ENISA kicks off Emerging and Future Risks identification: remote health monitoring and treatment scenario has been assessed
In our scenario Ralph is a diabetic, enrolled in a remote health monitoring and treatment programme. He goes about his daily business wearing a special vest with biosensors, keeping track of his vital signs, ensuring rapid response from doctors, while his personal data may be literally flowing around, in order to enable this kind of service. This scenario shows us that remote health schemes undoubtedly offer a great potential. Many benefits can be identified for citizens' wellbeing and quality of life, but what are the risks entailed? It seems that e-health solutions are very important and beneficial. At the same time, they may generate serious considerations, regarding security, privacy, data protection and legal, as well as in the social, political and ethical area.
In the course of the study, the major assets that are to be protected, e.g. health, life, human rights, etc, have been identified. Based on this, the most important risks generated regarding these assets are subsequently identified and further analysed. This is following a comprehensive risk assessment approach, as developed by ENISA in the context of the Emerging and Future Risks Framework. In a nutshell, the report draws the attention to 14 major risks in total, among them breaches of data protection legislation, mission creep meaning secondary use of data, intrusive data surveillance and profiling by insurance companies, employers, credit-checking companies, etc, data loss or theft, system failures and service disruption.
The Executive Director of ENISA, Mr Andrea Pirotti comments: "With the development of the EFR capacity, the agency aims at early identification of risks for new application areas and/or technologies. This will help developers and policy makers understand the impacts of new application and manage the resulting risks. At the example of the analyzed e-Health scenario ENISA underlines the risks of an overly optimistic approach to e-health, driven by the industry. While such initiatives and services are undoubtedly beneficial and worth deploying for the general good, we must at least identify and understand the various challenges posed and need to be overcome, in particular in respect to security and privacy."
For the full report please visit: http://enisa.europa.eu/...
Background: This report was produced in close cooperation with leading experts in the field of the ENISA, i.e. EFR Stakeholder Forum comprising experts from industry, EU organisations and Member States. The scenario was based on a use case proposed by Philips Research (Netherlands).
About ENISA - European Network and Information Security Agency
The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece).
The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.
ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.