Access Requests Research Articles

Case C-307/22: The GDPR Fine Line Between Access and Abuse

Abstract: It stands as a common practice for service providers to collect the personal data of clients or patients. At the same time, it becomes just as common for thee data subjects to have access to what is stored about them, sometimes via a “data subject access request”, as the GDPR names it in Article 15. In this context, Case C-307/22 (founded on such a request from a patient against their dentist) delineated when abusive data subject access requests occur, including the limits of the data controller’s refusal to comply with it or the decision to charge for the act of complying.As part of the case, the CJEU pinpointed the solution for the conflict between the GDPR and the German data protection implementation law, the reiteration of Recitals’ value in terms of GDPR applicability and the right of access as a tool in triggering medical liability. Correspondingly, the case note will explore the repercussions of this case at both doctrinal and legislative level, since the decision’s interpretation may come into conflict with national data protection laws.On this point,Greece and France will be the relevant jurisdictions for the analysis, since Article 12 of the GDPR was slightly amended in their data protection laws by introducing the concept of “abusive” requests. Furthermore, the implications towards Private Lawwill also be addressed, with particular focus onContract Law, Property LawandTort Law.Substantially, the case note depicts how inconsistency may arise from attempted consistency, compelling the data protection legal apparatus to restructuring.

ANALYSIS OF THE RESULTS OF SIMULATIVE MODELLING OF THE INFORMATION SECURITY SYSTEM IN THE CORPORATE NETWORKS OF HIGHER EDUCATION INSTITUTIONS

The analysis shows that the insufficient level of information security in service networks is the main cause of huge losses for enterprises. Despite the appearance of a number of works to solve this problem, there is currently no unified system for assessing information security. This shows that this problem has not yet been sufficiently studied and relevant. This work is one of the steps towards creating a system for assessing information security in service networks. The purpose of the work is to develop an algorithm and simulation model, analyze the results of the simulation model to determine the main characteristics of the information security system (ISS), providing the ability to completely close all possible channels of threats by controlling all unauthorized access (UA) requests through the protection mechanism (PM). To solve the problem, a simulation method was applied using the principles of queuing systems (QS). This method makes it possible to obtain the main characteristics of the ISS from the UA with an unlimited amount of buffer memory (BM). Models, an algorithm and a methodology for the development of ISS from UA are proposed, which is considered as a single-phase multi-channel QS with an unlimited volume of BM. The process of obtaining simulation results was implemented in the GPSS World modeling system and comparative analyzes of the main characteristics of the ISS were carried out for various laws of distribution of output parameters. At the same time, UA requests were the simplest flows, and the service time was subject to exponential, constant and Erlang distribution laws. Conducted experiments based on the proposed models and algorithm for analyzing the characteristics of the ISS from the UA as a single-phase multi-channel QS with unlimited waiting time for requests in the queue confirmed the expected results. The results obtained can be used to build new or modify existing ISS in corporate networks for servicing objects for various purposes. This work is one of the approaches to generalizing the problems under consideration for systems with an unlimited volume of BM. Prospects for further research include research and development of the principles of hardware and software implementation of ISS in service networks.

A Labyrinth of Public Information

Given the proliferation of electronic records in government agencies, public records are an increasingly valuable source of information for research, advocacy, and public oversight. Using an information management framework, this article reviews practices by four organizations in the US (National Security Archive, University of Washington Center for Human Rights, MuckRock, and Reclaim the Records) to request, manage, and use the information obtained through public access requests. Through case studies, findings pinpoint key obstacles and opportunities to strengthen research and advocacy using Freedom of Information laws, and how users of public records can shift from individual one-time pursuits of records to broader, ongoing and collaborative initiatives.

