Publications
Managing Consent in Workflows under GDPR
2020
The European Union General Data Protection Regulation (GDPR) defines the principles to be met by organizations when processing personal data in order to guarantee data privacy. According to GDPR, consent is required for establishing a legal basis for processing personal data, if there are no other legal grounds for the processing. Besides any identifiable “natural” person, also known as data subject, has the right to withdraw the given consent to process his or her personal data at any time. It is the organization’s responsibility to ensure consent and its revocation to demonstrate its compliance with GDPR. With respect to GDPR compliance, organizations can benefit from workflows as they might be used to ensure that consent is obtained before processing personal data. This paper addresses how to enable organizations to manage consent and revocation through their workflows.
Ontology-Based Privacy Compliance Checking for Clinical Workflows
2019
Data privacy is an essential human right to determine what, when, and how personal data is communicated to various recipients. In the healthcare domain, it is an important and challenging issue how to safeguard data privacy of patients. Healthcare providers have to process sensitive medical data compliantly with binding privacy regulations such as the European Union General Data Protection Regulation. Clinical workflows play an important role in healthcare domain by outlining the tasks must be done for the delivery of clinical services. However, in general, they do not support privacy constraints in an adequate way. In this paper, we propose an ontology-based privacy compliance check approach to detect the possible privacy violations in clinical workflows. In order to analyze the potential applicability of our methodology, we describe a Newborn Screening scenario where we show how to apply semantic reasoning to support building privacy-awareness.
A formal approach to build privacy-awareness into clinical workflows
2019
Clinical workflows consist of sets of tasks involving patients and healthcare professionals. In such an environment, maintaining the privacy of patient data is a significant challenge. Healthcare providers have to consider both legislative compliances with tightening privacy regulations and growing privacy concerns of individuals. Unlike data security, which aims at preventing unauthorized access, privacy focuses on providing individuals the ability to control when, how, and to what extent their data is used with a particular purpose. In this paper, we present our first steps on transforming existing non-privacy-aware clinical workflows into privacy-aware ones through algorithms based on privacy policies and privacy preferences.