A Model-driven Privacy Compliance Decision Support for Medical Data Sharing in Europe

 

 Artikel einzeln kaufen Lizenzen und Reprints

Summary

Objectives: Clinical practitioners and medical researchers often have to share health data with other colleagues across Europe. Privacy compliance in this context is very important but challenging. Automated privacy guidelines are a practical way of increasing users’ awareness of privacy obligations and help eliminating unintentional breaches of privacy. In this paper we present an ontology-plus-rules based approach to privacy decision support for the sharing of patient data across European platforms.

Methods: We use ontologies to model the required domain and context information about data sharing and privacy requirements. In addition, we use a set of Semantic Web Rule Language rules to reason about legal privacy requirements that are applicable to a specific context of data disclosure. We make the complete set invocable through the use of a semantic web application acting as an interactive privacy guideline system can then invoke the full model in order to provide decision support.

Results: When asked, the system will generate privacy reports applicable to a specific case of data disclosure described by the user. Also reports showing guidelines per Member State may be obtained.

Conclusion: The advantage of this approach lies in the expressiveness and extensibility of the modelling and inference languages adopted and the ability they confer to reason with complex requirements interpreted from high level regulations. However, the system cannot at this stage fully simulate the role of an ethics committee or review board.

• References

• 1 EC. Directive 95/46/EC of the European Parliament and of the Council. Online; 1995 (cited 2010). Available from: http://ec.europa.eu/justice/policies/privacy/law/index_en.htm#directive
  PubMed
• 2 McCullagh K. study of data protection: harmonization or confusion?. In: Proceeding of the 21st BILETA Conference: “Globalisation and Harmonisation in Technology Law”. Malta: 2006
  Suche in Google Scholar
• 3 Iversen A, Liddell K, Fear N, Hotopf M, Wessely S. Consent, confidentiality, and the Data Protection Act. British Medical Journal (Clinical Research Ed) 2006; 332 7534 165-169.
  CrossrefPubMedSuche in Google Scholar
• 4 Italian Personal Data Protection Code, Legislative Decree no. 196 of 30 June. 2003 Online; 2003 (cited 2010). Available from: http://www.privacy.it/privacycode-en.html
  PubMedSuche in Google Scholar
• 5 Beyleveld D, Townend D, Rouillé-Mirza S, Wright J. Implementation of the Data Protection Directive in relation to medical research in Europe. Ashgate: 2004
  Suche in Google Scholar
• 6 Rahmouni HB, Solomonides T, Casassa Mont M, Shiu S. Privacy compliance and enforcement on European healthgrids: an approach through ontology. Philosophical Transactions of the Royal Society A 2010, September 13; 368: pp 4057-4072.
  PubMed
• 7 Breton V, Dean K, Solomonides T. The Healthgrid White Paper. In: From Grid to Healthgrid: Proceedings of Healthgrid 2005. IOS Press; 2005. pp 249-321.
  Suche in Google Scholar
• 8 Information Commissioner Office. The Guide to Data Protection. Online; 2010 (cited 2010). Available from: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_guide_to_data_protection.pdf
  PubMed
• 9 Protégé. The Protégé Ontology Editor and Knowledge Acquisition System. Online; 2010 (cited 2010). Available from: http://protege.stanford.edu
  PubMed
• 10 Sandia National Laboratories. Jess, the Rule Engine for the Java Platform. Online; 2008 (cited 2010). Available from: http://www.jessrules.com
  PubMed
• 11 Andoulsi I, Herveg J, Stroetmann V, Stroetmann K, Dobrev A, Doosselaere CV. et al. Deliverable D4.3: Legal, social & economic challenges component roadmap II. Online; 2008 (cited 2010). Available from: http://eu-share.org/documents/SHARE-D4.3_Final.pdf
  PubMed
• 12 Fond de la Recherche en Santé du Quebec. A Governance framework For Data Banks and Biobanks Used for Health Research. Online; 2006 (cited 2010). Available from: http://www.frsq.gouv.qc.ca/en/ethique/pdfs_ethique/Sommaire_groupe_conseil_anglais.pdf
  PubMed
• 13 McGuinness DL, Van Harmelen F. OWL Web Ontology Language Overview2. Online; 2004 (cited 2010). Available from: http://www.w3.org/TR/owl-features/
  PubMedSuche in Google Scholar
• 14 Ontario. Freedom of Information and Protection of Privacy Act. [Online].; 2008 [cited 2010]. Available from: http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90f31_e.htm
  PubMedSuche in Google Scholar
• 15 Horrocks I, Patel-Schneider PF, Boley H, Tabet S, Grosof B, Dean M. SWRL: A Semantic Web Rule Language Combining OWL and Rule ML. Online; 2004 (cited 2010). Available from: http://www.w3.org/Submission/SWRL
  PubMedSuche in Google Scholar
• 16 Warren R, Solomonides AE, Warsi I, Ding J, Odeh M, Mcclatchey R. et al. MammoGrid – A prototype distributed mammographic database for Europe. Clinical Radiology 2007; 62 (11) 1044-1051.
  CrossrefPubMedSuche in Google Scholar
• 17 The caBig Official Website. Online; 2010 (cited 2010). Available from: https://cabig.nci.nih.gov
  PubMedSuche in Google Scholar
• 18 The caBIG Data Sharing Information. Online; 2008 (cited 2010). Available from: cabig.nci.nih.gov/working_groups/DSIC_SLWG_data_sharing_policy
  PubMed
• 19 The caBIG Documentation and Training Workspace in cooperation with the Data Sharing and Intellectual Capital Workspace and the caGrid Knowl edge Center. Online; 2010 Available from: https://wiki.nci.nih.gov/download/attachments/24271074/Intro_GridTech_DataSharing.pdf
  PubMedSuche in Google Scholar
• 20 Privacy Decission Support. [Online].; 2010 [cited 2010]. Available from: https://cabig-kc.nci.nih.gov/DSIC/KC/index.php/Privacy_Decision_Support
  PubMed
• 21 Data Sharing and Intellectual Capital (DSIC) Knowledge Center. Online; 2010 (cited 2010). Available from: https://cabig-kc.nci.nih.gov/DSIC/KC/index.php/Main_Page
  PubMed
• 22 Casassa Mont M, Crosta S, Kriegelstein T, Sommer D. PRIME Architecture V2. Online; 2007 (cited 2010). Available from: https://www.prime-project.eu/prime_products/reports/arch/pub_del_D14.2.c_ec_WP14.2_v1_Final.pdf
  PubMedSuche in Google Scholar
• 23 PrimeLife. Privacy and Identity Management for Europe for Life. [Online]; 2008 [cited 2010]. Available from: http://www.primelife.eu
  PubMedSuche in Google Scholar
• 24 Rahmouni HB, Solomonides T, Casassa Mont M, Shiu S. Privacy Compliance in European Healthgrid Domains: An ontology-based approach. In: Proceedings of the 22nd IEEE International Symposium of Computer-Based Medical Systems (CBMS) 2009 pp 1-8.
  PubMedSuche in Google Scholar
• 25 Mantas J, Ammenwerth E, Demiris G, Hasman A, Haux R, Hersh W. et al. Recommendations of the International Medical Informatics Association (IMIA) on Education in Biomedical and Health Informatics First Revision. Methods Inf Med 2010; 49 (02) 105-120.
  Thieme ConnectPubMedSuche in Google Scholar
• 26 Kalra D, Singleton P, Milan J, MacKay J, Detmer D, Rector A. et al. Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF). Methods Inf Med 2005; 44 (02) 193-197.
  Thieme ConnectPubMedSuche in Google Scholar