Privacy Compliance in European Healthgrid Domains: An Ontology-Based Approach

The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. Achieving compliance in European healthgrid domains is crucial but challenging because of the diversity and complexity of Member State legislation across Europe. Lack of automation and inconsistency of processes across healthcare organizations increase the complexity of the compliance task. In the absence of automation, the compliance task entails human intervention. In this paper we present an approach to automate privacy requirements for the sharing of patient data between Member States across Europe in a healthgrid [I] domain and ensure its enforcement internally and within external domains where the data might travel. This approach is based on the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. Our model reflects both similarities and conflicts, if any, between the different Member States. This will allow us to reason on the safeguards a data controller should demand from an organization belonging to another Member State before disclosing medical data to them. The system will also generate the relevant set of policies to be enforced at the process level of the grid to ensure privacy compliance before allowing access to the data.