...
republica 2018 - Data Confidentiality vs. Shared Data
Key impressions:
Awareness of importance amongst audience & panellists - "Don't worry - we care"
"Data confidentiality results in client confidentiality"
All countries have legal frameworks in place and organisations act according to it
Donor support is needed to strengthen systems
Donors requesting data to plan support
Unique Session: one of two sessions on Data Confidentiality
Involvement of stakeholders from classic organisations rare
Discussion between society and actors important
Day one consultation rounds in Basel
Day One Consultation event on Data Privacy
Key impressions:
Data Privacy needs are contextual including security options
Option to enable Consent is likely to be needed as a system feature
OpenIMIS data privacy
The data is saved on the file system of the web server (photo of the insured persons) and in the database, which makes it accessible to users only via openIMIS solutions:
Applications can download non-personal data (hospital list, etc.) only after identification, and can search for personal information only after authentication. These data are limited by the geographical area to which the user has access
The web portal allows access and modification of personal and health data only for users the rights for these actions, the rights are configurable by the system administrator.
APIs allow other systems to access the data, the management of rights is done according to the rights associated with the identifier used by the external system.
Server administrators have access to the data through direct access to the computer system (necessary for problem resolution)
System administrators can export data in order to reload them in an offline instance of openIMIS, these exports are protected by a password chosen when exporting.
...