Curex: exchange of sensitive patient data between European hospitals

When exchanging health data between different hospitals or health centres, the information may be exposed to third parties. This ought to be taken into account when organizations are adopting cyber-security solutions, since traditional security strategies may not be sufficient.

Although there are serious privacy issues regarding the storage and use of data within a single organization, it is clear that such challenges are multiplied when an organization shares confidential data containing personal data and medical information with third parties. In addition, in keeping with the new GDPR framework which has been adopted by all EU member states, health institutions need to ensure their operations meet the strict guidelines in order to avoid illegal and non-ethical use of sensitive health data.

In the case of healthcare, the exchange of data is likely to be mandatory or necessary (if a patient needs treatment in another country, for example) and, as a consequence, the provider’s healthcare organization may not have the option of denying such an exchange. Therefore, any organizations which exchange data need to know that the receiving party will employ the appropriate procedures which safeguard the proper use of the data.

In order to provide solutions which decrease the risks of cyber-attacks in hospitals and health centres, the European Union has set aside funds to establish an interdisciplinary research and innovation project called CUREX. A European consortium led by the University of Piraeus Research Center (Greece) has been charged with developing safe, private data exchange over the next three years.

The CUREX consortium will work towards the implementation of the Europe 2020 strategy for digital technologies such as Big Data, the Internet of Things, Blockchain, Artificial Intelligence and cyber-security, since they offer exciting new opportunities for transforming healthcare.

Blockchain technology provides exciting new opportunities for the management of healthcare data

CUREX identifies the exchange of health data as one of the most pressing needs of hospitals and healthcare centres. There is an ever-growing need to improve health research using all the data which is available while also improving the mobility of patients within EU borders. Moreover, new technology such as blockchain and intelligent contracts are set to revolutionize the healthcare sector.

CUREX will focus on innovation in six areas: delivering tools to evaluate the risks of cyber-security and privacy associated with the exchange of health data; providing a decision-making support tool to design and better safeguard cyber-security and privacy; providing a blockchain-based platform to improve trust in the exchange of health data; improving cyber-security in health organizations; demonstrating the value of the CUREX platform through proof of concept use cases; carrying out techno-economic commercial and legal analyses, and proposing business and application models.

Technological developments resulting from the CUREX project will potentially be employed in hospitals and health centres in order to provide them with the necessary capabilities to be able to carry out secure data transactions

The CUREX consortium foresees an ecosystem in which data will be transmitted safely, supported by the continuous evaluation of risks with the support of adaptable cyber-security systems and privacy countermeasures. In the same way, it is clear that the organization must be aware of and must minimize all human factors which may have an impact on security, data privacy and health systems.

CUREX began on 1 December 2018 at the premises of the University of Piraeus Research Center (UPRC) in Athens

The CUREX partners held an inaugural meeting in Athens on 24 and 25 January 2019.

About CUREX

The decision to include the Hospital General de Granollers in projects of this kind is a reflection of the hospital’s commitment to Research and Development, a key component of its strategy, not only due to the prestige such projects bring but also as a sign of the centre’s scientific expertise since there is a high level of demand to participate in them.

The CUREX project is part of the European Union’s Horizon 2020 program, the result of a need for technical solutions to evaluate and reduce cyber-security risks in hospitals and healthcare centres to protect privacy, data and infrastructure throughout Europe. In conjunction with the University of Piraeus Research Center (UPRC), the following institutions and companies are also participating in the project:

ATOS SPAIN S.A. (Spain), Almerys SAS (France), Cyberlens BW (Holland), Intrasoft International S.A. (Luxemburg), Suite5 Ltd. (Cyprus), TimeLex (Belgium), Eight Bells Ltd. (Cyprus), Ubitech Limited (Greece), University of Surrey (UK), Universidad Politécnica de Madrid (Spain), University of Cyprus (Cyprus), Aristotile University of Thessaloniki (Greece), Servicio Madrileño de Salud (Spain), Fundació Privada Hospital Asil de Granollers (Spain) i Karolinska Institutet (Sweden).