E health in the cloud
Download
1 / 14

E-HEALTH IN THE CLOUD - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on

E-HEALTH IN THE CLOUD. NVvIR voorjaarsvergadering 17 June 2010 - Amsterdam Avv. Dr. Paolo Balboni: TILT, EPA & IIP www.europeanprivacyassociation.eu www.istitutoitalianoprivacy.it www.paolobalboni.eu [email protected] Introduction (i).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' E-HEALTH IN THE CLOUD' - jonco


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
E health in the cloud

E-HEALTH IN THE CLOUD

NVvIR voorjaarsvergadering

17 June 2010 - Amsterdam

Avv. Dr. Paolo Balboni: TILT, EPA & IIP

www.europeanprivacyassociation.eu

www.istitutoitalianoprivacy.it

www.paolobalboni.eu

[email protected]


Introduction i
Introduction (i)

“In order to fulfil European recommendations, national requirements and to exploit the full value of e-health services, interoperability between different local and national Electronic Health Records (“EHRs”) has to be guaranteed (…)”

2


Introduction ii
Introduction (ii)

“Given the strong focus on interoperability and the potential business efficiency impact of cloud models, a number of Local Healthcare Authorities (“LHAs”) are considering to jointly enter into an agreement with a national ‘telco’ for the creation of their own cloud (…)”

3

3


Introduction iii
Introduction (iii)

“(…) The LHAs plan to migrate to the cloud services, i.e., EHRs, EHFs, online reservation of health examinations and, other less critical services, e.g., back-end services, HR, payroll, e-learning.”

4

4


Structure of the presentation
Structure of the Presentation

  • EU Regulatory Background

  • ENISA GovCloud Project

  • e-Health Scenario

  • Nailing Data Protection Issues

  • Few Preliminary Considerations

  • Q&A

5


Eu regulatory background
EU Regulatory Background

  • “Better informed, More efficient, Patient focused, a European market”

  • E-Health action plan: COM(2004) 356 e-Health - making healthcare better for European citizens: an action plan for a European e-Health Area

  • i2010 Subgroup on eHealth

  • Lead Market Initiative - eHealth

  • Article 29 WP (WP 131/2007) Working Document on the processing of personal data relating to health in electronic health records (EHR)

  • COM(2008) 414 Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the application of patients' rights in cross-border healthcare

  • COM(2008) 415 A Community framework on the application of patients' rights in cross-border healthcare

  • Study on the Legal Framework for Interoperable e-Health in Europe (2009)

6


Enisa govcloud project i
ENISA GovCloud Project (i)

Aim

To analyse and evaluate the impact that cloud computing have on resilience and security of services in a Governmental organisation and to provide recommendations and good practices for Eu MSs planning to migrate to cloud computing

Subject

Both services to citizens (eGov) and internal IT service (back end) are considered

7


Enisa govcloud project ii
ENISA GovCloud Project (ii)

Legal Aspects

Legal aspects are NOT the main focus of the paper, that is security and resilience

We are going to publish an annex to the main report with data protection and legal considerations

Background

The project has to be considered as follow up action of the work done by ENISA during 2009 and, in particular, of the report: ‘Cloud Computing: Benefits, risks and recommendations for information security’

8

8


E health scenario
E-Health Scenario

The analysis will be based on 4 cases/scenarios:

  • E-Health – Local and Regional Healthcare Authorities

  • Local and Regional Public Administrations

  • Gov Cloud – Computing as a Service

  • Supra-National Cloud

    E-Health questionnaire to be distributed to 2 Italian LHAs, NICTIZ and Rotterdam’s regional healthcare network

9


Nailing data protection issues
Nailing Data Protection Issues

Data Controller - Data Processor (Who is who?)

  • Article 2 (d) and (e) Directive 95/46/EC

  • Article 29 WP: Opinion 1/2010 on the concepts of "controller" and "processor"

  • EDPS: “Data Protection and Cloud Computing under EU law”, speech delivered by Peter Hustinx at the Third European Cyber Security Awareness Day, Brussels, 13 April 2010

  • Article 29 WP: Work Programme 2010-2011

10


Nailing data protection issues1
Nailing Data Protection Issues

Does EU law apply?

“(a) if the data controller has a relevant establishment in the EU and (b) if it uses equipment in the EU. Thus:

A cloud provider established in the EU - or acting as processor for a controller established in the EU - will in principle be 'caught' by EU law.

A cloud provider which uses equipment (such as servers) in an EU Member State - or acting as processor for a controller using such equipment - will also be caught.

A cloud provider in other cases - even if it mainly and mostly targets European citizens - would not be caught by EU law.”

(Peter Hustinx - EDPS)

11

11


Nailing data protection issues2
Nailing Data Protection Issues

Safeguards for Data Subjects

Right to create an EHR and/or EHF

Entities Processing the Data

How to access the EHR and/or a EHF

Data Subject’s Rights

Limitations on Data Dissemination and Cross-Border Data Flows

Information notice and Consent

Security Measures

(Communications to the Local DPAs)

12

12


Few preliminary considerations
Few Preliminary Considerations

Key Issues

Limitations on Data Dissemination and Cross-Border Data Flows

Security Measures (CAMM Project)

13

13


Thanks for your attention q a

Thanks for your attention!Q&A

NVvIR voorjaarsvergadering

17 June 2010 - Amsterdam

Avv. Dr. Paolo Balboni: TILT, EPA & IIP

www.europeanprivacyassociation.eu

www.istitutoitalianoprivacy.it

www.paolobalboni.eu

[email protected]


ad