Restricting access to AI decision-making in the public interest: The justificatory role of proportionality and its balancing factors

In the European Union, individuals subject to fully automated AI-based decisions by the government have the right to request access to the processing information under Article 15(1)(h) of the General Data Protection Regulation (GDPR). However, this right may be restricted on public interest grounds, such as preventing system manipulation to ensure the effectiveness of the law or reducing excessive burdens on public officials to maintain efficiency in government operations. The principle of proportionality is a key instrument to assess the legality and legitimacy of such restrictions, yet its application has been largely overlooked in discussions concerning the competing public interests under Article 15(1)(h) of the GDPR. This paper draws on legal and interdisciplinary scholarship, as well as the case law of the Court of Justice of the European Union (CJEU) to explore the role of proportionality and its balancing factors in shaping justifications for public interest restrictions on the data protection right of access to AI decision-making information.

A robust algorithm for authenticated health data access via blockchain and cloud computing.

In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Architecture for Enhancing Communication Security with RBAC IoT Protocol-Based Microgrids.

In traditional power grids, the unidirectional flow of energy and information has led to a decrease in efficiency. To address this issue, the concept of microgrids with bidirectional flow and independent power sources has been introduced. The components of a microgrid utilize various IoT protocols such as OPC-UA, MQTT, and DDS to implement bidirectional communication, enabling seamless network communication among different elements within the microgrid. Technological innovation, however, has simultaneously given rise to security issues in the communication system of microgrids. The use of IoT protocols creates vulnerabilities that malicious hackers may exploit to eavesdrop on data or attempt unauthorized control of microgrid devices. Therefore, monitoring and controlling security vulnerabilities is essential to prevent intrusion threats and enhance cyber resilience in the stable and efficient operation of microgrid systems. In this study, we propose an RBAC-based security approach on top of DDS protocols in microgrid systems. The proposed approach allocates roles to users or devices and grants various permissions for access control. DDS subscribers request access to topics and publishers request access to evaluations from the role repository using XACML. The overall implementation model is designed for the publisher to receive XACML transmitted from the repository and perform policy decision making and enforcement. By applying these methods, security vulnerabilities in communication between IoT devices can be reduced, and cyber resilience can be enhanced.

Experiences in providing a community educational resource for the All of Us Researcher Workbench.

Educational offerings to fill the bioinformatics knowledge gap are a key component to enhancing access and use of health data from the All of Us Research Program. We developed a Train the Trainer-based, innovative training series including project-based learning, modular on-demand demonstrations, and unstructured tutorial time as a model for educational engagement in the All of Us community. We highlight our training modules and content, with training survey data informing cycles of development in the creation of a 6-module training series with modular demonstrations. We have conducted 2 public iterations of the Train the Trainer (Tx3) Series based on survey feedback while training over 300 registered researchers to access and analyze data on the All of Us Researcher Workbench. Future directions of the Tx3 Series include enhanced focus on project-based learning and learner requests for modularity and asynchronous materials access.

ZeroVCS: An efficient authentication protocol without trusted authority for zero-trust vehicular communication systems

Vehicular communication systems can provide two types of communications: Vehicle-to-Infrastructure (V2I) and Vehicle-to-Vehicle (V2V). However, in both cases, there is zero-trust between the communicating entities. This may give privilege to the unauthorized vehicles to join the network. Hence, a strong authentication protocol is required to ensure proper access control and communication security. In traditional protocols, such tasks are typically accomplished via a central Trusted Authority (TA). However, communication with TA may increase the overall authentication delay. Such delay may be incompatible with the future generation vehicular communication systems, where dense deployment of small-cells are required to ensure higher system capacity and seamless mobility (e.g., 5G onward). Further, TA may suffer from denial-of-service when the number of access requests becomes excessively large, because each request must be forwarded to TA for authentication and access control. In this article, we put forward an efficient authentication protocol without trusted authority for zero-trust vehicular communication systems, called ZeroVCS. It does not involve TA for authentication and access control, thus improving the authentication delay, reducing the chance of denial-of-service, and ensuring compatibility with the future generation vehicular communication systems. ZeroVCS can also provide communication security under various passive and active attacks. Finally, the performance-based comparison proves the efficiency of ZeroVCS.

