Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HS.Register An audit-trail tool to respond to the General Data Protection Regulation (GDPR)

Duarte Ferreira
April 24, 2018
60

HS.Register An audit-trail tool to respond to the General Data Protection Regulation (GDPR)

The presentation done for MIE 2018 about HS.Register and GDPR in healthcare

Duarte Ferreira

April 24, 2018
Tweet

Transcript

  1. Macro-to-nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    LOGO da conferência ou evento HS.Register An audit-trail tool to respond to the General Data Protection Regulation (GDPR) Duarte GONÇALVES-FERREIRA, Mariana LEITE, Cátia SANTOS-PEREIRA, Manuel E. CORREIA, Luis ANTUNES and Ricardo CRUZ-CORREIA
  2. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • Strengthen and unify data protection for all individuals within the EU • Give control back to citizens and residents over their personal data • Address the transfer of personal data outside the EU • Simplify the regulatory environment for international business GDPR intends to
  3. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • Increased breadth and scope: personal data will be defined as anything that could be used to identify a ‘data subject’, including computer IP addresses. Plus, the regulation now applies to all companies that process personal data of EU citizens, wherever those companies are based. • Increased penalties: these will now be up to €20 million or 4% of annual global turnover (whichever is greater) for serious infringements. • Increased control: data subjects will have the right to be ‘forgotten’ with their data erased; the right to access data held on them; and the right to request data to be passed to a third party. Main changes to regulation
  4. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • Increased transparency: data subjects must know what data will be held and how it will be processed. Plus, companies must specifically name any other businesses the data will be shared with. • Increased rigor around consent: individuals are now required to gain active opt-ins that are explicit (instead of implied) and unambiguous. • Increased security: companies will also need to be able to demonstrate how they are keeping data safe and must report any data breach within 72 hours. Main changes to regulation(cont.)
  5. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • Healthcare sector is a maze of complex data usage • Large number of users (easily there are more than 1000 health professionals in each hospital) • Tens of applications / databases from different providers per institution (mean> 25 per institution, > 60 in larger hospitals) • Patient information considered valuable for various external institutions Healthcare’s Ecosystem Heterogeneity Inside hospitals
  6. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    HS.Register - High level architecture • Data should not be updatable and be analysable • It should be highly scalable and performant, other systems should not be affected • Registered events should be non-refutable and non-removable • Data should be auditable and traceable.
  7. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    Results ( number of messages in thousands per week) Hospital A Hospital B Hospital C Hospital D Hospital E Total Application Logs Total 68 826 * 24 * * 68 850 E.R. 57 131 57 131 RIS 11 695 24 11 719 HL7 Total 1 581 327 961 106 44 3 019 ACK 453 161 475 47 21 1 157 OML 344 32 202 11 589 SIU 239 11 72 322 ORU 116 100 53 28 297 ADT 50 11 67 1 129 ORM 78 11 89 Other 301 1 92 31 11 436 External Access Total 8 800 9 383 3 489 * * 21 672 Total 79 208 9 710 4 475 106 44 93 543
  8. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • You have a new partnership with an external lab that allows your lab exam requests to be sent directly to the lab and scheduled. • Every time you need an exam from this lab you must trade information about the exam and the patient in order to schedule it. • After an upgrade there was a bug on the communication application and your application now shares private demographic information about your patient’s family. How can you identify this changes? Auditing data communications with outside institutions (Use Case)
  9. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    • You hired a external team to support the Institution’s IT service in a migration to a new virtualization platform. • They need access to your production databases to do the job you are paying them for. • Someone was selling private data to an insurance company and there was no trace of the actions on the database. • What can you do? Unauthorized access to data (Use Case)
  10. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    Proof of Action Data is stored in the HS.Register repository where data cannot be normally deleted.
  11. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    For the GDPR, more importantly than the information itself, it is the knowledge of who, when and with what purpose the information is accessed and where it is stored and used. With the correct level of integration, the HS.Register could help comply with GDPR requirements, put the IT team back in control, identify problems sooner, identify the source of the problem and improve the overall quality of every Hospital Information System (HIS) and ultimately improve patient care. Conclusion
  12. |Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

    The authors would like to thank the Project NanoSTIMA (NORTE-01-0145-FEDER-000016). It is financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF). Acknowledgments