Ontology-Based Privacy Compliance Checking for Clinical Workflows

Transcript

1. Ontology-Based Privacy Compliance Checking for Clinical Workflows Saliha Irem BESIK

   [email protected] Supervisor: Prof. Johann-Christoph Freytag, Ph.D.

2. M O T I VAT I O N : P

   R I VA C Y B Y D E S I G N Design failures can be problematic… S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 2

3. M O T I VAT I O N : P

   R I VA C Y B Y D E S I G N GDPR says: Consider privacy at design phase… Design failures can be problematic… S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 2

4. M O T I VAT I O N : P

   R I VA C Y B Y D E S I G N GDPR says: Consider privacy at design phase… Design failures can be problematic… Good News: Business Processes might help! S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 2

5. M O T I VAT I N G E X

   A M P L E : N E W B O R N S C R E E N I N G S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 3

6. M O T I VAT I N G E X

   A M P L E : N E W B O R N S C R E E N I N G Desk demographic data S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 3

7. M O T I VAT I N G E X

   A M P L E : N E W B O R N S C R E E N I N G Pediatrician medical data Desk demographic data S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 3

8. M O T I VAT I N G E X

   A M P L E : N E W B O R N S C R E E N I N G Lab sensitive blood data Pediatrician medical data Desk demographic data S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 3

9. P R I VA C Y B Y D E

   S I G N V I A C L I N I C A L W O R K F L O W S S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 4

10. P R I VA C Y B Y D E

    S I G N V I A C L I N I C A L W O R K F L O W S Clinical Workflow includes a series of tasks for clinical services S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 4

11. P R I VA C Y B Y D E

    S I G N V I A C L I N I C A L W O R K F L O W S Clinical Workflow includes a series of tasks for clinical services also how tasks are performed, in what order, and by whom S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 4

12. R E S E A R C H P R

    O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5

13. R E S E A R C H P R

    O B L E M ? privacy-aware or not S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5

14. R E S E A R C H P R

    O B L E M ? privacy-aware or not S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 How to detect potential privacy violations on clinical WFs?

15. R E S E A R C H P R

    O B L E M ? privacy-aware or not Ontology-based reasoning approach S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 How to detect potential privacy violations on clinical WFs?

16. R E S E A R C H P R

    O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 ? privacy-aware or not How to define privacy-awareness for clinical WFs?

17. Privacy-aware WF is compliant with: R E S E A

    R C H P R O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 ? privacy-aware or not How to define privacy-awareness for clinical WFs?

18. Privacy-aware WF is compliant with: 1. privacy principles based on

    the General Data Protection Regulation (GDPR) R E S E A R C H P R O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 ? privacy-aware or not How to define privacy-awareness for clinical WFs?

19. Privacy-aware WF is compliant with: 1. privacy principles based on

    the General Data Protection Regulation (GDPR) 2. privacy policies by healthcare providers R E S E A R C H P R O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 ? privacy-aware or not How to define privacy-awareness for clinical WFs?

20. Privacy-aware WF is compliant with: 1. privacy principles based on

    the General Data Protection Regulation (GDPR) 2. privacy policies by healthcare providers 3. privacy preferences of data subjects (patients) R E S E A R C H P R O B L E M S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 5 ? privacy-aware or not How to define privacy-awareness for clinical WFs?

21. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October

    1, ’19 / 24 6

22. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October

    1, ’19 / 24 6

23. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October

    1, ’19 / 24 6

24. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October

    1, ’19 / 24 6

25. ( 1 ) B U I L D O N

    T O L O G Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 7

26. ( 1 ) B U I L D O N

    T O L O G Y semantically represent privacy concepts and BPMN-based clinical workflows S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 7

27. ( 1 ) B U I L D O N

    T O L O G Y semantically represent privacy concepts and BPMN-based clinical workflows Privacy-aware Clinical Workflow (PaCW) Ontology S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 7

28. ( 1 ) B U I L D O N

    T O L O G Y semantically represent privacy concepts and BPMN-based clinical workflows Privacy-aware Clinical Workflow (PaCW) Ontology S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 7

