Abstract
BackgroundConcerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems.ObjectiveThis study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements.MethodsA list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR.ResultsA total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements.ConclusionsThis study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.
Highlights
The computer-based patient record has been considered an essential technology for health care in the last 25 years [1] even though their cost-effectiveness still needs more research to be fully assessed [2]
This study showed that the openEHR principles conform well to General Data Protection Regulation (GDPR), underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start
The first focus was on a review of the GDPR for medical research, it does not provide a usable division of the requirements, focusing instead on the changes GDPR brings to researchers; the second focus was on term definitions such as portability of health care data, personal data breaches, anonymization, pseudonymization, and encryption, in which requirements affect the lawful processing of data for research
Summary
The computer-based patient record has been considered an essential technology for health care in the last 25 years [1] even though their cost-effectiveness still needs more research to be fully assessed [2]. Health care professionals deal with a great volume of data, as their activities are heavily dependent on information accessed, as well as the way it is processed, managed, and made available. Information technology (IT) development has enabled health care institutions to improve the collection and processing of health data, raising new concerns regarding the sensitivity of the information processed by information systems (ISs), namely, http://medinform.jmir.org/2019/1/e9845/ XSLFO RenderX. Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
