Regulatory Compliance and the Correlation to Privacy Protection in Healthcare

Recent government-led efforts and industry-sponsored privacy initiatives in the healthcare sector have received heightened publicity. The current set of privacy legislation mandates that all parties involved in the delivery of care specify and publish privacy policies regarding the use and disclosure of personal health information. The authors’ study of actual healthcare privacy policies indicates that the vague representations in published privacy policies are not strongly correlated with adequate privacy protection for the patient. This phenomenon is not due to a lack of available technology to enforce privacy policies, but rather to the will of the healthcare entities to enforce strong privacy protections and their interpretation of minimum compliance obligations. Using available information systems and data mining techniques, this article describes an infrastructure for privacy protection based on the idea of policy refinement to allow the transition from the current state of perceived to be privacy-preserving systems to actually privacy-preserving systems.

Download Full-text

Regulatory Compliance and the Correlation to Privacy Protection in Healthcare

International Journal of Computational Models and Algorithms in Medicine ◽

10.4018/jcmam.2010040103 ◽

2010 ◽

Vol 1 (2) ◽

pp. 37-52 ◽

Cited By ~ 2

Author(s):

Tyrone Grandison ◽

Rafae Bhatti

Keyword(s):

Privacy Protection ◽

Regulatory Compliance ◽

Privacy Preserving ◽

Personal Health Information ◽

Healthcare Sector ◽

Privacy Policies ◽

Delivery Of Care ◽

Policy Refinement ◽

Available Technology ◽

Available Information

Download Full-text

DynamiChain: Development of Medical Blockchain Ecosystem Based on Dynamic Consent System

Applied Sciences ◽

10.3390/app11041612 ◽

2021 ◽

Vol 11 (4) ◽

pp. 1612

Author(s):

Tong Min Kim ◽

Seo-Joon Lee ◽

Dong-Jin Chang ◽

Jawook Koo ◽

Taenam Kim ◽

...

Keyword(s):

Industrial Revolution ◽

Health Management ◽

Personal Health Information ◽

Healthcare Sector ◽

Personal Health ◽

Health Examination ◽

Fourth Industrial Revolution ◽

Management Algorithm ◽

Dynamic Consent ◽

Privacy Issues

Although blockchain is acknowledged as one of the most important technologies to lead the fourth industrial revolution, major technical challenges regarding security breach and privacy issues remain. This issue is particularly sensitive in applied medical fields where personal health information is handled within the network. In addition, contemporary blockchain-converged solutions do not consider restricted medical data regulations that are still obstacles in many countries worldwide. This implies a crucial need for a system or solution that is suitable for the healthcare sector. Therefore, this article proposes the development of a dynamic consent medical blockchain system called DynamiChain, based on a ruleset management algorithm for handling health examination data. Moreover, medical blockchain-related studies were systematically reviewed to prove the novelty of DynamiChain. The proposed system was implemented in a scenario where the exercise management healthcare company provided health management services based on data obtained from the data provider’s hospital. The proposed research is envisioned to provide a widely compatible blockchain medical system that could be applied in future healthcare fields.

Download Full-text

Medical Device Regulation and Cybersecurity: Achieving ‘Secure by Design’ for Regulatory Compliance

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2020.02.02 ◽

2020 ◽

Vol 9 (2) ◽

pp. 12-17

Author(s):

William S ENNS-BRAY ◽

Kim ROCHAT

Keyword(s):

Medical Devices ◽

Rapid Evolution ◽

Healthcare Providers ◽

Regulatory Compliance ◽

Healthcare Sector ◽

Security Risks ◽

The Past ◽

Smart Hospitals ◽

Personalized Health ◽

Medical Device Regulation

The rapid evolution of information technology over the past 50 years is transforming our healthcare institutions from paper-based organizations into smart hospitals, a term now used by European Union Agency for Cybersecurity (ENISA). These changes are also associated with the systematic reliance on medical devices by both patients and healthcare providers. While these devices have the potential to advance personalized health solutions and improving the quality and efficacy of care, they nevertheless present significant security risks and challenges throughout the healthcare sector.

