D1.2 Annual Periodic Report (Y1)
This document provides a summary of the progress achieved and the resources used during the first year of the KONFIDO Action (M01-M12). The report is structured in terms of progress achieved per work package. The work packages included in this document are those that started their activities during the reporting period, according to the Grant Agreement. The relevant Work Packages are the following:
• WP1: Project Management
• WP2: Legal and Ethical assessment on data privacy
• WP3: User requirements analysis
• WP4: System requirements and overall design
• WP5: Security mechanisms detailed design for trusted data exchange and storage
• WP8: Raising awareness and exploitation roadmap
We note that the Grant Agreement includes an additional WP (WP9: Ethics requirements). The aim of this WP is to define the Ethics Review Committee of the Action, consisting of internal and external members.
The main goals of the Action during this period were:
• To establish a communication framework, collaboration infrastructures and define the formal procedures for quality control;
• To define the KONFIDO’s brand and create the Action’s templates;
• To perform team-building activities, as well as to build a common view and language among the Consortium members;
• To define the initial legal, ethical and societal requirements around KONFIDO;
• To perform a gap analysis on interoperable solutions at a systemic level;
• To organize two end-user workshops and run two surveys on the user acceptance of eHealth solutions;
• To draft the initial KONFIDO architecture and define the initial system requirements;
• To start the design of the individual security mechanisms for trusted data exchange and storage;
• To create promotional material for KONFIDO, build the Action’s public website and define KONFIDO’s dissemination strategy;
• To perform early dissemination activities.
In a summary, WP1 organized the communication among the members of the Consortium in terms of regular teleconferences, mail exchange, SharePoint collaboration and quality procedures. No significant problems were observed during the first year of the Action. Three face-to-face meetings for the whole Consortium were organized in December 2016 (kick-off meeting), March 2017 (1st plenary meeting) and October 2017 (2nd plenary meeting) to discuss the progress of the Action in each work package and draft the plan for the following months. The work performed during this period is reflected in deliverables D1.1, D1.2 and D1.6.
WP2 defined the initial legal and ethical framework for KONFIDO. The activities of the eHealth Network and JASeHN and, in particular, the work of the JASeHN legal task force on the Legal Agreement for Cross-Border Exchange of Health Data have been followed up. In addition, an initial analysis of the legal and policy framework with regard to electronic health records in the three EU Member States involved in the KONFIDO use cases, has been undertaken.
The work performed during this period is reflected in deliverables D2.1, D2.3 and D2.6.
WP3 focuses on the user requirements analysis and has been completed within the first year of the Action. Its core achievements include: a detailed gap analysis for interoperable solutions at a systemic level on 14 analysis subjects; the development of a use-case inventory in the field of eHealth security and privacy; the definition of user requirements; the conduction of two surveys on the acceptance of eHealth solutions and the conduction of two enduser workshops to discuss the survey outcomes. The work performed during this period is reflected in deliverables D3.1, D3.2, D3.3, D3.4 and D3.5.
WP4 targets the design of the overall KONFIDO architecture and the definition of system requirements. In particular, at the end of the first year of the Action, a first version of the KONFIDO architecture has been agreed upon by the Consortium and the interactions between the framework components have been identified. Moreover, functional and non-functional system requirements have been defined, and a high-level view of the KONFIDO interfaces has been proposed. Part of the work performed during this period is reflected in deliverable D4.3.
WP5 is dedicated to the design and specification of various security methods in a coordinated manner for the encryption, storage and data exchange in the KONFIDO overall security solution. A first analysis on how secure Intel SGX enclaves can be used in the context of KONFIDO has been conducted, such as the integration of homomorphic encryption inside a secure SGX enclave. Progress has been made concerning the design and specifications of a PUFbased security solution as a true random generator or a homomorphic key generator. The specification of a generic interface for different homomorphic crypto-systems is also ongoing. The requirements of the SIEM solution have been analysed and the dataflow between the SIEM and other parts of the KONFIDO platform have been identified.
The requirements for the blockchain-based auditing mechanism have been analysed. Progress has also been made in the analysis of the existing eIDAS authentication system and the adoption status in each of the countries participating in the validation pilots.
WP8 includes all dissemination, exploitation and awareness-raising activities of KONFIDO. Within the first year of the Action, a detailed dissemination and communication strategy has been defined, the website of the Action has been launched and social media accounts have been created, dissemination material has been released (including one press release, an Action flyer and the first KONFIDO newsletter), 7 research papers have been published, KONFIDO has been presented in 8 events and liaison with several related projects has been established. Part of the work performed during this period is reflected in deliverable D8.1 and D8.2.