Healthcare Exchange Standards: IHE Perspective on EU GDPR

Monday, April 16, 2018

IHE Perspective on EU GDPR

I just became aware of a Whitepaper published by IHE Europe in January on "IHE perspective on EU GDPR".

I did not have a hand in writing this whitepaper. It looks good to me. My evaluation only on the Security & Privacy capabilities IHE offers, not on GDPR interpretation. All of the IHE profiles available to support security and privacy are outlined on this IHE page. Their whitepaper does not mention the Document Digital Signature (DSG) profile, or the Document Encryption (DEN). Both would only have a supporting role in GDPR compliance. I mention them only for completeness.

Other IHE Europe publications

Their Conclusion

The examples discussed [above] highlight the complexity of applying the GDPR to processes in health care and how the requirements are interwoven with IHE Profiles. The good news is that even today IHE Profiles provide solutions by combining security and privacy specific IHE Profiles such as ATNA, IUA, XUA, BPPC and APPC with the Profiles focused on information exchange in cross-border, national or regional ehealth deployments.

In conclusion the GDPR can be an effective catalyst to significantly extend the reach and use of IHE Profiles. Some Profiles or combinations of Profiles already meet GDPR’s security and privacy requirements. Others enable the portability of health information which will become a topic for any vendor providing solutions.

The users of IHE Profiles can be assured that the IHE community will work on evaluating and enhancing the Profiles to meet the GDPR requirements.

GDPR impact beyond EU

I look forward to GDPR. I think that it will bring a focus to Security and Privacy topics. I hope that enforcement drives adoption, while reasonable enforcement drives reasonable reaction. I fear that an overly strict interpretation of GDPR could drive away some very important advancements in healthcare, and social networking. I welcome the extensive and painful penalties for non compliance.

I have outlined my vision of what a Privacy respecting Healthcare Exchange consists of. It is based on the Privacy Principles, which are fundamental to GDPR.

1 comment:

ChristofMarch 8, 2019 at 10:17 AM
This comment has been removed by a blog administrator.
ReplyDelete
Replies

Add comment

HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, FHIR®, and GREENCDA™ are trademarks owned by Health Level Seven International. HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, and FHIR® are registered with the United States Patent and Trademark Office.

Surely there are other copyright and trademarks that I should recognize, but everyone else seems to be reasonable; expecting readers of blogs know that I am not trying to claim or take ownership of their copyright and trademarks.

Pages

Monday, April 16, 2018

IHE Perspective on EU GDPR

Their Conclusion

GDPR impact beyond EU

1 comment: