# Data protection, interoperability and governance assessment tool: results from a proof-of-concept survey

**Authors:** Concetta Tania Di Iorio, Elettra Ronchi, Ivan Pristas, Tamara Buble, Nicholas Nicholson, Fabrizio Carinci

PMC · DOI: 10.3389/fdgth.2025.1685774 · Frontiers in Digital Health · 2025-10-27

## TL;DR

This paper introduces a tool to assess health data governance, showing it helps institutions prepare for new European regulations.

## Contribution

A modular assessment tool for health data governance, combining legal compliance and operational readiness.

## Key findings

- The tool effectively captures real-world practices and identifies compliance strengths and gaps.
- Participating centers showed moderate-to-high capacity for secondary health data use.
- User feedback confirmed the tool's relevance and usability for regulatory readiness.

## Abstract

The Collaborative Health Information European Framework (CHIEF) supports consistent monitoring of quality of care and outcomes, through a cohesive information infrastructure aligned with legal and ethical standards, to ensure preparedness to the European Health Data Space (EHDS). We aimed to define, develop and apply a practical solution to help data controllers and data holders navigating the increasingly complex and rapidly evolving legal conditions for health data governance.

We designed and applied a modular questionnaire to enable Data Protection, Interoperability and Governance Assessment (DIGA). The tool combines quantitative and qualitative analysis to measure the level of institutional compliance with EU data protection laws, governance standards and the EHDS Regulation. The instrument has been designed to enhance its usability and flexible implementation, allowing users to focus on sections that are considered most relevant for their operational purposes. A test survey was run to test its applicability.

The study demonstrated the tool's effectiveness in capturing real-world practices and help data controllers and data holders in identifying both strengths and critical gaps. Survey results showed that users have already established solid foundations for data protection. Participating centres showed a moderate-to-high capacity to enable the secondary use of health data for both research and public health purposes, reflecting an encouraging level of preparedness for the EHDS Regulation. The user feedback collected alongside the survey confirmed the tool's relevance and usability.

We developed an ad-hoc tool to monitor and improve data protection, interoperability and governance, which may represent a strategic resource for disease registries and health information systems. The DIGA tool can support institutional self-assessment, fostering regulatory readiness and generating meaningful insights for the implementation of national and EU-level policies. Further studies are needed to assess the reliability of the tool under different conditions, and refine it accordingly for large-scale implementation. Validation across multiple networks and disease domains within CHIEF will allow strengthening its role in preparation of the EHDS.

## Full-text entities

- **Diseases:** CD (MESH:D003424), MS (MESH:C535541), CHIEF (MESH:D004675), diabetes (MESH:D003920), DIGA (MESH:C536411), NCDs (MESH:D000073296)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12597924/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12597924/full.md

## References

19 references — full list in the complete paper: https://tomesphere.com/paper/PMC12597924/full.md

---
Source: https://tomesphere.com/paper/PMC12597924