Content Assessment: A Healthy Case for Pseudonymization? A New Report from ENISA
Information - 90%
Insight - 91%
Relevance - 88%
Objectivity - 93%
Authority - 94%
A short percentage-based assessment of the qualitative benefit of the recently published European Union Agency for Cybersecurity (ENISA) report on pseudonymization in the healthcare sector.
Editor’s Note: The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, ENISA contributes to EU cyber policy, enhances the trustworthiness of ICT products, services, and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow.
According to a recent publication from ENISA (“Deploying Pseudonymisation Techniques – The Case of the Health Sector”), pseudonymization is increasingly becoming a key security technique for providing a means that can facilitate personal data processing while offering strong safeguards for the protection of personal data and thereby safeguarding the rights and freedoms of individuals. Complementing previous work by ENISA, this report demonstrates how pseudonymization can be deployed in practice to further promote the protection of health data during processing. This report may be useful for legal, business, and information technology professionals seeking a deeper understanding of pseudonymization and its application in the healthcare sector.
Deploying Pseudonymisation Techniques – The Case of the Health Sector
European Union Agency for Cybersecurity (ENISA)
As the healthcare domain is attempting to make the most of the evolving technical landscape and adapt the provision of services to fulfill the growing needs of patients in a timely manner, additional cybersecurity and data protection challenges come into play. The integration of new technologies in already complex IT infrastructures opens up new challenges regarding data protection and cybersecurity.
This is due to the growing need to exchange and share the health-related information of individuals among different stakeholders. It is therefore essential for the entities processing personal data, on the one hand, to collect and further process only data that are necessary for their purposes and, on the other hand, to employ proper organizational and technical measures for the protection of such personal data.
Pseudonymisation is increasingly becoming a key security technique for providing a means that can facilitate personal data processing, while offering strong safeguards for the protection of personal data and thereby safeguarding the rights and freedoms of individuals.
Complementing previous work by ENISA that is relevant, this report demonstrates how pseudonymisation can be deployed in practice to further promote the protection of health data during processing. Obviously, there is not a single solution on how and when to apply it; in fact different solutions might provide equally good results in specific scenarios, depending on the requirements in terms of protection, utility, scalability, etc.
Pseudonymisation can be a ‘simple’ option to adopt but it can also be comprised of a very complex process, both at technical as well as at organizational levels. For this reason, defining the goals and objectives of pseudonymisation in each particular case and processing operation is really important.
This report highlights the added value of pseudonymisation in the healthcare sector and demonstrates its applicability through simple but specific use cases. Complementing relevant ENISA publications in this area, it shows how such techniques can increase the level of protection for personal data being processed in the healthcare domain and will eventually promote and raise awareness on the usability and deployment of such technical measures.
Deploying Pseudonymisation Techniques - Healthcare Case Study - ENISA
- [Annual Update] International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.