Skip to main content
SpringerLink
Log in

Enabling Privacy by Design in Medical Records Sharing

  • Chapter
  • First Online:
Book cover Reforming European Data Protection Law

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 20))

Abstract

In healthcare a multiplicity of actors needs to access and share patients’ data while being compliant with policies defined by data protection legislation. Building frameworks to enable stakeholders to design and develop data-sharing mechanisms in compliance with legislations is a challenging task.

In this work, we propose a methodology and a platform called CHINO, inspired by Privacy by Design principles, to guide the involved stakeholders during the definition of data-sharing processes by using visual representations such as Business Process Modelling (BPM). BPM enables the stakeholders to reason and share their understanding about privacy aspects from early analysis phases, while CHINO platform provides the execution framework for the defined BPM processes and privacy policies.

To prove the CHINO efficacy, we show how policies extracted from legislations can be modelled and executed and we report our studies with end-users with whom we validated the system usability. We analyse also CHINO from a legal point of view and its compliance with data protection legislations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Richard Hillestad et al., “Can electronic medical record systems transform health care? Potential health benefits, savings, and costs,” Health Affairs (2005): 24.

  2. 2.

    Italian Data Protection Authority, Guidelines on the Electronic Health Record. and the Health File, [doc. Web 1634116] July 16, 2009, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/export/1634116.

  3. 3.

    epSOS European eHealth project, http://www.epsos.eu/; Article 29 Data Protection Working Party, Working Document 01/2012 on epSOS, Adopted on 25 January 2012, wp 189.

  4. 4.

    European Parliament and Council: Directive 95/46/EC: Directive on protection of individuals with regard to the processing of personal data and on the free movement of such data; Italian Data Protection Code: Legislative Decree No. 196/2003. See also, European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation),2012; European Parliament and Council: Directive 2011/24/EU: Directive on the application of patients’ rights in cross-border healthcare; See also Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2., 2012.

  5. 5.

    Ann Cavoukian, “Privacy by Design,” Information & Privacy Commissioner, Ontario, Canada. http://www.ipc.on.ca/images/Resources/privacybydesign.pdf. (2009).

  6. 6.

    The Guardian, NHS staff breach personal data 806 times in three years, 2011. Available at: http://www.theguardian.com/healthcare-network/2011/oct/28/nhs-staff-breach-personal-data-806-times. Accessed on January 2014.

  7. 7.

    Ann Cavoukian, “Privacy in the Clouds,” Identity in the Information Society (2009): 1.

  8. 8.

    Ann Cavoukian, “Personal Data Ecosystem (PDE) – A Privacy by Design Approach to an Individual’s Pursuit of Radical Control,” in Digital Enlightenments Yearbook 2013. The Value of Personal Data, ed. Mireille Hildebrandt et al. (IOS Press, 2013), 89–101.

  9. 9.

    Activiti BPM Platform, Available at http://activiti.org/.; Richard Lenz and Manfred Reichert, “It support for healthcare processes premises, challenges, perspectives”. Data Knowledge Engineering (2007): 61.

  10. 10.

    Legislative Decree No. 196/2003.

  11. 11.

    Directive 95/46/EC. See also, European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

  12. 12.

    Office for Civil Rights. HIPAA, medical privacy national standards to protect the privacy of personal health information. 2000.

  13. 13.

    Richard Hillestad et al., “Can electronic medical record systems transform health care? Potential health benefits, savings, and costs,” Health Affairs (2005): 24.

  14. 14.

    Practice Fusion, Free Web-based Electronic Health Record, www.practicefusion.com.

  15. 15.

    Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012).

  16. 16.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB workshop (2010): 63–68.

  17. 17.

    Richard Lenz and Manfred Reichert, “It support for healthcare processes premises, challenges, perspectives,” Data Knowledge Engineering (2007): 61.

  18. 18.

    Avner Ottensooser et al., “Making sense of business process descriptions: An experimental comparison of graphical and textual notations,” Journal of Systems and Software (2012): 85.

  19. 19.

    Jan C. Recker and Alexander Dreiling, “Does it matter which process modelling language we teach or use? An experimental study on understanding process modelling languages without formal education,” in 18th Australasian Conference on Information Systems (University of Southern Queensland, 2007.

  20. 20.

