M. Azraoui, M. Önen, R. Molva, “Framework for Searchable Encryption with SQL Databases”, Conference CLOSER 2018, 19-21 March 2018, Medeira, Portugal. [Conference website http://closer.scitevents.org/]
The recently approved EU General Data Protection Regulation has set a major change in the privacy landscape.
The GDPR will be adopted in the next few days and every organization will need to comply with it by 2018. It will replace the European Data Protection Directive of 1995 and will finally introduce one single law for all 28 EU Member States, with high impact on the digital health market and its security.
The Safe Harbor agreement, regulating the transfer of EU citizens private data to companies located in the USA, was cancelled with the decision of the European Court of Justice.
Another major change impacting the health sector is the approval of the new Network and Information Security (NIS) Directive which imposes to companies in critical sectors – energy, transport, banking and health – as well as key Internet service providers to adopt risk management practices and report major incidents to the national authorities. National authorities will be able to impose sanctions on companies which fail to adopt the required measures.
A lot of changes took place also in the narrow mHealth field targeting specifically mobile apps. The EU Commission in 2015 continuously worked on this issue, publishing related documents such as the Opinion titled “Mobile Health. Reconciling technological innovation with data protection”. This Opinion looks closely at types of data processed in the mHealth context and design of mHealth apps.
ENISA, the EU security advisory body, is also working on the security of eHealth systems in each EU Member State. Last year ENISA published a report on the status of each country in this field. Finally, at national level the Member States themselves have started analyzing the possibility of regulating mHealth.