General Data Protection Regulation (GDPR) Toolkit for Digital Health

Rada Hussein; Daniela Wurhofer; Eva-Maria Strumegger; Andreas Stainer-Hochgatterer; Stefan Tino Kulnik; Rik Crutzen; Josef Niebauer

doi:10.3233/SHTI220066

General Data Protection Regulation (GDPR) Toolkit for Digital Health

Rada Hussein^*, Daniela Wurhofer, Eva-Maria Strumegger, Andreas Stainer-Hochgatterer, Stefan Tino Kulnik, Rik Crutzen, Josef Niebauer

^*Corresponding author for this work

Research output: Contribution to journal › (Systematic) Review article › peer-review

Abstract

The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.

Original language	English
Pages (from-to)	222-226
Number of pages	5
Journal	Studies in Health Technology and Informatics
Volume	290
DOIs	https://doi.org/10.3233/SHTI220066
Publication status	Published - 6 Jun 2022

Keywords

Austria
Computer Security
Humans

Access to Document

10.3233/SHTI220066Licence: CC BY-NC

Cite this

@article{c15c3ceb414749c8a55f36cd9bcc0326,

title = "General Data Protection Regulation (GDPR) Toolkit for Digital Health",

abstract = "The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.",

keywords = "Austria, Computer Security, Humans",

author = "Rada Hussein and Daniela Wurhofer and Eva-Maria Strumegger and Andreas Stainer-Hochgatterer and Kulnik, {Stefan Tino} and Rik Crutzen and Josef Niebauer",

note = "Funding Information: This GDPR compliance activity was conducted within the scope of the Co-production of home-based digital support for cardiac patients (CODIS) project, funded by the Ludwig Boltzmann Gesellschaft (LBG) Open Innovation in Science (OIS) Center under the “Research Enrichment Fund: COVID-19 Support Measures”. Publisher Copyright: {\textcopyright} 2022 International Medical Informatics Association (IMIA) and IOS Press.",

year = "2022",

month = jun,

day = "6",

doi = "10.3233/SHTI220066",

language = "English",

volume = "290",

pages = "222--226",

journal = "Studies in Health Technology and Informatics",

issn = "0926-9630",

publisher = "IOS Press",

}

TY - JOUR

T1 - General Data Protection Regulation (GDPR) Toolkit for Digital Health

AU - Hussein, Rada

AU - Wurhofer, Daniela

AU - Strumegger, Eva-Maria

AU - Stainer-Hochgatterer, Andreas

AU - Kulnik, Stefan Tino

AU - Crutzen, Rik

AU - Niebauer, Josef

N1 - Funding Information: This GDPR compliance activity was conducted within the scope of the Co-production of home-based digital support for cardiac patients (CODIS) project, funded by the Ludwig Boltzmann Gesellschaft (LBG) Open Innovation in Science (OIS) Center under the “Research Enrichment Fund: COVID-19 Support Measures”. Publisher Copyright: © 2022 International Medical Informatics Association (IMIA) and IOS Press.

PY - 2022/6/6

Y1 - 2022/6/6

N2 - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.

AB - The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.

KW - Austria

KW - Computer Security

KW - Humans

U2 - 10.3233/SHTI220066

DO - 10.3233/SHTI220066

M3 - (Systematic) Review article

C2 - 35673005

SN - 0926-9630

VL - 290

SP - 222

EP - 226

JO - Studies in Health Technology and Informatics

JF - Studies in Health Technology and Informatics

ER -