Download Full-text

DeTER Framework

International Journal of Intelligent Information Technologies ◽

10.4018/ijiit.2021040101 ◽

2021 ◽

Vol 17 (2) ◽

pp. 1-24

Author(s):

Rangarajan (Ray) Parthasarathy ◽

David K. Wyant ◽

Prasad Bingi ◽

James R. Knight ◽

Anuradha Rangarajan

Keyword(s):

System Development ◽

Healthcare Providers ◽

Regulatory Compliance ◽

Research Literature ◽

Personal Health Information ◽

Contact Tracing ◽

Ethical Perspective ◽

Mobile Healthcare ◽

Development Life Cycle ◽

Comprehensive Framework

The use of health apps on mobile devices by healthcare providers and receivers (patients) is proliferating. This has elevated cybersecurity concerns owing to the transmittal of personal health information through the apps. Research literature has mostly focused on the technology aspects of cybersecurity in mobile healthcare. It is equally important to focus on the ethical and regulatory perspectives. This article discusses cybersecurity concerns in mobile healthcare from the ethical perspective, the regulatory/compliance perspective, and the technology perspective. The authors present a comprehensive framework (DeTER) that integrates all three perspectives through which cybersecurity concerns in mobile healthcare could be viewed, understood, and acted upon. Guidance is provided with respect to leveraging the framework in the decision-making process that occurs during the system development life cycle (SDLC). Finally, the authors discuss a case applying the framework to a situation involving the development of a contact tracing mobile health app for pandemics such as COVID-19.

Download Full-text

Social Credential-Based Role Recommendation and Patient Privacy Control in Medical Emergency

Methods, Models, and Computation for Medical Informatics ◽

10.4018/978-1-4666-2653-9.ch013 ◽

2012 ◽

pp. 215-237

Author(s):

Soon Ae Chun ◽

Joon Hee Kwon ◽

Haesung Lee

Keyword(s):

Privacy Protection ◽

Information Technologies ◽

Medical Data ◽

Medical Emergency ◽

Prototype System ◽

Privacy Policies ◽

Health Records ◽

Health Information Technologies ◽

Emergency Situations ◽

Role Based

Emerging Health Information Technologies (HIT), such as Electronic Health Records (EHR) and Personal Health Records (PHR) systems, facilitate access to and sharing of patients’ medical data in a distributed environment. The privacy protection of medical information is a pressing issue with the use of these medical technologies. In this paper, the authors present a Patient-controlled Privacy Protection Framework, which allows a patient to specify his or her own privacy policies on their own medical data no matter where they are stored. In addition, the authors extend this basic framework to medical emergency situations, where roles and users may not be limited to an organizational boundary. To enforce patient’s privacy policies even in emergency situations, the authors propose the Situation Role-based Privacy Control model and a social network-based user credential discovery method to recommend a situation role to candidate users. The authors present a mobile prototype system and two experiments to show the feasibility of our approach.

Download Full-text

Analytical Study on Privacy Attack Models in Privacy Preserving Data Publishing

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch076 ◽

2019 ◽

pp. 1518-1538

Author(s):

Sowmyarani C. N. ◽

Dayananda P.

Keyword(s):

Private Information ◽

Background Knowledge ◽

Privacy Preserving ◽

Data Publishing ◽

Background Information ◽

Published Data ◽

Privacy Attack ◽

Privacy Preserving Data Publishing ◽

Available Information ◽

Attack Models

Privacy attack on individual records has great concern in privacy preserving data publishing. When an intruder who is interested to know the private information of particular person of his interest, will acquire background knowledge about the person. This background knowledge may be gained though publicly available information such as Voter's id or through social networks. Combining this background information with published data; intruder may get the private information causing a privacy attack of that person. There are many privacy attack models. Most popular attack models are discussed in this chapter. The study of these attack models plays a significant role towards the invention of robust Privacy preserving models.

Download Full-text

A New View of Privacy in Social Networks

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch025 ◽

2019 ◽

pp. 517-541

Author(s):

Wei Chang ◽

Jie Wu

Keyword(s):

Privacy Protection ◽

Privacy Preserving ◽

Propagation Path ◽

Data Publishing ◽

Mobile Social Network ◽

Data Utility ◽

Privacy Requirements ◽

Individual Privacy ◽

Utility Loss ◽

Privacy Preserving Data Publishing

Many smartphone-based applications need microdata, but publishing a microdata table may leak respondents' privacy. Conventional researches on privacy-preserving data publishing focus on providing identical privacy protection to all data requesters. Considering that, instead of trapping in a small coterie, information usually propagates from friend to friend. The authors study the privacy-preserving data publishing problem on a mobile social network. Along a propagation path, a series of tables will be locally created at each participant, and the tables' privacy-levels should be gradually enhanced. However, the tradeoff between these tables' overall utility and their individual privacy requirements are not trivial: any inappropriate sanitization operation under a lower privacy requirement may cause dramatic utility loss on the subsequent tables. For solving the problem, the authors propose an approximation algorithm by previewing the future privacy requirements. Extensive results show that this approach successfully increases the overall data utility, and meet the strengthening privacy requirements.

