Gap Analysis for Information Security in Interoperable Solutions at a Systemic Level: The KONFIDO Approach
Résumé
In this paper, we present a gap analysis study focusing on interoperability of eHealth systems and services coupled with cybersecurity aspects. The study has been conducted in the scope of the KONFIDO EU-funded project, which leverages existing security tools and procedures as well as novel approaches and cutting-edge technology, such as homomorphic encryption and blockchains, in order to create a scalable and holistic paradigm for secure inner and cross-border exchange, storage and overall handling of healthcare data in compliance with legal and ethical norms. The gap analysis relied on desk research, expert opinions and interviews across four thematic areas, namely, eHealth interoperability frameworks, eHealth security software frameworks, end-user perspectives across diverse settings in KONFIDO pilot countries, as well as national cybersecurity strategies and reference reports. A standards-based template has been created as a baseline through which the analysis subjects have been analyzed. The gap analysis identified barriers and constraints as well as open issues and challenges for information security in interoperable solutions at a systemic level. Recommendations derived from the gap analysis will be brought into the forthcoming phases of KONFIDO to shape its technical solutions accordingly.