Skip to main content

European Security in Health Data Exchange

Deliverables

Mobile devices tamper detection (prototype)

This deliverable will present the means for mobile devices tamper detection, detecting malware and unauthorised access to devices based on its inherent behavioural characteristics together with the connected behavioural characteristics of an associated user. This second version will be a prototype.

Security monitoring and compliance assurance (prototype)

The second version of this tool will build on the requirements elicited in D5.5 and produce a prototype against which other SHiELD architectural elements may be tested.

Privacy by design models and tools: proof of concept

This initial release will enable work to start on the detailed privacy by design analysis of end-to-end test systems and scenarios proposed also at M12 in Task 6.1. It will cover asset-centric security threats and countermeasures, and basic secure design patterns. This deliverable is the result from Task 4.1 – Task 4.3.

Consent Management (final release)

This deliverable will report the activities developed in relation to consent management. There will be three version of this deliverable. The third and final version will deliver the operational consent management tools to be integrated into SHiELD.

Data sensitivity analysis tools (prototype)

This deliverable will focus on the tools and APIs related to data sensitivity. This second version will be a prototype, aiming at providing the necessary support to WP6 for the initial evaluation of the architecture and functionalities.

SHiELD SecDevOps (Final version)

This deliverable will provide the final version of the SHiELD integrated solution, namely SHiELD DevOps. Three versions are planned for this deliverable. This final version will include mainly the feedback and corrections coming from the application of the tools in the use cases of WP6.

Data sensitivity analysis tools (final release)

This deliverable will focus on the tools and APIs related to data sensitivity. This third and final version will contain the final release of the software and should account for the feedback provided from the potential stakeholders and work towards implementing the appropriate modifications.

SHiELD SecDevOps (Intermediate version)

This deliverable will provide an intermediate version of the SHiELD integrated solution, namely SHiELD DevOps. Three versions are planned for this deliverable. This second version will augment the functionalities delivered in the initial version taking into consideration the requirements coming for the use cases of WP6.

Data hiding tools (final release)

The final version of the implementation of the data hiding tools should account for the feedback provided from the potential stakeholders and work towards implementing the appropriate modifications.

SHiELD SecDevOps (Initial version)

This deliverable will provide an initial version of the SHiELD integrated solution, namely SHiELD DevOps. Three versions are planned for this deliverable. This first version will be an initial prototype with the core functionalities implemented.

Consent Management (prototype)

This deliverable will report the activities developed in relation to consent management. There will be three versions of this deliverable. This second version will develop the model to identify integration of consent with SHiELD architecture.

Privacy by design models and tools: final release plus documentation

This final release will include enhancements based on feedback from the validation experiments from Task 6.3. This deliverable will be produced in two versions: a public version that can be released as open source but lacks models of compliance requirements and some threats, and a confidential full version. This allows exploitation and sustainability using a freemium business model (see Section 2). This deliverable is the result from Task 4.1 – Task 4.3.

Security monitoring and compliance assurance (final release

The final version of the security monitoring and compliance assurance will integrate the prototype in D5.10 with the wider SHiELD architecture to provide an implementable model.

Mobile devices tamper detection (final release)

This deliverable will present the means for mobile devices tamper detection, detecting malware and unauthorised access to devices based on its inherent behavioural characteristics together with the connected behavioural characteristics of an associated user. This final version will contain the final release of the software.

Privacy by design models and tools: first full prototype plus documentation

The first full release will provide the first coverage of regulatory compliance requirements, and include process-centric security threats and countermeasures dealing with data hiding methods during protracted operation of end-to-end data exchange scenarios. This deliverable is the result from Task 4.1 – Task 4.3.

Data hiding tools (prototype)

This second version will be the first implementation of the tools and API’s aiming at providing the necessary support to WP6 for the initial evaluation of the architecture and functionalities.

Privacy by design models and tools: refined prototype plus documentation

This update will be released when the final validation case studies begin, so they can be used in the design analysis for the most complex cross-border cases involving health care and commercial service providers in three separate member states. This deliverable is the result from Task 4.1 – Task 4.3.

SHiELD Requirements Analysis

This document will contain the generic use case description, functional, non-functional and technical requirements of SHiELD’s SecDevOps and supporting tools to be developed in the context of WP4 and WP5.

Mobile devices security tools (requirements and design)

This deliverable will present the means for mobile devices tamper detection, detecting malware and unauthorised access to devices based on its inherent behavioural characteristics together with the connected behavioural characteristics of an associated user. This first release will be focused on a requirements analysis and technical design.