29. P R I VA C Y P R I N

    C I P L E S B A S E D O N G D P R S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 8

30. P R I VA C Y P R I N

    C I P L E S B A S E D O N G D P R • Purpose Specification: Personal data be collected for specified purposes S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 8

31. P R I VA C Y P R I N

    C I P L E S B A S E D O N G D P R • Purpose Specification: Personal data be collected for specified purposes • Consent Check: Data processing is lawful with an explicit consent of a data subject. (e.g. optional procedures like newborn screening) S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 8

32. P R I VA C Y P R I N

    C I P L E S B A S E D O N G D P R • Purpose Specification: Personal data be collected for specified purposes • Consent Check: Data processing is lawful with an explicit consent of a data subject. (e.g. optional procedures like newborn screening) • Limited Retention Period: Personal data be kept for no longer than is necessary S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 8

33. P R I VA C Y P R I N

    C I P L E S B A S E D O N G D P R • Purpose Specification: Personal data be collected for specified purposes • Consent Check: Data processing is lawful with an explicit consent of a data subject. (e.g. optional procedures like newborn screening) • Limited Retention Period: Personal data be kept for no longer than is necessary • Data Minimization: Personal data be limited to what is necessary S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 8

34. • what data is collected • who can use it

    for what purposes • the modality of data processing, whether it is obligatory or voluntary • how long it is retained P R I VA C Y P O L I C Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 9

35. • what data is collected • who can use it

    for what purposes • the modality of data processing, whether it is obligatory or voluntary • how long it is retained P R I VA C Y P O L I C Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 9

36. • what data is collected • who can use it

    for what purposes • the modality of data processing, whether it is obligatory or voluntary • how long it is retained Data Minimization P R I VA C Y P O L I C Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 9

37. • what data is collected • who can use it

    for what purposes • the modality of data processing, whether it is obligatory or voluntary • how long it is retained Consent Data Minimization P R I VA C Y P O L I C Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 9

38. • what data is collected • who can use it

    for what purposes • the modality of data processing, whether it is obligatory or voluntary • how long it is retained Retention Consent Data Minimization P R I VA C Y P O L I C Y S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 9

39. Privacy Preference: expresses a data subject’s (patients) preferences on sharing

    / processing their personal data S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 10

40. ( 1 ) I N T E G R AT

    E C O N C E P T S semantically represent privacy concepts and BPMN-based clinical workflows Privacy-aware Clinical Workflow (PaCW) Ontology S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 11

41. ( 1 ) I N T E G R AT

    E C O N C E P T S semantically represent privacy concepts and BPMN-based clinical workflows Privacy-aware Clinical Workflow (PaCW) Ontology S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 11

42. BPMN Core Elements Data Store Data Object Text Annotation Pool

    Lane Task Start Event End Event Exclusive Gateway Inclusive Gateway Parallel Gateway Sequence Flow Message Flow Data Association Association Clinical Workflow S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 12

43. BPMN Core Elements Data Store Data Object Text Annotation Pool

    Lane Task Start Event End Event Exclusive Gateway Inclusive Gateway Parallel Gateway Sequence Flow Message Flow Data Association Association Clinical Workflow + => Data Aware Workflow S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 12

44. BPMN Core Elements Data Store Data Object Text Annotation Pool

    Lane Task Start Event End Event Exclusive Gateway Inclusive Gateway Parallel Gateway Sequence Flow Message Flow Data Association Association Clinical Workflow + => Data Aware Workflow Data Annotation S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 12

45. BPMN Core Elements Data Store Data Object Text Annotation Pool

    Lane Task Start Event End Event Exclusive Gateway Inclusive Gateway Parallel Gateway Sequence Flow Message Flow Data Association Association Clinical Workflow + => Data Aware Workflow Data Annotation * Different types of Data Handling in BPMN are stated in [1] [1] Besik, Saliha Irem, and Johann-Christoph Freytag. "Ontology-Based Privacy Compliance Checking for Clinical Workflows." S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 12

