Developing an infrastructure for secure patient summary exchange in the EU context: Lessons learned from the KONFIDO project.

BACKGROUND: The increase of healthcare digitalization comes along with potential information security risks. Thus, the EU H2020 KONFIDO project aimed to provide a toolkit supporting secure cross-border health data exchange. METHODS: KONFIDO focused on the so-called "User Goals", while also identifying barriers and facilitators regarding eHealth acceptance. Key user scenarios were elaborated both in terms of threat analysis and legal challenges. Moreover, KONFIDO developed a toolkit aiming to enhance the security of OpenNCP, the reference implementation framework. RESULTS: The main project outcomes are highlighted and the "Lessons Learned," the technical challenges and the EU context are detailed. CONCLUSIONS: The main "Lessons Learned" are summarized and a set of recommendations is provided, presenting the position of the KONFIDO consortium toward a robust EU-wide health data exchange infrastructure. To this end, the lack of infrastructure and technical capacity is highlighted, legal and policy challenges are identified and the need to focus on usability and semantic interoperability is emphasized. Regarding technical issues, an emphasis on transparent and standards-based development processes is recommended, especially for landmark software projects. Finally, promoting mentality change and knowledge dissemination is also identified as key step toward the development of secure cross-border health data exchange services.

Citizen Perspectives on Cross-Border eHealth Data Exchange: A European Survey.

Efficient and secure cross-border eHealth data exchange has been recently identified by the European Commission as one of the top-three priorities for the digital transformation of health and care in the European Union. To this end, various organizational, legal, ethical, and technical challenges, related to citizens' privacy and health data security arise. This paper discusses an online survey that was conducted with the participation of European citizens, aiming to identify how they feel about exchanging their health data with healthcare professionals or eHealth service providers and to what extent they are aware of the privacy, legal, security, and technology acceptance issues (e.g. use of biometrics, mobile apps, etc.). The survey rationale, structure, and results are presented, while potential barriers and facilitators regarding cross-border health data exchange and the adoption of eHealth solutions at large are discussed.

The European cross-border health data exchange roadmap: Case study in the Italian setting.

Health data exchange is a major challenge due to the sensitive information and the privacy issues entailed. Considering the European context, in which health data must be exchanged between different European Union (EU) Member States, each having a different national regulatory framework as well as different national healthcare structures, the challenge appears even greater. Europe has tried to address this challenge via the epSOS ("Smart Open Services for European Patients") project in 2008, a European large-scale pilot on cross-border sharing of specific health data and services. The adoption of the framework is an ongoing activity, with most Member States planning its implementation by 2020. Yet, this framework is quite generic and leaves a wide space to each EU Member State regarding the definition of roles, processes, workflows and especially the specific integration with the National Infrastructures for eHealth. The aim of this paper is to present the current landscape of the evolving eHealth infrastructure for cross-border health data exchange in Europe, as a result of past and ongoing initiatives, and illustrate challenges, open issues and limitations through a specific case study describing how Italy is approaching its adoption and accommodates the identified barriers. To this end, the paper discusses ethical, regulatory and organizational issues, also focusing on technical aspects, such as interoperability and cybersecurity. Regarding cybersecurity aspects per se, we present the approach of the KONFIDO EU-funded project, which aims to reinforce trust and security in European cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption, photonic Physical Unclonable Functions (p-PUF), a Security Information and Event Management (SIEM) system, and blockchain-based auditing. In particular, we explain how KONFIDO will test its outcomes through a dedicated pilot based on a realistic scenario, in which Italy is involved in health data exchange with other European countries.