An Ontology-based Compliance
Audit Framework for Medical Data Sharing across Europe
Hanene Rahmouni1,3,
Kamran Munir1, Intidhar Essefi3, Marco Mont2, and
Tony Solomonides4
1Department of Computer Science
and Creative Technologies, University of the West of England, UK
2Hewlett-Packard Labs, Cloud
& Security Lab, UK
3University of Tunis el
Manar, the Higher Institute of Medical Technologies of Tunis Research
Laboratory of Biophysics and Medical Technologies Tunis, Tunisia
4Outcomes
Research Network, Research Institute, NorthShore University Health System, USA
Abstract: Complying
with privacy in multi-jurisdictional health domains is important as well as
challenging. The compliance management process will not be efficient unless it
manages to show evidences of explicit verification of legal requirements. In
order to achieve this goal, privacy compliance should be addressed through “a
privacy by design” approach. This paper presents an approach to privacy
protection verification by means of a novel audit framework. It aims to allow privacy
auditors to look at past events of data processing effectuated by healthcare
organisation and verify compliance to legal privacy requirements. The adapted
approach used semantic modelling and a semantic reasoning layer that could be placed
on top of hospital databases. These models allow the integration of
fine-grained context information about the sharing of patient data and provide an
explicit capturing of applicable privacy obligation. This is particularly
helpful for insuring a seamless data access logging and an effective compliance
checking during audit trials.
Keywords: Privacy, regulation,
verification, audit, compliance, ontology, SWRL, health data, public clouds,
GDPR.