Slide 1
Slide 1 text
B U I L D I N G P R I VA C Y A WA R E N E S S
I N T O ( C L I N I C A L ) W O R K F L O W S
S. Irem BESIK
besiksal @ informatik.hu-berlin.de
Supervisor: Prof. Johann-Christoph Freytag, Ph.D.
!1
Slide 2
Slide 2 text
M O T I VAT I O N : P R I VA C Y I N C L I N I C A L D O M A I N
Emergency Unit
Pharmacy
Health Insurance
Company
Laboratory
Patient Medical Data Doctor
Nurse
Front Desk
✦ patients' personal medical data
✦ different healthcare providers
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
2
Slide 3
Slide 3 text
M O T I VAT I N G E X A M P L E : N E W B O R N S C R E E N I N G
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
3
Slide 4
Slide 4 text
M O T I VAT I N G E X A M P L E : N E W B O R N S C R E E N I N G
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
3
Lab
sensitive blood data
Pediatrician
medical data
Desk
demographic data
Slide 5
Slide 5 text
P R I VA C Y B Y D E S I G N V I A C L I N I C A L W O R K F L O W S
Clinical Workflow includes
a series of tasks for clinical services
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
4
also how tasks are
performed, in what order, and by
whom
Slide 6
Slide 6 text
R E S E A R C H P R O B L E M
• Transforming non-privacy-aware clinical WFs into privacy-aware ones
• Privacy-aware WF is compliant with:
1. privacy principles based on the EU General Data Protection
Regulation (GDPR)
2. privacy policies by healthcare providers
3. privacy preferences of data subjects (patients)
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
5
Slide 7
Slide 7 text
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
6
Slide 8
Slide 8 text
( 1 ) I N T E G R AT E C O N C E P T S
semantically represent privacy concepts and BPMN-based clinical workflows
Privacy-aware Clinical Workflow (PaCW) Ontology
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
7
Slide 9
Slide 9 text
P R I VA C Y P R I N C I P L E S B A S E D O N G D P R
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
8
Slide 10
Slide 10 text
P R I VA C Y P R I N C I P L E S B A S E D O N G D P R
• Purpose Specification: Personal data be collected for specified purposes
• Consent Check: Data processing is lawful with an explicit consent of a data
subject. (e.g. optional procedures like newborn screening)
• Limited Retention Period: Personal data be kept for no longer than is necessary
• Data Minimization: Personal data be limited to what is necessary
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
8
Slide 11
Slide 11 text
Privacy-aware Clinical Workflow (PaCW) Ontology
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
9
Slide 12
Slide 12 text
Privacy-aware Clinical Workflow (PaCW) Ontology
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
9
Slide 13
Slide 13 text
Privacy-aware Clinical Workflow (PaCW) Ontology
Clinical Workflow Domain
Privacy Domain
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
9
Slide 14
Slide 14 text
PA C W O N T O L O G Y
PrivacyRule
+ ruleId: int
+ user: User
+ data: Data
+ purpose: String
User
+ userId: int
+ userRole: String
Data
+ dataId: int
+ dataCategory: String
+ retention: String
PrivacyPolicy
+ condition: bool
PrivacyPreference
+ consentStatus: bool
Privacy Domain
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
10
Slide 15
Slide 15 text
PA C W O N T O L O G Y
PrivacyRule
+ ruleId: int
+ user: User
+ data: Data
+ purpose: String
User
+ userId: int
+ userRole: String
Data
+ dataId: int
+ dataCategory: String
+ retention: String
PrivacyPolicy
+ condition: bool
PrivacyPreference
+ consentStatus: bool
Privacy Domain
Data
Object
Data
Store
User
Pool
Lane
Mapping
Data
Text
Annotation
Purpose
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
10
Slide 16
Slide 16 text
( 2 ) F O R M A L I Z E P R I VA C Y R U L E S
Policy
Preference
Privacy Rule
Consent
Data Minimization
Retention
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
11
Slide 17
Slide 17 text
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
12
P R I VA C Y P O L I C Y
Slide 18
Slide 18 text
• what data is collected
• who can use it for what purposes
• the modality of data processing, whether it is obligatory or voluntary
• how long it is retained
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
12
P R I VA C Y P O L I C Y
Slide 19
Slide 19 text
• what data is collected
• who can use it for what purposes
• the modality of data processing, whether it is obligatory or voluntary
• how long it is retained Retention
Consent
Data Minimization
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
12
P R I VA C Y P O L I C Y
Slide 20
Slide 20 text
Definition 1 [Consent Privacy Policy]
A consent privacy policy PC consists of rules represented as 2-tuple
pc = (purpose, requiresConsent), where:
•purpose is the reason for which data is accessed;
•requiresConsent ∈ {true, false}
P1: An explicit consent is required for newborn hearing screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
13
Slide 21
Slide 21 text
Definition 1 [Consent Privacy Policy]
A consent privacy policy PC consists of rules represented as 2-tuple
pc = (purpose, requiresConsent), where:
•purpose is the reason for which data is accessed;
•requiresConsent ∈ {true, false}
P1: An explicit consent is required for newborn hearing screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
13
Slide 22
Slide 22 text
Definition 1 [Consent Privacy Policy]
A consent privacy policy PC consists of rules represented as 2-tuple
pc = (purpose, requiresConsent), where:
•purpose is the reason for which data is accessed;
•requiresConsent ∈ {true, false}
(newborn-hearing-screening, true)
P1: An explicit consent is required for newborn hearing screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
13
Slide 23
Slide 23 text
Definition 2 [Data Minimization Privacy Policy]
A data minimization privacy policy PD consists of rules represented as 4-tuple
pd = (user, purpose, data, condition), where:
•user is the set of individuals who access the personal data;
•data is a set of data objects;
•condition indicates additional conditions.
