{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T06:25:48Z","timestamp":1761546348336,"version":"build-2065373602"},"reference-count":19,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T00:00:00Z","timestamp":1761523200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Digit. Health"],"abstract":"<jats:sec>\n                    <jats:title>Background<\/jats:title>\n                    <jats:p>The Collaborative Health Information European Framework (CHIEF) supports consistent monitoring of quality of care and outcomes, through a cohesive information infrastructure aligned with legal and ethical standards, to ensure preparedness to the European Health Data Space (EHDS). We aimed to define, develop and apply a practical solution to help data controllers and data holders navigating the increasingly complex and rapidly evolving legal conditions for health data governance.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Methods<\/jats:title>\n                    <jats:p>We designed and applied a modular questionnaire to enable Data Protection, Interoperability and Governance Assessment (DIGA). The tool combines quantitative and qualitative analysis to measure the level of institutional compliance with EU data protection laws, governance standards and the EHDS Regulation. The instrument has been designed to enhance its usability and flexible implementation, allowing users to focus on sections that are considered most relevant for their operational purposes. A test survey was run to test its applicability.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Results<\/jats:title>\n                    <jats:p>The study demonstrated the tool's effectiveness in capturing real-world practices and help data controllers and data holders in identifying both strengths and critical gaps. Survey results showed that users have already established solid foundations for data protection. Participating centres showed a moderate-to-high capacity to enable the secondary use of health data for both research and public health purposes, reflecting an encouraging level of preparedness for the EHDS Regulation. The user feedback collected alongside the survey confirmed the tool's relevance and usability.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Conclusions<\/jats:title>\n                    <jats:p>\n                      We developed an\n                      <jats:italic>ad-hoc<\/jats:italic>\n                      tool to monitor and improve data protection, interoperability and governance, which may represent a strategic resource for disease registries and health information systems. The DIGA tool can support institutional self-assessment, fostering regulatory readiness and generating meaningful insights for the implementation of national and EU-level policies. Further studies are needed to assess the reliability of the tool under different conditions, and refine it accordingly for large-scale implementation. Validation across multiple networks and disease domains within CHIEF will allow strengthening its role in preparation of the EHDS.\n                    <\/jats:p>\n                  <\/jats:sec>","DOI":"10.3389\/fdgth.2025.1685774","type":"journal-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T06:20:43Z","timestamp":1761546043000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Data protection, interoperability and governance assessment tool: results from a proof-of-concept survey"],"prefix":"10.3389","volume":"7","author":[{"given":"Concetta Tania","family":"Di Iorio","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elettra","family":"Ronchi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ivan","family":"Pristas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tamara","family":"Buble","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicholas","family":"Nicholson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabrizio","family":"Carinci","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1965","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"key":"B1","article-title":"Regulation (EU) 2016\/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/ 46\/EC (General Data Protection Regulation), OJL 119\/1, 4 May 2016, pp. 1\u201388","year":""},{"key":"B2","article-title":"Regulation (EU) 2025\/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011\/24\/EU and Regulation (EU) 2024\/2847. OJL, 2025\/327, 5 March 2025","year":""},{"key":"B3","doi-asserted-by":"publisher","first-page":"222","DOI":"10.3233\/SHTI220066","article-title":"General data protection regulation (GDPR) toolkit for digital health","volume":"290","author":"Hussein","year":"2022","journal-title":"Stud Health Technol Inform"},{"key":"B4","doi-asserted-by":"publisher","first-page":"104933","DOI":"10.1016\/j.ijmedinf.2022.104933","article-title":"Tools to foster responsibility in digital solutions that operate with or without artificial intelligence: a scoping review for health and innovation policymakers","volume":"170","author":"Lehoux","year":"2023","journal-title":"Int J Med Inform"},{"key":"B5","doi-asserted-by":"publisher","first-page":"e23","DOI":"10.1136\/medethics-2019-105948","article-title":"Assessing data protection and governance in health information systems: a novel methodology of privacy and ethics impact and performance assessment (PEIPA)","volume":"47","author":"Di Iorio","year":"2021","journal-title":"J Med Ethics"},{"key":"B6","article-title":"Privacy and Ethics Impact and Performance Assessment (PEIPA) Final Report. EUBIROD web-site","author":"Di Iorio","year":"2017"},{"key":"B7","article-title":"Regulatory Framework and Best Practices of Data Linkage and Interoperability for Disease Registries and Health Information Systems in Europe: Literature and Legal Review [pre-print]. Zenodo","author":"Di Iorio","year":"2025"},{"key":"B8","article-title":"Apply for a permit","year":"2025"},{"key":"B9","doi-asserted-by":"publisher","first-page":"1517","DOI":"10.1016\/j.healthpol.2021.09.006","article-title":"Identifying common enablers and barriers in European health information systems","volume":"125","author":"Bogaert","year":"2021","journal-title":"Health Policy"},{"key":"B10","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1016\/j.healthpol.2014.11.016","article-title":"Essential levels of health information in Europe: an action plan for a coherent and sustainable infrastructure","volume":"119","author":"Carinci","year":"2015","journal-title":"Health Policy"},{"key":"B11","volume-title":"Assessment of the EU Member States\u2019 Rules on Health Data in the Light of GDPR","author":"Hansen","year":"2021"},{"key":"B12","volume-title":"Health Data Governance: Privacy, Monitoring and Research","year":"2015"},{"key":"B13","volume-title":"Recommendation of the OECD Council on Health Data Governance, the Next Generation of Health Reforms","year":"2017"},{"key":"B14","volume-title":"Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - a European Strategy for Data. COM (2020)","year":"2020"},{"key":"B15","volume-title":"Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity Across the Union, Amending Regulation (EU) No 910\/2014 and Directive (EU) 2018\/1972, and Repealing Directive (EU) 2016\/1148 (NIS 2 Directive)\u201d","year":"2022"},{"key":"B16","first-page":"15","volume-title":"Regulation (EU) 2019\/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No 526\/2013 (Cybersecurity Act). OJ L 151 (2019)","year":""},{"key":"B17","article-title":"GDPR toolkit","year":"2025"},{"key":"B18","article-title":"Data Protection and Privacy Tools","year":"2025"},{"key":"B19","article-title":"Complete guide to GDPR compliance","year":"2025"}],"container-title":["Frontiers in Digital Health"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdgth.2025.1685774\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T06:20:45Z","timestamp":1761546045000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdgth.2025.1685774\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,27]]},"references-count":19,"alternative-id":["10.3389\/fdgth.2025.1685774"],"URL":"https:\/\/doi.org\/10.3389\/fdgth.2025.1685774","relation":{},"ISSN":["2673-253X"],"issn-type":[{"value":"2673-253X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,27]]},"article-number":"1685774"}}