Upgrading the Health Sector with high-skilled Data Protection Officers (DPOs) under GDPR Erasmus Project

Project Title

Upgrading the Health Sector with high-skilled Data Protection Officers (DPOs) under GDPR

Project Key Action

This project related with these key action: Cooperation for innovation and the exchange of good practices

Project Action Type

This project related with this action type : Strategic Partnerships for vocational education and training

Project Call Year

This project’s Call Year is 2018

Project Topics

This project is related with these Project Topics: New innovative curricula/educational methods/development of training courses; ICT – new technologies – digital competences; Recognition, transparency, certification

Project Summary

The healthcare sector is dominated by a myriad of cybersecurity-related issues that pose new challenges to the healthcare sector. In an increasingly data-driven world, cybersecurity is no longer just an issue for experts. In the past, Europe has encountered an unprecedented number of cyber-attacks in terms of their global scale, their impact on the business sector and their spread rate.

Healthcare organizations are among the most trusted institutions with the most sensitive information about patients: name, date and place of birth, medical records, Social Security information. Health care players have become an easy target for hackers because of many difficulties (low budget, lack of IT organization, overuse of legacy systems) and are facing increasing pressure and threats from them. In particular, the situation under Covid19 showed the vulnerability of many IT systems. Through home office and travel restrictions, many contacts were carried out virtually, in the health care system (health offices, medical practices, hospitals, pharmaceutical surge, health insurance) many processes were switched to online and this in a short time, which did not allow much room for safe development. This situation has been exploited by many cybercriminals.

The healthcare industry faces major challenges, as cyberattacks can not only result in financial losses and privacy violations. The General Data Protection Regulation (GDPR) 2016/679, which will be directly applicable in all Member States by 25 May 2018, requires healthcare organisations to analyse their data flows and to reconsider how they deal with and monitor patient data to ensure that they comply with the Regulation.

At the same time, the expected massive growth in data protection jobs is leading to new skills, knowledge, and skills of healthcare workers. As a result, the health sector faces the risk of a growing mismatch between the qualifications of data protection officers/employees in European countries with different occupational profiles in terms of skills and competences and, most importantly, a different level of data protection legislation.

This project aims to equip the main actors with staff who will fill the gap and the identified mismatch between qualifications:
– developing improved regional and supra-regional partnerships to ensure that sufficient health workers and learners can receive the right training/training based on current needs.
– More systematic and coherent link between education and vocational training, with the health sector and health organisations
– developing an environment that promotes the employability of workers in the health sector by providing appropriate tools to improve their working conditions and the quality of services provided.
– Improving comparability and transfer of skills and competences through online training for current or future healthcare workers.
– Raising awareness and improving knowledge of patient data protection and providing concrete information on legal aspects

In order to achieve these objectives, the following products were created by the consortium members during the project:
1. Report on the results of the country-specific needs for the skills and knowledge of data protection officers, a Best Practice research on the training opportunities offered and a summary of a transnational professional profile.
2. Two online courses: “Specialization course on data protection in healthcare” and “Awareness Raising of data protection in healthcare”
3. A manual on how to apply the developed work-based learning (WBL) provides guidance on how to apply Mobility Tool (see point 4), videos and webinars (especially in pandemic times), as well as a guide how to perform internships in normal times.
4. A mobility tool to mediate contacts between healthcare companies and trainees or job seekers in the field of data protection.
5. Report on the specific methodology for quality assurance of educational provision. It also includes a report on the methods that training providers use to monitor the sustainability of their education offerings, as well as more far-reaching suggestions (graduate tracking).
7. A website that provides general information about the project and makes all these products publicly accessible in four languages (English, German, Greek, Romanian) without restriction of access.
8. Trainers were trained how to use the GDPR4H training material and the online courses.

EU Grant (Eur)

Funding of the project from EU: 198572,41 Eur

Project Coordinator

STEINBEIS-HOCHSCHULE-BERLIN GMBH & Country: DE

Project Partners

• Centrul de Resurse pentru Educatie si Formare Profesionala
• MITROPOLITIKO COLLEGE ANOYMI EKPAIDEYTIKI ETAIRIA
• AKKREDITIERUNGS,CERTIFIZIERUNGS – UND QUALITATS- SICHERUNGS- INSTITUT(AQUIN) EV
• Asociatia Romana pentru Promovarea Sanatatii
• SKYBRIDGE PARTNERS OUTSOURCING SERVICES I.K.E.
• ASSOCIATION MEDICALE EUROPEENNE
• PANHELLENIC UNION OF PHARMACEUTICAL INDUSTRY