Health Data Privacy in the COVID-19 Pandemic Context: Discourses on HIPAA

Background: Considering the impacts of the COVID-19 pandemic on health service delivery, the US Office for Civil Rights (OCR) updated the policies on health data processing, and Health Insurance Portability and Accountability Act (HIPAA). Objectives: In this study, we investigated discourses on HIPAA in relation to COVID-19. Methods: Through a search of media sources in the Factiva database, relevant texts were identified. We applied a text mining approach to identify concepts and themes in these texts. Results: Our analysis revealed six central themes, namely, Health, HIPAA, Privacy, Security, Patients, and Need, as well as their associated concepts. Among these, Health was the most frequently discussed theme. It comprised concepts such as public, care, emergency, providers, telehealth, entity, use, discretion, OCR, Health and Human Services (HHS), enforcement, business, and services. Conclusion: Our discourse analysis of media outlets highlights the role of health data privacy law in the response to global public health emergencies and demonstrates how discourse analysis and computational methods can inform health data protection policymaking in the digital health era.

Download Full-text

DIGITAL HEALTH: DATA PRIVACY AND SECURITY WITH CLOUD COMPUTING

Issues In Information Systems ◽

10.48009/1_iis_2020_227-238 ◽

2020 ◽

Keyword(s):

Cloud Computing ◽

Data Privacy ◽

Digital Health ◽

Health Data ◽

Privacy And Security

Download Full-text

Rebooting consent in the digital age: a governance framework for health data exchange

BMJ Global Health ◽

10.1136/bmjgh-2021-005057 ◽

2021 ◽

Vol 6 (Suppl 5) ◽

pp. e005057

Author(s):

Nivedita Saksena ◽

Rahul Matthan ◽

Anant Bhan ◽

Satchit Balsari

Keyword(s):

Data Privacy ◽

Data Exchange ◽

Data Science ◽

Care Delivery ◽

Digital Health ◽

Health Planning ◽

Personal Health Record ◽

Health Data ◽

Individual Autonomy ◽

Patient Consent

In August 2020, India announced its vision for the National Digital Health Mission (NDHM), a federated national digital health exchange where digitised data generated by healthcare providers will be exported via application programme interfaces to the patient’s electronic personal health record. The NDHM architecture is initially expected to be a claims platform for the national health insurance programme ‘Ayushman Bharat’ that serves 500 million people. Such large-scale digitisation and mobility of health data will have significant ramifications on care delivery, population health planning, as well as on the rights and privacy of individuals. Traditional mechanisms that seek to protect individual autonomy through patient consent will be inadequate in a digitised ecosystem where processed data can travel near instantaneously across various nodes in the system and be combined, aggregated, or even re-identified.In this paper we explore the limitations of ‘informed’ consent that is sought either when data are collected or when they are ported across the system. We examine the merits and limitations of proposed alternatives like the fiduciary framework that imposes accountability on those that use the data; privacy by design principles that rely on technological safeguards against abuse; or regulations. Our recommendations combine complementary approaches in light of the evolving jurisprudence in India and provide a generalisable framework for health data exchange that balances individual rights with advances in data science.

Download Full-text

Massive Health Record Breaches Evidenced by the Office for Civil Rights Data

Iranian Journal of Public Health ◽

10.18502/ijph.v48i2.826 ◽

2019 ◽

Cited By ~ 1

Author(s):

Waldemar W. KOCZKODAJ ◽

Jolanta MASIAK ◽

Mirosław MAZUREK ◽

Dominik STRZAŁKA ◽

Pavel F. ZABRODSKII

Keyword(s):

