TY - GEN
T1 - General Data Protection Regulation (GDPR) Toolkit for Digital Health
AU - Hussein, R.
AU - Wurhofer, D.
AU - Strumegger, E.-M.
AU - Stainer-Hochgatterer, A.
AU - Kulnik, S.T.
AU - Crutzen, R.
AU - Niebauer, J.
N1 - Conference code: 179966
Cited By :1
Export Date: 14 December 2023
Correspondence Address: Hussein, R.; Ludwig Boltzmann Institute for Digital Health and Prevention, Lindhofstrasse 22, Austria; email: [email protected]
Funding details: Ludwig Boltzmann Gesellschaft, LBG
Funding text 1: This GDPR compliance activity was conducted within the scope of the Co-production of home-based digital support for cardiac patients (CODIS) project, funded by the Ludwig Boltzmann Gesellschaft (LBG) Open Innovation in Science (OIS) Center under the “Research Enrichment Fund: COVID-19 Support Measures”.
References: EU Data Protection Rules [Internet], , https://ec.europa.eu/info/law/lawtopic/data-protection/eu-data-protection-rules_en, European Commission-European Commission. [cited 2021 April 9]; Mondschein, C.F., Monda, C., The eu's general data protection regulation (gdpr) in a research context (2019) Fundamentals of Clinical Data Science [Internet], , https://pubmed.ncbi.nlm.nih.gov/31314241/, Kubben P, Dumontier M, Dekker A, editors. Cham (CH): Springer [cited 2021 April 10]; General Data Protection Regulation (GDPR) Compliance Guidelines [Internet], , https://gdpr.eu/, GDPR. eu. [cited 2021 April 9]; GDPR Guide [Internet]. French Data Protection Authority (CNIL), , https://www.cnil.fr/en/home, [cited 2021 April 9]; (2018) Understanding the General Data Protection Regulation (GDPR). Deloitte Malta Risk Advisory; EBooks for Health and Medical App Security [Internet], , https://www.chino.io/blog/healthcare-app-development-resources/, [cited 2021 April 9]; GDPR Checklist-Cloud Security Checklist for GDPR Compliance [Internet], , https://tresorit.com/gdpr/gdpr-checklist, [cited 2021 April 9]; Mustafa, U., Pflugel, E., Philip, N., A novel privacy framework for secure m-health applications: The case of the GDPR (2019) 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pp. 1-9; Muchagata, J., Ferreira, A., Translating GDPR into the mHealth practice (2018) 2018 International Carnahan Conference on Security Technology (ICCST), pp. 1-5; Crutzen, R., Ygram Peters, G.-J., Mondschein, C., Why and how we should care about the general data protection regulation (2019) Psychol Health., 34 (11), pp. 1347-1357
PY - 2022
Y1 - 2022
N2 - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists. © 2022 International Medical Informatics Association (IMIA) and IOS Press.
AB - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists. © 2022 International Medical Informatics Association (IMIA) and IOS Press.
KW - Consent
KW - Data Protection
KW - Digital Health
KW - Health care
KW - Medical informatics
KW - Activity planning
KW - Application development
KW - Best practices
KW - Digital health
KW - General data protection regulations
KW - New applications
KW - Organisational
KW - Planning tools
KW - Regulation compliance
KW - Sensitive data
KW - adult
KW - Austria
KW - checklist
KW - conference paper
KW - data protection
KW - human
KW - privacy
KW - sensitive personal information
KW - computer security
KW - Computer Security
KW - Humans
U2 - 10.3233/SHTI220066
DO - 10.3233/SHTI220066
M3 - Conference contribution
SN - 978-1-64368-264-8
VL - 290
T3 - Studies in Health Technology and Informatics
SP - 222
EP - 226
BT - MEDINFO 2021: One World, One Health – Global Partnership for Digital Innovation
PB - IOS Press BV
T2 - 18th World Congress on Medical and Health Informatics: One World, One Health - Global Partnership for Digital Innovation, MEDINFO 2021
Y2 - 2 October 2021 through 4 October 2021
ER -
