Are the Healthcare Institutions Ready to Comply with Data Traceability Required by GDPR? A Case Study in a Portuguese Healthcare Organization

Cátia Santos-Pereira; Cátia Santos-Pereira; Alexandre B. Augusto; José Castanheira; Tiago Morais; Ricardo Correia; Ricardo Correia

doi:10.5220/0009000405550562

Are the Healthcare Institutions Ready to Comply with Data Traceability Required by GDPR? A Case Study in a Portuguese Healthcare Organization

Cátia Santos-Pereira, Cátia Santos-Pereira, Alexandre B. Augusto, José Castanheira, Tiago Morais, Ricardo Correia, Ricardo Correia

2020

Abstract

GDPR introduces a new concept: ”Data protection by design and per default” for new software development however legacy systems will also have to adapt in order to comply. This creates great pressure on health care institutions, namely hospitals, and software producers to provide data protections and traceability mechanisms for their current and legacy systems. The aim of this work is to understand the maturity level of a Portuguese Healthcare Organization in their audit records to comply with GDPR article 30 and 32 since healthcare organization operate in a daily-basis with personal data. This study was performed with the partnership of a public Portuguese healthcare organization and were organized into three main phases: (1) data collection of all information systems that operate with personal data; (2) interviews with IT professionals in order to retrieve the necessary knowledge for each information system and (3) analysis of the collected data and its conclusions. This study helped to identify a need inside this organization and to determine a follow-up plan to overpass this challenge. However it also identified some constrains like financial budget, legacy systems, small team of IT professionals in the organization and difficulties in establish communication with information system providers.

Download

Paper Citation

in Harvard Style

Santos-Pereira C., Augusto A., Castanheira J., Morais T. and Correia R. (2020). Are the Healthcare Institutions Ready to Comply with Data Traceability Required by GDPR? A Case Study in a Portuguese Healthcare Organization. In Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF; ISBN 978-989-758-398-8, SciTePress, pages 555-562. DOI: 10.5220/0009000405550562

in Bibtex Style

@conference{healthinf20,
author={Cátia Santos-Pereira and Alexandre B. Augusto and José Castanheira and Tiago Morais and Ricardo Correia},
title={Are the Healthcare Institutions Ready to Comply with Data Traceability Required by GDPR? A Case Study in a Portuguese Healthcare Organization},
booktitle={Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF},
year={2020},
pages={555-562},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009000405550562},
isbn={978-989-758-398-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF
TI - Are the Healthcare Institutions Ready to Comply with Data Traceability Required by GDPR? A Case Study in a Portuguese Healthcare Organization
SN - 978-989-758-398-8
AU - Santos-Pereira C.
AU - Augusto A.
AU - Castanheira J.
AU - Morais T.
AU - Correia R.
PY - 2020
SP - 555
EP - 562
DO - 10.5220/0009000405550562
PB - SciTePress