Final validation experiments (initial version)

This report covers the final set of validation experiments involving complex data exchanges between three member states and involving multiple health care providers as well as commercial lifestyle services. As before, this first version will cover the privacy by design and compliance analysis

Data management report Period 2

This deliverable will include the report on data management in the second reporting period (M19-M36) and an update of project’s data management plan (D1.6) if needed. This report will be produced in T1.1.

Ethical protocols and approval

Specification of the ethical research protocols to be used in SHiELD, including specific protocols for validation tests. This report will be produced in T1.3.

Data management report Period 1

This deliverable will include the report on data management in the first reporting period and an update of project’s data management plan (D1.6) if needed. This report will be produced in T1.1.

SHiELD Architecture

This deliverable will contain the detailed design of SHiELD, its components, modules, interfaces as well as release plan associated to the functional and non-functional requirements defined in D2.2.

Report on legal requirements

This document will contain the requirements analysis for the legally and ethically compatible design patterns.

Use case specification and validation methodology

This first deliverable of WP6 has a twofold goal. First, it will report the set of use-cases that will be validated at the end of the project. Use-cases will be defined according and linked to the business logic and processes governing the application scenarios. Use-cases will address general functionalities and architectural components as well as specific scenario-dependent functionalities. D6.1 will also provide a description of the methodology that will be adopted for the validation of the use-cases and list the metrics exploited within the validation process in order to assess the level of privacy and security achieved.

Data management plan (DMP)

Plan detailing what data the project will generate, whether and how it will be exploited or made accessible for verification and re-use, and how it will be curated and preserved. This report will be produced in T1.1.

Security monitoring and compliance assurance (requirements and design

The first release of this deliverable will identify outline requirements for security monitoring and compliance assurance from a consent perspective and is the output from T5.5.

Consent Management (requirements and design)

This deliverable will report the activities developed in relation to consent management. There will be three versions of this deliverable. This first version will outline a model for managing consent at scale.

eHealth security challenges

This deliverable will collect the analysis of current tools, methods, solutions and projects related to data security and privacy in the eHealth domain.

Policy and regulatory recommendations

This deliverable will contain the recommendations addressed to different regulators on a potential standard for privacy-by design.

Data hiding tools (requirements and design)

The first version will present a design and API of the data hiding tools. The design will be based on the use case requirements (T2.2) and developed in concert with the SHiELD Architecture (T2.3).

Secure health data exchange best practices

This separate report will describe best practices in the use of privacy by design methods, the secure data exchange architecture and advanced data protection mechanisms, as established through the SHiELD validation case studies.

Final validation experiments (final version)

This report covers the final set of validation experiments involving complex data exchanges between three member states and involving multiple health care providers as well as commercial lifestyle services. As before, this final version will cover the implementation and test results.

Data sensitivity analysis tools (requirements and design)

This deliverable will focus on the tools and APIs related to data sensitivity. This first release will be focused on a requirements analysis and technical design.

Searching for OpenAIRE data...

Publications

European security in health data exchange. A challenge at emergency department.

Author(s): Eunate Arana Arri Aitor García de Vicuña
Published in: European security in health data exchange. A challenge at emergency department., Issue September the 23th until September the 27th, 2017

A secure cloud framework for ICMetric based IoT health devices

Author(s): Tahir, R., Tahir, H., Sajjad, A. and McDonald-Maier, KD.
Published in: ICC '17 Second International Conference on Internet of Things, Data and Cloud Computing, 2017

Multi-factor authentication using accelerometers for the Internet-of-Things

Author(s): Julian Murphy; Gareth Howells ; Klaus D McDonald-Maier
Published in: 2017 Seventh International Conference on Emerging Security Technologies (EST), 2017

GDPR Impact on health data exchange in European digital environment

Author(s): Paola Aurucci, Eleonora Ciceri, Mariet Nouri Janian, Andrea Micheletti and Alberto Sanna
Published in: 10th International Conference on e-Health (MCCSIS), Madrid 17–19 July, 2018, 2018

Ensuring Secure Health Data Exchange across Europe. SHIELD Project

Author(s): Borja López-Moreno, David Martín-Barrios, Ivan Revuelta-Antizar, Santiago Rodríguez-Tejedor, M. Valle, Eunate Arana-Arri
Published in: Proceedings of the 12th International Joint Conference on Biomedical Engineering Systems and Technologies, 2019, Page(s) 422-430
DOI: 10.5220/0007524004220430

Ask Me No Questions: Increasing Empirical Evidence for a Qualitative Approach to Technology Acceptance (accepted for publication)

Author(s): Brian Pickering, Rachael Bartholomew, Mariet Nouri Janian, Borja Lopéz Moreno
Published in: 2020

GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Author(s): Ed Conley, Matthias Pocs
Published in: European Journal of Biomedical Informatics, 2018, ISSN 1801-5603

