Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)-Reference-Cited by-同舟云学术

Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Published:2020-12-17 Issue:12 Volume:11 Page:586
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Georgiou Dimitra,Lambrinoudakis Costas

Abstract

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

Publisher

MDPI AG

Subject

Information Systems

Link

https://www.mdpi.com/2078-2489/11/12/586/pdf

Reference32 articles.

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119. 4 May 2016. p. 1–88https://eur-lex.europa.eu/eli/reg/2016/679/oj

2. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Datahttps://eur-lex.europa.eu/eli/dir/1995/46/oj

3. Council of Europe Handbook on European Data Protection Law 2018 Editionhttps://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf

4. Art. 4 GDPR—Definitionshttps://www.privacy-regulation.eu/en/article-4-definitions-GDPR.htm

5. Art. 9 GDPR Processing of Special Categories of Personal Datahttps://gdpr-info.eu/art-9-gdpr/

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Investigation of Data Protection in Cloud Environment;Computer Science, Engineering and Technology;2024-08-13

2. Towards Enhanced Data Integrity and Accountability: Leveraging Blockchain Technology in Healthcare;Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments;2024-06-26

3. Stealthy Backdoor Attack Towards Federated Automatic Speaker Verification;ICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP);2024-04-14

4. Exploring the General Data Protection Regulation (GDPR) compliance in cloud services: insights from Swedish public organizations on privacy compliance;Future Business Journal;2023-12-15

5. Secure transfer of robust healthcare data using blockchain-based privacy;Cluster Computing;2023-05-09