P2: A pediatrician can access the result of the lab examination only if the result is abnormal
for blood screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
14
Slide 24
Slide 24 text
Definition 2 [Data Minimization Privacy Policy]
A data minimization privacy policy PD consists of rules represented as 4-tuple
pd = (user, purpose, data, condition), where:
•user is the set of individuals who access the personal data;
•data is a set of data objects;
•condition indicates additional conditions.
P2: A pediatrician can access the result of the lab examination only if the result is abnormal
for blood screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
14
Slide 25
Slide 25 text
Definition 2 [Data Minimization Privacy Policy]
A data minimization privacy policy PD consists of rules represented as 4-tuple
pd = (user, purpose, data, condition), where:
•user is the set of individuals who access the personal data;
•data is a set of data objects;
•condition indicates additional conditions.
(pediatrician, blood-screening, examination-result, examination-result.isAbnormal)
P2: A pediatrician can access the result of the lab examination only if the result is abnormal
for blood screening.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
14
Slide 26
Slide 26 text
Definition 3 [Retention Privacy Policy]
A retention privacy policy PR consists of rules represented as 4-tuple
r = (user, purpose, data, retention), where:
•retention is the period of time the data is stored.
P3: A hospital can save results for the purpose of hearing screening with a
retention limit by 3 years.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
15
Slide 27
Slide 27 text
Definition 3 [Retention Privacy Policy]
A retention privacy policy PR consists of rules represented as 4-tuple
r = (user, purpose, data, retention), where:
•retention is the period of time the data is stored.
P3: A hospital can save results for the purpose of hearing screening with a
retention limit by 3 years.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
15
Slide 28
Slide 28 text
Definition 3 [Retention Privacy Policy]
A retention privacy policy PR consists of rules represented as 4-tuple
r = (user, purpose, data, retention), where:
•retention is the period of time the data is stored.
(hospital, hearing-screening, result, 3 years)
P3: A hospital can save results for the purpose of hearing screening with a
retention limit by 3 years.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
15
Slide 29
Slide 29 text
Privacy Preference: expresses a data subject’s (patients) preferences on
sharing / processing their personal data
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
16
Slide 30
Slide 30 text
Definition 4 [Privacy Preference]
A privacy preference R consists of rules represented as 6-tuple
r = (dataSubject, user, purpose, data, duration, entryDate), where:
•dataSubject is the individual whom personal data is about;
•duration is the duration of preference;
•entryDate is the entry date of preference.
R1: Alice gives consent that only pediatrician Bob can perform hearing screening
for 6 months on June 19, 2019.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
17
Slide 31
Slide 31 text
Definition 4 [Privacy Preference]
A privacy preference R consists of rules represented as 6-tuple
r = (dataSubject, user, purpose, data, duration, entryDate), where:
•dataSubject is the individual whom personal data is about;
•duration is the duration of preference;
•entryDate is the entry date of preference.
R1: Alice gives consent that only pediatrician Bob can perform hearing screening
for 6 months on June 19, 2019.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
17
Slide 32
Slide 32 text
Definition 4 [Privacy Preference]
A privacy preference R consists of rules represented as 6-tuple
r = (dataSubject, user, purpose, data, duration, entryDate), where:
•dataSubject is the individual whom personal data is about;
•duration is the duration of preference;
•entryDate is the entry date of preference.
