Science.gov

Sample records for hipaa privacy security

  1. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  2. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  3. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  4. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  5. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  6. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  7. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  8. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

    PubMed

    2013-01-25

    The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities. PMID:23476971

  9. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  10. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  11. HIPAA Privacy 101: essentials for case management practice.

    PubMed

    DiBenedetto, Deborah V

    2003-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard. PMID:12555039

  12. 75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-14

    ...,'' were issued on December 28, 2000, and amended on August 14, 2002. See 65 FR 82462, as amended at 67 FR... the ``Security Rule,'' were issued on February 20, 2003. See 68 FR 8334. The Compliance and... as the ``Enforcement Rule,'' were issued as an interim final rule on April 17, 2003 (68 FR...

  13. HIPAA enhancements to improve emergency department security.

    PubMed

    Freeman, Jeffrey

    2004-05-01

    The Health Insurance Portability and Accountability Act (HIPAA) seems to be as useful as is capitalism to the medically uninsured (or perhaps, as necessary as another leukotriene inhibitor for asthma). Is the emergency medical community doing enough? Can we improve on HIPAA to increase privacy in the emergency department? HIPAA regulations are reviewed in all their wondrous complexity and simplified so that even your medical director can understand them. PMID:15111925

  14. Assessing the HIPAA standard in practice: PHR privacy policies.

    PubMed

    Carrión, Inmaculada; Alemán, José Luis Fernández; Toval, Ambrosio

    2011-01-01

    Health service providers are starting to become interested in providing PHRs (Personal Health Records). With PHRs, access to data is controlled by the patient, and not by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. A number of benefits can be achieved with PHRs, but important challenges related to security and privacy must be addressed. This paper presents a review of the privacy policies of 20 free web-based PHRs. Security and privacy characteristics were extracted and assessed according to the HIPAA standard. The results show a number of important differences in the characteristics analyzed. Some improvements can be made to current PHR privacy policies to enhance the audit and management of access to users' PHRs. A questionnaire has been defined to assist PHR designers in this task. PMID:22254820

  15. Final HIPAA security regulations: a review.

    PubMed

    Garner, John C

    2003-01-01

    This article examines the national standards for safeguarding the confidentiality, integrity, and availability of electronic protected health information under the final Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). The standards require entities covered by the rule to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission. The final privacy rule applies to protected health information in any form. PMID:14983648

  16. HIPAA's Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

    ERIC Educational Resources Information Center

    Stephens, James H.; Parrillo, Anthony V.

    2011-01-01

    The confidentiality of a patient's information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient's privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual's health information on the web. Consequently, if a…

  17. HIPAA the Health Care Hippo: Despite the Rhetoric, Is Privacy Still an Issue?

    ERIC Educational Resources Information Center

    Kuczynski, Kay; Gibbs-Wahlberg, Patty

    2005-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (PL. 104-191) is a multitiered, comprehensive, convoluted, and controversial federal law for sweeping health care reform. Although HIPAA is dramatically broader in scope than privacy protections for health care information, a provision for privacy in the form of a Privacy Rule…

  18. Does the HIPAA Privacy Rule Allow Parents the Right to See Their Children's Medical Records?

    MedlinePlus

    ... Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records? Answer: Yes, ... your contact information below. Email Office for Civil Rights Headquarters U.S. Department of Health & Human Services 200 ...

  19. The End of the HIPAA Privacy Rule? Currents in Contemporary Bioethics.

    PubMed

    Rothstein, Mark A

    2016-06-01

    The HIPAA Privacy Rule is notoriously weak because of its incomplete coverage, numerous exclusions and exemptions, and limited rights for individuals. The three areas in which it provides the most protection are fundraising, marketing, and research. Provisions of the 21st Century Cures Act, pending in Congress, and the Notice of Proposed Rulemaking to amend the federal research regulations (Common Rule), awaiting final regulatory action, would weaken the privacy protections for research. If these measures are adopted, the HIPAA Privacy Rule would have so little value that it might not be worth the aggravation and burden. PMID:27338610

  20. What Judicial Officers Need to Know about the HIPAA Privacy Rule

    ERIC Educational Resources Information Center

    Rowe, Linda P.

    2005-01-01

    This article reviews and analyzes how the Standards for Privacy of Individually Identifiable Health Information, or "Privacy Rule" of Public Law 104-191 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), have impacted the administration of student judicial affairs in higher education. In addition to briefly summarizing the…

  1. Health privacy is difficult but not impossible in a post-HIPAA data-driven world.

    PubMed

    Terry, Nicolas

    2014-09-01

    In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission. PMID:25180726

  2. A HIPAA-compliant architecture for securing clinical images

    NASA Astrophysics Data System (ADS)

    Liu, Brent J.; Zhou, Zheng; Huang, H. K.

    2005-04-01

    The HIPAA (Health Insurance Portability and Accountability Act, Instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems (eg, PACS) have components that generate log files as a solution to address the HIPAA mandate, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log file data generated by these multiple components within a PACS. We have designed and developed a HIPAA Compliant Architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, a software toolkit was implemented based on the HIPAA Compliant architecture. The toolkit was implemented within a testbed PACS Simulator located in the Image Processing and Informatics (IPI) lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS Simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as normal operational activity.

  3. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  4. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  5. The Legal Implications of HIPAA Privacy and Public Health Reporting for Correctional Facilities.

    PubMed

    Barraza, Leila; Collmer, Veda; Meza, Nick; Penunuri, Kristin

    2015-07-01

    Inmates in cramped living quarters, a situation common to correctional facilities, are especially vulnerable to disease. Cramped living conditions, coupled with above-average rates of HIV, tuberculosis, and other communicable diseases, increase inmates' risk of problematic health outcomes. Thus, high-quality health care and sustained efforts to prevent disease are especially important to improve inmate health within correctional facilities. Compliance with federal privacy restrictions pursuant to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and state disease reporting requirements will foster inmate health and assist efforts to prevent the spread of disease. This article examines the interplay between HIPAA rules and state reporting laws to preserve health information privacy and to control the spread of disease. PMID:25953838

  6. The HIPAA privacy rule: practical advice for academic and research institutions.

    PubMed

    Gunter, Kim P

    2002-02-01

    The Final Standards for Privacy of Individually Identifiable Health Information (privacy rule) of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 holds particular importance for academic and research organizations because they use patient information in the provision of experimental healthcare services. In developing a strategy to comply with the final privacy rule, these organizations require an understanding of certain standards that hold significance for them. Specifically, organizations should establish patient privacy guidelines for non-employee researchers the organization should consider partners in business with whom the organization should share its researcher guidelines. These organizations also should understand the difference between consent and authorization, how requirements of the final privacy rule build upon those of the Federal Policy for the Protection of Human Subjects, and the differing roles of privacy boards and institutional review boards. PMID:11842502

  7. mHealth data security: the need for HIPAA-compliant standardization.

    PubMed

    Luxton, David D; Kayl, Robert A; Mishkind, Matthew C

    2012-05-01

    The rise in the use of mobile devices, such as smartphones, tablet personal computers, and wireless medical devices, as well as the wireless networks that enable their use, has raised new concerns for data security and integrity. Standardized Health Insurance Portability and Accountability Act of 1996 (HIPAA)-compliant electronic data security that will allow ubiquitous use of mobile health technologies is needed. The lack of standardized data security to assure privacy, to allow interoperability, and to maximize the full capabilities of mobile devices presents a significant barrier to care. The purpose of this article is to provide an overview of the issue and to encourage discussion of this important topic. Current security needs, standards, limitations, and recommendations for how to address this barrier to care are discussed. PMID:22400974

  8. Medical image security in a HIPAA mandated PACS environment.

    PubMed

    Cao, F; Huang, H K; Zhou, X Q

    2003-01-01

    Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information. PMID:12620309

  9. How to avoid a HIPAA horror story.

    PubMed

    Withrow, Scott C

    2010-08-01

    The Health Information Technology for Economic and Clinical Health Act of 2009 significantly expands the financial risk of violations of the Health Insurance Portability and Accountability Act (HIPAA) and extends HIPAA procedures and penalties to business associates. Hospitals, physicians, and their business associates should ensure that HIPAA privacy and security provisions are adopted. Compliance efforts should focus on high-risk areas, including information access management, access control, and impermissible disclosures of protected health information. PMID:20707266

  10. Challenges and Insights in Using HIPAA Privacy Rule for Clinical Text Annotation

    PubMed Central

    Kayaalp, Mehmet; Browne, Allen C.; Sagan, Pamela; McGee, Tyne; McDonald, Clement J.

    2015-01-01

    The Privacy Rule of Health Insurance Portability and Accountability Act (HIPAA) requires that clinical documents be stripped of personally identifying information before they can be released to researchers and others. We have been manually annotating clinical text since 2008 in order to test and evaluate an algorithmic clinical text de-identification tool, NLM Scrubber, which we have been developing in parallel. Although HIPAA provides some guidance about what must be de-identified, translating those guidelines into practice is not as straightforward, especially when one deals with free text. As a result we have changed our manual annotation labels and methods six times. This paper explains why we have made those annotation choices, which have been evolved throughout seven years of practice on this field. The aim of this paper is to start a community discussion towards developing standards for clinical text annotation with the end goal of studying and comparing clinical text de-identification systems more accurately. PMID:26958206

  11. HIPAA and information security risk: implementing an enterprise-wide risk management strategy

    NASA Astrophysics Data System (ADS)

    Alberts, Christopher J.; Dorofee, Audrey

    2001-08-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 effectively establishes a standard of due care for healthcare information security. One of the challenges of implementing policies, procedures, and practices consistent with HIPAA requirements in the Department of Defense Military Health System is the need for a method that can tailor the requirements to a variety of organizational contexts. This paper will describe a self- directed information security risk evaluation that will enable military healthcare providers to assess their risks and to develop mitigation strategies consistent with HIPAA guidelines.

  12. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  13. High standards. A decade after the law went into effect, there is still debate about the pros and cons of the HIPAA privacy and electronic transaction regulations.

    PubMed

    Edlin, Mari; Johns, Stephanie

    2006-01-01

    When congress passed the Health Insurance Portability and Accountability act in 1996, the goal was to create a simpler, more standardized system that would eventually lower health care costs; reduce errors through safe, universally accepted electronic communication of health care transactions; and eliminate paper claims. Ten years later, the jury is still out on whether HIPAA has been worth the time, energy, and financial investment for insurers. That's not to say, however, that HIPAA hasn't generated benefits while also creating new challenges. "Standards made sense," says Tom Fitzpatrick, Horizon Blue Cross Blue Shield of New Jersey's director of enterprise strategic planning, "but no one ever said it would be fast, cheap, or easy. It was challenging to integrate proprietary claims systems and legacy software with the new standards that took effect in October 2003. But that wasn't the end of the story. HIPAA's privacy and security rules and the standard identifiers have meant even more upgrades and improvements and have required payers to spend millions of additional dollars over the past three years on HIPAA compliance." According to a set of quarterly surveys conducted by HIMSS/Phoenix Health Systems, progress has actually been fairly rapid. On the other hand, some things have remained much the same. In 2003, payers cited "understanding/interpreting the legal requirements" as the most difficult aspect of the HIPAA remediation process, followed by "achieving successful integration of new policies and procedures" and "resolving issues with third parties". In 2006, the barriers are similar, with users citing the same top two struggles. PMID:17175737

  14. Health Insurance Portability and Accountability Act (HIPAA) legislation and its implication on speech privacy design in health care facilities

    NASA Astrophysics Data System (ADS)

    Tocci, Gregory C.; Storch, Christopher A.

    2005-09-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (104th Congress, H.R. 3103, January 3, 1986), among many things, individual patient records and information be protected from unnecessary issue. This responsibility is assigned to the U.S. Department of Health and Human Services (HHS) which has issued a Privacy Rule most recently dated August 2002 with a revision being proposed in 2005 to strengthen penalties for inappropriate breaches of patient privacy. Despite this, speech privacy, in many instances in health care facilities need not be guaranteed by the facility. Nevertheless, the regulation implies that due regard be given to speech privacy in both facility design and operation. This presentation will explore the practical aspects of implementing speech privacy in health care facilities and make recommendations for certain specific speech privacy situations.

  15. Evaluating re-identification risks with respect to the HIPAA privacy rule

    PubMed Central

    Benitez, Kathleen

    2010-01-01

    Objective Many healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share “de-identified” records. Such policies, however, are often applied without knowledge of the risk of “re-identification”. The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists. Measurements We define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries. Results The percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17 000, further confirming risk variability. Conclusions This work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data. PMID:20190059

  16. The Health Insurance Portability and Accountability Act: security and privacy requirements.

    PubMed

    Tribble, D A

    2001-05-01

    The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information. PMID:11351916

  17. Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

    ERIC Educational Resources Information Center

    Johnson, James R.

    2013-01-01

    The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

  18. Privacy and Security: A Bibliography.

    ERIC Educational Resources Information Center

    Computer and Business Equipment Manufacturers Association, Washington, DC.

    Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

  19. The ethical and legal implications of Jaffee v Redmond and the HIPAA medical privacy rule for psychotherapy and general psychiatry.

    PubMed

    Mosher, Paul W; Swire, Peter P

    2002-09-01

    The 1996 Jaffee v Redmond US Supreme Court decision established a privilege for psychotherapeutic communications in the federal courts. The new privilege has both substantive and symbolic importance. In its strongly worded opinion in Jaffee v Redmond, the US Supreme Court made clear that confidentiality in psychotherapy takes precedence over certain other important societal goals. The new Health Insurance Portability and Accountability Act (HIPAA) medical privacy rule promulgated by the Department of Health and Human Services relies on Jaffee v Redmond in providing additional legal protections for confidential psychotherapy. Both the US Supreme Court's Jaffee v Redmond ruling and the HIPAA rule support the ethical protection of confidentiality of conversations between psychiatrists and patients. PMID:12232971

  20. Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

    PubMed Central

    Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

    2013-01-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

  1. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. PMID:25467897

  2. Privacy and security in teleradiology.

    PubMed

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. PMID:19914020

  3. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  4. Panel: RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Fu, Kevin

    The panel on RFID security and privacy included Ross Anderson, Jon Callas, Yvo Desmedt, and Kevin Fu. Topics for discussion included the "chip and PIN" EMV payment systems, e-Passports, "mafia" attacks, and RFID-enabled credit cards. Position papers by the panelists appear in the following pages, and the RFID-enabled credit card work appears separately in these proceedings.

  5. HIPAA--a real world perspective.

    PubMed

    Nulan, C

    2001-01-01

    An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and

  6. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS). Final rule.

    PubMed

    2016-01-01

    The Department of Health and Human Services (HHS or "the Department'') is issuing this final rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal "mental health prohibitor'' that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on Federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this final rule, only covered entities with lawful authority to make the adjudications or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, are permitted to disclose the information needed for these purposes. The disclosure is restricted to limited demographic and certain other information needed for NICS purposes. The rule specifically prohibits the disclosure of diagnostic or clinical information, from medical records or other sources, and any mental health information beyond the indication that the individual

  7. 76 FR 56712 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-14

    ... December 28, 2000, the Department published a final rule in the Federal Register (65 FR 82462) entitled... was amended on August 14, 2002 (67 FR 53182). The Privacy Rule at 45 CFR 164.524 provides individuals... conflict with the CLIA requirements that limited patient access to test reports (65 FR 82485)....

  8. 76 FR 31425 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-31

    ... August 14, 2002). See 65 FR 82462, as amended at 67 FR 53182. The Privacy Rule at 45 CFR 164.528 requires... certification criterion to account for disclosures at 45 CFR 170.210(e) and 170.302(v), 75 FR 2014, 2044, 2046... rule (75 FR 44623), ONC discussed its rationale for retaining the standard for accounting for...

