Business and legal framework for health data privacy assessment: example of ambient assisted living

K. Ghorai, J.M. Smits, Pr. Ray, M. Kluitman

Onderzoeksoutput: Bijdrage aan congresAbstractAndere onderzoeksoutput

Uittreksel

Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.
TaalEngels
Pagina's1-12
Aantal pagina's12
DOI's
StatusGepubliceerd - 29 okt 2015

Vingerafdruk

Data privacy
Health
Industry
Assisted living
Electronic data interchange
Authentication

Trefwoorden

    Citeer dit

    @conference{d2bd3cdd3936464f8d39b23af1bc88c6,
    title = "Business and legal framework for health data privacy assessment: example of ambient assisted living",
    abstract = "Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.",
    keywords = "data privacy, security, business framework, legal framework, privacy regulation",
    author = "K. Ghorai and J.M. Smits and Pr. Ray and M. Kluitman",
    year = "2015",
    month = "10",
    day = "29",
    doi = "10.13140/RG.2.1.4776.6485",
    language = "English",
    pages = "1--12",

    }

    Business and legal framework for health data privacy assessment : example of ambient assisted living. / Ghorai, K.; Smits, J.M.; Ray, Pr.; Kluitman, M.

    2015. 1-12.

    Onderzoeksoutput: Bijdrage aan congresAbstractAndere onderzoeksoutput

    TY - CONF

    T1 - Business and legal framework for health data privacy assessment

    T2 - example of ambient assisted living

    AU - Ghorai,K.

    AU - Smits,J.M.

    AU - Ray,Pr.

    AU - Kluitman,M.

    PY - 2015/10/29

    Y1 - 2015/10/29

    N2 - Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.

    AB - Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.

    KW - data privacy

    KW - security

    KW - business framework

    KW - legal framework

    KW - privacy regulation

    U2 - 10.13140/RG.2.1.4776.6485

    DO - 10.13140/RG.2.1.4776.6485

    M3 - Abstract

    SP - 1

    EP - 12

    ER -