Presentation is loading. Please wait.

Presentation is loading. Please wait.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries: the case of BIRO & EUBIROD Projects Concetta Tania Di Iorio.

Published byIris Bishop Modified over 9 years ago

Similar presentations

Presentation on theme: "EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries: the case of BIRO & EUBIROD Projects Concetta Tania Di Iorio."— Presentation transcript:

1 EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries: the case of BIRO & EUBIROD Projects Concetta Tania Di Iorio Serectrix snc The BIRO Academy 2nd EUBIROD Residential Course Brussels 23-25 January 2011

2 www.eubirod.eu What is Privacy?  Privacy has been defined as:  the “right to be left alone” (S. Warren, L. Brandeis 1890), or  “the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information” (D. Calcutt 1990).  Although there is no unique definition of privacy, it is a human right generally recognized around the world and crystallized in many international instruments:  The 1948 Universal Declaration of Human Rights was the first international instrument to recognize privacy as a human right, specifically protecting territorial and communication’s privacy

3 www.eubirod.eu The 1995 EU Data Protection Directive  The 1995 Data Protection Directive sets forth a common level of privacy among European countries, ensuring compliance through the establishment of a regulatory body  The Directive not only reinforced current data protection laws, but also established a range of new rights and basic principles, namely:  the right to know where the data originated  the right to have inaccurate data rectified  a right of recourse in the event of unlawful processing  the right to withhold permission to use data in some circumstances  A new Data Protection Directive is expected to be enacted in 2011 to strenghten privacy rights and harmonize European policies

4 www.eubirod.eu Implementing Privacy Protective Health Information Systems  According with the Commission Communication “A comprehensive approach on personal data protection in the European Union” (adopted on 4 November 2010), a means to enhance privacy protection is the implementation of methodologies such as:  Privacy by design, including privacy impact assessment  Privacy enhancing technologies (PETs)  The “BIRO privacy impact assessment” and the EUBIROD “privacy performance self-evaluation” tool represent practical examples of how shared health care information networks can be implemented in a privacy enhancing environment

5 www.eubirod.eu The BIRO Project  The BIRO Consortium conceived and applied a novel method of Privacy Impact Assessment (PIA) to fulfill “Privacy by Design”  Selection of the best system architecture in terms of:  privacy protection  information content  technical complexity (feasibility)  DI IORIO CT et al, J Med Ethics. 2009 Dec;35(12):753-61.

6 www.eubirod.eu Architecture of the BIRO System Di Iorio CT et al., J Med Ethics. 2009 Dec;35(12):753-61.

7 www.eubirod.eu Privacy Impact Assessment Report Conclusion  The BIRO architecture fulfils privacy protection requirements by addressing and resolving broad privacy concerns from different angles:  individual's privacy + legal entities' privacy  The BIRO project attempts to reach the best trade-off between the right to privacy and the right to better health care:  fully respectful of individual rights by exchanging only anonymous data  without jeopardizing information content for public health  The BIRO Privacy Impact Assessment approach may represent a general methodology for the design of trans- border health information systems

8 www.eubirod.eu The EUBIROD Privacy Impact Assessment  General Aim: to document the impact of the BIRO system in the broader / more heterogeneous context of the EUBIROD Consortium  Specific Aims:  identification of key elements of data protection  classification of key elements into factors/sub-factors  creation of a questionnaire to collect information on data processing  analysis of the variability of approaches across Europe  development of an IT platform to improve the management of privacy issues in the management of disease registers

9 www.eubirod.eu Privacy Impact Assessment Questionnaire  Scope:  to determine the level of privacy protection of any registry/database to be linked in the EUBIROD information system  to evaluate how heterogeneous is the implementation of privacy principles/requirements among participating centres  to identify key areas of concern in the implementation of privacy principles/requirements across participating centres  It has been structured around N=11 sections (factors), each containing a series of questions (sub-factors) over the same topic

10 www.eubirod.eu Section 1: Accountability of Personal Information  "Accountability is a universal privacy principle. An organization is responsible for personal information under its control and should designate an individual or individuals who are accountable for the organization's compliance with the remaining principles."  Questions included in this section have been selected to assess:  if the custody and control of personal information are determined and documented  whether there is any involvement of third parties  if third parties are involved and if an agreement is in place that establishes privacy requirements

11 www.eubirod.eu Section 2: Collection of Personal Information  “Collection of information is a universal privacy principle. The collection of personal information should be limited to that which is necessary for the purposes identified by the institution and that relates directly to the activity or program of the institution. Information should be collected by fair and lawful means."  "The collection of personal information also relates directly to another universal privacy principle—identifying purpose. This principle states that the purposes for which personal information is collected should be identified by the institution at or before the time the information is collected." (Art. 6 Data Protection Directive)  This section aims to assess:  the authority to collect  the necessity of the information collected (minimality principle)  if secondary uses are contemplated  if anonymization is performed when information is used for planning, management and/or evaluation purposes  If the purposes for which the personal information is collected have been documented (identifying purpose principle)  if information is collected directly from the individual

12 www.eubirod.eu Consent  "Consent is a universal privacy principle. The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate."  This section explores informed consent issues in order to determine:  if consent is obtained directly from the individual  how consent is obtained  if consent is clear and unambiguous  if consent is needed for the collection and processing of information in the registry/database  if the capacity to give consent is taken into account