  9. Never too old for anonymity: a statistical standard for demographic data sharing via the HIPAA Privacy Rule

    PubMed Central

    Benitez, Kathleen; Masys, Daniel

    2010-01-01

    Objective Healthcare organizations must de-identify patient records before sharing data. Many organizations rely on the Safe Harbor Standard of the HIPAA Privacy Rule, which enumerates 18 identifiers that must be suppressed (eg, ages over 89). An alternative model in the Privacy Rule, known as the Statistical Standard, can facilitate the sharing of more detailed data, but is rarely applied because of a lack of published methodologies. The authors propose an intuitive approach to de-identifying patient demographics in accordance with the Statistical Standard. Design The authors conduct an analysis of the demographics of patient cohorts in five medical centers developed for the NIH-sponsored Electronic Medical Records and Genomics network, with respect to the US census. They report the re-identification risk of patient demographics disclosed according to the Safe Harbor policy and the relative risk rate for sharing such information via alternative policies. Measurements The re-identification risk of Safe Harbor demographics ranged from 0.01% to 0.19%. The findings show alternative de-identification models can be created with risks no greater than Safe Harbor. The authors illustrate that the disclosure of patient ages over the age of 89 is possible when other features are reduced in granularity. Limitations The de-identification approach described in this paper was evaluated with demographic data only and should be evaluated with other potential identifiers. Conclusion Alternative de-identification policies to the Safe Harbor model can be derived for patient demographics to enable the disclosure of values that were previously suppressed. The method is generalizable to any environment in which population statistics are available. PMID:21169618

  10. HIPAA-FERPA Revisited

    ERIC Educational Resources Information Center

    Bergren, Martha Dewey

    2004-01-01

    Since April 2003, school nurse and school health officials have been clamoring for guidance on how the Health Insurance Portability and Accountability Act (HIPAA) and the Family Education Rights Privacy Act (FERPA) interface in the school environment. This article provides an up-to-date explanation of how school health leaders are interpreting the…

  11. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    NASA Astrophysics Data System (ADS)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  12. The Regulatory Framework for Privacy and Security

    NASA Astrophysics Data System (ADS)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  13. A HIPAA strategy for dental schools.

    PubMed

    Walker, Rosemary

    2002-05-01

    Certain health care organizations, including dental schools, should be readying themselves to comply with the numerous requirements described within the administrative simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The intent of administrative simplification is to streamline the management of health care transactions while protecting the privacy of certain written, oral, and electronic patient information. There are no field-tested plans for implementing the law because only recently has the health care industry begun to respond to the multitude of requirements. It is essential that each organization create a customized compliance plan that best fits its structure and needs. The purpose of this paper is to propose a five-stage theoretical strategy that could assist a dental school in achieving HIPAA compliance. The first stage involves the selection of a HIPAA task force. The second stage selects the applicable HIPAA requirements, determines the current states of confidentiality and security, manages the electronic transactions standards, and composes a gap analysis. The third stage examines risk analysis and management. The fourth stage encompasses technical modifications, policies and procedures, legal input, and training. The fifth stage addresses the maintenance of the implementation. PMID:12056767

  14. HIPAA standards offer more accuracy and eventual cost savings.

    PubMed

    Hamby, P H; McLaughlin, M

    2001-04-01

    More than four years after passage of the Health Insurance Portability and Accountability Act (HIPAA), HHS has yet to issue final rules regarding implementation of many of the statute's provisions. Of immediate concern to the healthcare industry are the final rules regarding electronic transactions and privacy and the proposed rule regarding security. The electronic transactions final rule addresses seven transaction types covered by HIPAA. The final rule mandates the use of standard implementation guides developed by the American National Standards Institute and specifies which code sets are to be used with each type of transaction. Under the security proposed rule, covered entities would be required to develop a security plan addressing four specific areas. Under the privacy final rule, covered entities must meet specific requirements regarding patients rights, including obtaining consent or, in some instances, authorization to use and disclose patients' personal health information. PMID:11300004

  15. Security and Privacy at a Public University.

    ERIC Educational Resources Information Center

    Bomzer, Herbert W.

    The data center and the user offices at a public university have a responsibility to maintain security and to protect the privacy of the individuals whose data they process. This persists even though much personal data are accessible in libraries. How to identify "private" data, what security precautions to take to protect these data from being…

  16. Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

    2006-03-01

    The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

  17. Educational RIS/PACS simulator integrated with the HIPAA compliant auditing (HCA) toolkit

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Zhang, J.

    2005-04-01

    Health Insurance Portability and Accountability Act (HIPAA), a guideline for healthcare privacy and security, has been officially instituted recently. HIPAA mandates healthcare providers to follow its privacy and security rules, one of which is to have the ability to generate audit trails on the data access for any specific patient on demand. Although most current medical imaging systems such as PACS utilize logs to record their activities, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. In this paper, we present a HIPAA compliant auditing (HCA) toolkit for auditing the image data flow of PACS. The toolkit can extract pertinent auditing information from the logs of various PACS components and store the information in a centralized auditing database. The HIPAA compliant audit trails can be generated based on the database, which can also be utilized for data analysis to facilitate the dynamic monitoring of the data flow of PACS. In order to demonstrate the HCA toolkit in a PACS environment, it was integrated with the PACS Simulator, that was presented as an educational tool in 2003 and 2004 SPIE. With the integration of the HCA toolkit with the PACS simulator, users can learn HIPAA audit concepts and how to generate audit trails of image data access in PACS, as well as trace the image data flow of PACS Simulator through the toolkit.

  18. Banking on privacy. Hospitals must protect patient information--and their own liability--as banks balk at HIPAA.

    PubMed

    Haugh, Richard

    2004-02-01

    Thanks to HIPAA, banks stand to earn billions of dollars in new business by processing electronic claims for health care providers and payers. And the health care industry could realize $35 billion a year in efficiency gains and cost savings. But overshadowing it all is the question of how protected patient information will be--and how liable hospitals will be for any breach of that information by their business partners. PMID:14999878

  19. Family Caregiver Research and the HIPAA Factor

    ERIC Educational Resources Information Center

    Albert, Steven M.; Levine, Carol

    2005-01-01

    Research in family caregiving recently has become more challenging because of the strict protection of privacy mandated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We ask when should Institutional Review Boards (IRBs) follow HIPAA rules to the letter and when might they use the waiver option? What is the appropriate…

  20. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  1. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  2. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  3. Measuring and Modeling Security and Privacy Laws

    ERIC Educational Resources Information Center

    Romanosky, Sasha

    2012-01-01

    This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

  4. Ownership, Privacy, Confidentiality, and Security Data.

    ERIC Educational Resources Information Center

    Staman, E. Michael

    1986-01-01

    One of the areas most often neglected by those responsible for information systems in colleges and universities relates to ownership, privacy, confidentiality, and security of data. Background information and definitions are provided, and a suggested environment is described. Model recommendations for institutional policy are offered. (MLW)

  5. Information Security and Privacy in Network Environments.

    ERIC Educational Resources Information Center

    Congress of the U.S., Washington, DC. Office of Technology Assessment.

    The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

  6. Securing your PC and protecting your privacy.

    PubMed

    Schloman, Barbara F

    2005-01-01

    Working in a networked information environment brings new opportunities for getting and sharing information. Regrettably, these benefits of the Internet are challenged by forces that would interfere to satisfy their own profit or malevolent motives. Your networked computer can be infected by viruses, worms, or Trojan horses or infiltrated by spyware, adware, or pop-ups. Without being aware of the dangers and taking precautionary steps, your PC is susceptible to being compromised and your privacy invaded. This column will highlight some of the dangers and offer basic steps for securing your computer and protecting your privacy. PMID:15727543

  7. Update: electronic transactions, HIPAA, and Medicare reimbursement.

    PubMed

    McMahon, Erin Brisbay

    2003-10-01

    Physician practices that transmit any health information in electronic form in connection with a transaction covered by the HIPAA transactions and code sets rule will be required to comply with the rule no later than October 16, 2003. Under the rule, if certain transactions, such as the filing of claims, are conducted electronically, they must contain certain data content and be formatted in a particular way. On and after October 16, 2003, Medicare will require claims to be submitted electronically unless a physician practice has less than 10 full-time equivalent employees. Practices with fewer than 10 FTEs can continue to submit paper claims to Medicare without any further action on their part. At a minimum, physician practices must have the ability to capture the data required by the rule for covered transactions conducted electronically, and either use a clearinghouse to translate the data to X12N format or obtain a translator and electronic connectivity to ensure that the practice can send electronically compliant claims by October 16, 2003. Trading partner agreements may specify the duties and responsibilities of each party to the agreement in conducting a covered transaction electronically, but they are not required under HIPAA. Business associate agreements are required under HIPAA if a practice chooses to use a business associate (a person who performs an activity falling under the rule on behalf of the practice), including a health care clearinghouse, to conduct electronic covered transactions for it, and the agreement must comply with the HIPAA transactions and code sets rule, the privacy rule, and the security rule. This article is not, and should not be construed as, legal advice or an opinion on specific situations. PMID:16871309

  8. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices.

    PubMed

    Watzlaf, Valerie J M; Dealmeida, Dilhari R; Zhou, Leming; Hartman, Linda M

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  9. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices

    PubMed Central

    WATZLAF, VALERIE J.M.; DEALMEIDA, DILHARI R.; ZHOU, LEMING; HARTMAN, LINDA M.

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  10. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  11. Cyber security challenges in Smart Cities: Safety, security and privacy

    PubMed Central

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  12. New security and privacy laws require basic changes in professional practice

    NASA Astrophysics Data System (ADS)

    Sykes, David M.

    2005-09-01

    Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

  13. Security and Privacy in a DACS.

    PubMed

    Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

    2016-01-01

    The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents. PMID:27577355

  14. 42 CFR 600.350 - Privacy and security of information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State must comply with the standards and procedures set forth in 45 CFR 155.260(b) and (c) as are applicable to the... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information....

  15. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy or Security Safeguards. 52.239-1 Section 52.239-1 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52.239-1 Privacy or Security...

  16. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from National Strategy...

  17. 78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-25

    ... / Friday, January 25, 2013 / Rules and Regulations#0;#0; ] DEPARTMENT OF HEALTH AND HUMAN SERVICES Office... certain requirements with those under the Department's Human Subjects Protections regulations. These... 13563 to conduct a retrospective review of our existing regulations for the purpose of identifying...

  18. 78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-07

    ... effectiveness and to increase flexibility for and decrease burden on the regulated entities. See 78 FR 5566... FR 82707. Given that Sec. 164.512(k)(4)(i) relates to uses and disclosures of protected health... 160 Administrative practice and procedure, Computer technology, Electronic information...

  19. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  20. The Health Insurance Portability and Accountability Act (HIPAA): its broad effect on practice.

    PubMed

    Feld, Andrew D

    2005-07-01

    The Health Insurance Portability and Accountability Act (HIPAA), and its final rule, raised fears among practitioners of new and complex regulations that might interfere with medical practice, lead to inadvertent liability and unwanted expense. It generated a dizzying set of health-care administrative activities and a new work for legal consultants. It has extensive scope, and includes most health plans and practitioners. It has regulated both privacy and security, including electronic, paper, and oral communications. However, after a HIPAA compliant office structure is established, and the privacy notice is reviewed and signed by the patient, disclosure of medical information for treatment, payment or "health-care operations" is permitted without recurrent consent forms, thus allowing substantially familiar patterns of doctor-to-doctor communication about treatment. Further, the initial approach to enforcement appears to some legal observers to be more likely corrective rather than punitive, although providers remain uneasy over the mere possibility of criminal penalties. As regards medical research, uncertainties about the application of HIPAA seem less resolved and more variably interpreted by different institutions, with ongoing fear in the research community that important public health and epidemiologic research activity may be compromised by well meaning IRBs using inconsistent, overly strict or erroneous interpretation of the intent of HIPAA regulations. PMID:15984962

  1. HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

    NASA Astrophysics Data System (ADS)

    Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

    2006-03-01

    As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

  2. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Enforcement Record System (69 FR 71828, December 10, 2004.) TSA's mission is to protect... rule published on August 4, 2006 in 71 FR 44223. II. Privacy Act The Privacy Act embodies fair... records is also based on ``need to know.'' Electronic access is limited by computer security measures...

  3. SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

    PubMed Central

    Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

    2013-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  4. Safety, security, hygiene and privacy in migrant farmworker housing.

    PubMed

    Arcury, Thomas A; Weir, Maria M; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F; Bischoff, Werner E; Quandt, Sara A

    2012-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  5. VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie R.; Ondich, Briana

    2012-01-01

    Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant; most did not. While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes. Recommendations are provided for VoIP companies, providers, and clients/consumers. PMID:25945194

  6. VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance.

    PubMed

    Watzlaf, Valerie R; Ondich, Briana

    2012-01-01

    Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant; most did not. While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes. Recommendations are provided for VoIP companies, providers, and clients/consumers. PMID:25945194

  7. Privacy and Security - a Way to Manage the Dilemma

    NASA Astrophysics Data System (ADS)

    Peissl, Walter

    Privacy and security are often seen as opposites in a zero-sum game. The more you want from one, the less you get from the other. To overcome this dilemma the PRISE project (EU-funded by PASR/DG Enterprise) developed a methodology to establish sets of criteria for privacy enhancing security technologies. These sets of criteria are applicable on different levels (research, development, implementation) and by different actors (research coordinators, industry, policy-makers, public and private users). The use of these criteria is intended to contribute directly to a tangible and demonstrable improvement in security as accepted and acceptable security technologies will be more easily implemented, more widely used and confronted with less rejection by the general public and users of these technologies. A similar set of criteria is used for certification for the European Privacy Seal. Both the privacy by design approach and the certification scheme should increase the competitiveness of European security industries by providing guidance on the provision of widely acceptable security technologies.

  8. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... following Privacy Act system of records notice, DHS/TSA-017 Secure Flight Test Records (June 22, 2005, 70 FR.../Transportation Security Administration- 019, Secure Flight Records (November 9, 2007, 72 FR 63711) to cover the...)-017 Secure Flight Test Records (June 22, 2005, 70 FR 36320), from its inventory of record systems....

  9. Toward protocols for quantum-ensured privacy and secure voting

    NASA Astrophysics Data System (ADS)

    Bonanome, Marianna; Bužek, Vladimír; Hillery, Mark; Ziman, Mário

    2011-08-01

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Bužek, and M. Bieliková, Phys. Lett. APYLAAG0375-960110.1016/j.physleta.2005.09.010 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  10. Toward protocols for quantum-ensured privacy and secure voting

    SciTech Connect

    Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

    2011-08-15

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  11. 75 FR 18860 - Privacy Act of 1974, Department of Homeland Security Transportation Security Administration-013...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Officer Record System (FDORS), previously published on August 18, 2003 (68 FR 49496). TSA's mission is to... reflected in the final rule published on June 25, 2004, 69 FR 35536. Consistent with the Privacy Act... Security Administration--013 Federal Flight Deck Officer Record System AGENCY: Privacy Office, DHS....

  12. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 45 Public Welfare 1 2014-10-01 2014-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... compliance with privacy and security standards that meet the requirements of this section or other...

  13. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 42 Public Health 2 2013-10-01 2013-10-01 false Ensuring the privacy and security of data. 401.713... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity must... require the qualified entity to maintain privacy and security protocols throughout the duration of...

  14. Security, privacy, and confidentiality issues on the Internet.

    PubMed

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  15. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security Safeguards. 52.239-1 Section 52.239-1 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses...

  16. Online Privacy, Security and Ethical Dilemma: A Recent Study.

    ERIC Educational Resources Information Center

    Karmakar, Nitya L.

    The Internet remains as a wonder for the 21st century and its growth is phenomenon. According to a recent survey, the online population is now about 500 million globally and if this trend continues, it should reach 700 million by the end of 2002. This exponential growth of the Internet has given rise to several security, privacy and ethical…

  17. Online Patron Records and Privacy: Service vs. Security.

    ERIC Educational Resources Information Center

    Fouty, Kathleen G.

    1993-01-01

    Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

  18. Impact of HIPAA on Subject Recruitment and Retention

    PubMed Central

    Wipke-Tevis, Deidre D.; Pickett, Melissa A.

    2009-01-01

    Recruiting and retaining an adequate sample of subjects is critical to the success of any research project involving human subjects. Recent reports indicate the Health Insurance Portability and Accountability Act (HIPAA) Privacy rule has adversely impacted research. Few resources are available to help researchers and their staff navigate the challenges to subject recruitment and retention after the implementation of the HIPAA Privacy rule. This article will address obstacles to subject recruitment in prospective, clinical research studies related specifically to the HIPAA Privacy rule as well as HIPAA compliant strategies to enhance subject recruitment and retention. Recruitment challenges discussed include evolving interpretations of the HIPAA regulations, inability to directly contact potential subjects, complexity of the HIPAA required documents, the increased cost of subject recruitment, and an expanding administrative burden. Among the strategies addressed are preparatory research reviews, use of clinical collaborators/staff liaisons, pre-screening of potential subjects, minimizing subject burden during the consent process, enhancing follow-up of subjects, facilitating recruitment for future studies and streamlining compliance training for research staff. PMID:17551087

  19. Data Privacy and Security in Higher Education

    ERIC Educational Resources Information Center

    Williams, Tracy

    2003-01-01

    As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

  20. Aligning the Effective Use of Student Data with Student Privacy and Security Laws

    ERIC Educational Resources Information Center

    Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

    2011-01-01

    This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

  1. Observer success rates for identification of 3D surface reconstructed facial images and implications for patient privacy and security

    NASA Astrophysics Data System (ADS)

    Chen, Joseph J.; Siddiqui, Khan M.; Fort, Leslie; Moffitt, Ryan; Juluru, Krishna; Kim, Woojin; Safdar, Nabile; Siegel, Eliot L.

