STÓR

A Data Protection Impact Assessment Framework for Medical Device Software Developers for Meeting GDPR Security and Privacy Requirements in the Internet of Medical Things

Treacy, Ceara (2023) A Data Protection Impact Assessment Framework for Medical Device Software Developers for Meeting GDPR Security and Privacy Requirements in the Internet of Medical Things. Doctoral thesis, Dundalk Institute of Technology.

[thumbnail of A Data Protection Impact Assessment Framework for Medical Device Software Developers for Meeting GDPR Security and Privacy Requirements in the Internet of Medical Things] PDF (A Data Protection Impact Assessment Framework for Medical Device Software Developers for Meeting GDPR Security and Privacy Requirements in the Internet of Medical Things) - Submitted Version
Download (8MB)

Abstract

The Internet of Medical Things (IoMT) is a fast-growing domain as healthcare moves out of structured health services into care in the community. As a result, the personal and sensitive health data associated with the IoMT can potentially flow through a diversity of apps, systems, devices and technologies, public and open networks. This exposes data in the IoMT to additional attack surfaces, which requires the hardening of the security and privacy of the data. Consequently, the data is bound by regulatory security and privacy requirements enforced by the General Data Protection Regulation (GDPR). A key GDPR requirement for any project processing personal data and data concerning health, is security and privacy by design and a data protection impact assessment. Applying regulatory compliant requirements is a struggle for developers in small to medium enterprises due to lack of knowledge, experience and understanding. The PhD research developed a framework for developers in small to medium enterprises, to assist in demonstrating meeting regulatory compliance for security and privacy of data in flow in the IoMT. The framework is founded in the data protection principles of the GDPR and in security and privacy by design. The framework expands on the established threat modeling steps to apply both security and privacy properties to protect data in flow in the IoMT. To mitigate the identified security and privacy threats, the framework includes a set of categorised technical security and privacy controls developed through medical device security and privacy standards. The originality of this framework is the inclusion of security and privacy requirements in the extension of the traditional threat modeling process, the security and privacy controls embedded in the medical security standards and the documentation of this systematic process in an innovative data protection impact assessment.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Medical Data Protection (Security and Privacy) Data Protection Impact Assessment (DPIA) Data Security and Privacy Risk Assessment
Subjects: Computer Science
Computer Science > Computer Software
Research Centres: UNSPECIFIED
Depositing User: Ceara Treacy
Date Deposited: 22 Nov 2024 09:16
Last Modified: 22 Nov 2024 09:16
URI: https://eprints.dkit.ie/id/eprint/898

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

EPrints Logo
STÓR is powered by EPrints 3.4 which is developed by the School of Electronics and Computer Science at the University of Southampton. About EPrints | Accessibility