Notice C

Promoting the collaborative development of proposals for investments in digital health global goods

Expert Community Engagement to Address Privacy and Security in DHIS2 Centric Solutions

Notice C Opportunity: 
Announcement C0: Global Good Software Development and Support
Application Status: 
Approved - partially funded

Comments

I personally believe that as an industry, we do not put enough focus on data privacy and security issues, and I welcome this effort to review DHIS2 privacy concerns and develop standards for all digital health systems.

On behalf of my team at IntraHealth, we would like to be involved in these discussions and help develop guidelines that benefit all digital health solution providers. We certainly would find privacy guidelines helpful in our own solutions, like iHRIS and mHero, and in our collaborative works with others.

 

Thank you for your concept note and we look forward to reviewing the full proposal!  You mention in your concept note that the outcomes will be to other patient centric systems in LMICs.  As you expand to a full proposal, please elaborate on this and how your outputs wil be made accessible for users beyond DHIS2. Please also explain a bit more about how why you are using the rapid TPP process.

Thank you for submitting a concept note on data privacy and security – a critical area of work for our community! A few questions on your concept note:

-        How will you promote adoption of the asset or assets once they are developed?

-        Will your security and privacy assets address data privacy issues across platforms – e.g., beyond the DHIS2 platform?

-        Can you expand more on how will you align your asset development with letter and spirit of global guidelines, such as ‘privacy by design’ as outlined in the GDPR?

-        Will your workbook asset take a holistic approach to all of the data privacy areas you outline here, or will you prioritize?

-        On the TPP Expert Panel, in line with the Principles for Digital Development, how do you plan to include stakeholder-users – partners who oversee or implement public health programs that use DHIS2 applications, but who do not design the platform applications themselves?

-        How will your asset address data privacy and security at the various levels of data input, aggregation, and storage?

Please also expand on your approach to seeking further funding for additional assets identified during the TPP process, but not covered by this funding mechanism. Thank you for submitting this concept note, and I look forward to reviewing your full proposal.

Ashley Bennett, PATH

See comments on https://proposals.digitalsquare.io/65 about possibly combining the proposals into one with a set of different work packages. How will existing work on security and privacy be leveraged - https://wiki.ihe.net/index.php/Enabling_Document_Sharing_Using_IHE_Profiles or http://wiki.hl7.org/index.php?title=FHIR_Bulk_Data_Transfer_Privacy_and_... .

Can you discuss potential channels for dissemmination of the workbook (e.g. would it be raised to HDC? would it be part of the dhis2 tracker academies?) .

How will you coordinate with Oslo on this proposed work, in particular on their community of practice https://wiki.digitalsquare.io/index.php/Digital_Square_Investments_in_Gl... ?

First, I echo other comments that there is a lot of value in this activity even without the direct connection to the DHIS2 application. Also, likely the project team are already aware, but just pointing to this case study:

“Using DHIS 2 Software to Track Prevention of Mother-to-Child Transmission of HIV: Guidance. “ https://www.measureevaluation.org/resources/publications/ms-18-127

which identifies some topics/issues from a practical implementation that would be in scope for this proposal.