http://data.consilium.europa.eu/doc/document/ST-8088-2018-INIT/en/pdf
CNIL annual report 2017
CNIL updates to PIA guides (Feb 2018)
CNIL updates to PIA guides (Feb 2018)
https://www.cnil.fr/en/cnil-publishes-update-its-pia-guides
Knowledge base
incl. recommendations on many organisational and technical controls,
risk sources, etc..
https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf
BioPhorum: IT CONTROLS FOR ‘INFRASTRUCTURE AS A SERVICE’ IN THE BIOPHARMACEUTICAL INDUSTRY
A29WP: Guidelines on Consent under Regulation 2016/679 (wp259rev.01)
US Privacy Shield list
Das elektronische Patientendossier und die Haftung für damit zusammenhängende Schäden und Gefahren
Dutch DPA – Annual Report 2017
Healthcare Blockchain – Big-Data Pseudonyms on FHIR
Blog post by John Moehrke
https://healthcaresecprivacy.blogspot.ch/2016/05/healthcare-blockchain-big-data.html?spref=tw
De-Identification, Reversible and Irreversible Pseudonymisation (NIST + IHE + ISO)
NISTIR 8053 De-Identification of Personal Information (Simson L. Garfinkel)
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
IHE
Technical Frameworks:
http://www.ihe.net/Technical_Frameworks/#IT
Healthcare De-Identification Handbook:
https://wiki.ihe.net/index.php/Healthcare_De-Identification_Handbook
ISO 25237
ISO/TS 25237 describes the objectives of de-identification to include:
- secondary use of clinical data (e.g., research);
- clinical trials and post-marketing surveillance;
- pseudonymous care;
- patient identification systems;
- public health monitoring and assessment;
- confidential patient-safety reporting (e.g., adverse drug effects);
- comparative quality indicator reporting;
- peer review;
- consumer groups;
- medical device calibration or maintenance.