On the security of consumer wearable devices in the Internet of Things

Author(s): Hasan Tahir, Ruhma Tahir, Klaus McDonald-Maier
Published in: PLOS ONE, Issue 13/4, 2018, Page(s) e0195487, ISSN 1932-6203
DOI: 10.1371/journal.pone.0195487

Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Author(s): Erkuden Rios, Eider Iturbe, Xabier Larrucea, Massimiliano Rak, Wissam Mallouli, Jacek Dominiak, Victor Muntés, Peter Matthews, Luis Gonzalez
Published in: IET Software, Issue 13/3, 2019, Page(s) 213-222, ISSN 1751-8806
DOI: 10.1049/iet-sen.2018.5293

Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP

Author(s): Xabier Larrucea, Izaskun Santamaria, Ricardo Colomo-Palacios
Published in: IET Software, Issue 13/3, 2019, Page(s) 195-202, ISSN 1751-8806
DOI: 10.1049/iet-sen.2018.5294

A mapping study about the standard ISO/IEC29110

Author(s): Xabier Larrucea, Borja Fernandez-Gauna
Published in: Computer Standards & Interfaces, Issue 65, 2019, Page(s) 159-166, ISSN 0920-5489
DOI: 10.1016/j.csi.2019.03.005

Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0

Author(s): Xabier Larrucea, Micha Moffie, Sigal Asaf, Izaskun Santamaria
Published in: Computer Standards & Interfaces, Issue 69, 2020, Page(s) 103408, ISSN 0920-5489
DOI: 10.1016/j.csi.2019.103408

Resolving Stakeholder Tussles in Healthcare Systems: Ethical Challenges to Data Protection

Author(s): Brian Pickering, Giuliana Faiella, Fabrizio Clemente
Published in: New Trends in Model and Data Engineering - MEDI 2019 International Workshops, DETECT, DSSGA, TRIDENT, Toulouse, France, October 28–31, 2019, Proceedings, Issue 1085, 2019, Page(s) 190-201
DOI: 10.1007/978-3-030-32213-7_15

Multi-value Classification of Ambiguous Personal Data

Author(s): Sigal Assaf, Ariel Farkash, Micha Moffie
Published in: New Trends in Model and Data Engineering - MEDI 2019 International Workshops, DETECT, DSSGA, TRIDENT, Toulouse, France, October 28–31, 2019, Proceedings, Issue 1085, 2019, Page(s) 202-208
DOI: 10.1007/978-3-030-32213-7_16

Modelling Compliance Threats and Security Analysis of Cross Border Health Data Exchange

Author(s): Mike Surridge, Ken Meacham, Juri Papay, Stephen C. Phillips, J. Brian Pickering, Ardavan Shafiee, Toby Wilkinson
Published in: New Trends in Model and Data Engineering - MEDI 2019 International Workshops, DETECT, DSSGA, TRIDENT, Toulouse, France, October 28–31, 2019, Proceedings, Issue 1085, 2019, Page(s) 180-189
DOI: 10.1007/978-3-030-32213-7_14

Dealing with Security in a Real DevOps Environment

Author(s): Xabier Larrucea, Alberto Berreteaga, Izaskun Santamaria
Published in: Systems, Software and Services Process Improvement - 26th European Conference, EuroSPI 2019, Edinburgh, UK, September 18–20, 2019, Proceedings, Issue 1060, 2019, Page(s) 453-464
DOI: 10.1007/978-3-030-28005-5_35

Seeing Potential Is More Important Than Usability: Revisiting Technology Acceptance

Author(s): Brian Pickering, Mariet Nouri Janian, Borja López Moreno, Andrea Micheletti, Alberto Sanno, Michael Surridge
Published in: Design, User Experience, and Usability. Practice and Case Studies - 8th International Conference, DUXU 2019, Held as Part of the 21st HCI International Conference, HCII 2019, Orlando, FL, USA, July 26–31, 2019, Proceedings, Part IV, Issue 11586, 2019, Page(s) 238-249
DOI: 10.1007/978-3-030-23535-2_18

Guest Editorial: Security and Privacy in Cloud-based Systems

Author(s): Xabier Larrucea, Ioannis Komnios
Published in: IET Software, Issue 13/3, 2019, Page(s) 171-171, ISSN 1751-8806
DOI: 10.1049/iet-sen.2019.0105

Forgotten @ Scale: A Practical Solution for Implementing the Right To Be Forgotten in Large-Scale Systems

Author(s): Abigail Goldsteen, Tomer Douek, Yaniv Cohen, Igor Gokhman, Ofir Keren-Ackerman, Gadi Katsovich, Grisha Weintraub, and Doron Ben-Ari
Published in: 2019

Data protection in the healthcare sector

Author(s): Xabier Larrucea
Published in: Open Access Government, 2019