13 www.eubirod.eu Section 4: Use of Personal Information  "Use of personal information is a universal privacy principle. This principle states that personal information should not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfillment of those purposes."  Questions are intended to evaluate:  the authority to use information  the purpose specification principle  if personal identifiers are used for data linkage  if data matching is performed and if is it consistent with the stated purposes  if data matching activity require a notification to the Privacy Commissioner

14 www.eubirod.eu Section 5: Disclosure and Disposition of PI  "Disclosure of personal information is a universal privacy principle. This principle states that personal information should not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for fulfillment of those purposes."  Questions are set up to assess:  if consent is required to disclose personal information  the authority to disclose without consent  if personal identifiers are disclosed  if transborder data flow is performed  if disposition of personal information is required

15 www.eubirod.eu Section 6: Accuracy of Personal Information  "Accuracy of personal information is a universal privacy principle. This principle states that personal information should be as accurate, complete and up- to-date as is necessary for the purposes for which it is to be used."  Questions concern:  the existence of standard procedures to ensure that personal information is accurate, complete and up-to-date  if record is kept of: a) changes occurred; b) requests for review of errors or omissions; c) corrections; d) any decision not to correct  if notice of corrections made to health records is given to the data subject  if a set procedure allows the individual to access, assess and dispute the accuracy of his/her data

16 www.eubirod.eu Section 7: Safeguarding Personal Information  "Safeguarding of personal information is a universal privacy principle. This principle states that personal information should be protected by security safeguards appropriate to the sensitivity of the information."  Questions aim to ascertain:  if security procedures are documented  personnel training on security  if and how security controls are put in place  if security measures applied are commensurate to the sensitivity of information  if contingency plans for security breaches are envisaged and documented  if security measures are subject to to quality assurance audit

17 www.eubirod.eu Section 8: Openness  "Openness of information is a universal privacy principle. This principle states that an organization should make readily available to individuals specific information about its policies and practices relating to the management of personal information."  This section has been structured to assess openness to the public of personal information managed and protected within the centre  To this end, questions relate to:  the existence of a communication plan  the existence of a predetermined process that allows individuals to easily access such information

18 www.eubirod.eu Section 9: Individual Access  "Individual access to personal information is a universal privacy principle. This principle states that upon request, an individual should be informed of the existence, use and disclosure of his or her personal information and should be given access to that information. An individual should be able to challenge the accuracy and completeness of the information and have it amended as appropriate."  This section relates to access rights  Specific questions aim to assess:  if the system is designed to allow individual's access to own personal information  if eventual corrections are notified  if custodians are aware of access rights

19 www.eubirod.eu Section 10: Challenging Compliance  "Challenging compliance is a universal privacy principle. This principle states that an individual should be able to address a challenge concerning compliance with the universal privacy principles to the designated individual or individuals for the organization's compliance."  Questions include:  Are the complaint procedures implemented in the registry/database consistent with legislated requirements?  Are there oversight and review mechanisms implemented or available to ensure accountability?  Have oversight agencies, including the Office of the Privacy Commissioner, issued reports or opinions on issues that would be relevant to the project? If yes, please provide a summary of the above in the details column and append to final report

20 www.eubirod.eu Section 11: Anonymisation Process for Secondary Uses of Health Data  Anonymous data are defined as data that cannot be qualified as personal data, since they do not (or any more) allow direct or indirect identification of the data subject using reasonable means  An identifiable person is one who can be identified, using reasonable means, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity  This section assesses the anonymisation process to ascertain:  if a standard procedure is envisaged  if it is compliant with international technical standards  if individual data, before anonymisation, are processed according to privacy requirements

21 www.eubirod.eu http://questionnaire.eubirod.eu

22 www.eubirod.eu Privacy Performance Self-Evaluation  For each factor and the overall score, each register can compare its position, against:  the 95% confidence interval around the average of the overall sample  the maximum attainable score (100%)  The identity of centres is never disclosed  Example:  Maximum score in terms of accountability and anonymisation  Acceptable levels for collection, consent, use and disclosure  All other factors show poor privacy performance

23 www.eubirod.eu Conclusion  The Privacy Performance Self-Evaluation methodology developed in EUBIROD can be used to tailor specific corrective interventions, based on explicit metrics  The “privacy performance self-evaluation tool” could be used to help managers of disease registers to enhance privacy protection and increase data accuracy and completeness  Novel methods that realize “privacy by design” (as also promoted by the Commission's Communication) and allow the evaluation of “privacy performance”, as in the two cases, respectively, of BIRO and EUBIROD, may represent a sustainable means to respond in a very pragmatic fashion to the modern challenge of developing shared health care information networks in a privacy enhancing environment

Download ppt "EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries: the case of BIRO & EUBIROD Projects Concetta Tania Di Iorio."

Similar presentations

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, 2013 - Manuela Di Re Associate.

© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, Manuela Di Re Associate.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
INTOSAI Compliance Audit Guidelines (ISSAI )

INTOSAI Compliance Audit Guidelines (ISSAI )
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards
ISA 220 – Quality Control for Audits of Historical Financial Information

ISA 220 – Quality Control for Audits of Historical Financial Information
Per Anders Eriksson

Per Anders Eriksson
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
A Common Immigration Policy for Europe Principles, actions and tools June 2008.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Similar presentations

Ads by Google