    2007-03-01

    3D and multi-planar reconstruction of CT images have become indispensable in the routine practice of diagnostic imaging. These tools cannot only enhance our ability to diagnose diseases, but can also assist in therapeutic planning as well. The technology utilized to create these can also render surface reconstructions, which may have the undesired potential of providing sufficient detail to allow recognition of facial features and consequently patient identity, leading to violation of patient privacy rights as described in the HIPAA (Health Insurance Portability and Accountability Act) legislation. The purpose of this study is to evaluate whether 3D reconstructed images of a patient's facial features can indeed be used to reliably or confidently identify that specific patient. Surface reconstructed images of the study participants were created used as candidates for matching with digital photographs of participants. Data analysis was performed to determine the ability of observers to successfully match 3D surface reconstructed images of the face with facial photographs. The amount of time required to perform the match was recorded as well. We also plan to investigate the ability of digital masks or physical drapes to conceal patient identity. The recently expressed concerns over the inability to truly "anonymize" CT (and MRI) studies of the head/face/brain are yet to be tested in a prospective study. We believe that it is important to establish whether these reconstructed images are a "threat" to patient privacy/security and if so, whether minimal interventions from a clinical perspective can substantially reduce this possibility.

  2. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    PubMed

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected. PMID:23823165

  3. Privacy and Security in Mobile Health (mHealth) Research.

    PubMed

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  4. Privacy and Security in Mobile Health (mHealth) Research

    PubMed Central

    Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  5. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration...

  6. SPECS: Secure and Privacy Enhancing Communications Schemes for VANETs

    NASA Astrophysics Data System (ADS)

    Chim, T. W.; Yiu, S. M.; Hui, L. C. K.; Jiang, Zoe L.; Li, Victor O. K.

    Vehicular ad hoc network (VANET) is an emerging type of networks which facilitates vehicles on roads to communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely heavily on a tamper-proof hardware device, or cannot satisfy the privacy requirement and do not have an effective message verification scheme. In this paper, we provide a software-based solution which makes use of only two shared secrets to satisfy the privacy requirement and gives lower message overhead and at least 45% higher successful rate than previous solutions in the message verification phase using the bloom filter and the binary search techniques. We also provide the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles.

  7. Intelligent security and privacy solutions for enabling personalized telepathology

    PubMed Central

    2011-01-01

    Starting with the paradigm change of health systems towards personalized health services, the paper introduces the technical paradigms to be met for enabling ubiquitous pHealth including ePathology. The system-theoretical, architecture-centric approach to mobile, pervasive and autonomous solutions has to be based on an open component system framework such as the Generic Component Model. The crucial challenge to be met for comprehensive interoperability is multi-disciplinary knowledge representation, which must be integrated into the aforementioned framework. The approach is demonstrated for security and privacy services fundamental for any eHealth or ePathology environment. PMID:21489199

  8. A Research on Issues Related to RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Kim, Jongki; Yang, Chao; Jeon, Jinhwan

    Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

  9. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    SciTech Connect

    Not Available

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  10. A Progress Report on Information Privacy and Data Security.

    ERIC Educational Resources Information Center

    Salton, Gerard

    1980-01-01

    Describes the role of information privacy in modern society, examines recent legal cases to illustrate how privacy cases are adjudicated and to identify the limits of available privacy protection, and raises issues regarding techniques for insuring data confidentiality. (FM)

  11. Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network.

    PubMed

    Greenberg, Michael D; Ridgely, M Susan; Hillestad, Richard J

    2009-01-01

    More than a decade after passage of the Health Insurance Portability and Accountability Act (HIPAA), concerns about the privacy and security of personal health information remain a major policy issue. Now, the emergence of the Nationwide Health Information Network (NHIN) presents deeper underlying privacy challenges, which will require renewed attention from policymakers as federal and state privacy rules need to be revisited. This is necessary because the current framework of privacy laws is not well suited for regulating a transformed health care system, where computer networks supersede conventional communications media. PMID:19276003

  12. Exploring Trust, Security and Privacy in Digital Business

    NASA Astrophysics Data System (ADS)

    Fischer-Hübner, Simone; Furnell, Steven; Lambrinoudakis, Costas

    Security and privacy are widely held to be fundamental requirements for establishing trust in digital business. This paper examines the relationship between the factors, and the different strategies that may be needed in order to provide an adequate foundation for users’ trust. The discussion begins by recognising that users often lack confidence that sufficient security and privacy safeguards can be delivered from a technology perspective, and therefore require more than a simple assurance that they are protected. One contribution in this respect is the provision of a Trust Evaluation Function, which supports the user in reaching more informed decisions about the safeguards provided in different contexts. Even then, however, some users will not be satisfied with technology-based assurances, and the paper consequently considers the extent to which risk mitigation can be offered via routes, such as insurance. The discussion concludes by highlighting a series of further open issues that also require attention in order for trust to be more firmly and widely established.

  13. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. PMID:27256131

  14. Secure and Privacy Enhanced Gait Authentication on Smart Phone

    PubMed Central

    Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  15. Secure and privacy enhanced gait authentication on smart phone.

    PubMed

    Hoang, Thang; Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  16. DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2010

    2010-01-01

    The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

  17. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Management System of Records (74 FR 3084, January 16, 2009) for the collection and maintenance of records... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel... to update and reissue Department of Homeland Security/ALL--023 Personnel Security Management...

  18. Privacy Preserving Nearest Neighbor Search

    NASA Astrophysics Data System (ADS)

    Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

    Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

  19. Privacy-preserving microbiome analysis using secure computation

    PubMed Central

    Wagner, Justin; Paulson, Joseph N.; Wang, Xiao; Bhattacharjee, Bobby; Corrada Bravo, Héctor

    2016-01-01

    Motivation: Developing targeted therapeutics and identifying biomarkers relies on large amounts of research participant data. Beyond human DNA, scientists now investigate the DNA of micro-organisms inhabiting the human body. Recent work shows that an individual’s collection of microbial DNA consistently identifies that person and could be used to link a real-world identity to a sensitive attribute in a research dataset. Unfortunately, the current suite of DNA-specific privacy-preserving analysis tools does not meet the requirements for microbiome sequencing studies. Results: To address privacy concerns around microbiome sequencing, we implement metagenomic analyses using secure computation. Our implementation allows comparative analysis over combined data without revealing the feature counts for any individual sample. We focus on three analyses and perform an evaluation on datasets currently used by the microbiome research community. We use our implementation to simulate sharing data between four policy-domains. Additionally, we describe an application of our implementation for patients to combine data that allows drug developers to query against and compensate patients for the analysis. Availability and implementation: The software is freely available for download at: http://cbcb.umd.edu/∼hcorrada/projects/secureseq.html Supplementary information: Supplementary data are available at Bioinformatics online. Contact: hcorrada@umiacs.umd.edu PMID:26873931

  20. A secure steganography for privacy protection in healthcare system.

    PubMed

    Liu, Jing; Tang, Guangming; Sun, Yifeng

    2013-04-01

    Private data in healthcare system require confidentiality protection while transmitting. Steganography is the art of concealing data into a cover media for conveying messages confidentially. In this paper, we propose a steganographic method which can provide private data in medical system with very secure protection. In our method, a cover image is first mapped into a 1D pixels sequence by Hilbert filling curve and then divided into non-overlapping embedding units with three consecutive pixels. We use adaptive pixel pair match (APPM) method to embed digits in the pixel value differences (PVD) of the three pixels and the base of embedded digits is dependent on the differences among the three pixels. By solving an optimization problem, minimal distortion of the pixel ternaries caused by data embedding can be obtained. The experimental results show our method is more suitable to privacy protection of healthcare system than prior steganographic works. PMID:23321975

  1. Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

    NASA Astrophysics Data System (ADS)

    Choudhury, Debesh

    2016-04-01

    We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

  2. Assessing the privacy policies in mobile personal health records.

    PubMed

    Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

    2014-01-01

    The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs. PMID:25571104

  3. A Secure and Privacy-Preserving Targeted Ad-System

    NASA Astrophysics Data System (ADS)

    Androulaki, Elli; Bellovin, Steven M.

    Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

  4. Complying with HIPAA: A Guide for the University and Its Counsel.

    ERIC Educational Resources Information Center

    Scaraglino, Pietrina

    2003-01-01

    Identifies and summarizes key provisions of the privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Suggests approaches a university can take to achieve compliance with those provisions, and discusses issues raised by the privacy regulations that are of particular relevance to the academic community. (EV)

  5. Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

    PubMed

    Charbonneau, Deborah H

    2016-08-01

    While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age. PMID:27253081

  6. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    PubMed Central

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  7. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-02

    ... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR...

  8. Privacy and data security in E-health: requirements from the user's perspective.

    PubMed

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly. PMID:23011814

  9. 76 FR 8755 - Privacy Act of 1974; Department of Homeland Security/ALL-032 Official Passport Application and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--032 Official... titled, ``Department of Homeland Security/ ALL--032 Official Passport Application and Maintenance Records..., Privacy Office, Department of Homeland Security, Washington, DC 20528. Instructions: All...

  10. 75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Exemptions; Department of Homeland Security Transportation Security Administration-023 Workplace Violence... Security Administration-023 Workplace Violence Prevention Program System of Records and this proposed... a new system of records under the Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace...

  11. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-02

    ..., --Legislative Updates, and --Update of NIST Computer Security Division. Note that agenda items may change... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February...

  12. 76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-28

    ... public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by... Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems... Discussion on cyber R&D Strategy, and --Update of NIST Computer Security Division. Note that agenda items...

  13. 77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-25

    ..., --Presentation/Discussion on Radios used by federal civilian agencies, and --Update of NIST Computer Security... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 10,...

  14. 77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-01

    ... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... NIST Computer Security Division. Note that agenda items may change without notice because of possible... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security...

  15. 75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-13

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to federal computer systems. Details regarding... National Institute of Standards and Technology Announcing a Meeting of the Information Security and...

  16. 76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-11

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to Federal computer systems. Details regarding... relating to computer security research, --Presentation on Access of Classified Information,...

  17. 78 FR 55657 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-11

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/Transportation Security Administration-021, TSA Pre[check]TM; Application Program System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt......

  18. Authentication, privacy, security can exploit brainwave by biomarker

    NASA Astrophysics Data System (ADS)

    Jenkins, Jeffrey; Sweet, Charles; Sweet, James; Noel, Steven; Szu, Harold

    2014-05-01

    We seek to augment the current Common Access Control (CAC) card and Personal Identification Number (PIN) verification systems with an additional layer of classified access biometrics. Among proven devices such as fingerprint readers and cameras that can sense the human eye's iris pattern, we introduced a number of users to a sequence of 'grandmother images', or emotionally evoked stimuli response images from other users, as well as one of their own, for the purpose of authentication. We performed testing and evaluation of the Authenticity Privacy and Security (APS) brainwave biometrics, similar to the internal organ of the human eye's iris which cannot easily be altered. `Aha' recognition through stimulus-response habituation can serve as a biomarker, similar to keystroke dynamics analysis for inter and intra key fluctuation time of a memorized PIN number (FIST). Using a non-tethered Electroencephalogram (EEG) wireless smartphone/pc monitor interface, we explore the appropriate stimuli-response biomarker present in DTAB low frequency group waves. Prior to login, the user is shown a series of images on a computer display. They have been primed to click their mouse when the image is presented. DTAB waves are collected with a wireless EEG and are sent via Smartphone to a cloud based processing infrastructure. There, we measure fluctuations in DTAB waves from a wireless, non-tethered, single node EEG device between the Personal Graphic Image Number (PGIN) stimulus image and the response time from an individual's mental performance baseline. Towards that goal, we describe an infrastructure that supports distributed verification for web-based EEG authentication. The performance of machine learning on the relative Power Spectral Density EEG data may uncover features required for subsequent access to web or media content. Our approach provides a scalable framework wrapped into a robust Neuro-Informatics toolkit, viable for use in the Biomedical and mental health

  19. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA... Vocational Rehabilitation and Employment Records--VA'' (58VA21/22/28), first published at 74 FR 14865...

  20. 76 FR 60387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/Federal Emergency Management Agency-012 Suspicious Activity Reporting System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of......

  1. The HIPAA headache. It just won't go away. An exclusive survey of privacy officers says full compliance with the 1-year-old regulations is still elusive.

    PubMed

    Morrissey, John

    2004-04-12

    After a year of HIPAA, there's still some adjusting to do. Some don't grasp the value of accounting to patients about disclosures, but HHS' Richard Campanelli, left, says it offers patients reassurance that their data was safeguarded. Baylor's Donna Bowers, on the cover, says caregivers are now understanding that "Maybe (patients) do care that I'm asking all these personal questions in front of all these people." PMID:15124410

  2. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth. PMID:24493763

  3. Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

    PubMed Central

    Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

    2012-01-01

    Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

  4. Users Do the Darndest Things: True Stories from the CyLab Usable Privacy and Security Laboratory

    NASA Astrophysics Data System (ADS)

    Cranor, Lorrie Faith

    How can we make security and privacy software more usable? The first step is to study our users. Ideally, we would watch them interacting with security or privacy software in situations where they face actual risk. But everyday computer users don't sit around fiddling with security software, and subjecting users to actual security attacks raises ethical and legal concerns. Thus, it can be difficult to observe users interacting with security and privacy software in their natural habitat. At the CyLab Usable Privacy and Security Laboratory, we've conducted a wide variety of studies aimed at understanding how users think about security and privacy and how they interact with security and privacy software. In this talk I'll give a behind the scenes tour of some of the techniques we've used to study users both in the laboratory and in the wild. I'll discuss the trials and tribulations of designing and carrying out security and privacy user studies, and highlight some of our surprising observations. Find out what privacy-sensitive items you can actually get study participants to purchase, how you can observe users' responses to a man-in-the-middle attack without actually conducting such an attack, why it's hard to get people to use high tech cell phones even when you give them away, and what's actually in that box behind the couch in my office.

  5. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks

    PubMed Central

    Thandava Meganathan, Navamani; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  6. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

    PubMed

    Meganathan, Navamani Thandava; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  7. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS. PMID:25298362

  8. Usable SPACE: Security, Privacy, and Context for the Mobile User

    NASA Astrophysics Data System (ADS)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  9. 75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-10

    ... of Intelligence and Analysis, Department of Homeland Security, Washington, DC 20528. For privacy... Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), as amended. The NSI establishes a nationwide... to official DHS national security, law enforcement, immigration, intelligence activities,...

  10. Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

    ERIC Educational Resources Information Center

    Buckman, Joel; Gold, Stephanie

    2012-01-01

    This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

  11. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 6 Domestic Security 1 2012-01-01 2012-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Pt. 5, App. A Appendix A to Part 5—FOIA/Privacy Act Offices of the Department of Homeland...

  12. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 6 Domestic Security 1 2011-01-01 2011-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  13. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  14. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  15. 78 FR 28867 - Privacy Act of 1974; Department of Homeland Security/U.S. Immigration and Customs Enforcement-014...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ...In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ``Department of Homeland Security/ U.S. Immigration and Customs Enforcement--014 Homeland Security Investigations Forensic Laboratory System of Records.'' This system of records allows the Department of Homeland Security/U.S.......

  16. Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

    PubMed

    Rosenbaum, Benjamin P

    2014-03-01

    Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords. PMID:24578170

  17. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally...) and (c)(2) of the Affordable Care Act; (3) Be equal to or more stringent than the requirements for... violation of section 1411(g) of the Affordable Care Act will be subject to a civil penalty of not more...

  18. 76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-23

    ...The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 26, 2011, from 8 a.m. until 5 p.m., Thursday, October 27, 2011, from 8:30 a.m. until 5 p.m., and Friday, October 28, 2011 from 8 a.m. until 12 p.m. All sessions will be open to the...

