SHiELD

Project Objectives

SHiELD will unlock the value of health data to European citizens and businesses by overcoming security and regulatory challenges that today prevent this data being exchanged with those who need it. This will make it possible to provide better health care to mobile citizens across European borders, and facilitate legitimate commercial uses of health data.

SHiELD will address the security and compliance challenges as follows:

• providing models and analysis tools for automated identification of end-to-end security risks and compliance issues and supporting privacy and 'by design';
• defining an open and extensible data exchange architecture based on epSOS, able to support security measures to address these risks;
• developing security mechanisms to deal with new and emerging risks, such as inference attacks on sensitive data, and risks from relatively unprotected mobile edge devices;
• providing faster and more cost effective methods to verify and monitor compliance with multiple sets of applicable regulations.

Case studies will address cross border scenarios in which a citizen from one country needs health care while in another, and care givers need access to their health data some of which may be stored by a service provider in a third country. SHiELD will also consider how commercial providers of lifestyle services or wearable sensors may be involved in such data exchanges. SHiELD will thereby also create opportunities for using health data to create such products and services addressing the common European market. SHiELD will provide guidance on best practice to achieve end-to-end security and data protection compliance in health and health related applications. SHiELD will also feed into CEN-Cenelec and ETSI efforts to create EU standards for data protection by design in eHealth.