Ontology-Based privacy compliance on European healthgrid domains

Abstract

The harmonization of data protection law in Europe has been theoretically achieved by means of the EU directive on data protection [1]. In practice the harmonization is not absolute and conflicts continue to exist on the ways member states are implementing the directive. The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. In this paper we present an approach to automate privacy requirements for the sharing of patient data across Europe on a healthgrid [2] domain and ensure its enforcement internally and within external domains where the data might travel. This approach is based on the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. These requirements are for the sharing of personal data between different European member states. Our model reflects both similarities and conflicts, if any, between the different member states. This will allow us to reason on the safeguards a data controller should ask from an organization belonging to another member state before disclosing medical data to them. The system will also generate the relevant set of policies to be enforced at the process level of the grid to ensure privacy compliance before allowing access to the data. © 2009 The authors and IOS Press. All rights reserved.