SlideShare a Scribd company logo
1 of 27
Download to read offline
EU Data Protection Laws and
Health Data and Apps
Jovan Stevovic
jovan@chino.io
PhD in Privacy and HealthTech
&
R&D at GPI Spa
Background
2010-2014 2015 to now2010
CEO and Co-founderMSc in HealthTech
MSc Computer Science PhD Computer Science
MSc Computer Science PhD Computer ScienceJovan
Why is Chino.io unique
Founded in 2014 by experts in health IT and compliance
Customers in 15 EU states, US, Australia
Offices in Trento and Berlin
The only ISO 13485 certified DBaaS
3 PhDs , 8 MSc, 1 LL.M, 1 patent and 10+ publications
Customers and partners
50+ companies in the EU and US are secure and compliant with Chino.io
PARTNERS
30+ SW DEV AGENCIES, LAWYERS, CONSULTANTS,
DIGITAL HEALTH ACCELERATORS, SW PROVIDERS
1ST PLACE IN 2014
ON CYBERSECURITY
SME INSTRUMENT
PHASE 1 AND 2
BENEFICIARY
AWARDS
~1M eHealth services
COLLECTING, STORING AND SHARING HEALTH DATA
CAGR 20%
85% NOT COMPLIANT
Global Privacy Sweep 2014
http://www.bbc.com/news/technology-29143107
11
Data Economy and Surveillance Capitalism
DATA = €€
Carole Cadwalladr
Privacy vs Data Protection vs Security
Data
Security
Privacy
(human right)
GDPR
data portability
data encryption
gov. surveillance
Personal vs. Health Sensitive data
14
When GDPR applies?
15
‘Any information relating to an
identified or identifiable
natural person (data subject)’
Art. 4(1) GDPR
Identifier
16
e.g. Name, an identification number, location data,
an online identifier or to one or more factors
specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that
natural person.
Health data
18
‘Personal data related to the physical or mental health of a
natural person, including the provision of health care
services, which reveal information about his or her health
status’
Art. 4(15) GDPR
Check out our eBooks on our website
All sensitive data
19 Check out our eBooks on our website
Managing sensitive data
implies criminal
responsibility
Anonymous data
20
ANONYMOUS
DATA
Check out our eBooks on our website
Aggregate + aggregate + aggregate = identification?
21
With the development of new IT
techniques data which could have not been
able to identify a person now suddenly can,
if aggregated with other data
Pseudonymous data
22
ANONYMOUS
DATA
Check out our eBooks on our website
PSEUDONYMOUS
DATA
Pseudonymous data
23
ANONYMOUS
DATA
PSEUDONYMOUS
DATA
AOL Search Data Scandal Netflix Prize Scandal
Regulatory Compliance in Healthcare is complex
COSTS TIMERISKS
MDR National Laws
ISO 27001
ISO 13485HIPAA
ePrivacy Reg.
CCPA
Why is GDPR compliance so complex
CLOUD PROVIDER
+
YOUR SYS ADMIN
YOUR TECH TEAM
+
SECURITY EXPERTISE
Risk Impact Assessment
Terms & Conditions
DPA and BAA
Privacy Policy
Immutable audit logs
Auth & Access Control
Consent tracking
Data Encryption
TECHNICALPHYSICAL LEGAL
Encrypted Backups
Firewalls
VM Security
Facility protection
and many moreand many moreand many more
YOUR LEGAL TEAM
+
CONSULTANTS
CLOUD PROVIDER
Chino.io closes the compliance gap and ensures the
implementation of all technical and administrative
requirements based on your business needs
Risk Impact Assessment
Terms & Conditions
DPA and BAA
Privacy Policy
Immutable audit logs
Auth & Access Control
Consent tracking
Data Encryption
TECHNICALPHYSICAL LEGAL
Encrypted Backups
Firewalls
VM Security
Facility protection
and many moreand many moreand many more
Chino.io: a complete solution to compliance
How Chino.io works
• data encryption (at record level)
• pseudonymization
• consent management
• user identity and authentication
• access control policies
• legally valid immutable audit logs
• data portability
• right to be forgotten
• backups
• security updates
• security documentation
• and many more…
YOUR APPLICATION
BACKENDFRONTEND
Your Service
ALGORITHMS
OTHER DATA
USER
MANAGEMENT
HEALTH
DATA ENCRYPTION
OTHER GDPR & HIPAA
COMPLIANCE
Chino.io
ANALYTICS
Value of using Chino.io
Our secure-by-design and ISO 9001,13485 and 27001 certified platform allows customers to streamline
the processes and reduce documentation efforts required for:
• Obtaining CE Marking under MDR
• Certifying applications and companies under ISO normative
• Achieve the requirements for DVG (Germany), NHS (UK) and other country-specific requirements
CUT COSTS SAVE TIMEELIMINATE RISKS
Shorten time to
market by 6-9 months
Save 100K+ Euro
per year per project
STAY COMPLIANT
We keep you compliant and
streamline compliance across
your organisation.
for sensitive data
management
GDPR
HIPAA
EU Data Protection Laws and
Health Data and Apps
Jovan Stevovic
jovan@chino.io

