TY - JOUR
T1 - General Data Protection Regulation (GDPR) Toolkit for Digital Health
AU - Hussein, Rada
AU - Wurhofer, Daniela
AU - Strumegger, Eva-Maria
AU - Stainer-Hochgatterer, Andreas
AU - Kulnik, Stefan Tino
AU - Crutzen, Rik
AU - Niebauer, Josef
N1 - Funding Information:
This GDPR compliance activity was conducted within the scope of the Co-production of home-based digital support for cardiac patients (CODIS) project, funded by the Ludwig Boltzmann Gesellschaft (LBG) Open Innovation in Science (OIS) Center under the “Research Enrichment Fund: COVID-19 Support Measures”.
Publisher Copyright:
© 2022 International Medical Informatics Association (IMIA) and IOS Press.
PY - 2022/6/6
Y1 - 2022/6/6
N2 - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.
AB - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.
KW - Austria
KW - Computer Security
KW - Humans
U2 - 10.3233/SHTI220066
DO - 10.3233/SHTI220066
M3 - (Systematic) Review article
C2 - 35673005
SN - 0926-9630
VL - 290
SP - 222
EP - 226
JO - Studies in Health Technology and Informatics
JF - Studies in Health Technology and Informatics
ER -