  19. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  20. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  1. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  2. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  3. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  4. 76 FR 12609 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-08

    ... established system will be included in DHS's inventory of record systems. The NOC and SWO tracking functions... Security Operations Center Database (April 18, 2005, 70 FR 20061). The Privacy Act embodies fair... under the control of an agency from which information is retrieved by the name of the individual or...

  5. 77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-18

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA... October 8, 1999 (64 FR 54930), as amended on May 3, 2000 (65 FR 25775). We will match the OPM data with data in our Medicare Database (MDB), SOR 60-0321, last published at 71 FR 42159 (July 25, 2006)....

  6. 77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-06

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., Education, and Vocational Rehabilitation and Employment Records-VA'' (58VA21/22/28), published at 74 FR... FR 42159 (July 25, 2006). 2. Number of Records VA's data file will consist of approximately...

  7. Maintaining Security and Privacy in Educational Computer Centers: A Growing Problem

    ERIC Educational Resources Information Center

    Ball, Leslie D.

    1977-01-01

    Discusses a number of potential security and privacy problems that are frequently found in educational information systems and presents a framework for reviewing potential risks in an educational information system and procedures for insuring that adequate countermeasure exist. (Author/IRT)

  8. Privacy, Security, & Compliance: Strange Bedfellows or a Marriage Made in Heaven?

    ERIC Educational Resources Information Center

    Corn, Michael; Rosenthal, Jane

    2013-01-01

    Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

  9. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable information. 155.260 Section 155.260 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES REQUIREMENTS... Medicaid, CHIP or the BHP for the exchange of eligibility information must: (1) Meet any...

  10. 75 FR 8092 - Privacy Act of 1974; Department of Homeland Security/ALL-027 The History of the Department of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security System of Records (69 FR 56781, September 22, 2004) for the collection and maintenance of records... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--027 The History..., Department of Homeland Security-2004- 0004 Oral History Program: The History of the Department of...

  11. 77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... DHS/ALL-004 General Information Technology Access Account Records System of Records (73 FR 28139, May... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-004 General... Homeland Security system of records notice titled, Department of Homeland Security/ALL-004...

  12. 76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--017 General... Security/ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in..., Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must...

  13. Assuring image authenticity within a data grid using lossless digital signature embedding and a HIPAA-compliant auditing system

    NASA Astrophysics Data System (ADS)

    Lee, Jasper C.; Ma, Kevin C.; Liu, Brent J.

    2008-03-01

    A Data Grid for medical images has been developed at the Image Processing and Informatics Laboratory, USC to provide distribution and fault-tolerant storage of medical imaging studies across Internet2 and public domain. Although back-up policies and grid certificates guarantee privacy and authenticity of grid-access-points, there still lacks a method to guarantee the sensitive DICOM images have not been altered or corrupted during transmission across a public domain. This paper takes steps toward achieving full image transfer security within the Data Grid by utilizing DICOM image authentication and a HIPAA-compliant auditing system. The 3-D lossless digital signature embedding procedure involves a private 64 byte signature that is embedded into each original DICOM image volume, whereby on the receiving end the signature can to be extracted and verified following the DICOM transmission. This digital signature method has also been developed at the IPILab. The HIPAA-Compliant Auditing System (H-CAS) is required to monitor embedding and verification events, and allows monitoring of other grid activity as well. The H-CAS system federates the logs of transmission and authentication events at each grid-access-point and stores it into a HIPAA-compliant database. The auditing toolkit is installed at the local grid-access-point and utilizes Syslog [1], a client-server standard for log messaging over an IP network, to send messages to the H-CAS centralized database. By integrating digital image signatures and centralized logging capabilities, DICOM image integrity within the Medical Imaging and Informatics Data Grid can be monitored and guaranteed without loss to any image quality.

  14. Protecting the Privacy of Social Security Numbers Act of 2013

    THOMAS, 113th Congress

    Rep. Frelinghuysen, Rodney P. [R-NJ-11

    2013-05-22

    06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  15. Personal Data Privacy and Security Act of 2014

    THOMAS, 113th Congress

    Rep. Shea-Porter, Carol [D-NH-1

    2014-02-04

    03/20/2014 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  16. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    PubMed Central

    Fernández, Gonzalo; López-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

  17. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

    PubMed

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  18. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

    PubMed Central

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  19. 77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-01

    ... From the Federal Register Online via the Government Publishing Office ] SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal...

  20. 78 FR 28761 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Immigration and Customs Enforcement--014 Homeland Security Investigations Forensic Laboratory System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt......

  1. 76 FR 41274 - Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable Accommodations Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable... to ] establish a new system of records titled, ``Department of Homeland Security/ALL-033 Reasonable..., Washington, DC 20528. Instructions: All submissions received must include the agency name and docket...

  2. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  3. Security and privacy issues in implantable medical devices: A comprehensive survey.

    PubMed

    Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

    2015-06-01

    Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. PMID:25917056

  4. 75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-23

    ...The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, November 3, 2010, from 9 a.m. until 4:30 p.m., Thursday, November 4, 2010, from 8:30 a.m. until 5 p.m., and Friday, November 5, 2010 from 8 a.m. until 12:30 p.m. All sessions will be open to the...

  5. Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

    PubMed

    Richardson, Joshua E; Ancker, Jessica S

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  6. Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

    PubMed Central

    Richardson, Joshua E.; Ancker, Jessica S.

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  7. Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

    PubMed

    Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

    2013-08-01

    Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship. PMID:23774516

  8. The Relationship of HIPAA to Special Education

    ERIC Educational Resources Information Center

    Benitz, Catherine, Comp.

    2006-01-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes important, but limited, protections for millions of working Americans and their families around the ability to obtain and keep health coverage. Among its specific protections, HIPAA: (1) Limits the use of preexisting condition exclusions; (2) Prohibits group health…

  9. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency. PMID:26084587

  10. SecureMA: protecting participant privacy in genetic association meta-analysis

    PubMed Central

    Xie, Wei; Kantarcioglu, Murat; Bush, William S.; Crawford, Dana; Denny, Joshua C.; Heatherly, Raymond; Malin, Bradley A.

    2014-01-01

    Motivation: Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. Results: We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Availability and implementation: Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService Contact: b.malin@vanderbilt.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:25147357

  11. Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

    PubMed Central

    Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

    2015-01-01

    Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

  12. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

    PubMed

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  13. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

    PubMed Central

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  14. The Health Insurance Portability & Accountability Act and the practice of dentistry in the United States: system security.

    PubMed

    Chasteen, Joseph E; Murphy, Gretchen; Forrey, Arden; Heid, David

    2004-08-15

    This article reviews the issues related to the Health Insurance Portability & Accountability Act (HIPAA) security rule that apply to dental practice. The security rule specifically addresses individually identifiable health information that is transmitted or maintained in electronic media. System security must be applied to the entire technical infrastructure for the practice environment as well as to the work culture on a daily basis and must be thought of as an enterprise asset. Security refers to all of the policies, procedures, tools, and techniques used to assure that privacy and confidentiality are adequately addressed in a healthcare system. HIPAA requires all covered entities that transmit or maintain electronic health information perform, and document, a risk assessment for security and develop a security plan to address major areas of concern. A self-assessment tool is provided in this article. PMID:15318267

  15. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-015 Registered Traveler Operations Files (November 8, 2005, 69 FR 67735), which was written to...)-015 Registered Traveler (RT) Operations File Files (November 8, 2005, 69 FR 67735), which was written..., Arlington, VA 20598-6036; email: TSAPrivacy@dhs.gov . For privacy issues, please contact: Jonathan...

  16. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... records notice titled, DHS/TSA-006 Correspondence Matters Tracking System Records (CMTR) (68 FR 49496... the Federal Register on June 25, 2004 (69 FR 35536). Consistent with the Privacy Act, information... (69 FR 35536). However, TSA will consider individual requests to determine whether or not...

  17. Privacy enhanced group communication in clinical environment

    NASA Astrophysics Data System (ADS)

    Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha

    2005-04-01

    Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.

  18. 76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... records titled, ``Department of Homeland Security/United States Coast Guard-027 Recruiting Files System of Records.'' This system of records allows the Department of Homeland Security/United States Coast Guard to...: Marilyn Scott-Perez (202-475-3515), Privacy Officer, United States Coast Guard, 2100 2nd Street, SW.,...

  19. 75 FR 5609 - Privacy Act of 1974; Department of Homeland Security/ALL-024 Facility and Perimeter Access...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ...In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue Department of Homeland Security/ALL--024 Facility and Perimeter Access Control and Visitor Management System of Records to include record systems within the Federal Protective Service. Categories of individuals, categories of records, purpose and routine uses of this system have been......

  20. 78 FR 15889 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-13

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Customs and Border Protection, DHS/CBP-018--Customs--Trade Partnership Against Terrorism (C-TPAT) System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to......

  1. 75 FR 39184 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-029 Civil...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    .../Civil Rights and Civil Liberties--001 Matters System of Records (69 FR 70464, December 6, 2004) and... Exemptions; Department of Homeland Security/ALL--029 Civil Rights and Civil Liberties Records System of... Privacy Act of 1974 for the Department of Homeland Security/ALL--029 Civil Rights and Civil...

  2. 76 FR 53921 - Privacy Act of 1974; Department of Homeland Security ALL-034 Emergency Care Medical Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-30

    ... employees, their records are considered part of the OPM/GOVT-10--Employee Medical File System Records, 71 FR... considered part of the OPM/GOVT- ] 10--Employee Medical File System Records, 71 FR 35360 (Jun. 19, 2006... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security ALL--034...

  3. Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

    PubMed

    Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

    2015-01-01

    This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology. PMID:25868685

  4. A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

    PubMed

    Mishra, Raghavendra; Barnwal, Amit Kumar

    2015-05-01

    The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes. PMID:25750176

  5. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    NASA Astrophysics Data System (ADS)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  6. Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

    NASA Astrophysics Data System (ADS)

    Slamanig, Daniel; Stingl, Christian

    In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

  7. Clouds and rainbows on the HIPAA horizon.

    PubMed

    Tennant, R M

    1999-01-01

    In the planning phase for several years, the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) finally appear ready for implementation. The Health Care Financing Administration (HCFA) expects that the major HIPAA measures will be released in late 1999. For group practices, it is expected that implementation of these provisions will be complicated and consume significant amounts of time and money. Still, the end result should justify the effort. PMID:10788078

  8. A security and privacy preserving e-prescription system based on smart cards.

    PubMed

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations. PMID:22407399

  9. Quantifying the Correctness, Computational Complexity, and Security of Privacy-Preserving String Comparators for Record Linkage

    PubMed Central

    Durham, Elizabeth; Xue, Yuan; Kantarcioglu, Murat; Malin, Bradley

    2011-01-01

    Record linkage is the task of identifying records from disparate data sources that refer to the same entity. It is an integral component of data processing in distributed settings, where the integration of information from multiple sources can prevent duplication and enrich overall data quality, thus enabling more detailed and correct analysis. Privacy-preserving record linkage (PPRL) is a variant of the task in which data owners wish to perform linkage without revealing identifiers associated with the records. This task is desirable in various domains, including healthcare, where it may not be possible to reveal patient identity due to confidentiality requirements, and in business, where it could be disadvantageous to divulge customers' identities. To perform PPRL, it is necessary to apply string comparators that function in the privacy-preserving space. A number of privacy-preserving string comparators (PPSCs) have been proposed, but little research has compared them in the context of a real record linkage application. This paper performs a principled and comprehensive evaluation of six PPSCs in terms of three key properties: 1) correctness of record linkage predictions, 2) computational complexity, and 3) security. We utilize a real publicly-available dataset, derived from the North Carolina voter registration database, to evaluate the tradeoffs between the aforementioned properties. Among our results, we find that PPSCs that partition, encode, and compare strings yield highly accurate record linkage results. However, as a tradeoff, we observe that such PPSCs are less secure than those that map and compare strings in a reduced dimensional space. PMID:22904698

  10. Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

    ERIC Educational Resources Information Center

    Coronado, Adolfo S.

    2012-01-01

    Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

  11. A Framework for Privacy-preserving Classification of Next-generation PHR data.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

    2014-01-01

    Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy. PMID:25000030

  12. Security Concerns in Android mHealth Apps

    PubMed Central

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A.; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  13. Security Concerns in Android mHealth Apps.

    PubMed

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  14. 77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-009 General Legal Records (August 18, 2003, 68 FR 49496), which was written to assist attorneys in... Security/ ALL-017 General Legal Records (November 23, 2011, 76 FR 72428) to cover its legal activities.../Transportation Security Administration (TSA)-009 General Legal Records (August 18, 2003, 68 FR 49496), which...

  15. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  16. 76 FR 39245 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... Federal Register of May 13, 2011 a final rule that amended its regulations to exempt portions of a... general questions please contact Marilyn Scott-Perez (202-475-3515), Privacy Officer, U.S. Coast Guard... Department of Homeland Security published a document in the Federal Register of May 13, 2011, a final...

  17. 75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... FR 7979, February 23, 2010) proposing to exempt portions of the system of records from one or more... published concurrently in the Federal Register, (75 FR 8092, February 23, 2010) and comments were invited on.../ALL--027 The History of the Department of Homeland Security System of Records AGENCY: Privacy...

  18. 76 FR 60385 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... Immigration System-3 Automated Background Functions System of Records AGENCY: Privacy Office, DHS. ACTION... Homeland Security U.S. Citizenship and Immigration Services-016 Electronic Immigration System-3 Automated... Services (USCIS) proposes to establish a new DHS system of records titled, ``DHS/USCIS-016...

  19. 75 FR 28035 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Homeland Security, Washington, DC 20529. For privacy issues please contact: Mary Ellen Callahan (703-235... Image Storage and Retrieval System (ISRS). If the employee is a non-immigrant, E-Verify queries the Form... the employee getting a TNC but the employee did not try to resolve the issue with SSA or DHS and...

  20. Security and privacy issues in wireless sensor networks for healthcare applications.

    PubMed

    Al Ameen, Moshaddique; Liu, Jingwei; Kwak, Kyungsup

    2012-02-01

    The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures. PMID:20703745

  1. Protocols development for security and privacy of radio frequency identification systems

    NASA Astrophysics Data System (ADS)

    Sabbagha, Fatin

    There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

  2. 77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-012 Transportation Worker Identification Credentialing System (September 24, 2004, 69 FR 57348..., 2010, 75 FR 28046), which covers the Security Threat Assessment process associated with the... Credentialing (TWIC) System (September 24, 2004, 69 FR 57348), which was written to cover the Prototype Phase...

  3. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... CFR Sec. 1560. \\1\\ 77 FR 69491 (Nov. 19, 2012). Under sec. 4012(a)(1)-(2) of the Intelligence Reform.... \\4\\ 73 FR 64018 (Oct. 28, 2008). TSA established the Secure Flight system of records and published...\\ Information collection falls under OMB Control Number 1652-0046. \\5\\ 72 FR 48392. \\6\\ 72 FR 63711. \\7\\ 77...

  4. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... August 4, 2006 in 71 FR 44223. This updated system will be included in DHS' inventory of record systems.... Electronic access is limited by computer security measures that are strictly enforced. TSA file areas are... rule published on August 4, 2006 in 71 FR 44223. Dated: November 21, 2013. Karen L. Neuman...

  5. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Intelligence Service (TSIS) Operations Files System of Records (69 FR 71828, December 10, 2004...(j)(2), (k)(1), (k)(2) and (k)(5) as reflected in the final rule published on August 4, 2006 in 71 FR...)(2), and (k)(5) as reflected in the final rule published on August 4, 2006, in 71 FR 44223....

  6. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Threat Assessment System of Records (70 FR 33383, November 8, 2005). TSA's mission is to... systems as reflected in the final rule published on June 25, 2004 in 69 FR 35536. The information is... Investigation--009 Fingerprint Identification Records System (72 FR 3410, January 1, 2007). ] Exemptions...

  7. 77 FR 33753 - Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection, DHS/CBP...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ...In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ``Department of Homeland Security, U.S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.'' This system of records will allow the Department of Homeland Security/U.S.......

  8. A Practitioner's Response to the New Health Privacy Regulations

    ERIC Educational Resources Information Center

    Yang, Julia A.; Kombarakaran, Francis A.

