Abstract

Online health data sharing and transfer has become easier and more
efficient than ever before in recent times. However, this has also led to data
oriented challenges around privacy and protection. While transfer of sensitive
health as well as personal data between organizations and countries requires high
level of protection and privacy, most people involved in business processes in the
service industry, especially one as complex as healthcare, are generally oblivious of
the legal responsibilities and implications of data privacy regulations. In this paper,
we propose a new framework that combines business and legal aspects of any
health related business process in relation to protection and privacy of sensitive
data exchange. This framework encompasses patients, businesses and organizations
and includes an approach for considering legal regulations as well as factors that
may affect privacy and security of data such as health data in business processes.
Using the proposed framework, we have further analyzed an online healthcare
patient registration process for an aged care provider as part of a European Union
project involving several European countries and Australia. It also considers the
applicability to the various process components within the context of European
privacy laws.