1 / 14

E-HEALTH IN THE CLOUD

E-HEALTH IN THE CLOUD. NVvIR voorjaarsvergadering 17 June 2010 - Amsterdam Avv. Dr. Paolo Balboni: TILT, EPA & IIP www.europeanprivacyassociation.eu www.istitutoitalianoprivacy.it www.paolobalboni.eu paolobalboni@istitutoitalianoprivacy.it. Introduction (i).

jonco
Download Presentation

E-HEALTH IN THE CLOUD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-HEALTH IN THE CLOUD NVvIR voorjaarsvergadering 17 June 2010 - Amsterdam Avv. Dr. Paolo Balboni: TILT, EPA & IIP www.europeanprivacyassociation.eu www.istitutoitalianoprivacy.it www.paolobalboni.eu paolobalboni@istitutoitalianoprivacy.it

  2. Introduction (i) “In order to fulfil European recommendations, national requirements and to exploit the full value of e-health services, interoperability between different local and national Electronic Health Records (“EHRs”) has to be guaranteed (…)” 2

  3. Introduction (ii) “Given the strong focus on interoperability and the potential business efficiency impact of cloud models, a number of Local Healthcare Authorities (“LHAs”) are considering to jointly enter into an agreement with a national ‘telco’ for the creation of their own cloud (…)” 3 3

  4. Introduction (iii) “(…) The LHAs plan to migrate to the cloud services, i.e., EHRs, EHFs, online reservation of health examinations and, other less critical services, e.g., back-end services, HR, payroll, e-learning.” 4 4

  5. Structure of the Presentation • EU Regulatory Background • ENISA GovCloud Project • e-Health Scenario • Nailing Data Protection Issues • Few Preliminary Considerations • Q&A 5

  6. EU Regulatory Background • “Better informed, More efficient, Patient focused, a European market” • E-Health action plan: COM(2004) 356 e-Health - making healthcare better for European citizens: an action plan for a European e-Health Area • i2010 Subgroup on eHealth • Lead Market Initiative - eHealth • Article 29 WP (WP 131/2007) Working Document on the processing of personal data relating to health in electronic health records (EHR) • COM(2008) 414 Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the application of patients' rights in cross-border healthcare • COM(2008) 415 A Community framework on the application of patients' rights in cross-border healthcare • Study on the Legal Framework for Interoperable e-Health in Europe (2009) 6

  7. ENISA GovCloud Project (i) Aim To analyse and evaluate the impact that cloud computing have on resilience and security of services in a Governmental organisation and to provide recommendations and good practices for Eu MSs planning to migrate to cloud computing Subject Both services to citizens (eGov) and internal IT service (back end) are considered 7

  8. ENISA GovCloud Project (ii) Legal Aspects Legal aspects are NOT the main focus of the paper, that is security and resilience We are going to publish an annex to the main report with data protection and legal considerations Background The project has to be considered as follow up action of the work done by ENISA during 2009 and, in particular, of the report: ‘Cloud Computing: Benefits, risks and recommendations for information security’ 8 8

  9. E-Health Scenario The analysis will be based on 4 cases/scenarios: • E-Health – Local and Regional Healthcare Authorities • Local and Regional Public Administrations • Gov Cloud – Computing as a Service • Supra-National Cloud E-Health questionnaire to be distributed to 2 Italian LHAs, NICTIZ and Rotterdam’s regional healthcare network 9

  10. Nailing Data Protection Issues Data Controller - Data Processor (Who is who?) • Article 2 (d) and (e) Directive 95/46/EC • Article 29 WP: Opinion 1/2010 on the concepts of "controller" and "processor" • EDPS: “Data Protection and Cloud Computing under EU law”, speech delivered by Peter Hustinx at the Third European Cyber Security Awareness Day, Brussels, 13 April 2010 • Article 29 WP: Work Programme 2010-2011 10

  11. Nailing Data Protection Issues Does EU law apply? “(a) if the data controller has a relevant establishment in the EU and (b) if it uses equipment in the EU. Thus: A cloud provider established in the EU - or acting as processor for a controller established in the EU - will in principle be 'caught' by EU law. A cloud provider which uses equipment (such as servers) in an EU Member State - or acting as processor for a controller using such equipment - will also be caught. A cloud provider in other cases - even if it mainly and mostly targets European citizens - would not be caught by EU law.” (Peter Hustinx - EDPS) 11 11

  12. Nailing Data Protection Issues Safeguards for Data Subjects Right to create an EHR and/or EHF Entities Processing the Data How to access the EHR and/or a EHF Data Subject’s Rights Limitations on Data Dissemination and Cross-Border Data Flows Information notice and Consent Security Measures (Communications to the Local DPAs) 12 12

  13. Few Preliminary Considerations Key Issues Limitations on Data Dissemination and Cross-Border Data Flows Security Measures (CAMM Project) 13 13

  14. Thanks for your attention!Q&A NVvIR voorjaarsvergadering 17 June 2010 - Amsterdam Avv. Dr. Paolo Balboni: TILT, EPA & IIP www.europeanprivacyassociation.eu www.istitutoitalianoprivacy.it www.paolobalboni.eu paolobalboni@istitutoitalianoprivacy.it

More Related