Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment

Electronic consent (e-consent) has the potential to solve many paper-based consent approaches. Existing approaches, however, face challenges regarding privacy and security. This literature review aims to provide an overview of privacy and security challenges and requirements proposed by papers discussing e-consent implementations, as well as the manner in which state-of-the-art solutions address them. We conducted a systematic literature search using ACM Digital Library, IEEE Xplore, and PubMed Central. We included papers providing comprehensive discussions of one or more technical aspects of e-consent systems. Thirty-one papers met our inclusion criteria. Two distinct topics were identified, the first being discussions of e-consent representations and the second being implementations of e-consent in data sharing systems. The main challenge for e-consent representations is gathering the requirements for a “valid” consent. For the implementation papers, many provided some requirements but none provided a comprehensive overview. Blockchain is identified as a solution to transparency and trust issues in traditional client-server systems, but several challenges hinder it from being applied in practice. E-consent has the potential to grant data subjects control over their data. However, there is no agreed-upon set of security and privacy requirements that must be addressed by an e-consent platform. Therefore, security- and privacy-by-design techniques should be an essential part of the development lifecycle for such a platform.

Download Full-text

A HIPAA Security and Privacy Compliance Audit and Risk Assessment Mitigation Approach

International Journal of Cyber Research and Education ◽

10.4018/ijcre.2021070103 ◽

2021 ◽

Vol 3 (2) ◽

pp. 28-45

Author(s):

Young B. Choi ◽

Christopher E. Williams

Keyword(s):

Healthcare System ◽

Information Assurance ◽

Healthcare Providers ◽

Security And Privacy ◽

Privacy Requirements ◽

Security Controls ◽

The Us ◽

Compliance Audit ◽

And Control ◽

Health Laws

Data breaches have a profound effect on businesses associated with industries like the US healthcare system. This task extends more pressure on healthcare providers as they continue to gain unprecedented access to patient data, as the US healthcare system integrates further into the digital realm. Pressure has also led to the creation of the Health Insurance Portability and Accountability Act, Omnibus Rule, and Health Information Technology for Economic and Clinical Health laws. The Defense Information Systems Agency also develops and maintains security technical implementation guides that are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures. The objective is to design a network (physician's office) in order to meet the complexity standards and unpredictable measures posed by attackers. Additionally, the network must adhere to HIPAA security and privacy requirements required by law. Successful implantation of network design will articulate comprehension requirements of information assurance security and control.

Download Full-text

Development and Evaluation of a New Security and Privacy Track in a Health Informatics Graduate Program: Multidisciplinary Collaboration in Education (Preprint)

10.2196/preprints.9081 ◽

2017 ◽

Author(s):

Leming Zhou ◽

Bambang Parmanto ◽

James Joshi

Keyword(s):

Health Care ◽

Health Information ◽

Health Care Providers ◽

Health Informatics ◽

Graduate Program ◽

New Technologies ◽

Security And Privacy ◽

Care Providers ◽

Widespread Application ◽

Mobile Health Apps

BACKGROUND The widespread application of technologies such as electronic health record systems, mobile health apps, and telemedicine platforms, has made it easy for health care providers to collect relevant data and deliver health care regimens. While efficacious, these new technologies also pose serious security and privacy challenges. OBJECTIVE The training program described here aims at preparing well-informed health information security and privacy professionals with enhanced course materials and various approaches. METHODS A new educational track has been built within a health informatics graduate program. Several existing graduate courses have been enhanced with new security and privacy modules. New labs and seminars have been created, and students are being encouraged to participate in research projects and obtain real-world experience from industry partners. Students in this track receive both theoretical education and hands-on practice. Evaluations have been performed on this new track by conducting multiple surveys on a sample of students. RESULTS We have succeeded in creating a new security track and developing a pertinent curriculum. The newly created security materials have been implemented in multiple courses. Our evaluation indicated that students (N=72) believed that receiving security and privacy training was important for health professionals, the provided security contents were interesting, and having the enhanced security and privacy training in this program was beneficial for their future career. CONCLUSIONS The security and privacy education for health information professionals in this new security track has been significantly enhanced.

