Objectives: To foster the development of a privacy-protective, sustainable cross-border information system in the framework of a European public health project.
Materials and methods: A targeted privacy impact assessment was implemented to identify the best architecture for a European information system for diabetes directly tapping into clinical registries. Four steps were used to provide input to software designers and developers: a structured literature search, analysis of data flow scenarios or options, creation of an ad hoc questionnaire and conduction of a Delphi procedure.
Results: The literature search identified a core set of relevant papers on privacy (n = 11). Technicians envisaged three candidate system architectures, with associated data flows, to source an information flow questionnaire that was submitted to the Delphi panel for the selection of the best architecture. A detailed scheme envisaging an “aggregation by group of patients” was finally chosen, based upon the exchange of finely tuned summary tables.
Conclusions: Public health information systems should be carefully engineered only after a clear strategy for privacy protection has been planned, to avoid breaching current regulations and future concerns and to optimise the development of statistical routines. The BIRO (Best Information Through Regional Outcomes) project delivers a specific method of privacy impact assessment that can be conveniently used in similar situations across Europe.
Statistics from Altmetric.com
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.
Competing interests None.
Provenance and Peer review Not commissioned; externally peer reviewed.
Read the full text or download the PDF:
Other content recommended for you
- Assessing data protection and governance in health information systems: a novel methodology of Privacy and Ethics Impact and Performance Assessment (PEIPA)
- Health research and systems’ governance are at risk: should the right to data protection override health?
- Rebooting consent in the digital age: a governance framework for health data exchange
- Background and current data protection legislation
- Patient data for commercial companies? An ethical framework for sharing patients’ data with for-profit companies for research
- Protecting patient privacy in digital health technology: the Dutch m-Health infrastructure of Hartwacht as a learning case
- The devil is in the details: an analysis of patient rights in Swiss cancer registries
- Remote monitoring of medication adherence and patient and industry responsibilities in a learning health system
- Sport and exercise genomics: the FIMS 2019 consensus statement update
- Regulating the advertising of genetic tests in Europe: a balancing act