Development of a dictionary of information items inspired by common data models to support health research data access requests

A network of organizations collaborates to provide services to facilitate multi-regional research across Canada. To streamline the data access process, the network is developing a dictionary of information items (InfoItems), providing a label and definition that represent a semantic sourced from an ontology (e.g., “human birth date” from a demography ontology). This allows for a standardized and shareable means to express data requirements. Inspired by health-research common data models (CDMs) like those from the Observational Medical Outcomes Partnership (OMOP) and the Canadian Network for Observational Drug Effects (CNODES), approximately 60 InfoItems were developed by the network. As a pilot exercise, four data centres mapped their data assets to the InfoItems to ensure they are relevant to the Canadian health data context. This has laid the foundation for InfoItems as a basic data harmonization mechanism. The new InfoItems-based data dictionary promotes the standardization of data asset contents across the network’s data centres. Researchers can use the dictionary to specify a project’s data requirements, establishing details like data availability across multiple regions, for inclusion in their data access request. The InfoItems dictionary is pivotal in simplifying data access requests, promoting multi-regional research in Canada. This resource can simultaneously safeguard the quality of analytical results and optimize data extraction into existing data models (e.g., health-research CDMs). Ongoing improvements in this area aim to enhance user experience and facilitate quality research.

How DASH enables external data linkage to support multi-regional research

A network of organizations works together to support multi-regional health research across Canada. The network comprises 13+ provincial/territorial and pan-Canadian data centres, which collectively hold 500+ data assets. Although the network actively pursues new administrative or clinical data assets, linking to external research data is also a growing need in the contemporary research landscape. Data from the network’s centres can be linked to external data sources such as that from: researchers’ trials or studies; disease or population-based registries; and data sources from other organizations or custodians. Consultations held with data centers clarified their processes for linking to external data, by identifying and mapping local linkage features to a general linkage model. Local processes for data linkage, including necessary agreements and approval steps are now modelled and documented, and available to researchers and the data centres as a resource. This information helps streamline data access and linkages to data assets across the network and externally. Operationally, the network is currently working on 11 data access requests involving linkage to external data, of which three are expected to deliver final data to researchers by spring 2024. Collaboration with data centres, affiliated organizations, and researchers are foundational in the development of linkage models across the network. These models play a critical role in making linkages across data sources within Canada more efficient and standardized. Data linkages across data assets support the utility of data and health innovation.

Navigating the barriers to multi-regional research administrative data access: Forward thinking solutions

In 2021, aware of both the importance of pan-Canadian data access for advancing health research and the conditions and requirements that make administrative data access onerous, HDRN Canada worked with CATCO the Canadian arm of an international COVID-19 clinical trial to create a roadmap for navigating the barriers to multi-regional administrative data access in Canada. While developing the roadmap, data access request processes were studied in real time for a multi-region study seeking access to link administrative data to clinical trial data, at the individual level. The intent was to move beyond anecdotal evidence and document the specific nature of policy and processes that hamper data access. The case study allowed the study team to define the barriers permitting application of tangible mitigating measures. In 2022, barriers such as the lack of ability to share data across provincial borders became too great to continue the study. Although the roadmap was not completed, insights were gained for waypoints along the path enabling HDRN Canada to make important process improvement to harmonize data access across regions. Solutions to challenges with data access request forms, regional data flows, data sharing partner relationships, data sharing agreements, and REB and project reviews were identified. Recently pan-Canadian initiatives have released important guidance for addressing data access challenges. The adoption of this guidance is paramount to ensure Canada continues to meaningfully contribute to health research. Forward thinking solutions to data access challenges today will establish the necessary infrastructure for a future with minimal data access barriers.

