Cross-border flow of health information: Is 'privacy by design' enough? Privacy performance assessment in EUBIROD

Concetta Tania Di Iorio, Fabrizio Carinci, Massimo Brillante, Joseph Azzopardi, Peter Beck, Natasha Bratina, Scott G. Cunningham, Carine De Beaufort, Noemi Debacker, Przemyslawa Jarosz-Chobot, Michael Jecht, Ulf Lindblad, Tony Moulton, Zeliko Metelko, Attila Nagy, George Olympios, Simion Pruna, Michael Røder, Svein Skeie, Fred StormsMassimo Massi Benedetti

    Research output: Contribution to journalArticlepeer-review

    23 Citations (Scopus)


    Background: The EUBIROD project aims to perform a cross-border flow of diabetes information across 19 European countries using the BIRO information system, which embeds privacy principles and data protection mechanisms in its architecture (privacy by design). A specific task of EUBIROD was to investigate the variability in the implementation of the EU Data Protection Directive (DPD) across participating centres. Methods: Compliance with privacy requirements was assessed by means of a specific questionnaire administered to all participating diabetes registers. Items included relevant issues e.g. patient consent, accountability of data custodian, communication (openness) and complaint procedures (challenging compliance), authority to disclose, accuracy, access and use of personal information, and anonymization. The identification of an ad hoc scoring system and statistical software allowed an overall quali-quantitative analysis and independent evaluation of questionnaire responses, automated through a dedicated IT platform ('privacy performance assessment'). Results: A total of 18 diabetes registers from different countries completed the survey. Over 50% of the registers recorded a maximum score for accountability, openness, anonymization and challenging compliance. Low average values were found for disclosure and disposition, access, consent, use of personal information and accuracy. A high heterogeneity was found for anonymization, consent, accuracy and access. Conclusions: The novel method of privacy performance assessment realized in EUBIROD may improve the respect of privacy in each data source, reduce overall variability in the implementation of privacy principles and favour a sound and legitimate cross-border exchange of high quality data across Europe.
    Original languageEnglish
    Pages (from-to)247-253
    Number of pages7
    JournalEuropean Journal of Public Health
    Issue number2
    Publication statusPublished - 2013


    Dive into the research topics of 'Cross-border flow of health information: Is 'privacy by design' enough? Privacy performance assessment in EUBIROD'. Together they form a unique fingerprint.

    Cite this