    See for instance Helen Sharp, “Interaction design,” (Wiley.com., 2003).

  21. 21.

    Trevor Breaux et al., “Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations,” in Requirements Engineering, 14th IEEE International Conference (2006), 49–58.

  22. 22.

    Ahmed Awad et al., “An iterative approach for business process template synthesis from compliance rules,” Advanced Information Systems Engineering (2011): 6741.

  23. 23.

    Rachel K. E. Bellamy et al., “Seeing is believing: designing visualizations for managing risk and compliance,” IBM System Journal (2007): 46.

  24. 24.

    Ruopeng Lu et al., “Compliance-aware business process design,” BPM Workshops (2008): 4928.

  25. 25.

    Zoran Milosevic et al., “Translating business contract into compliant business processes,” in EDOC’06 (IEEE Computer Society, 2006), 211–220.

  26. 26.

    Ann Cavoukian, “Privacy by Design,”, Information & Privacy Commissioner, Ontario, Canada. http://www.ipc.on.ca/images/Resources/privacybydesign.pdf. (2009); Ann Cavoukian, “Privacy in the Clouds,” Identity in the Information Society (2009): 1; Peter Schaar “Privacy by Design,” Identity in the Information Society (2010): 3.

  27. 27.

    Bert-Jaap Koops and Ronald Leenes. “Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law.” International Review of Law, Computers & Technology ahead-of-print (2013): 1–13. See also, Ugo Pagallo. “On the Principle of Privacy by Design and its Limits: Technology, Ethics and the Rule of Law”. European Data Protection 2012: 331–346.

  28. 28.

    Paolo Balboni and Milda Macenaite, “Privacy by Design and anonymisation techniques in action: Case study of Ma3tch technology,” Computer Law and Security Review (2013): 29; Antonio Kung et al., “Privacy-by-design in its applications,” in 2nd Int. Workshop on Data Security and Privacy in Wireless Networks (D-SPAN, 2011), 1–6.

  29. 29.

    Article 29 Data Protection Working Party, The Future of Privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, WP 168, (2009).

  30. 30.

    Jovan Stevovic et al., “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6.

  31. 31.

    Directive 95/46/EC.

  32. 32.

    Office for Civil Rights, HIPAA, medical privacy national standards to protect the privacy of personal health information.

  33. 33.

    David G. Gordon, and Travis D. Breaux. “Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking.” Requirements Engineering Conference, IEEE, 2012.

  34. 34.

    Directive 95/46/EC.

  35. 35.

    Legislative Decree No. 196/2003.

  36. 36.

    Italian Data Protection Authority, Guidelines on the Electronic Health Record; Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012).

  37. 37.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB workshop (2010): 6368; Municipality of Trento. Regulations for the protection of personal data of the municipality of Trento. http://www.comune.trento.it/, 2007; Municipality of Trento. Operational guidelines to privacy. http://www.comune.trento.it/, 2009.

  38. 38.

    Directive 95/46/EC and in particular Directive 2011/24/EU.

  39. 39.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB Workshop (2010): 6368.

  40. 40.

    Alberto Siena et al., “Establishing regulatory compliance for IS requirements: an experience report from the health care domain,” 29th Int. Conf. on Conceptual Modelling (2010): 6412.

  41. 41.

    Richard Lenz and Manfred Reichert, “It support for healthcare processes premises, challenges, perspectives,” Data Knowledge Engineering (2007): 61.

  42. 42.

    We give examples of such representations in Jovan Stevovic et al., “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6; but also leave to the users the freedom to choose the most appropriate representation according to the recommendations by Article 29 Data Protection Working Party, Working Document on the processing of personal data relating to health in Electronic Health Records (EHR), Adopted on 15/02/2007, wp 131.; Ruopeng Lu et al., “Compliance-aware business process design” BPM Workshops (2008): 4928; Alberto Siena et al., “Establishing regulatory compliance for IS requirements: an experience report from the health care domain,” 29th Int. Conf. on Conceptual Modelling (2010): 6412.

  43. 43.

    OMG, BPMN–Business Process Model and Notation v2.0 Specification, 2011, Available at http://www.omg.org/spec/BPMN/2.0/.

  44. 44.

    Activiti BPM Platform, Available at http://activiti.org/.

