Your browser does not support JavaScript!

Requirements elicitation for secure and interoperable cross-border health data exchange: the KONFIDO study

Requirements elicitation for secure and interoperable cross-border health data exchange: the KONFIDO study

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

In this study, the requirements elicitation approach employed in the context of the KONFIDO project is presented. KONFIDO introduces a technical paradigm for secure and interoperable cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption and blockchains. Being a key part of the overall user requirements engineering methodology, requirements elicitation focused on producing high-level, end-user goals following a systematic procedure. First, the main business processes were identified based on the project's pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering the outcome of relevant projects and applicable best practices/standards. As a result, a set of user goals were identified and analysed in detail. Finally, a meta-analysis of the produced goals against the employed information sources was applied, highlighting the importance of standards as a guide for defining requirements, as well as the complexity concerning the interdependencies among the elaborated business processes, assets, threats, and user goals. As the deployment of the technical solution may be cloud-based, implications and challenges imposed by the adoption of cloud computing in this setting are also presented.


    1. 1)
      • 6. Buyya, R., Shin Yeoa, C., Venugopal, S., et al: ‘Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility’, Future Gener. Comput. Syst., 2009, 5, pp. 599616.
    2. 2)
      • 1. Angraal, S., Krumholz, H.M., Schulz, W.L.: ‘Blockchain technology: applications in health care’, Circ. Cardiovasc. Qual. Outcomes., 2017, 10, (9), p. e003800.
    3. 3)
      • 20. Rasmussen, J., Natsiavas, P., Votis, K., et al: ‘Gap analysis for information security in interoperable solutions at a systemic level: the KONFIDO approach’, in Maglaveras, N., et al (Eds.) ‘Precision medicine powered by pHealth and connected health. IFMBE Proceedings, vol. 66, pp. 7579, (Springer, Singapore, 2018.
    4. 4)
      • 24. STORK 2.0: ‘D4.8: Final version of process flows’, 2016, Available at, accessed October 2017.
    5. 5)
      • 30. ENISA, ‘An evaluation framework for national cyber security Strategies’ (Athens, Greece, 2014), ISBN: 978-92-9204-109-0.
    6. 6)
      • 15. Drechsler, R., Soeken, M., Wille, R.: ‘Automated and quality-driven requirements engineering’. Proc. IEEE/ACM Int. Conf. Computer-Aided Design, San Jose, CA, USA, November 2014, pp. 586590.
    7. 7)
      • 29. ENISA: ‘National Cyber Security Strategies: Practical Guide on Development and Execution’ (Athens, Greece, 2012),, accessed October 2017.
    8. 8)
      • 2. Böhm, C., Hofer, M.: ‘Physical unclonable functions in theory and practice’ (Springer, New York, 2013).
    9. 9)
      • 9. Staffa, M., Sgaglione, L., Mazzeo, G., et al: ‘An OpenNCP-based solution for secure eHealth data exchange’, J. Netw. Comput. Appl., 2018, 116, (15), pp. 6585.
    10. 10)
      • 12. Teixeira, L., Ferreira, C., Sousa Santos, B.: ‘Using task analysis to improve the requirements elicitation in health information system’. Proc. 29th Int. Conf. IEEE Engineering in Medicine and Biology Society, Lyon, France, 23–26 August 2007, pp. 36693672.
    11. 11)
      • 13. Park, G., Fellir, F., Hong, J., et al: ‘Deriving use cases from business processes: a goal-oriented transformational approach’. Proc. Symp. Applied Computing (SAC), New York, USA, 2017, pp. 12881295.
    12. 12)
      • 23. Privacy Flag project: ‘D2.2: Technical Risks Analysis Report’, 2016, Available at, accessed October 2017.
    13. 13)