46. Privacy-aware Clinical Workflow (PaCW) Ontology S.I. Besik, Ontology-Based Privacy Compliance

    Checking for Clinical Workflows, October 1, ’19 / 24 13

47. Privacy-aware Clinical Workflow (PaCW) Ontology starting point S.I. Besik, Ontology-Based

    Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

48. Privacy-aware Clinical Workflow (PaCW) Ontology first version in OWL S.I.

    Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

49. Privacy-aware Clinical Workflow (PaCW) Ontology first version in OWL S.I.

    Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

50. Privacy-aware Clinical Workflow (PaCW) Ontology Privacy Domain first version in

    OWL S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

51. Privacy-aware Clinical Workflow (PaCW) Ontology Privacy Domain first version in

    OWL S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

52. Privacy-aware Clinical Workflow (PaCW) Ontology Clinical Workflow Domain Privacy Domain

    first version in OWL S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 13

53. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule +purpose: Purpose PolicyRule PreferenceRule

    +dataSubject: DataSubject +user: User +data: Data +duration: String +condition: bool +status: bool Purpose +purposeName: String ConsentPolicy +requiresConsent: bool RetentionPolicy +data: Data +retention: String DataMinimizationPolicy +userRole: String +data: List <Data> +condition: bool DataSubject +dataSubjectName: String +prefList: List <PreferenceRule> Data +dataName: String +dataCategory: String User +userName: String +userRole: String Legend: Directed Association Association Generalization recent version of Privacy Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 14

54. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule +purpose: Purpose PolicyRule PreferenceRule

    +dataSubject: DataSubject +user: User +data: Data +duration: String +condition: bool +status: bool Purpose +purposeName: String ConsentPolicy +requiresConsent: bool RetentionPolicy +data: Data +retention: String DataMinimizationPolicy +userRole: String +data: List <Data> +condition: bool DataSubject +dataSubjectName: String +prefList: List <PreferenceRule> Data +dataName: String +dataCategory: String User +userName: String +userRole: String Legend: Directed Association Association Generalization recent version of Privacy Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 14

55. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule +purpose: Purpose PolicyRule PreferenceRule

    +dataSubject: DataSubject +user: User +data: Data +duration: String +condition: bool +status: bool Purpose +purposeName: String ConsentPolicy +requiresConsent: bool RetentionPolicy +data: Data +retention: String DataMinimizationPolicy +userRole: String +data: List <Data> +condition: bool DataSubject +dataSubjectName: String +prefList: List <PreferenceRule> Data +dataName: String +dataCategory: String User +userName: String +userRole: String Legend: Directed Association Association Generalization recent version of Privacy Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 14

56. Privacy-aware Clinical Workflow (PaCW) Ontology Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool adapted from [2] Natschläger, Christine. "Towards a BPMN 2.0 ontology." International Workshop on Business Process Modeling Notation. Springer, Berlin, Heidelberg, 2011. recent version of BPMN Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 15

57. Privacy-aware Clinical Workflow (PaCW) Ontology Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool adapted from [2] Natschläger, Christine. "Towards a BPMN 2.0 ontology." International Workshop on Business Process Modeling Notation. Springer, Berlin, Heidelberg, 2011. recent version of BPMN Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 15

58. Privacy-aware Clinical Workflow (PaCW) Ontology Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool adapted from [2] Natschläger, Christine. "Towards a BPMN 2.0 ontology." International Workshop on Business Process Modeling Notation. Springer, Berlin, Heidelberg, 2011. recent version of BPMN Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 15

59. Privacy-aware Clinical Workflow (PaCW) Ontology Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool adapted from [2] Natschläger, Christine. "Towards a BPMN 2.0 ontology." International Workshop on Business Process Modeling Notation. Springer, Berlin, Heidelberg, 2011. recent version of BPMN Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 15