Law Enforcement ◽

Civil Rights ◽

Public Care ◽

Data Breaches ◽

Security Breaches ◽

Department Of Health ◽

Office For Civil Rights ◽

The Usa ◽

Covered Entity ◽

Using Data

Background: Using data collected by the Office for Civil Rights, Department of Health and Human Services (HHS), over half of the population in the USA might have been affected by security breaches since Oct 2009. This study provided analysis of the data, presenting the numbers of individuals affected in one breach and the number of breaches. Methods: Statistical analysis has been conducted with visualizations. Visualizations include categorized histograms and tables. Histograms are presented as bar charts with categories: location and breach type. Tables show case counts (across top 10 breaches and those with more than one million stolen records) in successive years and covered entity types. All statistics were calculated with the use of package R. Analyzed data were collected from Oct 2009 till Jun 2017. Results: This study presents evidence of health data breaches taking place at an unprecedented level. Medical records of at least 173 million of people, gathered since Oct 2009, have been breached and might have adversely influenced over half of the population in the USA. Conclusion: Results of this study are expected to motivate public care authorities to develop similar laws and regulations as the USA while striving for better law enforcement. It takes a considerable amount of time to educate public and it takes substantial financial resources to prevent data breaches.

Download Full-text

Protecting Personal Health Data through Privacy Awareness

Proceedings of the ACM on Human-Computer Interaction ◽

10.1145/3492830 ◽

2022 ◽

Vol 6 (GROUP) ◽

pp. 1-22

Author(s):

Melanie Duckert ◽

Louise Barkhuus

Keyword(s):

Conceptual Framework ◽

Data Protection ◽

Data Privacy ◽

Digital Health ◽

Health Data ◽

Design Guidelines ◽

Personal Health ◽

Health Records ◽

Perception Of Security ◽

Health Care Records

Digital health data is important to keep secure, and patients' perception around the privacy of it is essential to the development of digital health records. In this paper we present people's perceptions of the communication of data protection, in relation to their personal health data and the access to it; we focused particularly on people with chronic or long-term illness. Based on their use of personally accessible health records, we inquired into their explicit perception of security and sense of data privacy in relation to their health data. Our goal was to provide insights and guidelines to designers and developers on the communication of data protection in health records in an accessible way for the users. We analyzed their approach to and experience with their own health care records and describe the details of their challenges. A conceptual framework called "Privacy Awareness' was developed from the findings and reflects the perspectives of the users. The conceptual framework forms the basis of a proposal for design guidelines for Digital Health Record systems, which aim to address, facilitate and improve the users' awareness of the protection of their online health data.

Download Full-text

Comparing the Perception of Privacy for Medical Devices and Devices With Medical Functionality

International Journal of Privacy and Health Information Management ◽

10.4018/ijphim.2020010103 ◽

2020 ◽

Vol 8 (1) ◽

pp. 52-69

Author(s):

Florian Kaiser ◽

Marcus Wiens ◽

Frank Schultmann

Keyword(s):

Medical Devices ◽

Data Privacy ◽

Digital Health ◽

Healthcare Delivery ◽

Health Data ◽

Medical Product ◽

Current State ◽

Significant Difference ◽

Perceived Security ◽

Health Applications

Health data privacy is essential for the acceptance of digital health applications. Hence, privacy is a precondition for future healthcare delivery. This study compares the perception of the current state of health data privacy in officially registered and therefore regulated health applications (medical devices) according to the medical product act as well as non-regulated health applications (devices with medical functionality) in Germany. To this end, an empirical study based on a questionnaire is conducted (n=53). The results show that there are significant differences between the analysed health applications with respect to perceived data privacy. In particular, there is a significant difference of the levels of perceived security between both types of devices. Low privacy for one type of device may hamper trust in digital health applications in general as there are spill-over effects regarding the perception of data privacy. Thus, the study suggests that legal regulations for devices with medical functionality should be adapted to protect health data adequately.

Download Full-text

Data privacy considerations for telehealth consumers amid COVID-19

Journal of Law and the Biosciences ◽

10.1093/jlb/lsaa075 ◽

2020 ◽

Vol 7 (1) ◽

Author(s):

Sharon Bassan

Keyword(s):

