UBITECH participates in the kick-off meeting, in Rome, Italy (January 15-17, 2019) of the InteropEHRate Research and Innovation Action, officially started on January 1st, 2019. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 826106) and spans on the period January 2019 – June 2022. The key goal of InteropEHRate is to complement and integrate the current interoperability infrastructures with new technologies for health data exchange centred on the citizen, based on a bottom-up approach that does not require the coordination by a superior authority and that leaves more control of health data to the citizen. InteropEHRate will address the current lack of standardization and security, by defining a set of integrated protocols and conformance criteria for mobile apps, supporting secure and portable local storage and backup, released as open specifications. Moreover, the project will integrate these new protocols with technologies for information extraction and translation, to reduce the difficulties in health data exchange related to the different terminologies and languages adopted in different European countries and by different healthcare providers.
In particular, InteroperEHRate will specify and implement a set of GDPR compliant open specifications, built of top of existing European infrastructure specifications, to support three new kind of products/services:
- Smart EHRs (S-EHRs): a new model of secure mobile applications for the storage, control (i.e. data and access right management), anonymization and exchange of health data on smart devices (i.e. iOS and Android smartphones or tablets), without the obligation to store data in the cloud.
- Healthcare Interoperability Services: capable of extending national EHRs or organizational EMRs, in order to interoperate with citizen’s S-EHRs (previous bullet), with cross border EHRs and with existing infrastructures (e.g. CEF), for exchanging health data using both remote internet protocols and short range device to device (D2D) communication protocols (similar to contactless payment).
- Research Interoperability Services: capable of extending research organization systems, to allow scientists to engage voluntary citizens at cross-national levels in new research trials and retrospective studies, and to allow citizens to easily and securely donate health data, including both certified (i.e. clinical) and wellness data, in pseudonymized or anonymized form.
Within InteroperEHRate, UBITECH undertakes the responsibility of the specification and implementation of a set of conformance criteria and mechanisms, common interaction protocols and security APIs that will be exploited by all the components and applications of the InteropEHRate platform, to guarantee the fulfillment of security and privacy requirements. In particular, UBITECH will develop protocols for identity management (IDM), for device identification, as well as for encryption mechanics for (1) health data storage (on mobile devices and cloud services) and (2) health data exchange among S-EHR/EHR/EMR/Cloud services. Emphasis will be given in the adoption of protocols, regarding hashing, encryption, signing, that are considered battle-tested and unbroken. Moreover, regarding identity management, the capability of seamless integration with open solutions (e.g. OpenID Connect), that are considered de-facto solutions, will be a primary concern since it will broaden the applicability of the developed solution.
Moreover, UBITECH will realize a ABAC compliant sophisticated authorization enginewhich will be distributed by design for regulating the access to devices and data. “Distribution” refers to the fact that multiple stakeholders will be able to author policies using a common data model, as well as to the fact that these policies use attributes that may characterize the requestor, the resource and the contextual environment on the same time. InteropEHRate will support a hybrid mode of attribute-verifiability in order to satisfy diverse requirements. One mode will be blockchain-based attributed verification and the second mode will be centralized federation of attributes. Irrelevant of the modality, attribute verification is the cornerstone of consent management. Authorization will be tightly coupled with the encryption mechanisms, mentioned above. More specifically, access/usage/revocation of the encryption/decryption keys will be granted upon proper authorization.