    2006-01-01

    The established professional practice requiring informed consent for the disclosure of personal health information with its implied right to privacy suffered a serious setback with the first federal privacy initiative of the Bush administration. The new Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L. 104-191) privacy…

  9. Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

    PubMed Central

    Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  10. Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks.

    PubMed

    Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  11. The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

    PubMed Central

    Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

    2015-01-01

    Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater

  12. Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

    PubMed

    Namoğlu, Nihan; Ulgen, Yekta

    2013-01-01

    Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects. PMID:23823398

  13. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS. PMID:23818249

  14. Privacy preserving, real-time and location secured biometrics for mCommerce authentication

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Al-Assam, Hisham; Jassim, Sabah; Lami, Ihsan A.

    2011-06-01

    Secure wireless connectivity between mobile devices and financial/commercial establishments is mature, and so is the security of remote authentication for mCommerce. However, the current techniques are open for hacking, false misrepresentation, replay and other attacks. This is because of the lack of real-time and current-precise-location in the authentication process. This paper proposes a new technique that includes freshly-generated real-time personal biometric data of the client and present-position of the mobile device used by the client to perform the mCommerce so to form a real-time biometric representation to authenticate any remote transaction. A fresh GPS fix generates the "time and location" to stamp the biometric data freshly captured to produce a single, real-time biometric representation on the mobile device. A trusted Certification Authority (CA) acts as an independent authenticator of such client's claimed realtime location and his/her provided fresh biometric data. Thus eliminates the necessity of user enrolment with many mCommerce services and application providers. This CA can also "independently from the client" and "at that instant of time" collect the client's mobile device "time and location" from the cellular network operator so to compare with the received information, together with the client's stored biometric information. Finally, to preserve the client's location privacy and to eliminate the possibility of cross-application client tracking, this paper proposes shielding the real location of the mobile device used prior to submission to the CA or authenticators.

  15. A framework for privacy-preserving access to next-generation EHRs.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Tsohou, Aggeliki; Vassilacopoulos, George

    2014-01-01

    Although personalized medicine is optimizing the discovery, development and application of therapeutic advances, its full impact on patient and population healthcare management has yet to be realized. Electronic health Records (EHRs), integrated with data from other sources, such as social care data, Personal Healthcare Record (PHR) data and genetic information, are envisaged as having a pivotal role in realizing this individualized approach to healthcare. Thus, a new generation of EHRs will emerge which, in addition to supporting healthcare professionals in making well-informed clinical decisions, shows potential for novel discovery of associations between disease and genetic, environmental or process measures. However, a broad range of ethical, legal and technical reasons may hinder the realization of future EHRs due to potential security and privacy breaches. This paper presents a HIPAA-compliant framework that enables privacy-preserving access to next-generation EHRs. PMID:25160285

  16. HIPAA's transactions regulations. Where are we today?

    PubMed

    Callahan-Morris, Elizabeth; Shields, Juli K

    2003-01-01

    By now, the health care industry is feeling the effects of the implementation of the Standards for Electronic Transactions promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The standards, or transaction rule, have been substantially in final form since Aug. 17, 2000, but it has taken the industry every bit of the allotted time period, including a one-year extension, to work through the technical and interpretative issues to meet the Oct. 16, 2003, compliance deadline. PMID:14628326

  17. College Student Records: Legal Issues, Privacy, and Security Concerns. ERIC Digest.

    ERIC Educational Resources Information Center

    Holub, Tamara

    This digest briefly reviews the provisions of the Family Educational Rights and Privacy Act (FERPA) of 1974 (the Buckley Amendment), which sets out legal guidelines regarding the privacy of student records and the provisions of the U.S. Patriot Act, along with the measures some colleges are implementing to comply with these laws and improve the…

  18. 75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... FR 55335). The Privacy Act embodies fair information principles in a statutory framework governing..., Planning, Coordination, Reporting, Analysis, and Fusion System of Records AGENCY: Privacy Office, DHS..., Coordination, Reporting, Analysis, and Fusion System of Records and this proposed rulemaking. In this...

  19. 76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-08

    ... in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR 69603, on... originally published in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR... Initiative (September 10, 2010, 75 FR 55335). II. Privacy Act The Privacy Act embodies fair...

  20. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  1. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  2. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  3. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    PubMed Central

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  4. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    PubMed

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields. PMID:26955504

  5. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    PubMed

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas. PMID:24446151

  6. National Association of School Nurses ISSUE BRIEF: School Health Nurse's Role in Education: Privacy Standards for Student Health Records

    ERIC Educational Resources Information Center

    Pohlman, Katherine; Schwab, Nadine

    2003-01-01

    This article is a reprint of the National Association of School Nurses' "Issue Brief" on Privacy Standards for Student Health Records. It distinguishes between the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HI-PAA), clarifies which of these laws governs the privacy of student health…

  7. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

    PubMed Central

    2013-01-01

    Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or

  8. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... RELATING TO HEALTH CARE ACCESS EXCHANGE ESTABLISHMENT STANDARDS AND OTHER RELATED STANDARDS UNDER THE AFFORDABLE CARE ACT General Functions of an Exchange § 155.280 Oversight and monitoring of privacy...

  9. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... RELATING TO HEALTH CARE ACCESS EXCHANGE ESTABLISHMENT STANDARDS AND OTHER RELATED STANDARDS UNDER THE AFFORDABLE CARE ACT General Functions of an Exchange § 155.280 Oversight and monitoring of privacy...

  10. Automated secured cost effective key refreshing technique to enhance WiMAX privacy key management

    NASA Astrophysics Data System (ADS)

    Sridevi, B.; Sivaranjani, S.; Rajaram, S.

    2013-01-01

    In all walks of life the way of communication is transformed by the rapid growth of wireless communication and its pervasive use. A wireless network which is fixed and richer in bandwidth is specified as IEEE 802.16, promoted and launched by an industrial forum is termed as Worldwide Interoperability for Microwave Access (WiMAX). This technology enables seamless delivery of wireless broadband service for fixed and/or mobile users. The obscurity is the long delay which occurs during the handoff management in every network. Mobile WiMAX employs an authenticated key management protocol as a part of handoff management in which the Base Station (BS) controls the distribution of keying material to the Mobile Station (MS). The protocol employed is Privacy Key Management Version 2- Extensible Authentication Protocol (PKMV2-EAP) which is responsible for the normal and periodical authorization of MSs, reauthorization as well as key refreshing. Authorization key (AK) and Traffic Encryption key (TEK) plays a vital role in key exchange. When the lifetime of key expires, MS has to request for a new key to BS which in turn leads to repetition of authorization, authentication as well as key exchange. To avoid service interruption during reauthorization , two active keys are transmitted at the same time by BS to MS. The consequences of existing work are hefty amount of bandwidth utilization, time consumption and large storage. It is also endured by Man in the Middle attack and Impersonation due to lack of security in key exchange. This paper designs an automatic mutual refreshing of keys to minimize bandwidth utilization, key storage and time consumption by proposing Previous key and Iteration based Key Refreshing Function (PKIBKRF). By integrating PKIBKRF in key generation, the simulation results indicate that 21.8% of the bandwidth and storage of keys are reduced and PKMV2 mutual authentication time is reduced by 66.67%. The proposed work is simulated with Qualnet model and

  11. 76 FR 67755 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection DHS/CBP...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ...In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records notice titled ``Department of Homeland Security/U.S Customs and Border Protection--003 Credit/Debit Card Data System of Records.'' This system allows U.S. Customs and Border Protection to collect, use, and maintain records related to any......

  12. Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

    PubMed Central

    Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

    2015-01-01

    Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose

  13. Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

    PubMed Central

    Fernández-Alemán, José Luis; Toval, Ambrosio

    2012-01-01

    Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

  14. Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes

    NASA Astrophysics Data System (ADS)

    Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

    Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

  15. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can't. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk. PMID:27186282

  16. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed Central

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can’t. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk. PMID:27186282

  17. 76 FR 9034 - Privacy Act of 1974; Department of Homeland Security United States Citizenship and Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-16

    ... adverse notification from employers. E-Verify Self Check provides a vehicle for an individual to... Citizenship and Immigration Services--DHS/USCIS--013 E-Verify Self Check System of Records AGENCY: Privacy... Immigration Services--SORN DHS/USCIS--013 E-Verify Self Check System of Records.'' The U.S. Citizenship...

  18. 77 FR 33605 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... Register, on November 15, 2010 at 75 FR 69604, proposing to exempt portions of the system of records from... Federal Register on November 15, 2010 at 75 FR 69689, and comments were invited on both the NPRM and SORN..., Reporting, Analysis, and Fusion System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule....

  19. 76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... Registration Records system of records (October 5, 2004, 69 FR 192) into this system of records. This newly... Registration Records system of records (October 5, 2004, 69 FR 192) into the this system of records... Management Agency--011 Training and Exercise Program Records System of Records AGENCY: Privacy Office,...

  20. Balancing Student Privacy, Campus Security, and Public Safety: Issues for Campus Leaders. Perspectives, Winter 2008

    ERIC Educational Resources Information Center

    McBain, Lesley

    2008-01-01

    The complex issues of promoting student mental health, privacy and public safety, and the balance among them, weigh on the minds of institutional leaders, educational policymakers, and local, state and federal officials. American campuses have a proud history of intellectual freedom, openness and public accessibility to their communities. However,…

  1. 75 FR 69603 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security National...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... FR 55335). List of Subjects in 6 CFR Part 5 Freedom of information; Privacy. For the reasons stated... Operations Center (NOC)) to collect, plan, coordinate, report, analyze, and fuse infrastructure information..., plan, coordinate, report, analyze, and fuse CIKR information coming into and going out of the NICC...

  2. Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way

    NASA Astrophysics Data System (ADS)

    Cui, Yank; Kobara, Kazukuni; Matsuura, Kanta; Imai, Hideki

    As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

  3. 77 FR 1387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-10

    ..., 76 FR 60387, September 29, 2011, proposing to exempt a system of records from one or more provisions... Register, 76 FR 60067, September 28, 2011, and comments were invited on both the NPRM and SORN. Public... Records'' from one or more provisions of the Privacy Act because of criminal, civil, and...

  4. 76 FR 34616 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... (TSC). For more information on the TSDB, see DOJ/FBI--019 Terrorist Screening Records System, 72 FR... Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). Therefore, some information contained in... Facility Anti-Terrorism Standards Personnel Surety Program System of Records AGENCY: Privacy Office,...

  5. Conceptual Privacy Framework for Health Information on Wearable Device

    PubMed Central

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

  6. Conceptual privacy framework for health information on wearable device.

    PubMed

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

  7. HIPAA, dermatology images, and the law.

    PubMed

    Scheinfeld, Noah; Rothstein, Brooke

    2013-12-01

    From smart phones to iPads, the world has grown increasingly reliant on new technology. In this ever-expanding digital age, medicine is at the forefront of these new technologies. In the field of dermatology and general medicine, digital images have become an important tool used in patient management. Today, one can even find physicians who use their cellular phone cameras to take patient images and transmit them to other physicians. However, as digital imaging technology has become more prevalent so too have concerns about the impact of this technology on the electronic medical record, quality of patient care, and medicolegal issues. This article will discuss the advent of digital imaging technology in dermatology and the legal ramifications digital images have on medical care, abiding by HIPAA, the use of digital images as evidence, and the possible abuses digital images can pose in a health care setting. PMID:24800426

  8. HIPAA strengthens business case for electronic report distribution systems.

    PubMed

    Moody, Mark

    2002-01-01

    HIPAA may finally force healthcare organizations to make long-postponed decisions to increase the use of automation and technology for report distribution. For most, the direct benefits will far outweigh the costs. PMID:12119846

  9. A model for expanded public health reporting in the context of HIPAA.

    PubMed

    Sengupta, Soumitra; Calman, Neil S; Hripcsak, George

    2008-01-01

    The advent of electronic medical records and health information exchange raise the possibility of expanding public health reporting to detect a broad range of clinical conditions and of monitoring the health of the public on a broad scale. Expanding public health reporting may require patient anonymity, matching records, re-identifying cases, and recording patient characteristics for localization. The privacy regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide several mechanisms for public health surveillance, including using laws and regulations, public health activities, de-identification, research waivers, and limited data sets, and in addition, surveillance may be distributed with aggregate reporting. The appropriateness of these approaches varies with the definition of what data may be included, the requirements of the minimum necessary standard, the accounting of disclosures, and the feasibility of the approach. PMID:18579843

  10. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

    PubMed Central

    Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

    2014-01-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

  11. 76 FR 42003 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... notice of proposed rulemaking (NPRM) in the Federal Register, 75 FR 7978, February 23, 2010, proposing to... published concurrently in the Federal Register, 75 FR 8096, February 23, 2010, and comments were invited on... of Homeland Security Transportation Security Administration--023 Workplace Violence...

  12. 75 FR 18857 - Privacy Act of 1974; Department of Homeland Security Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... security and access policies. Strict controls have been imposed to minimize risk of compromising the... policies, including all applicable DHS automated systems security and access policies. Strict controls have... personal information provided. Docket: For access to the docket to read background documents or...

  13. 75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-19

    ... available at http://csrc.nist.gov/groups/SMA/ispab/index.html/ . Agenda: --Cloud Computing Implementations... --Cloud Computing Implementations --Security Issues in Broadband Plan --NIST Issues--research, key...

  14. HIPAA and the military health system: organizing technological and organizational reform in large enterprises

    NASA Astrophysics Data System (ADS)

    Collmann, Jeff R.

    2001-08-01

    The global scale, multiple units, diverse operating scenarios and complex authority structure of the Department of Defense Military Health System (MHS) create social boundaries that tend to reduce communication and collaboration about data security. Under auspices of the Defense Health Information Assurance Program (DHIAP), the Telemedicine and Advanced Technology Research Center (TATRC) is contributing to the MHS's efforts to prepare for and comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 through organizational and technological innovations that bridge such boundaries. Building interdisciplinary (clinical, administrative and information technology) medical information security readiness teams (MISRT) at each military treatment facility (MTF) constitutes the heart of this process. DHIAP is equipping and training MISRTs to use new tools including 'OCTAVE', a self-directed risk assessment instrument and 'RIMR', a web-enabled Risk Information Management Resource. DHIAP sponsors an interdisciplinary, triservice workgroup for review and revision of relevant DoD and service policies and participates in formal DoD health information assurance activities. These activities help promote a community of proponents across the MHS supportive of improved health information assurance. The MHS HIPAA-compliance effort teaches important general lessons about organizational reform in large civilian or military enterprises.

  15. 75 FR 10633 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-09

    ... Security (DHS) published a notice of proposed rulemaking in the Federal Register, 74 FR 30240, June 25... concurrently in the Federal Register, 74 FR 5665, January 30, 2009, and later updated in the Federal Register to add two new routine uses, 74 FR 20719, May 5, 2009. The system is being renamed...

  16. 78 FR 69861 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-21

    ..., harm to an individual, or harm to the security or integrity of this system or other systems or programs... confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers... include reference checks of prior employers, educational institutions attended, police...

  17. 76 FR 18954 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program... Agency--011 Training and Exercise Program Records System of Records'' and this proposed rulemaking. In... DHS system of records titled, ``DHS/FEMA--011 Training and Exercise Program Records System of...

  18. 76 FR 42004 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... the Federal Register, 76 FR 18954, April 6, 2011, proposing to exempt portions of the system of... (SORN) was published concurrently in the Federal Register, 76 FR 19107, April 6, 2011, and comments were... of Homeland Security Federal Emergency Management Agency--011 Training and Exercise Program...

  19. 76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-28

    .... 314; The Homeland Security Act of 2002, as amended; the Intelligence Reform and Terrorism Prevention..., law enforcement, immigration, intelligence, or other functions consistent with the routine uses set...; Name (first, middle, and last); Address (number, street, apartment, city, and state); Age; Sex;...

  20. 75 FR 23274 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-03

    ... who, due to a condition such as mental illness, may pose a health or safety risk to himself/herself or... remain on certain medication for a serious mental health condition). Y. To the DOJ Federal Bureau of... security classification; 8. Limited health information relevant to an individual's placement in an...

  1. 75 FR 69689 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... Suspicious Activity Reporting Initiative (September 10, 2010, 75 FR 55335). DHS is issuing a Notice of... Center Database system of records, April 15, 2005, with the overall intent of narrowing the focus of... Operations Center Database system of records. Additionally, the Department of Homeland Security is issuing...