  45. 45.

    For a more exhaustive technical description see Jovan Stevovic et al., “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6.

  46. 46.

    According to new rules proposed by European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

  47. 47.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB Workshop (2010): 6368.

  48. 48.

    This is the case of Italian law: Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012).

  49. 49.

    Office for Civil Rights. HIPAA, medical privacy national standards to protect the privacy of personal health information.

  50. 50.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB Workshop (2010): 6368.

  51. 51.

    Jovan Stevovic et al., “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6.

  52. 52.

    Jovan Stevovic et al. “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6.

  53. 53.

    Activiti BPM Platform, Available at http://activiti.org/.

  54. 54.

    Helen Sharp, “Interaction design,” (Wiley.com., 2003).

  55. 55.

    Alessio Giori, “Design, development and validation of a methodology and platform for compliance-aware medical record management”, Master’s degree thesis at University of Trento, 2013.

  56. 56.

    Article 29 Data Protection Working Party, Working Document 01/2012 on epSOS, Adapted on 25 January 2012, wp 189.

  57. 57.

    Article 29 Data Protection Working Party, Working Document on the processing of personal data relating to health in Electronic Health Records (EHR), Adopted on 15 February 2007, wp 131.

  58. 58.

    Ann Cavoukian, “Personal Data Ecosystem (PDE) – A Privacy by Design Approach to an Individual’s Pursuit of Radical Control,” In Digital Enlightenments Yearbook 2013. The Value of Personal Data, ed. Mireille Hildebrandt et al. (IOS Press, 2013), 89–101.

  59. 59.

    Directive 2011/24/EU.

  60. 60.

    Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012).

  61. 61.

    Integrating the Healthcare Enterprise (IHE), “IHE IT infrastructure (ITI) technical framework”, Integration Profiles, v. 8, (2011).

  62. 62.

    Legislative Decree No. 196/2003.

  63. 63.

    European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). (2012).

  64. 64.

    Article 29 Data Protection Working Party, Opinion 15/2011 on the definition of consent, Adopted on 13 July 2011, wp 187.

  65. 65.

    Article 29 Data Protection Working Party, Opinion 3/2013 on purpose limitation, Adopted on 2 April 2013, wp 203.

  66. 66.

    Giampaolo Armellin et al., “Privacy preserving event driven integration for interoperating social and health systems,” Secure Data Management 7th VLDB Workshop (2010): 6368; Jovan Stevovic et al., “Business process management enabled compliance-aware medical record sharing,” Int. J. Business Process Integration and Management (2013):6.

  67. 67.

    Italian Ministry of Innovation and Technology, InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012).

  68. 68.

    Italian Data Protection Authority, Guidelines on the Electronic Health Record.

  69. 69.

    Italian Data Protection Authority, Guidelines on the Electronic Health Record.

  70. 70.

    Article 29 Data Protection Working Party, Working Document on the processing of personal data relating to health in Electronic Health Records (EHR), Adopted on 15 February 2007, wp 131.

  71. 71.

    Italian Data Protection Authority, Newsletter about the Inspection Plan. February 14 2013, Available at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2256479.

  72. 72.

    Rachel K. E. Bellamy et al., “Seeing is believing: designing visualizations for managing risk and compliance,” IBM System Journal (2007): 46; Avner Ottensooser et al., “Making sense of business process descriptions: An experimental comparison of graphical and textual notations,” Journal of Systems and Software (2012): 85; Jan C. Recker and Alexander Dreiling, “Does it matter which process modelling language we teach or use? An experimental study on understanding process modelling languages without formal education,” in 18th Australasian Conference on Information Systems (University of Southern Queensland, 2007).

References

  • Activiti BPM Platform, Available at http://activiti.org/.

  • Armellin, Giampaolo, Dario Betti, Fabio Casati, Annamaria Chiasera, Gloria Martìnez, and Jovan Stevovic. “Privacy preserving event-driven integration for interoperating social and health systems.” In Proceedings of the 7th VLDB Conference on Secure Data Management, SDM’10, 6368 (2010): 54–69.

