Privacy policy enforcement for health information data access

2009 ◽  
Author(s):  
Faiz Currim ◽  
Eunjin Jung ◽  
Xin Xiao ◽  
Insoon Jo
Keyword(s):  
Health Information ◽  
Data Access ◽  
Policy Enforcement ◽  
Privacy Policy

scholarly journals Alberta's Data and Analytic Strategy: Leveraging Linked Data to Drive Innovation

2019 ◽  
Vol 4 (3) ◽  
Author(s):  
Larry Svenson
Keyword(s):  
Health System ◽  
Health Information ◽  
Data Warehouse ◽  
Data Access ◽  
Health Data ◽  
Direct Access ◽  
Safe Haven ◽  
For Profit ◽  
Secondary Use ◽  
Not For Profit

BackgroundThe Province of Alberta, Canada, maintains a mature data environment with linkable administrative and clinical data dating back up to 30 years. Alberta has a single payer, publicly funded and administered, universal health system, which maintains multiple administrative data sets. Main AimThe main aim of the strategy is to fully maximize the data assets in the province to drive health system health system innovation, with a focus on improving health outcomes and quality of life. Methods/ApproachThe Alberta Ministry of Health has created the Secondary Use Data Access (SUDA) initiative to leverage its administrative health data. SUDA envisions strengthening partnerships between the public and private sectors through two main data access approaches. The first is direct access to de-identified data held within the Alberta Health data warehouse by key health system stakeholders (e.g. academic institutions, professional associations, regulatory colleges). The second is indirect access to private and not-for-profit organizations, using a data access safe haven (DASH) approach. Indirect access is achieved through private sector investments to a trusted third party that hires analysts placed within the Ministry of Health offices. ResultsStaffing agreements and privacy impact assessments are in place. Indirect access includes a multiple stakeholder steering committee to vet and prioritize projects. Private and not-for-profit stakeholders do not have access to raw data, but rather receive access to aggregated data and statistical models. All data disclosures are done by Ministry staff to ensure compliance with Alberta's Health Information Act. Direct access has been established for one professional organization and one academic institution, with access restricted to de-identified data. ConclusionThe Secondary Use Data Access initiative uses a safe haven approach to leveraging data to provide a more secure approach to data access. It reduces the need to provision data outside of the data warehouse while improving timely access to data. The approach provides assurances that people's health information is held secure, while also being used to create health system improvements.

Cloud-Based Identity and Identity Meta-Data

2016 ◽  
pp. 1756-1773
Author(s):  
Grzegorz Spyra ◽  
William J. Buchanan ◽  
Peter Cruickshank ◽  
Elias Ekonomou
Keyword(s):  
Access Control ◽  
Data Model ◽  
Ad Hoc ◽  
Personal Data ◽  
Data Access ◽  
Control Model ◽  
Policy Enforcement ◽  
Sensitive Data ◽  
Access Control Model ◽  
Meta Data

This paper proposes a new identity, and its underlying meta-data, model. The approach enables secure spanning of identity meta-data across many boundaries such as health-care, financial and educational institutions, including all others that store and process sensitive personal data. It introduces the new concepts of Compound Personal Record (CPR) and Compound Identifiable Data (CID) ontology, which aim to move toward own your own data model. The CID model ensures authenticity of identity meta-data; high availability via unified Cloud-hosted XML data structure; and privacy through encryption, obfuscation and anonymity applied to Ontology-based XML distributed content. Additionally CID via XML ontologies is enabled for identity federation. The paper also suggests that access over sensitive data should be strictly governed through an access control model with granular policy enforcement on the service side. This includes the involvement of relevant access control model entities, which are enabled to authorize an ad-hoc break-glass data access, which should give high accountability for data access attempts.

A New Proxy Server of CHIS Based on Caché

2011 ◽  
Vol 65 ◽  
pp. 427-430
Author(s):  
Guang Ming Li ◽  
Gai Hong Lian ◽  
Zhen Qi He
Keyword(s):  
Health Information ◽  
Data Sharing ◽  
Data Model ◽  
Data Access ◽  
Health Information Systems ◽  
Heterogeneous Data ◽  
Proxy Server ◽  
Common Solution ◽  
The Core ◽  
The Common

The data accessing technology is the core and foundation technology of the community health information systems. In the process of designing the system, the relational database compared with the Caché database from the data model, extensibility, scalability, etc. Study the associated technology about the heterogeneous data sharing with the Caché database. After analyzed the common solution of heterogeneous data sharing then the paper proposed a new data sharing solution, which design a middle proxy server. With the middle proxy, the implementation class completed the uploading and sharing of data access and other functions.

scholarly journals 1657. Notes From the Field: A Survey of Mobile Device Usage Among Individuals in KwaZulu-Natal, South Africa

2019 ◽  
Vol 6 (Supplement_2) ◽  
pp. S606-S606
Author(s):  
Breanna R Campbell ◽  
Koeun Choi ◽  
Megan Gray ◽  
Chelsea Canan ◽  
Anthony Moll ◽  
...  
Keyword(s):  
South Africa ◽  
Health Information ◽  
Cell Phone ◽  
Data Access ◽  
People Living With Hiv ◽  
Medical Male Circumcision ◽  
Condomless Sex ◽  
Private Data ◽  
Kwazulu Natal ◽  
To Receive