Download Full-text

Privacy Protection Overseas as Perceived by USA-Based IT Professionals

Electronic Government ◽

10.4018/978-1-59904-947-2.ch208 ◽

2011 ◽

pp. 2784-2797

Author(s):

Jaymeen R. Shah ◽

Garry L. White ◽

James R. Cook

Keyword(s):

United States ◽

Privacy Protection ◽

The United States ◽

Multinational Companies ◽

The Internet ◽

It Professionals ◽

Privacy Policies ◽

Global Standards ◽

Privacy Laws ◽

Single Set

Privacy laws for the Internet are difficult to develop and implement domestically and internationally. A clear problem is how such laws are limited to national jurisdictions. What is legal in one country may be illegal in another. Due to differences in cultures and values, and government types, it may not be possible to establish global standards and legislations to ensure privacy. Due to the nonexistence of global privacy standards, multinational (international) companies usually select one of the following two possible solutions: (1) implement a most restrictive “one size fits all” privacy policy that is used across various countries, or (2) implement different privacy policies that meet the privacy regulations of different countries and expectations of those citizens. In order to investigate a solution that may be used by multinational companies, and how companies view domestic privacy laws, the authors conducted a survey of U.S.-based employees of domestic and multinational companies. The results of the survey suggest that the majority of the multinational companies prefer the first solution—most restrictive “one size fits all” approach. They develop and implement a single set of privacy policies that is used across their operations in different countries. The majority of the companies surveyed consider domestic privacy laws in the United States to be practical, but ineffective.

Download Full-text

A Dual Privacy Preserving Algorithm in Spatial Crowdsourcing

Mobile Information Systems ◽

10.1155/2020/1960368 ◽

2020 ◽

Vol 2020 ◽

pp. 1-6

Author(s):

Shengxiang Wang ◽

Xiaofan Jia ◽

Qianqian Sang

Keyword(s):

Waiting Time ◽

Task Allocation ◽

Privacy Protection ◽

Privacy Preserving ◽

Smart Devices ◽

Location Information ◽

Spatial Crowdsourcing ◽

Allocation Efficiency ◽

And Task

Spatial crowdsourcing assigns location-related tasks to a group of workers (people equipped with smart devices and willing to complete the tasks), who complete the tasks according to their scope of work. Since space crowdsourcing usually requires workers’ location information to be uploaded to the crowdsourcing server, it inevitably causes the privacy disclosure of workers. At the same time, it is difficult to allocate tasks effectively in space crowdsourcing. Therefore, in order to improve the task allocation efficiency of spatial crowdsourcing in the case of large task quantity and improve the degree of privacy protection for workers, a new algorithm is proposed in this paper, which can improve the efficiency of task allocation by disturbing the location of workers and task requesters through k-anonymity. Experiments show that the algorithm can improve the efficiency of task allocation effectively, reduce the task waiting time, improve the privacy of workers and task location, and improve the efficiency of space crowdsourcing service when facing a large quantity of tasks.

Download Full-text

E-Services Privacy

Electronic Business ◽

10.4018/978-1-60566-056-1.ch130 ◽

2009 ◽

pp. 2099-2114

Author(s):

Osama Shata

Keyword(s):

Privacy Protection ◽

Privacy Policies ◽

Public And Private ◽

Internet Censorship ◽

And Coping ◽

Privacy Issues

This chapter introduces several aspects related to e-privacy such as needs, approaches, challenges, and models. It argues that e-privacy protection, although being of interest to many parties such as industry, government, and individuals, is very difficult to achieve since these stakeholders often have conflicting needs and requirements and may even have conflicting understanding of e-privacy. So finding one model or one approach to e-privacy protection that may satisfy these stakeholders is a challenging task. Furthermore, the author hopes that this chapter will present an acceptable definition for e-privacy and use this definition to discuss various aspects of e-privacy protection such as principles of developing e-privacy policies, individuals and organizations needs of various privacy issues, challenges of adopting and coping with e-privacy policies, tools and models to support e-privacy protection in both public and private networks, related legislations that protect or constraint e-privacy, and spamming and Internet censorship in the context of e-privacy. The author hopes that understanding these aspects will assist researchers in developing policies and systems that will bring the conflict in e-privacy protection needs of individuals, industry, and government into better alignment.

Download Full-text