    Google Scholar 

  • Article 29 Data Protection Working Party, Working Document 01/2012 on epSOS, Adopted on 25 January 2012, wp 189. (2012)

    Google Scholar 

  • Article 29 Data Protection Working Party, Working Document on the processing of personal data relating to health in Electronic Health Records (EHR), Adopted on 15 February 2007, wp 131. (2007)

    Google Scholar 

  • Article 29 Data Protection Working Party, Opinion 15/2011 on the definition of consent, Adopted on 13 July 2011, wp 187. (2011)

    Google Scholar 

  • Article 29 Data Protection Working Party, Opinion 3/2013 on purpose limitation, Adopted on 2 April 2013, wp 203. (2013)

    Google Scholar 

  • Article 29 Data Protection Working Party, The Future of Privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, wp 168. (2009)

    Google Scholar 

  • Awad, Ahmed, Rajeev Goré, James Thomson, and Matthias Weidlich., “An iterative approach for business process template synthesis from compliance rules.” In Advanced Information Systems Engineering, LNCS 6741 (2011): 406–421

    Google Scholar 

  • Balboni, Paolo, and Milda Macenaite. “Privacy by Design and anonymisation techniques in action: Case study of Ma3tch technology.” Computer Law and Security Review 29, (4) (2013): 330–340

    Article  Google Scholar 

  • Bellamy, Rachel K. E., Thomas Erickson, Brian Fuller, Wendy A. Kellogg, Rhonda Rosenbaum, John C. Thomas, and Tracee Vetting Wolf. “Seeing is believing: designing visualizations for managing risk and compliance.” IBM System J. 46(2) (2007): 205–218

    Article  Google Scholar 

  • Breaux, Travis D, Matthew W. Vail, Annie I. Anton. “Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations.” In Requirements Engineering, 14th IEEE International Conference (2006): 49–58

    Google Scholar 

  • Cavoukian, Ann, “Privacy by Design.” Information & Privacy Commissioner, Ontario, Canada http://www.ipc.on.ca/images/Resources/privacybydesign.pdf. (2009)

  • Cavoukian, Ann, “Privacy in the Clouds.” Identity in the Information Society 1(1) (2009): 89–108

    Article  Google Scholar 

  • Cavoukian, Ann “Personal data Ecosystem (PDE) – A Privacy by Design Approach to an Individual’s Pursuit of Radical Control.” In Digital Enlightenment Yearbook 2013: The Value of Personal Data, edited by Mireille Hildebrandt et al., 89–101. IOS Press: 2013

    Google Scholar 

  • European Parliament and Council: Directive 95/46/EC: Directive on protection of individuals with regard to the processing of personal data and on the free movement of such data

    Google Scholar 

  • European Parliament and Council: Directive 2011/24/EU: Directive on the application of patients’ rights in cross-border healthcare

    Google Scholar 

  • European Parliament and Council: Proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)

    Google Scholar 

  • epSOS European eHealth project, http://www.epsos.eu/

  • Gordon, David G., and Travis D. Breaux. “Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking.” Requirements Engineering Conference, IEEE, 2012.

    Google Scholar 

  • Hillestad, Richard, James Bigelow, Anthony Bower, Federico Girosi, Robin Meili, Richard Scoville, and Roger Taylor. “Can electronic medical record systems transform health care? Potential health benefits, savings, and costs.” Health Affairs 24(5) (2005) 1103–1117

    Article  Google Scholar 

  • Integrating the Healthcare Enterprise (IHE), “IHE IT infrastructure (ITI) technical framework”, Integration Profiles, v. 8, (2011)

    Google Scholar 

  • Italian Data Protection Authority. Guidelines on the Electronic Health Record and the Health File, [doc. Web 1634116] July 16, 2009, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/export/1634116

  • Italian Data Protection Authority. Newsletter about the Inspection Plan. February 14 2013, Available at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2256479

  • Italian Ministry of Innovation and Technology. InFSE: Technical Infrastructure for Electronical Health Record Systems, v1.2. (2012)

    Google Scholar 

  • Legislative Decree No. 196/2003

    Google Scholar 

  • Koops, Bert-Jaap, and Leenes, Ronald. “Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law.” International Review of Law, Computers & Technology (2013): 1–13.

    Google Scholar 

  • Kung, Anthony, Johann C. Freytag, and Frank Kargl. “Privacy-by-design in its applications.” In IEEE International Symposium on World of Wireless, Mobile and Multimedia Networks (WoWMoM), IEEE. 1–6.

