Business and legal framework for the exchange of mHealth data for aged care across countries

This chapter presents the legal and business analysis based on the use cases of the AQ3 AU2EU project described in deliverable D1.1.1. A conceptual framework is developed for legal and business analysis that is then applied to all the six usecases. The conceptual framework involves three elements: actors, activities andimpact of activities on factors such as risk, cost, quality and productivity. Actorscan be classified as subjects, controllers, processors, third party or third country. They can be individuals or organisations. Activities can be categorised as goals, touch-points and resources. This framework is applied to legal and business analysis as summarised in the next two paragraphs.The legal analysis involves two components: the evolving regulatory environment in the countries involved and their implications for the e-Authentication and e-Authorisation related to sensitive information of the AU2EU use cases in general. Sensitive information, also referred to as data in this chapter, have been classified as regulated data, confidential data and public data. These data may belong to individuals, organisations or government bodies. While the actors and activities relate to the handling of these different types of data, the impact mostly relates to the risk assessment and mitigation in the context of each use case.The business analysis uses the conceptual framework to analyse in detail thevalue proposition for introducing an electronic platform with e-Authentication and e-Authorisation to replace the existing process. It compares the current situation (e.g. manual record handling) with the proposed e-Authentication ande-Authorisation strategy. The value proposition has been analysed mainly from the perspectives of cost, productivity and risk

Business and legal framework for health data privacy assessment:example of ambient assisted living

Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws

Business and legal framework for the exchange of mHealth data for aged care across countries

This chapter presents the legal and business analysis based on the use cases of the AQ3 AU2EU project described in deliverable D1.1.1. A conceptual framework is developed for legal and business analysis that is then applied to all the six use cases. The conceptual framework involves three elements: actors, activities and impact of activities on factors such as risk, cost, quality and productivity. Actors can be classified as subjects, controllers, processors, third party or third country. They can be individuals or organisations. Activities can be categorised as goals, touch-points and resources. This framework is applied to legal and business analysis as summarised in the next two paragraphs. The legal analysis involves two components: the evolving regulatory environment in the countries involved and their implications for the e-Authentication and e-Authorisation related to sensitive information of the AU2EU use cases in general. Sensitive information, also referred to as data in this chapter, have been classified as regulated data, confidential data and public data. These data may belong to individuals, organisations or government bodies. While the actors and activities relate to the handling of these different types of data, the impact mostly relates to the risk assessment and mitigation in the context of each use case. The business analysis uses the conceptual framework to analyse in detail the value proposition for introducing an electronic platform with e-Authentication and e-Authorisation to replace the existing process. It compares the current situation (e.g. manual record handling) with the proposed e-Authentication and e-Authorisation strategy. The value proposition has been analysed mainly from the perspectives of cost, productivity and risk