The General Data Protection Regulation (GDPR) is already in place, but are health institutions prepared to comply with the new rules imposed? Can we guarantee that our personal health information is safe? Will hospitals be able to detect violations and point out the culprits?
CINTESIS researcher Duarte Gonçalves Ferreira analyzed how a new system (HS.Register) can help these institutions, namely large hospitals, to respond to the new GDPR rules, in a complex and heterogeneous environment such as the health sector.
The results of this work were presented at MIE 2018 – Medical Informatics European in April of this year, and have recently given place to the publication of a scientific article entitled “HS.Register – An Audit-Trail Tool to Respond to the General Data Protection Regulation” (GDPR ) By the European Federation for Medical Informatics (EFMI).
“This system is a data repository that enables the user to analyze information traffic within an institution from the moment it is registered, ensuring the traceability of health data and the detection of possible violations or illegal access in real time,” explains Duarte Gonçalves Ferreira, first author of this article.
More than knowing the available information, the specialist believes that it is essential to know who, when and for what purpose the information was accessed, as well as where it is stored and how it is used. Another challenge is to ensure that the exchange of patient data among different institutions of the National Health Service follows certain criteria.
The study focuses on the use of this tool in five hospitals in the north of the country, where, on average, 93 million events per week are currently collected and analyzed. According to the investigator, the new system can identify the most critical violations, which include the sharing or access to data by unauthorized persons, including external companies with commercial purposes, as well as the illegal alteration or destruction of such data.
“Unfortunately, computer science is still the poor relative of health. What we really want is to give health institutions control over data, to identify problems and their source more quickly, and thus to increase the quality of hospital information systems and the actual delivery of patient care,” he says.
For Duarte Gonçalves Ferreira, this type of tool will eventually be “mandatory” in the near future to ensure the effective compliance with the GDPR also in health. This is a particularly complex sector, where there are on average, more than 21 software per hospital, generating great heterogeneity and need for interoperability.
According to the researcher, there is a possibility that this system will be applied in other sectors, such as finance, banking, insurance or even industry, where the issue of patents is key.
This work was developed in the framework of NanoSTIMA – Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics, a project that brings together INESC-TEC and CINTESIS, and that is funded by Norte 2020. Other authors are Mariana Leite and Ricardo Cruz Correia, from CINTESIS and Cátia Santos Pereira, Manuel Correia and Luís Antunes, from Healthy Systems, the enterprise that developed the H.SRegister.