  2. 76 FR 12745 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-08

    ... Operations Center Database system of records, April 15, 2005, with the overall intent of narrowing the focus... Operations Center Database system of records. The Department of Homeland Security has issued a Notice of... from the Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC), or on...

  3. 77 FR 69491 - Privacy Act of 1974: System of Records; Secure Flight Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-19

    ... Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html ; or (3) Visiting TSA's... list, known as the TSDB. \\6\\ 73 FR 64018 (Oct. 28, 2008). TSA established the Secure Flight system of... to reflect additions to TSA's screening capabilities as discussed below. \\7\\ 72 FR 48392. \\8\\ 72...

  4. 76 FR 8758 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... Homeland Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. The Department... Recovery Assistance (DRA) Files system of records [September 24, 2009, 74 FR 48763], which FEMA employees and/or contractors access via NEMIS when interacting with disaster assistance applicants or...

  5. 76 FR 42005 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... Register, March 8, 2011, 76 FR 12745, proposing to exempt portions of the system of records from one or... Register, March 8, 2011, 76 FR 12609, and comments were invited on both the NPRM and SORN. Public Comments... of Homeland Security Office of Operations Coordination and Planning-002 National Operations...

  6. 78 FR 27276 - Privacy Act; System of Records: Security Records, State-36

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-09

    ... published as 72 FR 73057). The records maintained in State-36, Security Records, capture data related to... Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd Street NW., Washington, DC 20522-8001. FOR FURTHER INFORMATION CONTACT: Director; Office of Information Programs and Services,...

  7. 78 FR 31955 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-28

    ... Records (72 FR 47057, August 22, 2007). This system of records allows the Department of Homeland Security... Departure Information System (ADIS) System of Records'' (72 FR 47057, August 22, 2007). A Final Rule... (72 FR 46921). ADIS is a system for the storage and use of biographic, biometric indicator,...

  8. EGRP Privacy Policy & Disclaimers

    Cancer.gov

    The Epidemiology and Genomics Research Program complies with requirements for privacy and security established by the Office of Management and Budget, Department of Health and Human Services, the National Institutes of Health, and the National Cancer Institute.

  9. Inter-BSs virtual private network for privacy and security enhanced 60 GHz radio-over-fiber system

    NASA Astrophysics Data System (ADS)

    Zhang, Chongfu; Chen, Chen; Zhang, Wei; Jin, Wei; Qiu, Kun; Li, Changchun; Jiang, Ning

    2013-06-01

    A novel inter-basestations (inter-BSs) based virtual private network (VPN) for the privacy and security enhanced 60 GHz radio-over-fiber (RoF) system using optical code-division multiplexing (OCDM) is proposed and demonstrated experimentally. By establishing inter-BSs VPN overlaying the network structure of a 60 GHz RoF system, the express and private paths for the communication of end-users under different BSs can be offered. In order to effectively establish the inter-BSs VPN, the OCDM encoding/decoding technology is employed in the RoF system. In each BS, a 58 GHz millimeter-wave (MMW) is used as the inter-BSs VPN channel, while a 60 GHz MMW is used as the common central station (CS)-BSs communication channel. The optical carriers used for the downlink, uplink and VPN link transmissions are all simultaneously generated in a lightwave-centralized CS, by utilizing four-wave mixing (FWM) effect in a semiconductor optical amplifier (SOA). The obtained results properly verify the feasibility of our proposed configuration of the inter-BSs VPN in the 60 GHz RoF system.

  10. Potential impact of HITECH security regulations on medical imaging.

    PubMed

    Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

    2009-01-01

    Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers. PMID:19963534

  11. Technology in Counselor Education: HIPAA and HITECH as Best Practice

    ERIC Educational Resources Information Center

    Wilkinson, Tyler; Reinhardt, Rob

    2015-01-01

    The use of technology in counseling is expanding. Ethical use of technology in counseling practice is now a stand-alone section in the 2014 American Counseling Association "Code of Ethics." The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act…

  12. PACS image security server

    NASA Astrophysics Data System (ADS)

    Cao, Fei; Huang, H. K.

    2004-04-01

    Medical image security in a PACS environment has become a pressing issue as communications of images increasingly extends over open networks, and hospitals are currently hard-pushed by Health Insurance Portability and Accountability Act (HIPAA) to be HIPPA complaint for ensuring health data security. Other security-related guidelines and technical standards continue bringing to the public attention in healthcare. However, there is not an infrastructure or systematic method to implement and deploy these standards in a PACS. In this paper, we first review DICOM Part15 standard for secure communications of medical images and the HIPAA impacts on PACS security, as well as our previous works on image security. Then we outline a security infrastructure in a HIPAA mandated PACS environment using a dedicated PACS image security server. The server manages its own database of all image security information. It acts as an image Authority for checking and certificating the image origin and integrity upon request by a user, as a secure DICOM gateway to the outside connections and meanwhile also as a PACS operation monitor for HIPAA supporting information.

  13. Using hidden cameras to monitor suspected parental abuse: a security requirement or an invasion of privacy?

    PubMed

    2000-09-01

    Covert surveillance of patients suspected of having Munchausen syndrome by proxy at Children's Healthcare of Atlanta at Scottish Rite (formerly Scottish Rite Children's Medical Center), Atlanta, GA, resulted in considerable media scrutiny when researchers published their findings in the June issue of the journal Pediatrics. The researchers hid surveillance cameras in the rooms of 41 patients over a four-year period and, more than half the time, the videotapes confirmed doctors' fears that mothers were intentionally injuring their babies. Some of the most serious abuse involved mothers injecting their children with urine and feces, switching their medication, and even suffocating them to make them sick. This report presents details of the research, the involvement of security officers, and the reactions of local authorities and health officials. PMID:11186790

  14. Privacy in confidential administrative micro data: implementing statistical disclosure control in a secure computing environment.

    PubMed

    Hochfellner, Daniela; Müller, Dana; Schmucker, Alexandra

    2014-12-01

    The demand for comprehensive and innovative data is constantly growing in social science. In particular, micro data from various social security agencies become more and more attractive. In contrast to survey data, administrative data offer a census with highly reliable information but are restricted in their usage. To make them accessible for researchers, data or research output either have to be anonymized or released after disclosure review procedures have been used. This article discusses the trade-off between maintaining a high capability of research potential while protecting private information, by exploiting the data disclosure portfolio and the adopted disclosure strategies of the Research Data Center of the German Federal Employment Agency. PMID:25747686

  15. HIPAA Compliance with Mobile Devices Among ACGME Programs.

    PubMed

    McKnight, Randall; Franko, Orrin

    2016-05-01

    To analyze self-reported HIPAA compliance with mobile technologies among residents, fellows, and attendings at ACGME training programs. A digital survey was sent to 678 academic institutions over a 1-month period. 2427 responses were analyzed using Chi-squared tests for independence. Post-hoc Bonferroni correction was applied for all comparisons between training levels, clinical setting, and specialty. 58 % of all residents self-report violating HIPAA by sharing protected health information (PHI) via text messaging with 27 % reporting they do it "often" or "routinely" compared to 15-19 % of attendings. For all specialties, 35 % of residents use text messaging photo or video sharing with PHI. Overall, 5 % of respondents "often" or "routinely" used HIPAA compliant (HCApps) with no significant differences related to training level. 20 % of residents admitted to using non-encrypted email at some point. 53 % of attendings and 41 % of residents utilized encrypted email routinely. Physicians from surgical specialties compared to non-surgical specialties demonstrated higher rates of HIPAA violations with SMS use (35 % vs. 17.7 %), standard photo/video messages (16.3 % vs. 4.7 %), HCApps (10.9 % vs. 4.9 %), and non-HCApps (5.6 % vs 1.5 %). The most significant barriers to complying with HIPAA were inconvenience (58 %), lack of knowledge (37 %), unfamiliarity (34 %), inaccessible (29 %) and habit (24 %). Medical professionals must acknowledge that despite laws to protect patient confidentiality in the era of mobile technology, over 50 % of current medical trainees knowingly violate these rules regularly despite the threat of severe consequences. The medical community must further examine the reason for these inconsistencies and work towards possible solutions. PMID:27079578

  16. THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

    NASA Astrophysics Data System (ADS)

    Karabat, Cagatay; Kiraz, Mehmet Sabir; Erdogan, Hakan; Savas, Erkay

    2015-12-01

    In this paper, we introduce a new biometric verification and template protection system which we call THRIVE. The system includes novel enrollment and authentication protocols based on threshold homomorphic encryption where a private key is shared between a user and a verifier. In the THRIVE system, only encrypted binary biometric templates are stored in a database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during authentication. Due to the underlying threshold homomorphic encryption scheme, a malicious database owner cannot perform full decryption on encrypted templates of the users in the database. In addition, security of the THRIVE system is enhanced using a two-factor authentication scheme involving user's private key and biometric data. Using simulation-based techniques, the proposed system is proven secure in the malicious model. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form, but needs to prove her identity by using biometrics. The system can be used with any biometric modality where a feature extraction method yields a fixed size binary template and a query template is verified when its Hamming distance to the database template is less than a threshold. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biometric templates on a desktop PC running with quad core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real-life applications.

  17. Protecting Privacy.

    ERIC Educational Resources Information Center

    Coyle, Karen

    2001-01-01

    Discusses privacy issues related to use of the Internet. Topics include data gathering functions that are built into applications of the World Wide Web; cookies that identify Web site visitors; personal identity information; libraries and privacy, including the need for privacy policies; protecting your privacy; and developing privacy literacy.…

  18. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  19. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in...

  20. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Model privacy form and... Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of... content requirements of §§ 160.6 and 160.7 of this part, although use of the model privacy form is...

  1. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in...

  2. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  3. 75 FR 404 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-009...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ... branches of the U.S. Government. The Privacy Act exemptions for this system go unchanged and the Final Rule... provided. Docket: For access to the docket to read background documents or comments received go to...

  4. Federal Privacy Laws That Apply to Children and Education. Safeguarding Data

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2014

    2014-01-01

    This table identifies and briefly describes the following federal policies that safeguard and protect the confidentiality of personal information: (1) Family Educational Rights and Privacy Act (FERPA); (2) Protection of Pupil Rights Amendment (PPRA); (3) Health Insurance Portability and Accountability Act (HIPAA); (4) Children's Online Privacy…

  5. 77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-01

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Homeland Security has determined that the renewal of the charter of the Data Privacy and Integrity Advisory... Ballard, Designated Federal Officer, Data Privacy and Integrity Advisory Committee, Department of...

  6. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule....

  7. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule....

  8. 6 CFR 1002.3 - Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Privacy Act requests. 1002.3 Section 1002.3 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.3 Privacy Act requests. (a) Requests to determine if you are the subject of a record. You...

  9. 75 FR 51468 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-20

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... Department of Homeland Security (DHS) is making available thirty-five Privacy Impact Assessments on various...'s Web site between October 1, 2009 and May 31, 2010. DATES: The Privacy Impact Assessments will...

  10. 78 FR 12337 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-22

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... of Records Notice, 77 FR 30297 (May 22, 2012). System: DHS/CBP/PIA-010 Analytical Framework for... Security (DHS) Privacy Office is making available thirty-eight Privacy Impact Assessments (PIA) on...

  11. A tracking and verification system implemented in a clinical environment for partial HIPAA compliance

    NASA Astrophysics Data System (ADS)

    Guo, Bing; Documet, Jorge; Liu, Brent; King, Nelson; Shrestha, Rasu; Wang, Kevin; Huang, H. K.; Grant, Edward G.

    2006-03-01

    The paper describes the methodology for the clinical design and implementation of a Location Tracking and Verification System (LTVS) that has distinct benefits for the Imaging Department at the Healthcare Consultation Center II (HCCII), an outpatient imaging facility located on the USC Health Science Campus. A novel system for tracking and verification of patients and staff in a clinical environment using wireless and facial biometric technology to monitor and automatically identify patients and staff was developed in order to streamline patient workflow, protect against erroneous examinations and create a security zone to prevent and audit unauthorized access to patient healthcare data under the HIPAA mandate. This paper describes the system design and integration methodology based on initial clinical workflow studies within a clinical environment. An outpatient center was chosen as an initial first step for the development and implementation of this system.

  12. Speech privacy: Beyond architectural solutions

    NASA Astrophysics Data System (ADS)

    Mazer, Susan

    2005-09-01

    HIPAA regulations have brought unparalleled pressures on healthcare organizations to protect private and confidential information from reaching third parties. Yet, as this paper explains, often in the middle of noisy corridors and waiting rooms, this same information needs to be quickly transferred from physician to nurse to family member to others for the care of patients. Research and examples are presented that show that when families, patients, staff are participating together, although independently, in the same or adjacent spaces, the ``caf effect'' produces rising noise levels as each person competes to be heard. This threatens the very confidentiality demanded by HIPAA. Solutions to this problem are not easy or completely resolved by engineering or design specifications. This paper makes the case that it is ultimately the culture of a healthcare organization that determines the ``sound'' of a hospital, and any other organization that battles openness with privacy. It presents and discusses proven solutions to address culture in tandem with architectural and acoustic design interventions.

  13. 75 FR 412 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ...) titled DHS/ICE-001, Student and Exchange Visitor Information System, (70 FR 14477, Mar. 22, 2005), and a... Privacy Act (73 FR 63057, Oct. 23, 2008), portions or all of these records may be exempt from disclosure... development and launch of the next generation Student and Exchange Visitor Information System...

  14. 76 FR 21768 - Privacy Act of 1974; Department of Homeland Security/Office of Health Affairs-001 Contractor...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-18

    ... 19, 2006, 71 FR 35360). Categories of records in the system: Categories of records in this system... Affairs--001 Contractor Occupational Health and Immunization Records System of Records AGENCY: Privacy... Contractor Occupational Health and Immunization Records System of Records.'' This system...

  15. 78 FR 4347 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security; U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-22

    ... Property Rights e-Recordation and Search Systems, System of Records AGENCY: Privacy Office, DHS. ACTION...- Recordation and Search Systems (IPRRSS), System of Records'' and this proposed rulemaking. In this proposed... titled, ``DHS/CBP-004-Intellectual Property Rights e-Recordation and Search Systems System of...

  16. 77 FR 53893 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-005...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-04

    ... Customs Enforcement--005 Trade Transparency Analysis and Research (TTAR) System of Records AGENCY: Privacy... Enforcement-005 Trade Transparency Analysis and Research (TTAR) System of Records.'' This system of records is... Analysis and Research Trade Transparency System (DARTTS), which is a software application and...

  17. 76 FR 49500 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-020 Substance...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... authorities to report, under State law, incidents of suspected child abuse or neglect to the extent described... Guard--020 Substance Abuse Prevention and Treatment Program System of Records AGENCY: Privacy Office...--020 Substance Abuse Prevention and Treatment Program System of Records.'' This system of...

  18. 78 FR 31958 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-007...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-28

    ... published in the Federal Register on July 25, 2008 (73 FR 43457). A Final Rule exempting portions of this system from certain provisions of the Privacy Act was published on February 3, 2010 (75 FR 5491). As part... of entry. The exemptions for the existing system of records notice (July 25, 2008, 73 FR 43457)...

  19. 77 FR 33683 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security, U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... Intelligence (AFI) System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking... Border Protection--017 Analytical Framework for Intelligence (AFI) System of Records'' and this proposed... Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.''...

  20. 76 FR 70638 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ... Account and Case Management System of Records contains information that is collected by, on behalf of, in... Account and Case Management System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule. SUMMARY.... Citizenship and Immigration Services-015 Electronic Immigration System- 2 Account and Case Management...

  1. 76 FR 27847 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-13

    ... rulemaking (NPRM) in the Federal Register, 73 FR 64899, October 31, 2008, proposing to exempt portions of the... published concurrently in the Federal Register, 73 FR 64961, October 31, 2008. Comments were invited on both... provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements....

  2. 75 FR 67909 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of the...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-04

    ... a notice of proposed rulemaking in the Federal Register, 74 FR 55482, October 28, 2009, proposing to... published concurrently in the Federal Register, 74 FR 55569, October 28, 2009, and comments were invited on... provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements....

  3. 76 FR 70637 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ... Services-016 Electronic Immigration System- 3 Automated Background Functions System of Records'' from....S. Citizenship and Immigration Services-016 Electronic Immigration System-3 Automated Background... Automated Background Functions System of Records'' from one or more provisions of the Privacy Act because...

