2014 Protection of Data in Design Award: Health Management Association of the Santa Creu i Sant Pau Hospital, for the application Access to Electronic Health Records at the bedside. Collecting the Prize: Dr. Albert Salazar, Manager of the Santa Creu i Sant Pau Hospital
Honourable Mention: Blue Bridge Technologies Ltd., for the application Inmedicas Secure DocShare. Collecting the Honourable Mention: Mr. Jordi Bosch, Business Development Director in Spain
Honourable Mention: Barcelona City Council’s Municipal Institute of Information Technology, for the MobileID application. Collecting the Honourable Mention: Mr. Eduard Martín, Director of Innovation
José Luís Rodríguez, director of the Spanish Data Protection Agency, and Maria Àngels Barbarà, director of the Catalan Data Protection Authority.
Mr. Ramsés Gallego, International Vice President of ISACA
The prize winners with the Speaker of the Catalan Parliament, Núria de Gispert, and the APDCAT director, Maria Àngels Barbarà
The jury, chaired by the director of the Catalan Data Protection Authority (APDCAT), Maria Àngels Barbarà, presented the 2014 Data Protection by Design Award to the project entitled Access to Electronic Health Records at the bedside, by the Health Management Association of the Santa Creu i Sant Pau Hospital. Honourable Mentions were awarded to Blue Bridge Technologies Ltd for the Inmedicas Secure Docshare system, and Barcelona City Council’s Municipal Institute of Information Technology, for the Mobile ID application.
The technological solution Access to Electronic Health Records at the bedside from the Health Management Association of the Santa Creu i Sant Pau Hospital is an information system which employs touch panels to enable the healthcare professional to access patient information electronically from the bedside. The system requires double identification (card + code), allows access only to data about the patient occupying the bed, is based on an adjustable display panel and is equipped with a time-based automatic disconnection mechanism.
The Inmedicas Secure Docshare system from Blue Bridge Technologies Ltd. facilitates the secure exchange of documentation among healthcare providers and payers by means of a closed, encoded messenger system and cloud services adapted to comply with the requirements of European law for the protection of personal data.
The MobileID application from Barcelona City Council’s Municipal Institute of Information Technology is a mobile-telephone-based authentication mechanism which can be used to access information or procedures via the Internet. It identifies which level of services may be accessed according to the type of mobile phone identification provided. The app does not store personal data, rather it employs SSL encrypted communications, provides traceability without compromising privacy and requires solely the essential permits for its operation.
The presentation ceremony took place during the conference entitled “Privacy as a guarantee in technological services” organised by the APDCAT and during which the Authority’s director made reference to privacy as the authentic source of future benefits, both for the general public as well as for Internet-linked business sectors. She pointed out that privacy has to be an element that enables users to control their information from a position of knowledge and with the support of data protection agencies. The major debate unfolding from this moment on will focus on methods of finding a balance between the rights of a responsible, informed user and the needs of a market abounding in opportunities that must understand data protection as a genuine asset in the generation of user confidence.
In his address, the director of the Spanish Data Protection Agency (AEPD), José Luis Rodríguez Álvarez, spoke of his certainty that privacy would be an essential element in future Internet-based business models. The AEPD director made an extensive assessment of the recent sentence handed down by the Court of Justice of the European Union, which recognises the “right to be forgotten” on the Internet and establishes the obligations of search engines with regard to personal data. He warned that these engines construct profiles which, in many cases, end up having greater weight than the relevant individual’s real biography, with the risks that this may entail. He said that the sentence has special relevance because it allows the circle of responsibilities to be closed: from now on, Internet search engine managers will also have to assume their liability for the data processing they carry out. Affected parties may now turn to them and demand to exercise their rights of cancellation and opposition. He added that the sentence neither reduces nor limits rights, quite the contrary in fact as it merely requires the search link made from the name of the affected party to be eliminated.
In his speech, Ramsés Gallego, the International Vice President of ISACA, underlined the importance of privacy as a competitive value in the business world. He highlighted the advantage it represents against the constant challenge of technological advance and the changes that today’s society must adapt to as a consequence.
The following companies presented projects to compete for the 2014 Data Protection by Design Award:
- Blue Bridge Technologies Ltd.
- TicSalut Foundation
- Auditoria y Consultoria de Privacidad y Seguridad SL
- Setitem Informàtics, SL
- FGS Hospital de la Santa Creu i Sant Pau
- BDO Auditores SL
- Municipal Institute of Information Technology (MobileID application)
- Municipal Institute of Information Technology (Barcelona City Council folders)
- Mataró City Council
- Germans Trias i Pujol University Hospital, Badalona
The APDCAT would like to congratulate all award winners in the 2014 edition and to express our thanks to all those who presented their entries.