innovative health solutions. The overall goal of this study is to contribute to: (1) a safe and secure handling of the patients data through identification of vulnerabilities that can lead to non-compliance of privacy and data protection laws in the EU (2) a visualisation of the private information flow to assist in the drafting of regulatory and policy framework to accelerate eHealth solutions for more efficient health services (3) an illustration of relationship and significance ( transactions and interactions) across the internet some of them originating from the assignments to users of inappropriate permissions on sensitive data, thus recognising as early as possible the risk deriving by inappropriate access right management and to identify the solutions that they need to prevent such risks and 4) visualisation of the technical interoperability of eHealth applications upon the normative framework at both EU and national level and assess the urgency of fostering the adoption of information security and data privacy enhancing measures, in particular through the incentive of the law, in parallel to the promotion of technical interoperability. Given the fast growing uptake of smartphones and tablets, this project also includes a specific focus on mobile health (mHealth). The growth in the mobile health and wellbeing market has been accompanied by a rapid increase in the number of software applications for mobile devices (or 'apps') and the use of cloud computing as well as new delivery of health care by distance or telehealth (e.g. telemedicine). Such applications potentially offer information, diagnostic tools, possibilities to 'self-quantify' as well as new modalities of care. They are blurring the distinction between the traditional provision of clinical care by physicians, and the self-administration of care and wellbeing. Given the complexity created by mHealth, further clarification is needed on the legal framework applicable to these specific areas. The rapid developments in this sector raise questions about the applicability of the current frameworks, the use of the data collected through these applications by individuals and medical professionals, and whether or not and how they will be integrated in healthcare systems. Clarity of information and 'user-friendliness' are also important to consider. This needs to be achieved without over-regulating as it is an emerging cluster of technologies with lower costs and risks, but also with lower profitability. Network operators, equipment suppliers, software developers and healthcare professionals are all seeking clarity on the roles they could play in the value chain for mobile health. Possible scenarios for eHealth applications , e.g., mobile technology , and other fundamental issues such as identified technological and policy gaps , need to be addressed .Infrastructure and privacy issues need to be resolved before physicians can even start using the records and exchange records in the EU. This understanding will help improve Europe's capacity to define regulatory framework needed to develop both private sector-driven and publicly-funded eHealth services that spells out a consumers privacy rights and how consumer private information is to be handled. The applicant believes that this work will provide a better understanding of the mobile eHealth options available and how smart public policy can maximise the potential of mobile networks, technologies and services through the implementing tools developed by Technion ESML Lab.

Teams :
The International Association of IT Lawyers contributes to the role of IT law in international relations and aims to promote the comparative study of IT law. To fulfil these goals, we aim to undertake activities as follows: 1) To promote and support the exchange of ideas between practitioners, scholars and students of IT law across the world. 2) To raise funds for the purpose of enabling practitioners, scholars and students to attend conferences across the world. 3) To encourage practitioners, scholars and students of IT law to engage more fully with the IT industry, policymakers and members of the general public to become more fully involved with the way IT affects the law, policy and the way IT is used. 4) To keep members up-to-date with details of conferences and related activities.

Dates :
starting date : 14 May, 2014
ending date : 26 May, 2014

Facilities descriptions :
http://visionair-browser.g-scop.grenoble-inp.fr/visionair/Browser/Catalogs/ECVL.IL.html

Recordings & Results :
Professor Kierkegaard gave a speech discussing new developments in Privacy and data protection laws in EU, such as data retention, right to be forgotten, e-health, sensitive data and security. It was well attended by professors in the medical field, lawyers and PhD students. The talk shed some light on post-mortem privacy, a phenomenon rather neglected in the legal literature. Acknowledging the quite controversial nature of the phenomenon and certain policy and legal arguments pro and contra, the speech explores the data protection (informational privacy) aspect of the issue. More precisely, the focus is on the distinction between the current and the newly proposed data protection regime in the European Union (EU), assessing how these regimes are susceptible to protecting the deceaseds personal data. The remainder of the visit was devoted to visualisation of the possible legal issues arising from the right of access to the sensitive data and access to records of the deceased, especially Human rights. The visualisation provided clear representation of the process and will be of great help to all stakeholders in understanding the relevant issues.

Conclusions :
Professor Kierkegaard gave a speech discussing new developments in Privacy and data protection laws in EU, such as data retention, right to be forgotten, e-health, sensitive data and security. It was well attended by professors in the medical field, lawyers and PhD students. The talk shed some light on post-mortem privacy, a phenomenon rather neglected in the legal literature. Acknowledging the quite controversial nature of the phenomenon and certain policy and legal arguments pro and contra, the speech explores the data protection (informational privacy) aspect of the issue. More precisely, the focus is on the distinction between the current and the newly proposed data protection regime in the European Union (EU), assessing how these regimes are susceptible to protecting the deceaseds personal data. The remainder of the visit was devoted to visualisation of the possible legal issues arising from the right of access to the sensitive data and access to records of the deceased, especially Human rights. The visualisation provided clear representation of the process and will be of great help to all stakeholders in understanding the relevant issues.






Other project resources :

Visionair Report - Sylvia Kierkegaard.pdf