60. Privacy-aware Clinical Workflow (PaCW) Ontology Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool adapted from [2] Natschläger, Christine. "Towards a BPMN 2.0 ontology." International Workshop on Business Process Modeling Notation. Springer, Berlin, Heidelberg, 2011. recent version of BPMN Ontology in UML S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 15

61. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule + ruleId: int +

    user: User + data: Data + purpose: String User + userId: int + userRole: String Data + dataId: int + dataCategory: String + retention: String PrivacyPolicy + condition: bool PrivacyPreference + consentStatus: bool Privacy Domain S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 16

62. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule + ruleId: int +

    user: User + data: Data + purpose: String User + userId: int + userRole: String Data + dataId: int + dataCategory: String + retention: String PrivacyPolicy + condition: bool PrivacyPreference + consentStatus: bool Privacy Domain S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 16

63. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule + ruleId: int +

    user: User + data: Data + purpose: String User + userId: int + userRole: String Data + dataId: int + dataCategory: String + retention: String PrivacyPolicy + condition: bool PrivacyPreference + consentStatus: bool Privacy Domain Data Object Data Store User Pool Lane Mapping Data Text Annotation Purpose S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 16

64. Privacy-aware Clinical Workflow (PaCW) Ontology PrivacyRule + ruleId: int +

    user: User + data: Data + purpose: String User + userId: int + userRole: String Data + dataId: int + dataCategory: String + retention: String PrivacyPolicy + condition: bool PrivacyPreference + consentStatus: bool Privacy Domain Data Object Data Store User Pool Lane Mapping Data Text Annotation Purpose * Message Flow as ‘Data’ is omitted. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 16

65. PrivacyRule +purpose: Purpose PolicyRule PreferenceRule +dataSubject: DataSubject +user: User +data:

    Data +duration: String +condition: bool +status: bool Purpose +purposeName: String ConsentPolicy +requiresConsent: bool RetentionPolicy +data: Data +retention: String DataMinimizationPolicy +userRole: String +data: List <Data> +condition: bool DataSubject +dataSubjectName: String +prefList: List <PreferenceRule> Data +dataName: String +dataCategory: String User +userName: String +userRole: String Legend: Directed Association Association Generalization Privacy-aware Clinical Workflow (PaCW) Ontology (1) create Java Classes for each UML ontology class* Ω *Eclipse UML Generators is used: https://www.eclipse.org/umlgen/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 17

66. PrivacyRule +purpose: Purpose PolicyRule PreferenceRule +dataSubject: DataSubject +user: User +data:

    Data +duration: String +condition: bool +status: bool Purpose +purposeName: String ConsentPolicy +requiresConsent: bool RetentionPolicy +data: Data +retention: String DataMinimizationPolicy +userRole: String +data: List <Data> +condition: bool DataSubject +dataSubjectName: String +prefList: List <PreferenceRule> Data +dataName: String +dataCategory: String User +userName: String +userRole: String Legend: Directed Association Association Generalization Privacy-aware Clinical Workflow (PaCW) Ontology (1) create Java Classes for each UML ontology class* Ω *Eclipse UML Generators is used: https://www.eclipse.org/umlgen/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 17

67. Privacy-aware Clinical Workflow (PaCW) Ontology (1) create Java Classes for

    each UML ontology class* Ω PrivacyRule +purpose: Purpose PolicyRule ConsentPolicy +requiresConsent: bool *Eclipse UML Generators is used: https://www.eclipse.org/umlgen/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 17

68. Privacy-aware Clinical Workflow (PaCW) Ontology (1) create Java Classes for

    each UML ontology class* Ω PrivacyRule +purpose: Purpose PolicyRule ConsentPolicy +requiresConsent: bool *Eclipse UML Generators is used: https://www.eclipse.org/umlgen/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 17

69. Privacy-aware Clinical Workflow (PaCW) Ontology (1) create Java Classes for

    each UML ontology class* Ω public class ConsentPolicy extends PolicyRule { private boolean requiresConsent; /* getter and setter functions*/ // Constructor public ConsentPolicy(Purpose p, boolean requiresConsent{ super (p); this.requiresConsent = requiresConsent; }} PrivacyRule +purpose: Purpose PolicyRule ConsentPolicy +requiresConsent: bool *Eclipse UML Generators is used: https://www.eclipse.org/umlgen/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 17

