Privacy compliance and enforcement on European healthgrids: an approach through ontology

Abstract

The sharing of medical data between different healthcare organizations in Europe must comply with the legislation of the Member State where the data were originally collected. These legal requirements may differ from one state to another. Privacy requirements such as patient consent may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks within a single Member State. These circumstances have made the compliance management process in European healthgrids very challenging. In this paper, we present an approach to tackle these issues by relying on several technologies in the semantic Web stack. Our work suggests a direct mapping from high-level legislation on privacy and data protection to operational-level privacy-aware controls. Additionally, we suggest an architecture for the enforcement of these controls on access control models adopted in healthgrid security infrastructures.