(Alice, only Bob, hearing-screening, any, 6months, 2019-06-19)
R1: Alice gives consent that only pediatrician Bob can perform hearing screening
for 6 months on June 19, 2019.
formal representation ?
Example:
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
17
Slide 33
Slide 33 text
( 3 ) C H E C K P R I VA C Y C O M P L I A N C E & T R A N S F O R M
I N T O P R I VA C Y- AWA R E C L I N I C A L W O R K F L O W ( PA C W )
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
18
Slide 34
Slide 34 text
Clinical Workflow
BPMN Core Elements
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
19
Data
Store
Data
Object
Text
Annotation
Pool
Lane
Task
Start Event End Event
Exclusive
Gateway
Inclusive
Gateway
Parallel
Gateway
Sequence Flow Message Flow Data Association Association
Slide 35
Slide 35 text
Clinical Workflow
BPMN Core Elements
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
19
Data
Store
Data
Object
Text
Annotation
Pool
Lane
Task
Start Event End Event
Exclusive
Gateway
Inclusive
Gateway
Parallel
Gateway
Sequence Flow Message Flow Data Association Association
+
=> Data Aware Workflow
Slide 36
Slide 36 text
Case
Data-Aware WF Policy Preference
Data Subject
+ + +
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
20
Slide 37
Slide 37 text
Case
Data-Aware WF Policy Preference
Data Subject
+ + +
Privacy-Aware Case
?
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
20
Slide 38
Slide 38 text
Privacy-Aware Case
Data-Aware WF
compliant with Purpose Specification Principle
compliant with Data Minimization Principle
Data-Aware WF Policy Preference
Data Subject
+ + + compliant with
Consent Check
Principle
compliant with Limited Retention Principle
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
21
Slide 39
Slide 39 text
Privacy-Aware Case
Data-Aware WF
compliant with Purpose Specification Principle
Data-Aware WF Policy Preference
Data Subject
+ + + compliant with
Consent Check
Principle
compliant with Limited Retention Principle
compliant with Data Minimization Principle
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
21
Slide 40
Slide 40 text
λ: F →(D, p)
λ1 (F) = D, λ2 (F) = p
∀f ∈ F, λ2 (f) ≠ ∅
F → a set of data associations
D → a set of data objects
p → a purpose
P U R P O S E S P E C I F I C AT I O N C O M P L I A N C E C H E C K
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
22
Slide 41
Slide 41 text
λ: F →(D, p)
λ1 (F) = D, λ2 (F) = p
∀f ∈ F, λ2 (f) ≠ ∅
F → a set of data associations
D → a set of data objects
p → a purpose
P U R P O S E S P E C I F I C AT I O N C O M P L I A N C E C H E C K
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
22
Slide 42
Slide 42 text
P U R P O S E S P E C I F I C AT I O N C O M P L I A N C E C H E C K
purpose ! = ∅
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
22
Slide 43
Slide 43 text
P U R P O S E S P E C I F I C AT I O N C O M P L I A N C E C H E C K
purpose ! = ∅
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
22
Slide 44
Slide 44 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 1 )
A <> B means that B can occur only if A occurred before.
During design time: Consent Check Pattern
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
23
Slide 45
Slide 45 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 1 )
Consent privacy policy includes:
(purpose, requiresConsent = true)
Given a Data-aware WF, check Consent Check Pattern predeces Data Operation Task
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
24
Slide 46
Slide 46 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 1 )
Consent privacy policy includes:
(purpose, requiresConsent = true)
Given a Data-aware WF, check Consent Check Pattern predeces Data Operation Task
∀f ∈ F, (λ2
(f), true) ∈ PC => SCAN (t) = true
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
24
Slide 47
Slide 47 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 1 )
Consent privacy policy includes:
(purpose, requiresConsent = true)
Given a Data-aware WF, check Consent Check Pattern predeces Data Operation Task
∀f ∈ F, (λ2
(f), true) ∈ PC => SCAN (t) = true
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
24
Slide 48
Slide 48 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 1 )
Consent privacy policy includes:
(purpose, requiresConsent = true)
Given a Data-aware WF, check Consent Check Pattern predeces Data Operation Task
created a function traversing all sequence flows reaching Data Operation Task
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
24
Slide 49
Slide 49 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
Consent privacy policy includes:
(purpose, requiresConsent = true)
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 50
Slide 50 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 51
Slide 51 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 52
Slide 52 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
r = (DataSubject, user, purpose, data, duration, entryDate)
?