70. ( 2 ) F O R M A L I

    Z E P R I VA C Y R U L E S S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 18

71. ( 2 ) F O R M A L I

    Z E P R I VA C Y R U L E S Policy Preference Privacy Rule Consent Data Minimization Retention S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 18

72. ( 2 ) F O R M A L I

    Z E P R I VA C Y R U L E S Policy Preference Privacy Rule Consent Data Minimization Retention PR1: An explicit consent is required for newborn hearing screening. PR2: A pediatrician access the result of the examination only if the result is abnormal. PR3: A hospital can save results for the purpose of hearing screening with a retention limit by 3 years. PR4: Alice consents only pediatrician Bob can perform hearing screening for 6 months on Oct 1, 2019. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 18

73. ( 2 ) F O R M A L I

    Z E P R I VA C Y R U L E S Policy Preference Privacy Rule Consent Data Minimization Retention PR1: An explicit consent is required for newborn hearing screening. PR2: A pediatrician access the result of the examination only if the result is abnormal. PR3: A hospital can save results for the purpose of hearing screening with a retention limit by 3 years. PR4: Alice consents only pediatrician Bob can perform hearing screening for 6 months on Oct 1, 2019. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 18

74. ( 2 ) F O R M A L I

    Z E P R I VA C Y R U L E S Policy Preference Privacy Rule Consent Data Minimization Retention PR1: An explicit consent is required for newborn hearing screening. PR2: A pediatrician access the result of the examination only if the result is abnormal. PR3: A hospital can save results for the purpose of hearing screening with a retention limit by 3 years. PR4: Alice consents only pediatrician Bob can perform hearing screening for 6 months on Oct 1, 2019. * All formal definitions for the compliance checks are in [3] [3] Besik, Saliha Irem, and Johann-Christoph Freytag. "A formal approach to build privacy-awareness into clinical workflows." SICS Software-Intensive Cyber-Physical Systems (2019): 1-12. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 18

75. (2) create PrivacyRuleInstances Ω PR1: An explicit consent is required

    for newborn hearing screening. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 19

76. (2) create PrivacyRuleInstances Ω public class PrivacyRuleInstances{ ConsentPolicy p1 =

    new ConsentPolicy (new Purpose(“hearing-screening"), true);} PR1: An explicit consent is required for newborn hearing screening. S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 19

77. ( 3 ) C H E C K P R

    I VA C Y C O M P L I A N C E S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 20

78. ( 3 ) C H E C K P R

    I VA C Y C O M P L I A N C E (1) create Java Classes for each UML ontology class S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 20

79. ( 3 ) C H E C K P R

    I VA C Y C O M P L I A N C E (1) create Java Classes for each UML ontology class (2) create PrivacyRuleInstances S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 20

80. ( 3 ) C H E C K P R

    I VA C Y C O M P L I A N C E (1) create Java Classes for each UML ontology class (2) create PrivacyRuleInstances (3) create BPMNModel Instance S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 20

81. ( 3 ) C H E C K P R

    I VA C Y C O M P L I A N C E (1) create Java Classes for each UML ontology class (2) create PrivacyRuleInstances (4) execute Reasoner (3) create BPMNModel Instance S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 20

82. (3) create BPMNModel Instance Ω - Parse Clinical Workflow* *Camunda

    BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

83. (3) create BPMNModel Instance Ω Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool - Create a BPMNModel Instance - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

84. (3) create BPMNModel Instance Ω Node Edge InteractionNode BaseElement +belongsTo():

