Abstract
Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See the official website of the Office of the National Coordinator for Health Information Technology (ONC) in the United States. https://www.healthit.gov/faq/what-are-advantages-electronic-health-records, last accessed 10\(^{th}\) Mar 2019.
- 2.
For example, see in the United States Healthcare Informatics at https://www.healthcare-informatics.com/news-item/cybersecurity/2017-breach-report-477-breaches-56m-patient-records-affected. last accessed 10\(^{th}\) Mar 2019: “in 2017, there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) or the media, and information available for 407 of those incidents, which affected a total of 5.579 million patient records”.
- 3.
For example, article 83 GDPR.
- 4.
Recital 53, GDPR.
- 5.
Article 9 (1), GDPR.
- 6.
Article 25, GDPR.
- 7.
Article 5, GDPR: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability.
- 8.
Recital 78, GDPR.
- 9.
Ibid.
- 10.
Ibid.
- 11.
Article 25 (1), GDPR.
- 12.
Ibid.
- 13.
Ibid.
- 14.
Article 25 (3), GDPR.
- 15.
Recital 78, GDPR.
- 16.
Articles 26 and 28 of the GDPR.
- 17.
Article 27 and 85, Regulation (EU) 2018/1725. For the purposes of this study, the formulations of these articles are equal to the article 25 of the GDPR.
- 18.
Article 4 (15), GDPR.
- 19.
Recital 35, GDPR.
- 20.
Ibid.
- 21.
Article 9 (2) (a) and Article 7, GDPR.
- 22.
Article 9 (2) (c), GDPR.
- 23.
Article 9 (2) (g), GDPR.
- 24.
Article 9 (2) (i), GDPR.
- 25.
The information to be provided to the data subject (Articles 13-14, GDPR), the rights of the data subject to be guarantee (Articles 15-23, GDPR), the general obligations of the controller and processor (Articles 24-31, GDPR), the norms on the security of the data (Articles 32-34, GDPR) and on the data protection impact assessment, the prior consultation with the authority and the data protection officer (Articles 35-39, GDPR).
- 26.
Article 35, GDPR.
- 27.
See Sect. 2.3.
- 28.
Article 83, GDPR.
- 29.
As previously stated, the data protection principles are listed in the article 5 of the GDPR mainly.
- 30.
The secondary use of data for medical research is not illustrated in this work. However, the data collected in EHR systems are often anonymized before being used for secondary scientific research purposes.
- 31.
Article 35, GDPR. As early stated, for EHRs the data protection impact assessment is highly recommended. The data controller of EHRs often process on a large scale personal health data.
- 32.
See the various publications in the field of privacy technologies and the engineering approach at https://www.enisa.europa.eu/topics/data-protection/privacy-by-design, last accessed 10\(^{th}\) Mar 2019.
- 33.
In the ENISA’s report “Reinforcing trust and security in the area of electronic communications and online services, sketching the notion of “state-of-the-art” for SMEs in security of personal data processing” of December 2018 it is underlined that several tools for encryption are available on the market and, as an example, it is recommended that in the context of a medical clinic “the server where patients’ comprehensive electronic health records are stored should be encrypted using robust and known weakness-free encryption algorithms”. https://www.enisa.europa.eu/publications/reinforcing-trust-and-security-in-the-area-of-electronic-communications-and-online-services, last accessed 10\(^{th}\) Mar 2019.
- 34.
Ibid. An interesting polymorphic technique is there mentioned as a pseudonymization example in the health sector.
- 35.
See for example ISO/IEC 19608, ISO/IEC 15408 and ISO/IEC DIS 27552, https://www.iso.org/standard/61186.html and https://www.iso.org/standard/71670.html, last accessed 10\(^{th}\) Mar 2019.
- 36.
See the Italian Data Protection Authority’s Guidelines on the Electronic Health Record and the Health File, published in 2009: “to safeguard data subjects, the purposes in question should accordingly only consist in prevention, diagnosis, care and rehabilitation of the given data subject and exclude any other objective - in particular planning, managing, supervising and assessing health care activities, which can actually be performed in several circumstances without using personal data. This is without prejudice to any requirements arising under criminal law”. https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1672821, last accessed 10\(^{th}\) Mar 2019.
- 37.
As stated above, the secondary use of data for medical research is not considered in this study.
- 38.
See Article 9 (2) (a) (c) (g) (h) (i), GDPR. So the processing is allowed if there is/are: (a) explicit consent; (c) vital interest of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; (g) substantial public interest; (h) purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 capacity; (i) reasons of public interest in the area of public health.
- 39.
Article 12 (7), GDPR includes standardised icon as possible mechanisms to provide information to the data subject.
- 40.
Article 13 and 14, GDPR.
- 41.
