Enabling Privacy by Design in Medical Records Sharing

Abstract

In healthcare a multiplicity of actors needs to access and share patients’ data while being compliant with policies defined by data protection legislation. Building frameworks to enable stakeholders to design and develop data-sharing mechanisms in compliance with legislations is a challenging task.In this work, we propose a methodology and a platform called CHINO, inspired by Privacy by Design principles, to guide the involved stakeholders during the definition of data-sharing processes by using visual representations such as Business Process Modelling (BPM). BPM enables the stakeholders to reason and share their understanding about privacy aspects from early analysis phases, while CHINO platform provides the execution framework for the defined BPM processes and privacy policies.To prove the CHINO efficacy, we show how policies extracted from legislations can be modelled and executed and we report our studies with end-users with whom we validated the system usability. We analyse also CHINO from a legal point of view and its compliance with data protection legislations.