The main problem addressed by SHiELD is to enhance security and regulatory aspects of health data exchange in cross border scenarios. European healtcare systems interconnected throughout the OpenNCP platform must ensure security of the exchanged health data, and the compliance with regulations such as GDPR. This main problem is tackled from different perspectives such as the analysis these scenarios, the design and development of the OpenNCP platform, and, finally, from the runtime perspective.
The Article 45 of the Treaty on the Functioning of the European Union entitles the right of free movements to European citizens. In addition, EU citizens have the right to access healthcare in any EU country and to be reimbursed for care abroad by their home country based on the Directive 2011/24/EU on patients’ rights in cross-border healthcare. Therefore, EU countries must provide the way to access/provide health data among countries under specific circumstances. This project is dealing with several rights such as free movement for the people across European borders, and compliance with regulations such as GDPR.
SHiELD aims to create an open and extendable security architecture supported by security mechanisms and privacy by design modelling and analysis tools to provide systematic protection for the storage and exchange of health data across European borders, subject to control by the data subjects, compatible with existing regulatory frameworks, ensuring the privacy, availability and correctness of the data while improving trust of patients in the security of their data and its use to address their needs.
This general objective is broken down into objectives:
(O1) Systematic protection of health data against threats and cyber-attacks. SHiELD provides support to designers for analysing the possible threats to and vulnerabilities of the data, and support the design of valid measures to protect the data which are compatible with different architectures and with the regulatory requirements in the different jurisdictions in which the (cross-border) end to- end system is operating.
(O2) Definition of a common architecture for secure exchange of health data across European borders. European patients shall improve their access to their health data and health assistance across Europe. This platform is based on the OpenNCP platform which is improved and several functionalities are developed for enhancing security and regulatory aspects.
(O3) Assurance of the protection and privacy of the health data exchange. While data is exchanged among the different Member States, it is needed to ensure that appropriate measures are taken before, during and after data is exchanged to make sure the data is protected, secured and adheres to privacy regulation.
(O4) To understand the legal/regulatory requirements in each member state, which are only partly aligned by previous EU directives and regulations and provide recommendations to regulators for the development of new/improved regulations.
(O5) Validation of SHiELD in different pilots across three Member States: SHiELD Key Results will be tested and piloted in a series of use cases demonstrating the secure storage of data, secure data exchange across borders or between health care and commercial (e.g. lifestyle) services, and management of potential threats that can occur in both cases.
(O6) Dissemination of SHiELD results: to promote adoption of the SHiELD privacy by design approach, secure data exchange architecture, and security and privacy technologies, as well as building trust in users of health services.