In the ENISA’s report “Reinforcing trust and security in the area of electronic communications and online services” (See footnote n. 32 for the complete reference) it is argued that “the number of required factors for each access control system should be proportionate to the sensitivity of IT systems and related information to be accessed”. The two-factor authentication is a widely adopted practice in cases of high risks as in the remote monitoring systems of patients. Therefore, there are already some experiences of multi-factor authentication in the health context.
- 42.
Recital 63, GDPR: “A data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing. This includes the right for data subjects to have access to data concerning their health, for example the data in their medical records containing information such as diagnoses, examination results, assessments by treating physicians and any treatment or interventions provided (...)”.
- 43.
See Sect. 4.1.
- 44.
In these cases the typology of the medical visit or the related information of the scheduled controls could be obscured. Some health related inferences might be made by the administrative staff. Nevertheless, the employees are usually bound to confidentiality clauses.
- 45.
See the website of the European Commission at https://ec.europa.eu/digital-single-market/en/interoperability-standardisation-connecting-ehealth-services, last accessed 10\(^{th}\) Mar 2019.
- 46.
As article 25 GDPR suggests, the certification process for DPbD is possible. See for more articles 42 and 43, GDPR.
- 47.
Article 37 (1) (c), GDPR.
- 48.
Article 37 (3), GDPR.
References
Commission of the European Communities: Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, E-Health - making healthcare better for European citizens: An action plan for a European e-Health Area. COM (2004) 356 final, Brussels (2004)
European Commission: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Commitee and the Commitee of the Regions on the Mid-Term Review on the implementation of the Digital Single Market Strategy, A Connected Digital Single Market for All. COM (2017) 228 final, Bruxelles (2017)
Article 29 Working Party: Working Document on the processing of personal data relating to health in electronic health records (EHR), WP 131, Brussels (2007)
Council of the European Union: Draft Council conclusions on Health in the Digital Society - making progress in data-driven innovation in the field of health. 14078/17, Bruxelles (2017)
32nd International Conference of Data Protection and Privacy Commissioners: Resolution on privacy by design, Jerusalem, Israel, 27–29 October 2010
Lessig, L.: Code, Version 2.0. A Member of the Perseus Books Group/Basic Books, New York (2006)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 4.5. (2016)
Cavoukian, A.: Privacy by Design. Information and Privacy Commissioner, Ontario (2009)
Cavoukian, A.: Operationalizing privacy by design: a guide to implementing strong privacy practices. Information and Privacy Commissioner, Ontario, Canada (2012)
Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change, Recommendations for Businesses and Policymaker. FTC Report (2012). https://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers. Accessed 10 Mar 2019
Solove, D.J., Hartzog, W.: The FTC and the new common law of privacy. Colum. L. Rev. 114, 583 (2014)
Rubinstein, I.S.: Regulating privacy by design. Berkeley Tech. LJ 26, 1409 (2011)
Tamò-Larrieux, A.: Designing for Privacy and its Legal Framework. LGTS, vol. 40. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98624-1
Lessig, L.: Code and Other Laws of Cyberspace. A Member of the Perseus Books Group. Basic Books, New York (1999)
Klitou, D.: Privacy-Invading Technologies and Privacy by Design, Safeguarding Privacy, Liberty and Security in the 21st Century. 25 Information Technology and Law Series. T.M.C. Asser Press, Hague (2014)
Mulligan, D.K., King, J.: Bridging the gap between privacy and design. U. Pa. J. Const. L. 14, 989 (2012)
Bernstein, G.: When new technologies are still new: windows of opportunity for privacy protection. Vill. L. Rev. 51, 921 (2006)
Schartum, D.W.: Making privacy by design operative. IJLT 24, 151 (2016)
Grimmelmann, J.: Privacy as product safety. Widener LJ 19, 793 (2010)
Cavoukian, A.: Privacy by design: the definitive workshop - a foreword by Ann Cavoukian. IDIS 3, 247 (2010)
Kianieff, M.: The evolution of consumer privacy law: how privacy by design can benefit from insights in commercial law and standardization. CJLT 10, 1 (2012)
Hustinx, P.: Privacy by design: delivering the promises. IDIS 3, 253 (2010)
Hartzog, W.: Reexamining privacy value: the value of modest privacy protections in a hyper social world. Colo. Tech. LJ 12, 333 (2014)
Tien, L.: Architectural regulation and the evolution of social norms. Yale J. L. Tech. 7, 1 (2004)
Koops, B.J., Leenes, R.: Privacy regulation cannot be hardcoded, a critical comment on the “privacy by design” provision in data-protection law. Int. Rev. Law Comput. Tech. 28, 1 (2013)
Kamara, I.: Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation “mandate”. EJLT 8(1) (2017)
Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: 4th Conference on Computers Privacy and Data Protection, vol. 317 (2011)
