ABSTRACT
Nowadays, a uniform and widely adopted model of the healthcare processes and medical records constitutes an emerging need with a view to standardizing health data processing and facilitating the sharing of medical records. To date, several new data models and standards have been proposed, but none of them refers to a formalized procedure to assess the healthcare infrastructure in terms of privacy and cybersecurity risks, which is an essential step toward establishing trust in sharing and processing medical records across institutions. Therefore, in this chapter a conceptual model is proposed, which is materialized in the context of a flexible, modular, and scalable situational awareness-oriented platform, named CUREX - “seCUre and pRivate hEalth data eXchange” (EU H2020-funded project). The proposed data model is a platform-independent high-level conceptual model that covers cybersecurity and risk assessment through identifying and analyzing the assets in a health organization’s IT infrastructure, their vulnerabilities, and the policies within the organization. Then, the reference architecture of the platform is also described, and finally, the legal and ethical aspects are discussed along with the relevant technical and policy measures.