E-Tenon: An efficient privacy-preserving secure open data sharing scheme for EHR system

The transition from paper-based information to Electronic-Health-Records (EHRs) has driven various advancements in the modern healthcare industry. In many cases, patients need to share their EHR with healthcare professionals. Given the sensitive and security-critical nature of EHRs, it is essential to consider the security and privacy issues of storing and sharing EHR. However, existing security solutions excessively encrypt the whole database, thus requiring the entire database to be decrypted for each access request, which is time-consuming. On the other hand, the use of EHR for medical research (e.g., development of precision medicine and diagnostics techniques) and optimisation of practices in healthcare organisations require the EHR to be analysed. To achieve that, they should be easily accessible without compromising the patient’s privacy. In this paper, we propose an efficient technique called E-Tenon that not only securely keeps all EHR publicly accessible but also provides the desired security features. To the best of our knowledge, this is the first work in which an Open Database is used for protecting EHR. The proposed E-Tenon empowers patients to securely share their EHR under their own multi-level, fine-grained access policies. Analyses show that our system outperforms existing solutions in terms of computational complexity.

Towards accountable and privacy-preserving blockchain-based access control for data sharing

The integration of blockchain technology with Access Control (AC) systems presents novel opportunities for enhancing data security within decentralized architectures, which is drawing increasing attention in Data Sharing (DS) applications. However, existing works reveal a gap in achieving accountability for anonymous access in the absence of a centralized trusted authority. To address this issue, this paper introduces InvisiReveal, a novel Blockchain-Based AC (BBAC) framework that achieves permission invisibility, access anonymity, and accountability without extra trust assumptions. Users in InvisiReveal generate anonymous credentials to authenticate their requests using Zero Knowledge Proof. To enable accountability, a novel blockchain-oriented verifiable commitment (BC-VC) protocol is designed that allows a user to commit a confidential traceable tag to the blockchain. The system could unveil a malicious requester’s identity by opening the tag commitment under collaboration with the victim user and blockchain. We implement a prototype of InvisiReveal to evaluate its practicality, where an access request is verified within 5 ms.

Context-Aware Risk Attribute Access Control

Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model’s performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system’s adaptability to risk fluctuations while safeguarding sensitive information.

Maximizing the Utility of Alzheimer’s Disease Trial Data: Sharing of Baseline A4 and LEARN Data

BackgroundThe Anti-Amyloid Treatment in Asymptomatic Alzheimer’s Disease (A4) and Longitudinal Evaluation of Amyloid Risk and Neurodegeneration (LEARN) studies were conducted between 2014 and 2023, with enrollment completed in 2017 and final study results reported in 2023. The study screening process involved the collection of initial clinical, cognitive, neuroimaging, and genetic measures to determine eligibility. Once randomized, enrolled participants were assessed every four weeks over a 4.5-year follow-up period during which longitudinal clinical, cognitive, and neuroimaging measures were collected. A large number of longitudinal fluid biospecimens were also collected and banked. Consistent with the NIH data sharing policy and the principles of Open Science, the A4/LEARN investigators aimed to share data as broadly and early as possible while still protecting participant privacy and confidentiality and the scientific integrity of the studies.ObjectivesWe describe the approach, methods, and platforms used to share the A4 and LEARN pre-randomization study data for secondary research use. Preliminary results measuring the impact of these efforts are also summarized. We conclude with a discussion of lessons learned and next steps.DesignThe materials shared included de-identified quantitative and image data, analysis software, instruments, and documentation.SettingThe A4 and LEARN Studies were conducted at 67 clinical trial sites in the United States, Canada, Japan, and Australia.ParticipantsThe A4 study screened (n=6763), enrolled, and randomized (n=1169) participants between the ages of 65 and 85 with a blinded follow-up period of 240 weeks followed by an open-label period of variable length. The LEARN study screened and enrolled individuals (n=538) who were ineligible for the A4 study based on nonelevated measures of amyloid accumulation using positron emission tomography imaging (amyloid PET).MeasurementsWe provide descriptive measures of the data shared and summarize the frequency, characteristics, and status of all data access requests submitted to date. We evaluate the scientific impact of the data-sharing effort by conducting a literature search to identify related publications.ResultsThe A4 and LEARN pre-randomization study data were released in December 2018. As of May 8, 2024, 1506 requests have been submitted by investigators and citizen scientists from more than 50 countries. We identified 49 peer-reviewed publications that acknowledge the A4/LEARN study.ConclusionsOur initial results provide evidence supporting the feasibility and scientific utility of broad and timely sharing of Alzheimer’s disease trial data.

ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model

Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCON IoT . We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCON IoT . This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.

The Need for Adaptive Access Control System at the Network Edge

The emergence of edge computing, characterized by its distributed nature and real-time processing, necessitates a paradigm shift in access control mechanisms. Traditional, static methods struggle to adapt to the dynamic and heterogeneous environment of edge computing. This research addresses this gap by proposing an Adaptive Risk-Based Access Control (ARBAC) model specifically designed for edge environments. The objective of this research is to develop a robust access control system that dynamically responds to the changing security landscape of edge computing. The proposed ARBAC model integrates real-time data on user context, resource sensitivity, action severity, and risk history to dynamically assess the security risk associated with each access request. This approach ensures a balance between robust security and user experience by tailoring access controls based on the specific context. The research builds upon the growing recognition of the limitations of traditional access control methods in edge environments. Existing literature highlights the need for adaptive and risk-based access control models to address the dynamic nature of edge computing. This research contributes to this evolving field by proposing an ARBAC model that leverages real-time information for contextually relevant access decisions. The proposed ARBAC model offers several advantages. By dynamically adjusting access controls based on risk levels, the model enhances security and ensures compliance with regulatory requirements. Additionally, it improves network performance by reducing load and facilitating faster access to resources. Furthermore, the model's scalability makes it suitable for managing access in large-scale edge deployments. In conclusion, this research proposes an ARBAC model that aligns with the dynamic nature of edge computing environments. By leveraging real-time data and contextual information, the model offers a robust and adaptable approach to access control, promoting security, compliance, performance, and scalability in edge computing. This research paves the way for further exploration and implementation of ARBAC systems, empowering organizations to effectively manage access control in the evolving landscape of edge computing and IoT.

The relevance of open educational resources for post-soviet higher education in the digital age

ABSTRACT The digital era has seen the rise of innovations such as online training platforms and digital toolkits for teaching and learning whilst at the same time open access initiatives are losing the attention of educators. The problem under consideration in this paper is the replacement of open educational resources (OER) with digital innovations in higher education (HE). The purpose of this study is to identify the relevance of OER to post-Soviet HE in the digital age. The research employed methods of descriptive analytics to process data on users’ activities extracted from OER repositories with web-analytic apps. The survey was conducted among 441 lecturers to elucidate their request for access to and patterns of usage of digital OER. The findings confirmed the relevance of OER in contemporary education through the similarity of lecturers’ experience worldwide. During the urgent transition to remote learning owing to the COVID-19 pandemic, OER helped lecturers access informed digital practices through appropriate methods and content. OER has thus retained its relevance against the backdrop of the emergence of digital innovations in HE. The international comparison of findings demonstrates the existence of a shared awareness of the importance of OER and similar drivers for OER production and usage.

Project Facilitate: An analysis of the increased utilization in the oncology single patient expanded access pathway.