Hintze, M.: Viewing the GDPR through a de-identification lens: a tool for compliance, clarification, and consistency. IDPL 8, 1 (2018)
Krebs, D.: “Privacy by design”: nice-to-have or a necessary principle of data protection law? JIPITEC 4, 2190 (2013)
Reidenberg, J.R.: Lex informatica: the formulation of information policy rules through technology. Tex. L. Rev. 76, 553 (1997–1998)
Hijmans, H.: The European Union as Guardian of Internet Privacy. LGTS, vol. 31. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-34090-6
Gutwirth, S., Leenes, R., De Hert, P.: Data Protection on the Move, Current Developments in ICT and privacy/data protection. 24 Law, Governance and Technology Series. Springer, Netherlands (2016)
Pagallo, U.: On the principle of privacy by design and its limits: technology, ethics and the rule of law. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds.) European Data Protection: In Good Health?. Springer, Dordrecht (2012). https://doi.org/10.1007/978-94-007-2903-2_16
Bair, J.L.: Electronic health records and respect for patient privacy: a prescription for compatibility. Vand. J. Ent. Tech. L. 13, 441 (2011)
European Union Agency for Network and Information Security (ENISA): Privacy by design in big data, an overview of privacy enhancing technologies in the era of big data analytics (2015). https://www.enisa.europa.eu/publications/big-data-protection. Accessed 10 Mar 2019
Rubinstein, I.S., Good, N.: Privacy by design: a counterfactual analysis of Google and Facebook privacy incidents. Berkeley Tech. LJ 28, 1333 (2013)
U.S. Department of Health, Education & Welfare: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems, Records Computers and the Rights of citizens, United States (1973)
Rotenberg, M.: Fair information practices and the architecture of privacy (what Larry doesn’t get). Stan. Tech. L. Rev. 2001, 1 (2001)
European Data Protection Supervisor (EDPS): Preliminary Opinion on privacy by design. Opinion 5/2018 (2018)
Commission Nationale de l’Informatique et des Libertés (CNIL): La forme des choix, Données personnelles, design et frictions désirables. Cahier IP 6 (2019). http://linc.cnil.fr. Accessed 10 Mar 2019
Article 29 Data Protection Working Party: The Future of Privacy, Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data. WP 168 02356/09/EN (2009)
Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data Protection by Design and by Default. EDPL 4, 2 (2018)
Bygrave, L.A.: Data Protection by design and by default: deciphering the EU’s legislative requirements. Oslo L. Rev. 4, 105 (2017)
Voigt, P., Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide. Springer, Netherlands (2017)
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/ECText with EEA relevance, PE/31/2018/REV/1. OJ L 295, 21 November 2018
De Hert, P., Papakonstantinou, V.: The proposed data protection Regulation replacing Directive 95/46/EC: a sound system for the protection of individuals. CLSR 28, 130 (2012)
European Union Agency for Fundamental Rights: Handbook on European data protection law (2018). http://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law. Accessed 10 March 2019
European Commission and Milieu Ltd.: eHealth: Digital health and care Project, Overview of the national laws on electronic health records in the EU Member States (2014). https://ec.europa.eu/health/ehealth/projects/nationallaws_electronichealthrecords_it. Accessed 10 Mar 2019
European Union Agency for Network and Information Security (ENISA): Privacy and data protection in mobile applications. A study on the app development ecosystem and the technical implementation of GDPR (2018). https://www.enisa.europa.eu/publications/privacy-and-data-protection-in-mobile-applications. Accessed 10 Mar 2019
Danezis, G., et al.: European Union Agency for Network and Information Security (ENISA): Privacy and Data Protection by Design, from policy to engineering (2015). https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design. Accessed 10 Mar 2019
Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: International Workshop on Privacy Engineering - IWPE 2016, San Jose, CA, USA (2016)
European Union Agency for Network and Information Security (ENISA): Handbook on Security of Personal Data Processing (2018). https://www.enisa.europa.eu/publications/handbook-on-security-of-personal-data-processing. Accessed 10 Mar 2019
ISO/TS 17975:2015: Health informatics - Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information (2015). https://www.iso.org/home.html. Accessed 10 Mar 2019
Carro, G., Masato, S., Parla, M.D.: La privacy nella sanità. Giuffrè, Torino (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bincoletto, G. (2019). A Data Protection by Design Model for Privacy Management in Electronic Health Records. In: Naldi, M., Italiano, G., Rannenberg, K., Medina, M., Bourka, A. (eds) Privacy Technologies and Policy. APF 2019. Lecture Notes in Computer Science(), vol 11498. Springer, Cham. https://doi.org/10.1007/978-3-030-21752-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-21752-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21751-8
Online ISBN: 978-3-030-21752-5
eBook Packages: Computer ScienceComputer Science (R0)