    Lane TextAnnotation +text: String Association +getSource(): BPMNElement +getTarget(): BPMNElement Task Event FlowNode Gateway BPMNData DataOperationTask +haveConsent(): bool StartEvent EndEvent Parallel DataObject DataStore Inclusive Exclusive BPMNElement SequenceFlow +getSource(): FlowNode +getTarget: FlowNode MessageFlow +getSource(): InteractionNode +getTarget(): InteractionNode DataInputAssociation +getSource(): BPMNData +getTarget(): DataOperationTask DataOutputAssociation +getSource(): DataOperationTask +getTarget(): BPMNData DataAssociation DataHandler +getAnnotation(): DataAnnotation Lane +userRole: String +belongsTo(): Pool BPMNModel +elementList: List <BPMNElement> Pool +userRole: String DataAnnotation +purpose: Purpose +data: List <Data> +hasPurpose(): bool +hasData(): bool - Create a BPMNModel Instance - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

85. (3) create BPMNModel Instance Ω - Create a BPMNModel Instance

    - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ pediatrician HIS d:result, p:hear screening perform hearing screening newborn arrives S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

86. (3) create BPMNModel Instance Ω - Create a BPMNModel Instance

    - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ pediatrician HIS d:result, p:hear screening perform hearing screening newborn arrives lane S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

87. (3) create BPMNModel Instance Ω - Create a BPMNModel Instance

    - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ pediatrician HIS d:result, p:hear screening perform hearing screening newborn arrives DataHandler lane S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

88. (3) create BPMNModel Instance Ω - Create a BPMNModel Instance

    - Parse Clinical Workflow* *Camunda BPMN Model API is used: https://docs.camunda.org/manual/7.7/user-guide/model-api/bpmn-model-api/ pediatrician HIS d:result, p:hear screening perform hearing screening newborn arrives DataHandler DataAnnotation lane S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 21

89. (4) execute Reasoner Ω - Create Drools Rules for Compliance

    Check S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

90. (4) execute Reasoner Ω - Create Drools Rules for Compliance

    Check rule "Purpose-Specification-Check" when BPMNModel.DataHandler(!hasDataAnnotation() || !dataAnnotation.hasPurpose()) then System.out.println("Compliance Check fail: Purpose-Specification"); end S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

91. (4) execute Reasoner Ω pediatrician HIS perform hearing screening newborn

    arrives rule "Purpose-Specification-Check" when BPMNModel.DataHandler(!hasDataAnnotation() || !dataAnnotation.hasPurpose()) then System.out.println("Compliance Check fail: Purpose-Specification"); end S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

92. (4) execute Reasoner Ω pediatrician HIS perform hearing screening newborn

    arrives rule "Purpose-Specification-Check" when BPMNModel.DataHandler(!hasDataAnnotation() || !dataAnnotation.hasPurpose()) then System.out.println("Compliance Check fail: Purpose-Specification"); end S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

93. (4) execute Reasoner Ω pediatrician HIS perform hearing screening newborn

    arrives rule "Purpose-Specification-Check" when BPMNModel.DataHandler(!hasDataAnnotation() || !dataAnnotation.hasPurpose()) then System.out.println("Compliance Check fail: Purpose-Specification"); end S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

94. (4) execute Reasoner Ω pediatrician HIS perform hearing screening newborn

    arrives rule "Purpose-Specification-Check" when BPMNModel.DataHandler(!hasDataAnnotation() || !dataAnnotation.hasPurpose()) then System.out.println("Compliance Check fail: Purpose-Specification"); end No DataAnnotation returns Check fail Message S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 22

95. S U M M A RY S.I. Besik, Ontology-Based Privacy

    Compliance Checking for Clinical Workflows, October 1, ’19 / 24 23

96. F U T U R E W O R K

    S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 24

97. F U T U R E W O R K

    • Providing corrective actions to fix the privacy violations S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 24

98. F U T U R E W O R K

    • Providing corrective actions to fix the privacy violations • Transforming non-privacy-aware workflow into a privacy-aware workflow S.I. Besik, Ontology-Based Privacy Compliance Checking for Clinical Workflows, October 1, ’19 / 24 24

99. THANK YOU! QUESTIONS?? Slides at https:/ /irem.dev