      • 3. Yi, X., Paulet, R., Bertino, E.: ‘Homomorphic encryption’, in Yi, X., et al (Eds.): ‘Homomorphic encryption applications’ (Springer, Cham, 2014), pp. 2746.
    14. 14)
      • 4. Fonseca, M., Karkaletsis, K., Cruz, I.A., et al: ‘OpenNCP: a novel framework to foster cross-border e-Health services’, in Cornet, R., Stoicu-Tivadar, L., Hörbst, A., et al (Eds.): ‘Studies in Health Technology and Informatics’, vol. 210, (IOS Press, Amsterdam, 2015), pp. 617621.
    15. 15)
      • 8. Natsiavas, P., Rasmussen, J., Voss-Knude, M., et al: ‘Comprehensive user requirements engineering methodology for secure and interoperable health data exchange’, BMC Med. Inform. Decis. Mak., 2018, 18, (85), doi: 10.1186/s12911-018-0664-0.
    16. 16)
      • 31. European Commission: ‘Study on cross-border health services: enhancing information provision to patients’ (Luxembourg, 2018), ISBN 978-92-79-80264-5.
    17. 17)
      • 7. Griebel, L., Prokosch, H.U., Köpcke, F., et al: ‘A scoping review of cloud computing in healthcare’, BMC Med. Inform. Decis. Mak., 2015, 15, Article ID: 17, doi: 10.1186/s12911-015-0145-7.
    18. 18)
      • 28. ENISA: ‘Smart hospitals: security and resilience for smart health service and infrastructures’ (Athens, Greece, 2016), ISBN 978-92-9204-181-6.
    19. 19)
      • 5. Armbrust, M., Fox, A., Griffith, R., et al: ‘A view of cloud computing’, Commun. ACM, 2010, 53, (4), pp. 5058.
    20. 20)
      • 26. ENISA: ‘Security and resilience in eHealth: security challenges and Risks’ (2015), ISBN 978-92-9204-137-3.
    21. 21)
      • 18. ‘Improving Web application security: threats and countermeasures’. Available at, accessed October 2017.
    22. 22)
      • 22. Thorp, J., Smet, D., Gessner, C., et al: ‘D5.3 – Guideline on the electronic exchange of health data under Cross-Border Directive 2011/24/EU’, Release 2, 2016. Available at, accessed October 2017.
    23. 23)
      • 17. Schneider, R.M.: ‘A comparison of information security risk analysis in the context of e-government to criminological threat assessment techniques’. Proc. Information Security Curriculum Development Conf. (InfoSecCD), New York, USA, 2010, pp. 107116.
    24. 24)
      • 19. ‘ISO 27000 standards family Web page’. Available at, accessed October 2017.
    25. 25)
      • 27. ENISA: ‘Good Practice Guide for Incident Management’ (2010), Available at, accessed October 2017.
    26. 26)
      • 10. Staccini, P., Joubert, M., Quaranta, J.-F., et al: ‘Modelling health care processes for eliciting user requirements: a way to link a quality paradigm and clinical information system design’, Int. J. Med. Inform., 2001, 64, (2-3), pp. 129142.
    27. 27)
      • 25. The EU General Data Protection Regulation (GDPR), Available at, accessed October 2017.
    28. 28)
      • 16. Nematzadeh, A., Jean Camp, L.: ‘Threat analysis of online health information system’. Proc. 3rd Int. Conf. on Pervasive Technologies Related to Assistive Environments, New York, USA, Article 31, 2010.
    29. 29)
      • 11. Wong, L., Mauricio, D., Rodriguez, G., et al: A systematic literature review about software requirements elicitation. J. Eng. Sci. Technol., 2017, 12, (2), pp. 296317.
    30. 30)
      • 21. Natsiavas, P., Kakalou, C., Votis, K., et al: ‘Identification of barriers and facilitators for eHealth acceptance: the KONFIDO study’, in Maglaveras, N., et al (Eds.) ‘Precision medicine powered by pHealth and connected health. IFMBE Proceedings, vol. 66, pp. 8185, (Springer, Singapore, 2018).
    31. 31)
      • 14. Kof, L.: ‘Requirements analysis: concept extraction and translation of textual specifications to executable models’. Proc. 14th Int. Conf. Applications of Natural Language to Information Systems, Berlin, Heidelberg, 2009, pp. 7990.

Related content

This is a required field
Please enter a valid email address