The European cross-border health data exchange roadmap: case study in the Italian setting

Health data exchange is a major challenge due to the sensitive information and the privacy issues entailed. Considering the European context, in which health data must be exchanged between different European Union (EU) Member States, each having a different national regulatory framework as well as different national healthcare structures, the challenge appears even greater. Europe has tried to address this challenge via the epSOS (“Smart Open Services for European Patients”) project in 2008, a European large-scale pilot on cross-border sharing of specific health data and services. The adoption of the framework is an ongoing activity, with most Member States planning its implementation by 2020. Yet, this framework is quite generic and leaves a wide space to each EU Member State regarding the definition of roles, processes, workflows and especially the specific integration with the National Infrastructures for eHealth. The aim of this paper is to present the current landscape of the evolving eHealth infrastructure for cross-border health data exchange in Europe, as a result of past and ongoing initiatives, and illustrate challenges, open issues and limitations through a specific case study describing how Italy is approaching its adoption and accommodates the identified barriers. To this end, the paper discusses ethical, regulatory and organizational issues, also focusing on technical aspects, such as interoperability and cybersecurity. Regarding cybersecurity aspects per se, we present the approach of the KONFIDO EU-funded project, which aims to reinforce trust and security in European cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption, photonic Physical Unclonable Functions (p-PUF), a Security Information and Event Management (SIEM) system, and blockchain-based auditing. In particular, we explain how KONFIDO will test its outcomes through a dedicated pilot based on a realistic scenario, in which Italy is involved in health data exchange with other European countries

Addressing Security Issues in the eHeatlh Domain Relying on SIEM Solutions

During the last decade, we witnessed a constantly increasing digitalization in the health-care domain that, while from the one hand, has increased the average life expectancy representing one of the crowning achievements of the last years, from the other hand, has introduced extra challenges due to the simultaneous increasing of the proliferation of cyber-crime and the creation of malicious applications which try to access health sensitive data. This created the need for increased security implementations, leading to improved user acceptance of such applications and thus to large-scale adoption of these technologies and to full exploitation of their advantages. We here propose the use of a SIEM-based framework specifically tailored for a healthcare portal developed within the context of the Italian National Project eHealthNet, which allows real time monitoring of portal accesses with the aim of detecting potential threats and anomalies that could cause major security issues