  4. 76 FR 49497 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-001 Criminal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... System (IAFIS) managed by the Department of Justice, Federal Bureau of Investigations in connection with... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF HOMELAND... Federal Register to exempt this system of records from certain provisions of the Privacy Act; the...

  5. 76 FR 58525 - Privacy Act of 1974; Department of Homeland Security, U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-21

    ... described in previous SORNs, most recently in the VIS SORN (73 FR 75445, December 11, 2008). SAVE Usage... for the E-Verify and SAVE Programs as part of the underlying technology, VIS (73 FR 75445, December 11... the E-Verify SORN (76 FR 26738, May 9, 2011), the VIS SORN will be retired. II. Privacy Act...

  6. 78 FR 58254 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-23

    ... Information (PII) and is supplied to AMOSS by means of networked external sources. For instance, global positioning systems (GPS), maps, datasets from radar plot data, track data, and flight plan data are all... Surveillance System (AMOSS) System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

  7. 75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ...: The History of the Department of Homeland Security System of Records (69 FR 56781, September 22, 2004... of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records... Act of 1974 for the Department of Homeland Security/ALL-027 The History of the Department of...

  8. Instrumentation for measuring speech privacy in rooms

    NASA Astrophysics Data System (ADS)

    Horrall, Thomas; Pirn, Rein; Markham, Ben

    2003-10-01

    Federal legislation pertaining to oral privacy in healthcare and financial services industries has increased the need for a convenient and economical way to document speech privacy conditions in offices, medical examination rooms, and certain other workspaces. This legislation is embodied in the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA). Both laws require that reasonable measures be put in place to safeguard the oral privacy of patients and clients. While techniques for privacy documentation are known within the acoustical consulting community, it is unlikely that community alone has the capacity to provide the surveys needed to evaluate acoustical conditions and demonstrate compliance with the legislation. A portable computer with integrated soundboard and a suitable amplified loudspeaker and test microphone are all that are needed to perform in situ measurements of articulation index or other accepted indices of speech privacy. Along with modest training, such instrumentation allows technicians to survey a large number of sites economically. Cost-effective components are shown that can meet the requirements for testing in most common environments where oral privacy is likely to be required. Example cases are presented to demonstrate the feasibility of such instrumentation.

  9. Privacy Issues and New Technologies.

    ERIC Educational Resources Information Center

    Colman, Sue

    1997-01-01

    Issues of privacy, anonymity, and computer security emerging with advancing information technology are outlined, and implications for universities are discussed. Emphasis is on the Australian context and on Australian government and international initiatives concerning privacy. Sensitive information categories are identified, and measures…

  10. A Formalization of HIPAA for a Medical Messaging System

    NASA Astrophysics Data System (ADS)

    Lam, Peifung E.; Mitchell, John C.; Sundaram, Sharada

    The complexity of regulations in healthcare, financial services, and other industries makes it difficult for enterprises to design and deploy effective compliance systems. We believe that in some applications, it may be practical to support compliance by using formalized portions of applicable laws to regulate business processes that use information systems. In order to explore this possibility, we use a stratified fragment of Prolog with limited use of negation to formalize a portion of the US Health Insurance Portability and Accountability Act (HIPAA). As part of our study, we also explore the deployment of our formalization in a prototype hospital Web portal messaging system.

  11. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  12. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  13. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  14. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  15. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  16. Privacy Issues of a National Research and Education Network.

    ERIC Educational Resources Information Center

    Katz, James E.; Graveman, Richard F.

    1991-01-01

    Discussion of the right to privacy of communications focuses on privacy expectations within a National Research and Education Network (NREN). Highlights include privacy needs in scientific and education communications; academic and research networks; network security and privacy concerns; protection strategies; and consequences of privacy…

  17. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as...

  18. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as...

  19. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as...

  20. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as...

  1. 32 CFR 806b.51 - Privacy and the Web.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when... 32 National Defense 6 2011-07-01 2011-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post...

  2. 32 CFR 806b.51 - Privacy and the Web.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when... 32 National Defense 6 2010-07-01 2010-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post...

  3. State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2011

    2011-01-01

    Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

  4. Privacy-enhanced electronic mail

    NASA Astrophysics Data System (ADS)

    Bishop, Matt

    1990-06-01

    The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

  5. 76 FR 39315 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... 22, 2007, 72 FR 47073) in order to automate and simplify the current method for transmitting the TSDB... (May 19, 2010, 75 FR 28046); (2) TSA, Secure Flight Program: DHS/TSA--019 Secure Flight Records System (November 9, 2007, 72 FR 63711); (3) U.S. Customs and Border Protection (CBP), Passenger Systems...

  6. 76 FR 39408 - Privacy Act of 1974; Department of Homeland Security/ALL-030 Use of the Terrorist Screening...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... System of Records (August 22, 2007, 72 FR 47073) in order to automate and simplify the current method for... (May 19, 2010, 75 FR 28046); (2) TSA, Secure Flight Program: DHS/TSA-019 Secure Flight Records System (November 9, 2007, 72 FR 63711); (3) U.S. Customs and Border Protection (CBP), Passenger Systems...

  7. 78 FR 64230 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-10-28

    ... 3, 2008, 73 FR 63181). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Integrity Advisory Committee--EXTENSION. SUMMARY: The Department of Homeland Security Privacy Office...

  8. 77 FR 37685 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-22

    ... Department of Homeland Security Advisory Committees System of Records Notice (October 3, 2008, 73 FR 63181... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  9. 76 FR 39406 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... Homeland Security Advisory Committees System of Records Notice (October 3, 2008, 73 FR 63181). Effects of... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  10. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices §...

  11. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices §...

  12. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt...

  13. 77 FR 46100 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-02

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... the Department of Homeland Security (DHS or Department) is making available fifteen new or updated... Privacy Office's Web site between March 1, 2012 and May 31, 2012. DATES: The PIAs will be available on...

  14. Development of a HIPAA-compliant environment for translational research data and analytics

    PubMed Central

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58. PMID:23911553

  15. Development of a HIPAA-compliant environment for translational research data and analytics.

    PubMed

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58. PMID:23911553

  16. 75 FR 23214 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-03

    ... Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act...: Request for information. SUMMARY: Section 13405(c) of the Health Information Technology for Economic and... Information Technology for Economic and Clinical Health (HITECH) Act, Public Law 111-5, 123 Stat....

  17. 78 FR 23872 - HIPAA Privacy Rule and the National Instant Criminal Background Check System (NICS)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-23

    ... guilty by reason of insanity; or otherwise have been determined, through a formal adjudication process... insanity, or otherwise adjudicated as having a serious mental condition that results in the individuals... own affairs.'' The term includes a finding of insanity in a criminal case, and a finding...

  18. HIPAA and talking with family caregivers: what does the law really say?

    PubMed

    Levine, Carol

    2006-08-01

    The Health Insurance Portability and Accountability Act of 1996 (PL 104-191), known as HIPAA, has confused and unnecessarily alarmed many conscientious health care providers. Nurses in particular are likely to be on the front line of family caregivers' inquiries, because physicians are often difficult to reach and because family caregivers look to nurses as sources of reliable information. A major retraining of health care providers at all levels is needed to dampen the "HIPAA scare" and clarify what HIPAA does and does not say about communication with family caregivers. PMID:16905933

  19. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial, annual, and revised privacy notices that...

  20. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during...

  1. 77 FR 47415 - Privacy Act of 1974; Department of Homeland Security U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-08

    ... Immigration Services (USCIS)--004--Systematic Alien Verification for Entitlements (SAVE) Program System of..., ``Department of Homeland Security/United States Citizenship and Immigration Services--004-- Systematic Alien... Services, Systematic Alien Verification for Entitlements (SAVE) program is a fee- based...

  2. 76 FR 67621 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ... for law enforcement or intelligence purposes unless the individual's underlying transaction becomes associated with a law enforcement or intelligence action. The purpose of this system is to provide payment... national security, law enforcement, immigration, intelligence, or other functions consistent with...

  3. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Information to be included in privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General...

  4. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Initial privacy notice to consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial...

  5. Privacy Legislation.

    ERIC Educational Resources Information Center

    Scanlon, Robert G.

    Four major pieces of legislation enacted since 1974--Family Educational Rights and Privacy Act (the "Buckley Amendment"), Amendment to the Freedom of Information Act, The National Research Act, and The Privacy Act--represent a broad scope, impacting the administration of research, funding procedures, and the very substance and techniques of…

  6. Health information privacy protection: crisis or common sense?

    PubMed

    Kumekawa, J K

    2001-01-01

    Concerns about the protection of personally identifiable information are not unique to the health care industry; however, consumers view their medical records as more "private" than other information, such as financial data, because involuntary disclosure can affect jobs or health insurance status. This paper briefly touches upon new sweeping federal privacy standards mandated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The article outlines who and what is covered under the new rules, considers how practitioners can approach compliance with common sense, addresses concerns related to risk management, discusses consumer health privacy issues, and notes the difficulty of evaluating these rules and regulations. The article also looks at some unique privacy issues facing telemedicine and telehealth practitioners. PMID:11936942

  7. 76 FR 28795 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-024 Auxiliary...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-18

    ... titled, ``Department of Homeland Security/United States Coast Guard-024 Auxiliary Database (AUXDATA... Coast Guard to track and report contact, activity, performance, and achievement information about the members of its volunteer workforce element, the United States Coast Guard Auxiliary. As a result of...

  8. 75 FR 5487 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... of Homeland Security (DHS) published a notice of proposed rulemaking in the Federal Register, 72 FR... Federal Register, 72 FR 43650, August 6, 2007, and comments were invited on both the notice of proposed... ATS from coverage under the legacy Treasury/CS.244 Treasury Enforcement Communication System (66...

  9. 78 FR 69983 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-22

    ...) published a notice of proposed rulemaking in the Federal Register, 76 FR 34177 (June 13, 2011), proposing to... Federal Register, 76 FR 34233 (June 13, 2011), and comments were invited on both the Notice of Proposed... Alien File, information may be shared for immigration, law enforcement, and national security...

  10. 78 FR 60888 - Privacy Act of 1974; Department of Homeland Security/ALL-036 Board for Correction of Military...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-10-02

    ... Transportation (OST) 004 Board for Correction of Military Records (BCMR) System of Records, 65 FR 19551--(April... the Coast Guard, 65 FR 19557 (April 11, 2000) as a new Department of Homeland Security system of... of law, which includes criminal, civil, or regulatory violations and such disclosure is proper...

  11. 75 FR 38824 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-06

    ...)-001 Matters System of Records (69 FR 70464, December 6, 2004) and other component specific systems of... the DHS/OIG-002 Investigative Records System of Records (74 FR 55569, October 28, 2009). The data... include, but is not limited to: Name; social security number or other identifier; address; phone...

  12. 75 FR 39266 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    ...)-001 Matters System of Records (69 FR 70464, December 6, 2004) and other component specific systems of... the DHS/OIG-002 Investigative Records System of Records (74 FR 55569, October 28, 2009). The data... include, but is not limited to: Name; Social Security number or other identifier; address; phone...

  13. 77 FR 47411 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-08

    ..., 73 FR 48231) and renaming it Fraud Detection and National Security Records. This system of records... number; Country of citizenship; Citizenship status; Gender; Telephone number(s); Email address; Place of... information and/or financial transaction history; Marriage record; Civil or criminal history...

  14. 75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... the Federal Register, (74 FR 55484, October 28, 2009) proposing to exempt portions of the system of... records notice was published concurrently in the Federal Register, (74 FR 55572, October 28, 2009) and...; investigations, inquiries, and proceedings there under; national security and intelligence activities; ]...

  15. 75 FR 5614 - Privacy Act of 1974; Department of Homeland Security/ALL-025 Law Enforcement Authority in Support...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... Records (74 FR 3088, January 16, 2008) for the collection and maintenance of records that pertain to the... Homeland Security/U.S. Secret Service--004 Protection Information System of Records (73 FR 77733, December... employment, including but not limited to education, firearms, first aid, and CPR; Technical,...

  16. 75 FR 51619 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-23

    ... cases, the same type of SAVE query is conducted using the same information and documentation regardless... INFORMATION CONTACT: For general questions please contact Monitoring and Compliance Branch Chief (202-358-7777..., DC 20528. SUPPLEMENTARY INFORMATION: Background The Department of Homeland Security (DHS) published...

  17. 78 FR 52553 - Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity Index Prototype System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-23

    ... 30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement (ICE)'s Student and Exchange... System SORN (January 5, 2010, 75 FR 412); and (3) U.S. Transportation Security Administration (TSA)'s... Assessment System SORN (May 19, 2010, 75 FR 28046). These three data sets were identified for the...

  18. Biometrics, e-identity, and the balance between security and privacy: case study of the passenger name record (PNR) system.

    PubMed

    Nouskalis, G

    2011-01-01

    The implementation of biometrics entails either the establishment of an identity or tracing a person's identity. Biometric passport data (e.g., irises, fingers, faces) can be used in order to verify a passenger's identity. The proposed Passenger Name Record (PNR) system contains all the information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in the flight schedule, seat preferences, and other information. In the aftermath of the September 11 attacks, a new emergency political-law status of society was established: the continuous state of "war" against the so-called unlawful combatants of the "enemy". Officially, the enemy is the terrorists, but the victims of the privacy invasions caused by the above new form of data processing are the civilians. The data processing based on biometrics is covered both by Directive 95/46 EC and Article 8 of the Convention on the Protection of Human Rights and Fundamental Freedoms (now the European Convention on Human Rights, "ECHR"). According to Article 2, Paragraph a of the above Directive, personal data shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity. PMID:21380482

  19. A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

    NASA Technical Reports Server (NTRS)

    Bishop, Matt

    1991-01-01

    The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

  20. Comprehensive quantitative analysis on privacy leak behavior.

    PubMed

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects. PMID:24066046

  1. Comprehensive Quantitative Analysis on Privacy Leak Behavior

    PubMed Central

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects. PMID:24066046

  2. Gaussian operations and privacy

    SciTech Connect

    Navascues, Miguel; Acin, Antonio

    2005-07-15

    We consider the possibilities offered by Gaussian states and operations for two honest parties, Alice and Bob, to obtain privacy against a third eavesdropping party, Eve. We first extend the security analysis of the protocol proposed in [Navascues et al. Phys. Rev. Lett. 94, 010502 (2005)]. Then, we prove that a generalized version of this protocol does not allow one to distill a secret key out of bound entangled Gaussian states.

  3. What was privacy?

    PubMed

    McCreary, Lew

    2008-10-01

    Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line. PMID:18822675

  4. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Revised privacy notices. 248.8 Section 248.8 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-P: Privacy of Consumer Financial Information and...

  5. The role of privacy protection in healthcare information systems adoption.

    PubMed

    Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

    2013-10-01

    Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection. PMID:24014266

  6. 17 CFR 248.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Annual privacy notice to customers required. 248.5 Section 248.5 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy...

  7. Reconsidering the Right to Privacy in Canada

    ERIC Educational Resources Information Center

    Shade, Leslie Regan

    2008-01-01

    This article argues that post-September 11 political debates and legislation around security necessitates a reconsideration of a right to privacy in Canada. It looks at the proposal for a Canadian Charter of Privacy Rights promoted by Senator Sheila Finestone in the late 1990s and the current challenges of emergent material technologies…

  8. 77 FR 60131 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-02

    ... (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Privacy and Integrity Advisory Committee will meet on November 7, 2012, in Washington, DC. The...

  9. 76 FR 58524 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-21

    ... and Other Lists System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Privacy and Integrity Advisory Committee will meet on October 5, 2011, in Arlington, VA. The meeting...

  10. 75 FR 8087 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... FR 71659). DHS Authority to Collect This Information: DHS requests that you voluntarily submit this... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and...

  11. 78 FR 55088 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-09

    ... 3, 2008, 73 FR 63181). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  12. 75 FR 52769 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-27

    ... Lists System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing Information... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee meeting. SUMMARY: The DHS Data Privacy and...

  13. 77 FR 16846 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-22

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... approved and published on the Privacy Office's Web site between December 1, 2011 and February 29, 2012. DATES: The PIAs will be available on the DHS Web site until May 21, 2012, after which they may...

  14. Achieving Privacy in a Federated Identity Management System

    NASA Astrophysics Data System (ADS)

    Landau, Susan; Le van Gong, Hubert; Wilton, Robin

    Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity- management systems. The protections include minimal disclosure and providing PII only on a “need-to-know” basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity-management systems, and that privacy threats are best handled using a combination of technology and law/policy tools.

