Abstract

Recently we are assisting to the advent of many data integration projects to allow the cooperation of systems in the more disparate fields (healthcare, finance, education, public security). This trend responds to the increasing needs of data to monitor, compare, correlate and analyse the distributed business processes managed by different institutions and companies for different purposes. As the availability of data in electronic form increases, the risk of improper use of sensitive information is raising also. In this thesis work we focus on the problem of realising an infrastructure for the data and application integration of systems in the healthcare domain. Our solution is compliant with the privacy regulations, reconciling the visibility requirements of the institutional data consumers with the needs of control and protection of the data subjects. It is an event-based solution which allows to capture the processes going on between the systems to be integrated in a way that is flexible, decoupled and adherent to reality. Our solution enables the sharing of very fine-grained pieces of information to a wide range of consumers still allowing the producers to control who can see what and for what purposes. The architecture minimizes the transit of sensitive information and controls the distribution of events and of their content at a very fine-grained level. In this thesis work we take into account also the impact of the proposed solution on the existing systems ensuring to minimize the effort of companies and institutions in adopting the infrastructure. As legal privacy regulations are most of the time quite distant from unambiguous IT requirements we investigate the problem of privacy constraints elicitation. Typically privacy constraints are defined manually with a tedious procedure by the IT experts based on the desiderata of the users. This approach is not always yielding the best results as designers lacks the domain knowledge required to produce complete, meaningful and not over-constraining privacy requirements. We believe the user holds the knowledge of the domain and of the data that is necessary to define privacy constraints at the right level of granularity. In particular, we provide a novel approach to privacy constraints elicitation based on the interaction with the user. Our approach derives from high level indications given by the user a concise definition of the privacy constraints directly applicable to the underlying database. Such constraints can be used to further restrict the data values that can appear in a report.