Public Health ◽

Civil Rights ◽

Health Information ◽

Health Care Providers ◽

Data Privacy ◽

Healthcare Providers ◽

Professional Judgment ◽

Care Providers ◽

Privacy And Security ◽

Office For Civil Rights

Abstract The COVID-19 emergency poses particularly high infection risks in a clinical setting, where patients and health care providers are placed in the same room. Due to these risks, patients are encouraged to avoid clinics and instead use Telemedicine for safer consultations and diagnoses. In March, the Office for Civil Rights (OCR) at the U.S. Department for Health and Human Services (HHS) issued a notice titled Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (the ‘Notification’). The Notification relaxes the enforcement of privacy and security safeguards established by the Health Insurance Portability and Accountability Act (HIPAA) until further notice, in order to facilitate the transition to telehealth services for the broader purpose of promoting public health during the pandemic. Specifically, covered healthcare providers can use telehealth to provide all services that, in their professional judgment, they believe can be provided through telehealth. If providers make good faith efforts to provide the most timely and accessible care possible, they will not be subject to penalties for breaching the HIPAA Privacy, Security, and Breach Notification Rules. This paper examines the implications of the Notification on patients’ health information privacy. It recommends that patients should undertake a careful reading of provider privacy policies to make sure their protected health information (PHI) is not at risk before switching to telehealth consultation. Acknowledging the limitations of patient self-protection from bad privacy practices when in need for medical treatment during pandemic, the paper proposes that consumers’ data privacy should be protected through one of two alternative regulatory interventions: the FTC’s authority under §5, or HIPAA’s business associates agreements.

Download Full-text

Biometric Monitoring Devices: Modern Solutions to Protecting Athletes’ Data Privacy

Pittsburgh Journal of Technology Law and Policy ◽

10.5195/tlp.2021.245 ◽

2021 ◽

Vol 21 (1) ◽

Author(s):

Tristan A. Dietrick

Keyword(s):

Data Privacy ◽

Personal Data ◽

Collegiate Athletes ◽

Health Data ◽

Easy Access ◽

Biometric Data ◽

Sports Industry ◽

Privacy Law ◽

Increased Risk ◽

Biometric Information

Smartwatches like Fitbits provide users with easy access to quantifiable health data. In the sports industry, tracking this biometric information may be particularly beneficial to athletes, whose livelihoods revolve around their health and fitness. Nonetheless, under the current regime, professional and collegiate athletes’ biometric health data are inadequately protected. Data privacy law is still in its infancy, but in the meantime, athletes must consider that motivations to sell or misuse players’ biometric information may outpace legal developments. This Paper will analyze the promise and risk of collecting professional and collegiate athletes’ health and biometric data, particularly through fitness wearables. It will provide a closer look at wearables in professional sports and consider the increased risk posed to college athletes. Finally, this Paper will consider possible solutions to maximize the benefits of newfound technology while simultaneously minimizing risks to players’ health information, privacy, and personal data ownership.

Download Full-text

Health Data Privacy: Research Fronts, Hot Topics and Future Directions

Studies in Health Technology and Informatics - Integrated Citizen Centered Digital Health and Social Care ◽

10.3233/shti200716 ◽

2020 ◽

Author(s):

Javad Pool ◽

Farhad Fatehi ◽

Farkhondeh Hassandoust ◽

Saeed Akhlaghpour

Keyword(s):

Bibliometric Analysis ◽

Data Privacy ◽

Digital Health ◽

Health Data ◽

Contact Tracing ◽

Future Research ◽

Future Directions ◽

Research Fronts ◽

Research Stream ◽

Emerging Topics

Health data privacy is an important research stream due to the high impacts on the success of digital health transformation and implementation. Neglecting to safeguard data confidentially and integrity and mitigate risks associated with unauthorized access will lead to failures in materializing benefit from digital health. This study aims to present a bibliometric analysis of health data privacy and provide a platform for future directions. We conducted a literature search between 2010 and 2020 in the Web of Science (WoS) database, resulted in 1,752 records. As part of the bibliometric analysis, concept mapping of health data privacy researches was depicted by network visualization and overlay visualization. These two visualizations represent five research fronts and emerging topics (e.g., digital health, blockchain, the internet of things (IoT)). Finally, we chart directions for future research on health data privacy, highlighting emerging topics, and boundary-breaking alternatives (e.g., GDPR, contact tracing apps in the context of pandemics).

Download Full-text