Explore our sister journals here.

Maintenance Notice

Due to necessary scheduled maintenance, the JMIR Publications website will be unavailable from Wednesday, July 01, 2020 at 8:00 PM to 10:00 PM EST. We apologize in advance for any inconvenience this may cause you.

Who will be affected?

Accepted for/Published in: JMIR Medical Informatics

Date Submitted: Jan 15, 2018
Open Peer Review Period: Jan 19, 2018 - Mar 29, 2018
Date Accepted: Dec 14, 2018
(closed for review but you can still tweet)

The final, peer-reviewed published version of this preprint can be found here:

OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements

Ferreira D, Sousa M, Bacelar G, Frade S, Antunes LF, Beale T, Cruz-Correia R

OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements

JMIR Med Inform 2019;7(1):e9845

DOI: 10.2196/medinform.9845

PMID: 30907730

PMCID: 6452286

Matching openEHR specifications and General Data Protection Regulation requirements

  • Duarte Ferreira; 
  • Mariana Sousa; 
  • Gustavo Bacelar; 
  • Samuel Frade; 
  • Luis Filipe Antunes; 
  • Thomas Beale; 
  • Ricardo Cruz-Correia

ABSTRACT

Background:

The concerns about privacy and personal data protection resulted in reforms of the existing legislation in European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of the European Union citizens, with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records, and has been advocated as the best approach for the development of HIS.

Objective:

This work aims to understand to what extent the openEHR standard can help in the compliance to the GDPR requirements.

Methods:

A list of requirements for a Hospital Information Systems (HIS) to support the compliance with GDPR, and also a list of the openEHR specifications were made. The requirements were categorized and compared with the specifications by specialists on openEHR and GDPR.

Results:

53 GDPR requirements, and 8 openEHR specification items were identified. The openEHR specifications matched 32% (n=17) GDPR requirements. All the openEHR specifications were aligned with GDPR requirements.

Conclusions:

This work reinforces the openEHR initial claim, showing that openEHR has a good fit also when privacy and data protection are incorporated by design in the system development. By using an openEHR based EHR the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.


 Citation

Please cite as:

Ferreira D, Sousa M, Bacelar G, Frade S, Antunes LF, Beale T, Cruz-Correia R

OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements

JMIR Med Inform 2019;7(1):e9845

DOI: 10.2196/medinform.9845

PMID: 30907730

PMCID: 6452286

Per the author's request the PDF is not available.

© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.