IRIS

Aim. The BIRO project involves the use of sensitive-medical data collected through diabetes registries, standardized, exchanged and further processed to support the routine publication of diabetes reports across Europe. Privacy impact assessment is a systematic process allowing to optimise the system based upon the study of its impact upon privacy. Aim of a specific project work package is to provide a definitive description of privacy risks, applicable privacy legislation and mitigation strategies adopted in the implementation and management of the BIRO system.Methods. Four steps have been carried out: preliminary assessment, data flow analysis, privacy analysis and final report. Preliminary assessment was conducted by a multidisciplinary team carrying out a systematic review of the privacy literature and a general discussion on the data flow focused on alternatives identified in the first step. A Delphi consensus procedure was used to define the best alternative through the use of data flow tables, an information flow questionnaire and an overall consensus table. Privacy analysis covered any privacy issue arising in the transfer of data from the local centres to the central database. Potential privacy risks have been explicitly listed to indicate mitigation strategies to be implemented. The final report compiled all results according to a structured format.Results. Preliminary analysis identified three candidate architectures, with differing levels of data sharing: "individual patient data, de-identified through a pseudonym"; "aggregation by group of patients, with Centre's identifiers available in de-identified form, securely encrypted"; and "Aggregation by Region". The second has been identified as best solution in terms of privacy protection, information content, scientific soundness and feasibility. Privacy analysis performed a detailed assessment of the various aspects involved in the adoption of the final BIRO architecture. Conclusion. Privacy is a fundamental right of diabetic patients that must be carefully taken into account in the construction of information systems promoted by the IDF. According to Recital 26 of the EU Data Protection Directive and other relevant legislation, transborder data flow and data processing envisaged in BIRO is legally viable. Privacy impact assessment shows that the selected architecture flexibly affords the best privacy protection in the construction of an efficient model for the continuous production of European diabetes reports

Defining the best architecture for secure data exchange of diabetes information in Europe: privacy impact assessment in the BIRO project

Carinci F;
2009-01-01

Abstract

Aim. The BIRO project involves the use of sensitive-medical data collected through diabetes registries, standardized, exchanged and further processed to support the routine publication of diabetes reports across Europe. Privacy impact assessment is a systematic process allowing to optimise the system based upon the study of its impact upon privacy. Aim of a specific project work package is to provide a definitive description of privacy risks, applicable privacy legislation and mitigation strategies adopted in the implementation and management of the BIRO system.Methods. Four steps have been carried out: preliminary assessment, data flow analysis, privacy analysis and final report. Preliminary assessment was conducted by a multidisciplinary team carrying out a systematic review of the privacy literature and a general discussion on the data flow focused on alternatives identified in the first step. A Delphi consensus procedure was used to define the best alternative through the use of data flow tables, an information flow questionnaire and an overall consensus table. Privacy analysis covered any privacy issue arising in the transfer of data from the local centres to the central database. Potential privacy risks have been explicitly listed to indicate mitigation strategies to be implemented. The final report compiled all results according to a structured format.Results. Preliminary analysis identified three candidate architectures, with differing levels of data sharing: "individual patient data, de-identified through a pseudonym"; "aggregation by group of patients, with Centre's identifiers available in de-identified form, securely encrypted"; and "Aggregation by Region". The second has been identified as best solution in terms of privacy protection, information content, scientific soundness and feasibility. Privacy analysis performed a detailed assessment of the various aspects involved in the adoption of the final BIRO architecture. Conclusion. Privacy is a fundamental right of diabetic patients that must be carefully taken into account in the construction of information systems promoted by the IDF. According to Recital 26 of the EU Data Protection Directive and other relevant legislation, transborder data flow and data processing envisaged in BIRO is legally viable. Privacy impact assessment shows that the selected architecture flexibly affords the best privacy protection in the construction of an efficient model for the continuous production of European diabetes reports
2009
4.3 Poster
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14245/7775
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
social impact