Table 10 Facilitators for HIT acceptance linked with cybersecurity and interoperability

F1

The need for HIT services and applications tends to overcome the insecurity regarding personal data misuse

It confirms the need for solutions that provide added value in real-world healthcare settings, while still promoting a holistic security approach.

F2

End-users support cross-border data exchange (even for research)

It confirms the value of the KONFIDO key concepts. Does not affect design decisions.

F3

Common legislation activities between EU Member States

GDPR and other initiatives will form the legal base for the solution and guide the respective design decisions (e.g. on the consent process).

F4

Technical EU initiatives are currently ongoing

The design will create a liaison with and build upon existing/evolving frameworks in Europe (epSOS, OpenNCP, eIDAS).

F5

Standards already established and widely accepted

The design and implementation will follow security standards, such as those from ISO/IEC 27k.

F6

Wide recognition of the need for a security policy based on standards

The technical solution should be based on widely-accepted standards and therefore implicitly increasing compatibility with standard based security policies.

F7

Exchange of data between organizations is based on agreements following GDPR

The design shall take GDPR into account wherever applicable (e.g. in the design of the consent process).

F8

Common mechanism of eID currently built (eIDAS)

The design of the solution shall be based on eIDAS, which is expected to be the de-facto standard among EU Member States.

F9

Cloud services, compatible with medical data exchange legislation

KONFIDO will be able to use cloud infrastructure being compatible with the respective legislation.

F10

Credible network services available

Facilitate the engagement in high mobility scenarios.