11029 Background: FDA Oncology Center of Excellence’s (OCE) Project Facilitate (PF) was launched in June 2019 in response to perceived barriers providers face when accessing Expanded Access (EA). PF staff provide step-by-step support to oncology healthcare providers requesting use of investigational drugs to treat their patients with cancer. Since launch, PF has received an increased number of oncology single patient EA applications each calendar year. An analysis of single patient investigational new drug applications (IND) received was performed over each calendar year, starting June 1, 2020. Methods: Data was extracted from PF’s central database between June 1, 2020 and December 31, 2023. Data collected included IND receipt date, granting date, status, application type, indication, drug name, address of requestor, and patient demographics. The starting date of June 1, 2020 was chosen since it was when PF staff officially started performing clinical review of applications. Results: Of the 2791 oncology single patient expanded access applications extracted, there were 681 (24.4%) emergency INDs (eIND) and 2110 (75.6%) non-emergency single patient INDs (SPI). Applications received by calendar year increased since June 1, 2020 to December 31, 2020 (397, 14.2%), 2021 (682, 24.4%), 2022 (822, 29.5%), and 2023 (890, 31.9%). The top-3 disease areas requested include high grade glioma (262, 9.4%), multiple myeloma (213, 7.6%), and melanoma (186, 6.7%). The top-3 disease areas requested in pediatric patients < 17 years of age (568, 20.4%) include AML (88, 15.5%), high grade glioma (85, 15%), and ALL (47, 8.3%). Race and ethnicity information was provided in 32 applications containing white/Caucasian (24, 75%), Black or African American (4, 12.5%), Asian (2, 6.25%), and Hispanic or Latino (2, 6.25%). Applications were received from 46 states and 1 US territory, Puerto Rico. The top 3 states requestors resided in were CA (346, 12.4%), NY (317, 11.4%), and TX (276, 9.9%). Although rare, 22 (0.79%) applications were denied or placed on clinical hold most commonly due to curative or established therapies being available. Conclusions: Project Facilitate saw a 20.4% increase in oncology single patient expanded access requests received from calendar year 2021 compared to 2022 and an 8.3% increase from 2022 to 2023, equaling a 30.4% increase in 2023 compared to 2021. [Table: see text]

Epidemiological and clinical trends of visceral leishmaniasis in Portugal: retrospective analysis of cases diagnosed in public hospitals between 2010 and 2020

BackgroundLeishmania infantum is endemic in the Mediterranean region, presenting mostly as visceral leishmaniasis (VL). In Portugal, reporting of VL cases to public health authorities is mandatory, but significant underreporting is likely. This study aimed to describe the epidemiological and clinical aspects of the VL cases diagnosed in hospitals of the Portuguese National Health Service (NHS), between 2010 and 2020.MethodsCollaboration was requested to every hospital of the Portuguese NHS in Mainland Portugal. Cases were screened through a search of diagnostic discharge codes or, if not available, by a search of positive laboratory results for Leishmania infection. Sociodemographic and clinical data was retrieved from medical records. Simultaneously, the National Health authority was contacted to request access to data of notified cases of VL between 2010 and 2020. Descriptive, hypothesis testing and multiple binary logistic regression models were performed.ResultsA total of 221 VL cases were identified. A significant increase in estimated national incidence was seen in the years after 2016 (P = 0.030). VL was predominantly diagnosed in people living with HIV (PLWH) and in children (representing around 60% of the new cases), but the outcome was generally poorer in non-HIV patients with associated immunosuppression, with significantly lower rates of clinical improvement at 7 (P = 0.003) and 30 days (P = 0.008) after treatment. Atypical presentations, with gastrointestinal and/or respiratory involvement, were seen in 8.5% of VL cases. Hemophagocytic lymphohistiocytosis was diagnosed in 40.0% of children under 5 years of age. Only 49.7% of incident VL cases were reported. Simultaneous involvement of the skin was confirmed in 5.9% of patients.ConclusionsVL presents a continuing threat in Portugal, especially to PLWH and children, and an increasing threat to other immunosuppressed groups. Recent increases in incidence should be closely monitored to allow prompt interventions. Programs to control the disease should focus on providing tools for earlier diagnosis and on reducing underreporting and promoting an integrated surveillance of human and animal disease. These data should be combined with asymptomatic infection and vector information, following a One Health approach.Graphical