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 53
Slide 53 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
user
r = (DataSubject, user, purpose, data, duration, entryDate)
?
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 54
Slide 54 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
user
r = (DataSubject, user, purpose, data, duration, entryDate)
?
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 55
Slide 55 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
user
r = (DataSubject, user, purpose, data, duration, entryDate)
?
today - entryDate >= duration
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 56
Slide 56 text
C O M P L I A N C E W I T H C O N S E N T C H E C K ( 2 )
During run time: Check Privacy Preferences
Preference
DataSubject
+
Consent privacy policy includes:
(purpose, requiresConsent = true)
user
r = (DataSubject, user, purpose, data, duration, entryDate)
today - entryDate >= duration
valid
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
25
Slide 57
Slide 57 text
T R A N S F O R M AT I O N
predefined transformation actions for the privacy violations
captured during compliance check
Purpose Specification: at least one specific purpose for each data operation
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
26
Slide 58
Slide 58 text
When no purpose specified privacy violation
T R A N S F O R M AT I O N
predefined transformation actions for the privacy violations
captured during compliance check
Purpose Specification: at least one specific purpose for each data operation
transformation action return message as a warning
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
26
Slide 59
Slide 59 text
T R A N S F O R M AT I O N - C O N S E N T C H E C K
Some tasks are legitimate only with an explicit consent of a data subject.
consent required, but no consent privacy violation
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
27
Slide 60
Slide 60 text
T R A N S F O R M AT I O N - C O N S E N T C H E C K
Some tasks are legitimate only with an explicit consent of a data subject.
consent required, but no consent privacy violation
transformation action adding consent check pattern beforehand
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
27
Slide 61
Slide 61 text
T R A N S F O R M AT I O N - C O N S E N T C H E C K
Some tasks are legitimate only with an explicit consent of a data subject.
consent required, but no consent privacy violation
transformation action adding consent check pattern beforehand
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
27
Slide 62
Slide 62 text
E X A M P L E : H E A R I N G P R O C E D U R E -
B E F O R E T R A N S F O R M AT I O N
maternity clinic
pediatrician
HIS
d:result,
p:hear screening
d:hear screening
medical data,
p:hear screening
perform hearing
screening
newborn arrives
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
28
Slide 63
Slide 63 text
E X A M P L E : H E A R I N G P R O C E D U R E -
B E F O R E T R A N S F O R M AT I O N
P1: An explicit consent is required for newborn hearing screening procedure.
maternity clinic
pediatrician
HIS
d:result,
p:hear screening
d:hear screening
medical data,
p:hear screening
perform hearing
screening
newborn arrives
(hearing-screening, true) ∈ Consent Policy
purpose
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
28
Slide 64
Slide 64 text
E X A M P L E : H E A R I N G P R O C E D U R E -
B E F O R E T R A N S F O R M AT I O N
P1: An explicit consent is required for newborn hearing screening procedure.
maternity clinic
pediatrician
HIS
d:result,
p:hear screening
d:hear screening
medical data,
p:hear screening
perform hearing
screening
newborn arrives
(hearing-screening, true) ∈ Consent Policy
purpose
?
check Consent Check Pattern predeces “perform hearing screening”
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
28
Slide 65
Slide 65 text
E X A M P L E : H E A R I N G P R O C E D U R E -
B E F O R E T R A N S F O R M AT I O N
P1: An explicit consent is required for newborn hearing screening procedure.
maternity clinic
pediatrician
HIS
d:result,
p:hear screening
d:hear screening
medical data,
p:hear screening
perform hearing
screening
newborn arrives
(hearing-screening, true) ∈ Consent Policy
X
purpose
check Consent Check Pattern predeces “perform hearing screening”
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
28
Slide 66
Slide 66 text
H E A R I N G P R O C E D U R E - A F T E R T R A N S F O R M AT I O N
maternity clinic
pediatrician
newborn arrives
check consent
inform parents and
ask for consent
d:result,
p:hear screening
HIS
d:hear screening
medical data,
p:hear screening
perform hearing
screening
yes
no
consent
d:consent,
p:hear screening
parent
corrective action: add consent check pattern beforehand
rule triggered due to performing hearing screening without consent check
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
29
Slide 67
Slide 67 text
S U M M A RY
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
30
Slide 68
Slide 68 text
S U M M A RY
S.I. Besik, Building Privacy Awareness into Clinical Workflows, June 19, ’19 / 30
30
?
Slide 69
Slide 69 text
THANK YOU! QUESTIONS??