Your search keyword '"Cruz-Correia R"' showing total 3 results

1. HS.Register - An Audit-Trail Tool to Respond to the General Data Protection Regulation (GDPR).

Author

Gonçalves-Ferreira D, Leite M, Santos-Pereira C, Correia ME, Antunes L, and Cruz-Correia R

Subjects

Computers, Hospital Information Systems, Hospitals, Humans, Computer Security, Software

Abstract

Introduction The new General Data Protection Regulation (GDPR) compels health care institutions and their software providers to properly document all personal data processing and provide clear evidence that their systems are inline with the GDPR. All applications involved in personal data processing should therefore produce meaningful event logs that can later be used for the effective auditing of complex processes. Aim This paper aims to describe and evaluate HS.Register, a system created to collect and securely manage at scale audit logs and data produced by a large number of systems. Methods HS.Register creates a single audit log by collecting and aggregating all kinds of meaningful event logs and data (e.g. ActiveDirectory, syslog, log4j, web server logs, REST, SOAP and HL7 messages). It also includes specially built dashboards for easy auditing and monitoring of complex processes, crossing different systems in an integrated way, as well as providing tools for helping on the auditing and on the diagnostics of difficult problems, using a simple web application. HS.Register is currently installed at five large Portuguese Hospitals and is composed of the following open-source components: HAproxy, RabbitMQ, Elasticsearch, Logstash and Kibana. Results HS.Register currently collects and analyses an average of 93 million events per week and it is being used to document and audit HL7 communications. Discussion Auditing tools like HS.Register are likely to become mandatory in the near future to allow for traceability and detailed auditing for GDPR compliance.

Published

2018

2. openEHR Based Systems and the General Data Protection Regulation (GDPR).

Author

Sousa M, Ferreira D, Santos-Pereira C, Bacelar G, Frade S, Pestana O, and Cruz-Correia R

Subjects

Delivery of Health Care, Hospital Information Systems, Humans, Software, Computer Security, Electronic Health Records

Abstract

The concerns about privacy and personal data protection resulted in reforms of the existing legislation in European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing measures on the topic of personal data protection of the European Union citizens, with a strong input on the rights and freedoms of people and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records. This work aims to understand to what extent the openEHR standard can be considered a solution for the requirements needed by GDPR. A list of requirements for a Hospital Information Systems (HIS) compliant with GDPR and an identification of openEHR specifications was made. The requirements were categorized and compared with the specifications. The requirements identified for the systems were matched with the openEHR specifications, which result in 16 requirements matched with openEHR. All the specifications identified matched at least one requirement. OpenEHR is a solution for the development of HIS that reinforce privacy and personal data protection, ensuring that they are contemplated in the system development. The institutions can secure that their Eletronic Health Record are compliant with GDPR while safeguarding the medical data quality and, as a result, the healthcare delivery.

Published

2018

3. Access control: how can it improve patients' healthcare?

Author

Ferreira A, Cruz-Correia R, Antunes L, and Chadwick D

Subjects

Developed Countries, Humans, Access to Information, Computer Security, Medical Records Systems, Computerized organization & administration

Abstract

The Electronic Medical Record (EMR) is a very important support tool for patients and healthcare professionals but it has some barriers that prevent its successful integration within the healthcare practice. These barriers comprise not only security concerns but also costs, in terms of time and effort, as well as relational and educational issues that can hinder its proper use. Access control is an essential part of the EMR and provides for its confidentiality by checking if a user has the necessary rights to access the resources he/she requested. This paper comprehensively reviews the published material about access control in healthcare. The review reveals that most of the access control systems that are published in the literature are just studies or prototypes in which healthcare professionals and patients did not participate in the definition of the access control policies, models or mechanisms. Healthcare professionals usually needed to change their workflow patterns and adapt their tasks and processes in order to use the systems. If access control could be improved according to the users' needs and be properly adapted to their workflow patterns we hypothesise that some of the barriers to the effective use of EMR could be reduced. Then EMR could be more successfully integrated into the healthcare practice and provide for better patient treatment.

Published

2007