Cross-border flow of health information: is 'privacy by design' enough? Privacy performance assessment in EUBIROD

Background: The EUBIROD project aims to perform a cross-border flow of diabetes information across 19 European countries using the BIRO information system, which embeds privacy principles and data protection mechanisms in its architecture (privacy by design). A specific task of EUBIROD was to investigate the variability in the implementation of the EU Data Protection Directive (DPD) across participating centres. Methods: Compliance with privacy requirements was assessed by means of a specific questionnaire administered to all participating diabetes registers. Items included relevant issues e.g. patient consent, accountability of data custodian, communication (openness) and complaint procedures (challenging compliance), authority to disclose, accuracy, access and use of personal information, and anonymization. The identification of an ad hoc scoring system and statistical software allowed an overall quali-quantitative analysis and independent evaluation of questionnaire responses, automated through a dedicated IT platform ('privacy performance assessment'). Results: A total of 18 diabetes registers from different countries completed the survey. Over 50% of the registers recorded a maximum score for accountability, openness, anonymization and challenging compliance. Low average values were found for disclosure and disposition, access, consent, use of personal information and accuracy. A high heterogeneity was found for anonymization, consent, accuracy and access. Conclusions: The novel method of privacy performance assessment realized in EUBIROD may improve the respect of privacy in each data source, reduce overall variability in the implementation of privacy principles and favour a sound and legitimate cross-border exchange of high quality data across Europe.