Abstract Background mHealth (mobile health) is a promising tool to deliver healthcare interventions to underserved populations. Across low- and middle-income countries (LMIC), the prevalence of smartphones has risen to 42%. Effective mHealth deployment in LMIC requires an understanding of how LMIC populations use mobile technology. We characterized the use of mobile devices in rural KwaZulu-Natal, South Africa to tailor mHealth interventions for people living with HIV and at risk for acquiring HIV. Methods We surveyed participants in community settings and offered free HIV counseling and testing. Participants self-reported their gender, age, relationship status, living distance from preferred clinic, receipt of monthly grant, condomless sex frequency, and circumcision status (if male). Outcomes included cell phone and smartphone ownership, private data access, health information seeking, and willingness to receive healthcare messages. We performed multivariable logistic regression to assess the relationship between demographic factors and outcomes. Results Among 788 individuals surveyed, the median age was 28 (IQR 22–40) years, 75% were male, and 86% owned personal cell phones, of which 43% were smartphones. The majority (59%) reported having condomless sex and most (59%) males reported being circumcised. Although only 10% used the phone to seek health information, 93% of cell phone owners were willing to receive healthcare messages. Being young, female, and in a relationship were associated with cell phone ownership. Smartphone owners were more likely to be young and female, less likely to live 10–30 minutes from preferred clinic, and less likely to receive a monthly grant. Those reporting condomless sex or lack of circumcision were significantly less likely to have private data access. Conclusion Most participants were willing to receive healthcare messages via phone, indicating that mHealth interventions may be feasible in rural KwaZulu-Natal. Smartphone-based mHealth interventions specifically geared to prevent or support the care of HIV in young women in KwaZulu-Natal may be feasible. mHealth interventions encouraging condom use and medical male circumcision should consider the use of non-smartphone SMS and be attuned to mobile data limitations. Disclosures All authors: No reported disclosures.

The impacts of the privacy policy on individual trust in health information exchanges (HIEs)

2020 ◽  
Vol 30 (3) ◽  
pp. 811-843 ◽  
Author(s):  
Pouyan Esmaeilzadeh
Keyword(s):  
Health Information ◽  
The United States ◽  
Equation Modeling ◽  
Privacy Policy ◽  
Patient Trust ◽  
Cognitive Trust ◽  
Content Type ◽  
Willingness To Disclose ◽  
Cognitive Beliefs ◽  
The Impact

PurposeHealth information exchange (HIE) initiatives utilize sharing mechanisms through which health information is mostly transmitted without a patient's close supervision; thus, patient trust in the HIE is the core in this setting. Existing technology acceptance theories mainly consider cognitive beliefs resulting in adoption behavior. The study argues that existing theories should be expanded to cover not only cognitive beliefs but also the emotion provoked by the sharing nature of the technology. Based on the theory of reasoned action, the technology adoption literature, and the trust literature, we theoretically explain and empirically test the impact of perceived transparency of privacy policy on cognitive trust and emotional trust in HIEs. Moreover, the study analyzes the effects of cognitive trust and emotional trust on the intention to opt in to HIEs and willingness to disclose health information.Design/methodology/approachAn online survey was conducted using data from individuals who were aware of HIEs through experience with at least one provider participating in an HIE network. Data were collected from a wide range of adult population groups in the United States.FindingsThe structural equation modeling analysis results provide empirical support for the proposed model. The model highlights the strategic role of the perceived transparency of the privacy policy in building trust in HIEs. When patients know more about HIE security measures, sharing procedures, and privacy terms, they feel more in control, more assured, and less at risk. The results also show that patient trust in HIEs may take the forms of intention to opt in to an HIE and willingness to disclose health information exchanged through HIE networks.Originality/valueThe findings of this study should be of interest to both academics and practitioners. The research highlights the importance of developing and using a transparent privacy policy in the diffusion of HIEs. The findings provide a deep understanding of dimensions of HIE privacy policy that should be addressed by health-care organizations to exchange personal health information in a secure and private manner.

Security Issues in the Internet of Things

2018 ◽  
pp. 186-200 ◽  
Author(s):  
Muneer Bani Yassein ◽  
Wail Mardini ◽  
Amnah Al-Abdi
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Data Communication ◽  
The Internet ◽  
Policy Enforcement ◽  
Privacy Policy ◽  
Everyday Objects ◽  
Security Issues ◽  
Communication Paradigm ◽  
The Internet Of Things

Internet of Things (IoT) is one of the most active and hot topics these days in which most of our everyday objects are connected with each other over internal and external networks. As in any data communication paradigm there are security aspects that should be taken care of. The traditional security mechanisms are usually not applicable in IoT because there are different standards involved, this make the security preservation is one of the main challenges in IoT. According to previous surveys, there are many of security issues in regards to IoT. In this chapter, five issues from the security issues in IoT are discussed; Access Control, Authentication, Privacy, Policy Enforcement, and Trust. After that, major proposed solutions from the literature is listed and compared according to the strength and weakness points for each of them.

Sign in / Sign up

Export Citation Format

Share Document