Robust Privacy Assessment in Transnational Healthcare Systems

Abstract Recent developments in Information and Communication Technology have paved the foundations for new forms of collaboration between health systems in different countries. These collaborations allow, on the one hand, to monitor recurrent health emergencies on territories, and on the other hand, they allow national health systems to share information about foreign citizens in transit on their territory. European legislation regarding the processing of personal data places strict constraints on the cross-border transfer of personal data. In this case, companies or organizations, operating on information interchange, must adopt robust mechanisms to verify the adequacy requirements, in order to allow monitoring of security levels, identification of possible intervention actions and preparation of updated security plans for inspection visits required by European standards. In this context, Axiomatic Design allows not only to design medical systems and equipment in compliance with current regulations, but also to provide representations of the design artifact already prepared to implant privacy risk assessment mechanisms. This makes it possible to identify the activities/components to be assessed up to a level of elementary granularity such as to allow risk assessment for the single module. At the same time, the axiomatic approach enables the overall recomposition of privacy violation risks on the basis of a modular representation of the whole system according to the well-known V model scheme. This recomposition allows to build the so-called risk privacy coverage matrix, in order to trace the risk level of the elementary modules, associating them with more and more complex components. In this way, the foundations to build a dynamic monitoring system of the privacy risk level of the system can be defined.