Use this URL to cite or link to this record in EThOS:
Title: Ontology based privacy compliance for health data disclosure in Europe
Author: Rahmouni, Hanene Boussi
ISNI:       0000 0004 2739 7175
Awarding Body: University of the West of England, Bristol
Current Institution: University of the West of England, Bristol
Date of Award: 2011
Availability of Full Text:
Access from EThOS:
The harmonization of data protection law in Europe has been theoretically achieved by means of the EU directive on data protection. In practice, the harmonization is not absolute and conflicts continue to exist in the ways Member States are implementing the directive. The integration of different European medical systems will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. In fact, the gap between high level regulations and organisational processes of privacy management in both intellectual and operational terms, dramatically scale within a multi-jurisdictional environment. When sharing medical data between different health organisations in Europe, it is important that the different parties involved in the sharing handle the data in the way indicated by the legislation of the Member State where the data was originally collected, as the requirements might differ from one State to another. Privacy requirements, such as patient consent, may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks of even a single Member State. This is due first to the fact that, subject to the provision of suitable safeguards, the directive leaves some space for Member States to lay down simplifications and exemptions to some of the obligations that are dictated; such as the obligation to notify the data subject of the processing of their data. Consequently, the legal frameworks in some Member States tend to be less favourable to the processing of personal data for medical research than others. The problem, researchers must then face, is how to comply with multi jurisdiction requirements when working across national borders. In this thesis, we present an approach to enhance privacy compliance when sharing patient data across European domains and ensure its enforcement internally and within external domains where the data might travel. This approach is based on the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. These requirements are for the sharing of personal data between different European Member States. Our model reflects both similarities and conflicts, if any, between the different Member States. The semantic model is thereafter used to tackle three crucial compliance management issues that are: first, increasing privacy awareness within the medical users' community; second, explicitly integrating legal requirements of privacy within access control policies adopted by existing distributed infrastructures such as the grid; third, the modelling of privacy requirements will be also used to allow the auditing of compliance of privacy aware access control policies and the high level privacy guidelines our system initially offer to medical users. In conclusion this research contributes to bridging the gap between high level privacy regulations and organisational processes of privacy management; both human and operational processes.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available