More Related Content

What's hot

Meeting your information security obligations april 2012
Meeting your information security obligations april 2012Meeting your information security obligations april 2012
Meeting your information security obligations april 2012
Tony Richardson CISSP
 
B4 the identity of things-securing the internet of everything
B4   the identity of things-securing the internet of everythingB4   the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
Dr. Wilfred Lin (Ph.D.)
 
11488334_certificate
11488334_certificate11488334_certificate
11488334_certificate
Rene Ortega
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internet
Josep Bardallo
 

What's hot (20)

Meeting your information security obligations april 2012
Meeting your information security obligations april 2012Meeting your information security obligations april 2012
Meeting your information security obligations april 2012
 
Top 10 Tips for Data Security
Top 10 Tips for Data SecurityTop 10 Tips for Data Security
Top 10 Tips for Data Security
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6  GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6  GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil Things
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
B4 the identity of things-securing the internet of everything
B4   the identity of things-securing the internet of everythingB4   the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
11488334_certificate
11488334_certificate11488334_certificate
11488334_certificate
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internet
 
M7 internet security
M7 internet securityM7 internet security
M7 internet security
 
GlobMill Security Services Presentation
GlobMill Security Services PresentationGlobMill Security Services Presentation
GlobMill Security Services Presentation
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb?
 
IT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USAIT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USA
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
 

Similar to EU data protection laws and impacts on healthcare applications and health data

Similar to EU data protection laws and impacts on healthcare applications and health data (20)

Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
Cybersecurity & Data Challenges
Cybersecurity & Data ChallengesCybersecurity & Data Challenges
Cybersecurity & Data Challenges
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Guide: Security and Compliance
Guide: Security and ComplianceGuide: Security and Compliance
Guide: Security and Compliance
 
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
 
Privacy as a Career
Privacy  as a CareerPrivacy  as a Career
Privacy as a Career
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Praeferre.pdf
Praeferre.pdfPraeferre.pdf
Praeferre.pdf
 
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachThe Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
 
digital strategy and information security
digital strategy and information securitydigital strategy and information security
digital strategy and information security
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data Privacy
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009   Underside Of The Compliance EcosystemPci Europe 2009   Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Process maker elock webinar october 2010
Process maker elock webinar october 2010Process maker elock webinar october 2010
Process maker elock webinar october 2010
 
Webinar Deck - Protect Your Users' Online Privacy
Webinar Deck - Protect Your Users' Online Privacy Webinar Deck - Protect Your Users' Online Privacy
Webinar Deck - Protect Your Users' Online Privacy
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
 

More from Speck&Tech

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
Speck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
Speck&Tech
 

More from Speck&Tech (20)

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIX
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for science
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right route
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
Overkill Security
 

Recently uploaded (20)

Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 

EU data protection laws and impacts on healthcare applications and health data

  • 1. EU Data Protection Laws and Health Data and Apps Jovan Stevovic jovan@chino.io
  • 2. PhD in Privacy and HealthTech & R&D at GPI Spa Background 2010-2014 2015 to now2010 CEO and Co-founderMSc in HealthTech MSc Computer Science PhD Computer Science MSc Computer Science PhD Computer ScienceJovan
  • 3. Why is Chino.io unique Founded in 2014 by experts in health IT and compliance Customers in 15 EU states, US, Australia Offices in Trento and Berlin The only ISO 13485 certified DBaaS 3 PhDs , 8 MSc, 1 LL.M, 1 patent and 10+ publications
  • 4. Customers and partners 50+ companies in the EU and US are secure and compliant with Chino.io PARTNERS 30+ SW DEV AGENCIES, LAWYERS, CONSULTANTS, DIGITAL HEALTH ACCELERATORS, SW PROVIDERS 1ST PLACE IN 2014 ON CYBERSECURITY SME INSTRUMENT PHASE 1 AND 2 BENEFICIARY AWARDS
  • 5. ~1M eHealth services COLLECTING, STORING AND SHARING HEALTH DATA CAGR 20%
  • 6. 85% NOT COMPLIANT Global Privacy Sweep 2014 http://www.bbc.com/news/technology-29143107
  • 7.
  • 8.
  • 9.
  • 10. 11
  • 11. Data Economy and Surveillance Capitalism DATA = €€ Carole Cadwalladr
  • 12. Privacy vs Data Protection vs Security Data Security Privacy (human right) GDPR data portability data encryption gov. surveillance
  • 13. Personal vs. Health Sensitive data 14
  • 14. When GDPR applies? 15 ‘Any information relating to an identified or identifiable natural person (data subject)’ Art. 4(1) GDPR
  • 15. Identifier 16 e.g. Name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • 16. Health data 18 ‘Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status’ Art. 4(15) GDPR Check out our eBooks on our website
  • 17. All sensitive data 19 Check out our eBooks on our website Managing sensitive data implies criminal responsibility
  • 18. Anonymous data 20 ANONYMOUS DATA Check out our eBooks on our website
  • 19. Aggregate + aggregate + aggregate = identification? 21 With the development of new IT techniques data which could have not been able to identify a person now suddenly can, if aggregated with other data
  • 20. Pseudonymous data 22 ANONYMOUS DATA Check out our eBooks on our website PSEUDONYMOUS DATA
  • 22. Regulatory Compliance in Healthcare is complex COSTS TIMERISKS MDR National Laws ISO 27001 ISO 13485HIPAA ePrivacy Reg. CCPA
  • 23. Why is GDPR compliance so complex CLOUD PROVIDER + YOUR SYS ADMIN YOUR TECH TEAM + SECURITY EXPERTISE Risk Impact Assessment Terms & Conditions DPA and BAA Privacy Policy Immutable audit logs Auth & Access Control Consent tracking Data Encryption TECHNICALPHYSICAL LEGAL Encrypted Backups Firewalls VM Security Facility protection and many moreand many moreand many more YOUR LEGAL TEAM + CONSULTANTS
  • 24. CLOUD PROVIDER Chino.io closes the compliance gap and ensures the implementation of all technical and administrative requirements based on your business needs Risk Impact Assessment Terms & Conditions DPA and BAA Privacy Policy Immutable audit logs Auth & Access Control Consent tracking Data Encryption TECHNICALPHYSICAL LEGAL Encrypted Backups Firewalls VM Security Facility protection and many moreand many moreand many more Chino.io: a complete solution to compliance
  • 25. How Chino.io works • data encryption (at record level) • pseudonymization • consent management • user identity and authentication • access control policies • legally valid immutable audit logs • data portability • right to be forgotten • backups • security updates • security documentation • and many more… YOUR APPLICATION BACKENDFRONTEND Your Service ALGORITHMS OTHER DATA USER MANAGEMENT HEALTH DATA ENCRYPTION OTHER GDPR & HIPAA COMPLIANCE Chino.io ANALYTICS
  • 26. Value of using Chino.io Our secure-by-design and ISO 9001,13485 and 27001 certified platform allows customers to streamline the processes and reduce documentation efforts required for: • Obtaining CE Marking under MDR • Certifying applications and companies under ISO normative • Achieve the requirements for DVG (Germany), NHS (UK) and other country-specific requirements CUT COSTS SAVE TIMEELIMINATE RISKS Shorten time to market by 6-9 months Save 100K+ Euro per year per project STAY COMPLIANT We keep you compliant and streamline compliance across your organisation. for sensitive data management GDPR HIPAA
  • 27. EU Data Protection Laws and Health Data and Apps Jovan Stevovic jovan@chino.io