Download Full-text

An Affordable Hybrid Cloud Based Cluster for Secure Health Informatics Research

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2018040102 ◽

2018 ◽

Vol 8 (2) ◽

pp. 27-46

Author(s):

Basit Qureshi

Keyword(s):

Data Storage ◽

Health Informatics ◽

Low Cost ◽

Academic Research ◽

Security And Privacy ◽

Hybrid Cloud ◽

Public Cloud ◽

Public And Private ◽

Attribute Based Encryption ◽

Patient Health

This article describes how a major risk factor in the deployment of patient health records systems in the cloud is the security and privacy of data. Hybrid cloud solutions have been proposed that leverage the public and private cloud deployment to manage and alleviate accessibility, access control and privacy concerns. This article presents a privacy preserving and secure architecture for data acquisition, storage, processing and sharing. The proposed architecture is composed of a public cloud-based services that interact with a low-cost cloud computing cluster (LoC4) as a backend. A lightweight data security eco-system based on attribute based encryption is developed to provide security for public cloud-based data storage. Performance of the deployment is evaluated in a real-time deployment environment. The results show that the proposed ABE-based system is 2.3 times faster than AES-based for a variety of sizes of data blocks. It is further noted that the low-cost and affordability of LoC4 platform offers excellent opportunities for academic research in cloud based health informatics.

Download Full-text

Designing Secure and Privacy-Aware Information Systems

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2017040101 ◽

2017 ◽

Vol 8 (2) ◽

pp. 1-25

Author(s):

Christos Kalloniatis ◽

Argyri Pattakou ◽

Evangelia Kavakli ◽

Stefanos Gritzalis

Keyword(s):

Information Systems ◽

Personal Information ◽

Research Area ◽

Security And Privacy ◽

Software Systems ◽

Economic Relationships ◽

Analysis And Design ◽

Privacy Requirements ◽

Systems Analysis And Design ◽

User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

Download Full-text

Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities

IEEE Access ◽

10.1109/access.2020.2989456 ◽

2020 ◽

Vol 8 ◽

pp. 76541-76567 ◽

Cited By ~ 2

Author(s):

Muktar Yahuza ◽

Mohd Yamani Idna Bin Idris ◽

Ainuddin Wahid Bin Abdul Wahab ◽

Anthony T. S. Ho ◽

Suleman Khan ◽

...

Keyword(s):

Systematic Review ◽

State Of The Art ◽

Edge Computing ◽

Security And Privacy ◽

Future Research ◽

Research Opportunities ◽

Privacy Requirements

Download Full-text

The Health Insurance Portability and Accountability Act: Security and privacy requirements

American Journal of Health-System Pharmacy ◽

10.1093/ajhp/58.9.763 ◽

2001 ◽

Vol 58 (9) ◽

pp. 763-770 ◽

Cited By ~ 8

Author(s):

Dennis A. Tribble

Keyword(s):

Health Insurance ◽

Security And Privacy ◽

Privacy Requirements ◽

Health Insurance Portability

Download Full-text

Assurance of Security and Privacy Requirements for Cloud Deployment Models

IEEE Transactions on Cloud Computing ◽

10.1109/tcc.2015.2511719 ◽

2018 ◽

Vol 6 (2) ◽

pp. 387-400 ◽

Cited By ~ 12

Author(s):

Shareeful Islam ◽

Moussa Ouedraogo ◽

Christos Kalloniatis ◽

Haralambos Mouratidis ◽

Stefanos Gritzalis

Keyword(s):

Security And Privacy ◽

Privacy Requirements

Download Full-text

Model Based Process to Support Security and Privacy Requirements Engineering

International Journal of Secure Software Engineering ◽

10.4018/jsse.2012070101 ◽

2012 ◽

Vol 3 (3) ◽

pp. 1-22 ◽

Cited By ~ 20

Author(s):

Shareeful Islam ◽

Haralambos Mouratidis ◽

Christos Kalloniatis ◽

Aleksandar Hudic ◽

Lorenz Zechner

Keyword(s):

Requirements Engineering ◽

Security And Privacy ◽

Software Systems ◽

Continuous Change ◽

Privacy Requirements ◽

Model Based ◽

Systems Research ◽

Implementation Techniques ◽

Voting System ◽

Eu Project

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It’s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors’ work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.

Download Full-text