    Google Scholar 

  • Lenz, Richard, and Manfred Reichert. “It support for healthcare processes premises, challenges, perspectives.” Data Knowledge Engineering 61(1) (2007): 39–58

    Article  Google Scholar 

  • Lu, Ruopeng, Shazia Sadiq, and Guido Governatori. “Compliance-aware business process design.” BPM Workshops 4928 (2008): 120–131

    Google Scholar 

  • Milosevic, Zoran, Shazia Sadiq, and Maria E. Orlowska. “Translating business contract into compliant business processes.” In EDOC’06, 211–220, IEEE Computer Society, 2006

    Google Scholar 

  • Municipality of Trento. Regulations for the protection of personal data of the municipality of Trento. http://www.comune.trento.it/, 2007. Accessed: 2013-12-20.

  • Municipality of Trento. Operational guidelines to privacy. http://www.comune.trento.it/, 2009. Accessed: 2013-12-20.

  • Office for Civil Rights. HIPAA, medical privacy national standards to protect the privacy of personal health information, 2000

    Google Scholar 

  • OMG. BPMN - Business Process Model and Notation v2.0 Specification (2011), Available at http://www.omg.org/spec/BPMN/2.0/.

  • Ottensooser, Avner, Alan Fekete, Hajo A. Reijers, Jan Mendling, and Con. Menictas. “Making sense of business process descriptions: An experimental comparison of graphical and textual notations.” Journal of Systems and Software 85(3) (2012): 596–606

    Google Scholar 

  • Pagallo, Ugo. “On the Principle of Privacy by Design and its Limits: Technology, Ethics and the Rule of Law”. European Data Protection 2012: 331–346

    Google Scholar 

  • Practice Fusion, Free Web-based Electronic Health Record, www.practicefusion.com.

  • Recker, Jan C., and Alexander Dreiling. “Does it matter which process modelling language we teach or use? An experimental study on understanding process modelling languages without formal education.” In 18th Australasian Conference on Information Systems, University of Southern Queensland, (2007).

    Google Scholar 

  • Schaar, Peter.“Privacy by Design.” Identity in the Information Society 3(2) (2010): 267–274

    Article  Google Scholar 

  • Siena, Alberto, Giampaolo Armellin, Gianluca Mameli, John Mylopoulos, Anna Perini, and Angelo Susi. “Establishing regulatory compliance for IS requirements: an experience report from the health care domain.” 29th Int. Conf. on Conceptual Modelling, 6412 (2010): 90–103

    Google Scholar 

  • Sharp, Helen. “Interaction design.” Wiley.com. (2003)

    Google Scholar 

  • Stevovic, Jovan, Jun Li, Hamid Motahari-Nezhad, Fabio Casati, Giampaolo Armellin. “Business process management enabled compliance-aware medical record sharing.” Int. J. Business Process Integration and Management 6(3) (2013): 201–223

    Article  Google Scholar 

  • The Guardian, NHS staff breach personal data 806 times in three years, 2011, Available at: http://www.theguardian.com/healthcare-network/2011/oct/28/nhs-staff-breach-personal-data-806-times. Accessed on January 2014.

Download references

Author information

Authors and Affiliations

  1. Centro Ricerche GPI, Trento, Italy

    Jovan Stevovic & Giampaolo Armellin

  2. Department of Information Engineering and Computer Science, University of Trento, Trento, Italy

    Eleonora Bassi & Fabio Casati

  3. Nexa Center for Internet and Society, Polytechnic University of Torino, Trento, Italy

    Eleonora Bassi

  4. Fondazione Graphitech, Trento, Italy

    Alessio Giori

Authors
  1. Jovan Stevovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eleonora Bassi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessio Giori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fabio Casati
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Giampaolo Armellin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jovan Stevovic .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Paul de Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Stevovic, J., Bassi, E., Giori, A., Casati, F., Armellin, G. (2015). Enabling Privacy by Design in Medical Records Sharing. In: Gutwirth, S., Leenes, R., de Hert, P. (eds) Reforming European Data Protection Law. Law, Governance and Technology Series(), vol 20. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_16

Download citation

Publish with us

Policies and ethics

Search

Navigation