  15. 2013 HIPAA Changes Provide Opportunities and Challenges for Researchers: Perspectives from a Cancer Center.

    PubMed

    Freedman, Ralph S; Cantor, Scott B; Merriman, Kelly W; Edgerton, Mary E

    2016-02-01

    In 2013, the U.S. Department of Health and Human Services modified the Health Insurance Portability and Accountability Act Privacy Rule to "strengthen privacy and security protections" while "improving workability and effectiveness to increase flexibility for and decrease burden on regulated entities." In this article, we attempt to translate these generalized goals into the real-world implications of these changes. Under the new rules, researchers can obtain participants' permission to use their protected health information for more research activities with a single, upfront authorization (thereby reducing paperwork for participants, researchers, and institutional review boards) while providing potential participants with more information upon which to base their decisions about participation. The combined authorizations can be used in clinical trials and their optional substudies and in stand-alone biospecimen-banking research that includes authorization to permit future research use. We also suggest best practices for taking advantage of the flexibility offered by the new rules while maintaining strong privacy protections for human subjects. PMID:26832744

  16. Keys to securing data as a practitioner.

    PubMed

    Rey, Jorge; Douglass, Keith

    2012-01-01

    With patient identity theft on the rise, it's important that practitioners and patients alike know how to prevent a security breach. Because of HIPAA, physicians that are covered entities are required to take action to protect their patients' medical records or protected health information. Physicians and medical centers should be proactive while securing sensitive data. Some of these safeguards are physical security, electronic security, monitoring, and employee training. PMID:22413592

  17. 17 CFR Appendix A to Part 160 - Model Privacy Form

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Model Privacy Form A Appendix... Part 160—Model Privacy Form A. The Model Privacy Form ER28DE12.003 ER28DE12.004 ER28DE12.005 ER28DE12.006 ER28DE12.007 ER28DE12.008 ER28DE12.009 B. General Instructions 1. How the Model Privacy Form...

  18. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  19. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  20. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in Appendix A to Subpart A of this part, consistent with the...

  1. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  2. 76 FR 60510 - DHS Data Privacy and Integrity Advisory Committee; Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... in the Federal Register at 76 FR 58524 that the Data Privacy and ] Integrity Advisory Committee would... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee; Meeting AGENCY: Privacy.... DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Wednesday, October 5,...

  3. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You...

  4. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule....

  5. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Annual privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule....

  6. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The...

  7. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You...

  8. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The...

  9. 17 CFR 160.9 - Delivering privacy and opt out notices.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide...

  10. 17 CFR 160.9 - Delivering privacy and opt out notices.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide...

  11. 17 CFR 160.9 - Delivering privacy and opt out notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Delivering privacy and opt out... (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You...

  12. Privacy information management for video surveillance

    NASA Astrophysics Data System (ADS)

    Luo, Ying; Cheung, Sen-ching S.

    2013-05-01

    The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

  13. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    PubMed

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities. PMID:25634674

  14. A privacy protection for an mHealth messaging system

    NASA Astrophysics Data System (ADS)

    Aaleswara, Lakshmipathi; Akopian, David; Chronopoulos, Anthony T.

    2015-03-01

    In this paper, we propose a new software system that employs features that help the organization to comply with USA HIPAA regulations. The system uses SMS as the primary way of communication to transfer information. Lack of knowledge about some diseases is still a major reason for some harmful diseases spreading. The developed system includes different features that may help to communicate amongst low income people who don't even have access to the internet. Since the software system deals with Personal Health Information (PHI) it is equipped with an access control authentication system mechanism to protect privacy. The system is analyzed for performance to identify how much overhead the privacy rules impose.

  15. Evaluating Common Privacy Vulnerabilities in Internet Service Providers

    NASA Astrophysics Data System (ADS)

    Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

    Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

  16. Privacy Policy

    MedlinePlus

    ... are available at: http://www.addthis.com/privacy . Go.USA.Gov and Bit.ly NLM uses the Go.USA.gov and Bit.ly URL shortening services. ... shortened URLs. The analytics data is provided by Go.USA.Gov and Bit.ly. This data does ...

  17. 75 FR 47812 - Privacy Act of 1974; Report of a New System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-09

    ... federally-leased space, and at the physical security office(s) or computer security offices of those... accordance with the Privacy Act, the Computer Security Act, and the Federal Information Security...

  18. 75 FR 21250 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-23

    ...The National Security Agency/Central Security Service is proposing to amend a system of records notice in its existing inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as...

  19. 6 CFR 1002.4 - Responses to Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Information Act procedures at 6 CFR part 1001. ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Responses to Privacy Act requests. 1002.4 Section 1002.4 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE...

  20. Ethics Committees in the Rural Midwest: Exploring the Impact of HIPAA

    ERIC Educational Resources Information Center

    Having, Karen M.; Hale, Dena; Lautar, Charla J.

    2008-01-01

    Context: Confidentiality of personal health information is an ethical principle and a legislated mandate; however, the impact of the Health Insurance Portability and Accountability Act (HIPAA) on ethics committees ethics committees is limited. Purpose: This study investigates the prevalence, activity, and composition of ethics committees located…

  1. Zip it!

    PubMed

    Conde, Crystal

    2012-07-01

    When it comes to enforcing HIPAA data security and privacy standards, the federal government means business. In fact, the government is conducting a national pilot program to audit 150 physicians and others that HIPAA covers as the first phase of a concerted effort to crack down on HIPAA violations. PMID:22777862

  2. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... consumers required. 248.4 Section 248.4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.4 Initial privacy notice to...

  3. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... consumers required. 248.4 Section 248.4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.4 Initial privacy notice to...

  4. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... consumers required. 248.4 Section 248.4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.4 Initial privacy notice to...

  5. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  6. Extending SQL to Support Privacy Policies

    NASA Astrophysics Data System (ADS)

    Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken

    Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.

  7. Protecting Children's Online Privacy.

    ERIC Educational Resources Information Center

    Kresses, Mamie

    2001-01-01

    Discuss provisions of new federal Children's Online Privacy Protection Act that principals should know to protect student privacy on the Internet. Also discusses relevant provisions of the Family Educational Rights and Privacy Act. (PKP)

  8. Governance Through Privacy, Fairness, and Respect for Individuals

    PubMed Central

    Baker, Dixie B.; Kaye, Jane; Terry, Sharon F.

    2016-01-01

    Introduction: Individuals have a moral claim to be involved in the governance of their personal data. Individuals’ rights include privacy, autonomy, and the ability to choose for themselves how they want to manage risk, consistent with their own personal values and life situations. The Fair Information Practices principles (FIPPs) offer a framework for governance. Privacy-enhancing technology that complies with applicable law and FIPPs offers a dynamic governance tool for enabling the fair and open use of individual’s personal data. Perceptions of Risk: Any governance model must protect against the risks posed by data misuse. Individual perceptions of risks are a subjective function involving individuals’ values toward self, family, and society, their perceptions of trust, and their cognitive decision-making skills. The HIPAA Privacy Rule Puts Some Governance in the Hands of Individuals: Individual privacy protections and individuals’ right to choose are codified in the HIPAA Privacy Rule, which attempts to strike a balance between the dual goals of information flow and privacy protection. The choices most commonly given individuals regarding the use of their health information are binary (“yes” or “no”) and immutable. Recent federal recommendations and law recognize the need for granular, dynamic choices. Building a Governance Framework Based in Trust: Avoiding Surprises: Individuals expect that they will govern the use of their own health and genomic data. Failure to build and maintain individuals’ trust increases the likelihood that they will refuse to grant permission to access or use their data. The “no surprises principle” asserts that an individual’s personal information should never be collected, used, transmitted, or disclosed in a way that would surprise the individual were she to learn about it. Fair Information Practices Principles: The FIPPs provide a powerful framework for enabling data sharing and use, while maintaining trust

  9. On genomics, kin, and privacy

    PubMed Central

    Telenti, Amalio; Ayday, Erman; Hubaux, Jean Pierre

    2014-01-01

    The storage of greater numbers of exomes or genomes raises the question of loss of privacy for the individual and for families if genomic data are not properly protected. Access to genome data may result from a personal decision to disclose, or from gaps in protection. In either case, revealing genome data has consequences beyond the individual, as it compromises the privacy of family members. Increasing availability of genome data linked or linkable to metadata through online social networks and services adds one additional layer of complexity to the protection of genome privacy.  The field of computer science and information technology offers solutions to secure genomic data so that individuals, medical personnel or researchers can access only the subset of genomic information required for healthcare or dedicated studies. PMID:25254097

  10. Protecting privacy in a clinical data warehouse.

    PubMed

    Kong, Guilan; Xiao, Zhichun

    2015-06-01

    Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world. PMID:25301198

  11. The development of specifications and discussion of business models for ensuring speech privacy in the healthcare industry

    NASA Astrophysics Data System (ADS)

    Lavallee, Timothy; Good, Kenneth; Sykes, David

    2005-09-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed, among other reasons, to hold healthcare providers accountable for the privacy of patient's personal and medical information. It includes language addressing the need for ``reasonable safeguards'' for speech privacy and oral communication in a healthcare setting. After 50 years of development, speech privacy science and mechanisms are well understood. However, current specifications cannot be directly applied and are not specifically written to address the application of the current acoustical knowledgebase to the health care industry's need for compliance. This is a discussion of the state of existing privacy technology and specifications; the ability and availability of mechanisms currently in the health care industry as a possible route for implementation of the regulation; the state of development of specification to address specifically the industry's needs; and a potential business model for implementation.

  12. Widening Privacy Concerns.

    ERIC Educational Resources Information Center

    Amidon, Paige

    1992-01-01

    Discusses privacy concerns relating to electronic information media. European privacy initiatives from the European Community are described, including personal data protection, impact on the online industry, and telecommunications privacy; and activities in the United States are examined, including telephone caller privacy, electronic mail…

  13. 17 CFR 248.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Information to be included in privacy notices. 248.6 Section 248.6 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information...

  14. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Initial privacy notice to consumers required. 248.4 Section 248.4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-P: Privacy of Consumer...

  15. 17 CFR 248.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Information to be included in privacy notices. 248.6 Section 248.6 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P, S-AM, AND S-ID Regulation S-P: Privacy of Consumer Financial Information...

  16. 75 FR 25870 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-10

    ... FR 71659). DHS Authority to Collect This Information: DHS requests that you voluntarily submit this... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Integrity Advisory Committee will meet on May 25, 2010, in Washington, DC. The meeting will be open to...

  17. 76 FR 25361 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-04

    ..., 2008, 73 FR 71659). Effects of Not Providing Information: You may choose not to provide the requested... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting SUMMARY: The DHS...

  18. 78 FR 75930 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-13

    ... (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  19. 76 FR 35459 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-17

    ... System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  20. 76 FR 70464 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-14

    ... System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  1. 76 FR 42737 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-19

    ... Security Number, date of birth, citizenship, home address, personal phone/cell numbers, employing entity... (12) Privacy Act systems of records notices on December 28, 2007 (72 FR 73887); fourteen (14) Privacy Act systems of records notices on April 2, 2010 (75 FR 16853) and now adds six (6) systems of...

  2. 78 FR 15734 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-12

    ... Privacy Protection Act of 1988, 54 FR 25818 (June 19, 1989); and OMB Circular A-130, Appendix I, 65 FR..., 76 FR 58525 (September 21, 2011). ] MA-DUA will provide the following to DHS/USCIS: MA-DUA records... SECURITY Office of the Secretary Privacy Act of 1974; Computer Matching Program AGENCY: Department...

  3. 78 FR 15407 - Privacy Act of 1974, as Amended

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-11

    ... Internal Revenue Service Privacy Act of 1974, as Amended AGENCY: Internal Revenue Service, Treasury. ACTION... requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Department of the Treasury, Internal... violation of security policy. The records will include items such as suspected and actual policy...

  4. 75 FR 8363 - Office for Civil Rights; Workshop on the HIPAA Privacy Rule's De-Identification Standard; Notice...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-24

    ... a forthcoming workshop organized by the Office for Civil Rights (OCR). The meeting will be open to... response to this mandate, OCR is soliciting stakeholder input from experts with practical technical and policy experience to inform the creation of guidance materials. OCR is collecting views regarding...

  5. 45 CFR 164.520 - Notice of privacy practices for protected health information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Notice of privacy practices for protected health information. 164.520 Section 164.520 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of...

  6. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial...

  7. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice...

  8. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice...

  9. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement. You must provide a clear and...

  10. Privacy-preserving backpropagation neural network learning.

    PubMed

    Chen, Tingting; Zhong, Sheng

    2009-10-01

    With the development of distributed computing environment , many learning problems now have to deal with distributed input data. To enhance cooperations in learning, it is important to address the privacy concern of each data holder by extending the privacy preservation notion to original learning algorithms. In this paper, we focus on preserving the privacy in an important learning model, multilayer neural networks. We present a privacy-preserving two-party distributed algorithm of backpropagation which allows a neural network to be trained without requiring either party to reveal her data to the other. We provide complete correctness and security analysis of our algorithms. The effectiveness of our algorithms is verified by experiments on various real world data sets. PMID:19709975

  11. Battle Hacks.

    PubMed

    Berlin, Joey

    2015-10-01

    Federal, state, and private-product options exist to help practices stay in compliance with HIPAA privacy and security regulations while keeping patient information secure. The Texas Medical Association offers one such product, the Online HIPAA Security Manager, at a discounted rate for members. PMID:26457842

  12. 17 CFR Appendix A to Part 160 - Model Privacy Form

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Model Privacy Form A Appendix... Appendix A to Part 160—Model Privacy Form A. The Model Privacy Form ER28DE12.003 ER28DE12.004 ER28DE12.005 ER28DE12.006 ER28DE12.007 ER28DE12.008 ER28DE12.009 B. General Instructions 1. How the Model Privacy...

  13. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  14. Privacy Perspectives for Online Searchers: Confidentiality with Confidence?

    ERIC Educational Resources Information Center

    Duberman, Josh; Beaudet, Michael

    2000-01-01

    Presents issues and questions involved in online privacy from the information professional's perspective. Topics include consumer concerns; query confidentiality; securing computers from intrusion; electronic mail; search engines; patents and intellectual property searches; government's role; Internet service providers; database mining; user…

  15. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for declassification that are submitted under the provisions of the Freedom of Information Act, as amended, (See §...

  16. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for declassification that are submitted under the provisions of the Freedom of Information Act, as amended, (See §...

  17. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for declassification that are submitted under the provisions of the Freedom of Information Act, as amended, (See §...

  18. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for declassification that are submitted under the provisions of the Freedom of Information Act, as amended, (See §...

  19. Privacy and Library Records

    ERIC Educational Resources Information Center

    Bowers, Stacey L.

    2006-01-01

    This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."

  20. How the University of Michigan Health System finds opportunity in HIPAA.

    PubMed

    Ebel, Colleen

    2004-01-01

    The University of Michigan Health System has dealt with some difficult challenges as a healthcare entity covered by the HIPAA Transaction and Code Sets regulation. It has processed electronic healthcare transactions for several years and faced major system changes to meet the standards. A capital investment in system upgrades and new purchases was inevitable. The organization invested in a systems infrastructure that provides for real-time application integration, which lays the foundation for real-time eligibility and claims processing where health plan systems can communicate with healthcare provider systems. PMID:15162715

  1. Are you ready for an OCR audit?

    PubMed

    Raths, David

    2011-08-01

    Proposed rules aimed at strengthening HIPAA privacy and security requirements have put CIOs and security officers at provider organizations on alert. Experts weigh in on how the changes will play out and what it means for provider organizations. PMID:21863720

  2. Development and testing of a CD-ROM based tutorial for nursing students: getting ready for HIPAA.

    PubMed

    Feeg, Veronica D; Bashatah, Adel; Langley, Christena

    2005-08-01

    The purpose of this study was to develop and test a CD-ROM tutorial for nursing students to educate them on how the rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) affect them as they engage in patient care activities in hospitals. The project was completed in two parts, the first of which was production of a stand-alone, audio lecture, image and text self-instruction on CD-ROM to distribute to students as they began their clinical experience. The second part compared the effectiveness of learning the HIPAA content via CD-ROM to a text-directed, self study method. Students were pretested and randomly assigned to one of the types of instruction based on their seminar group assignment. One group received the CD-ROM, Getting Started with HIPAA, along with a journal article on HIPAA, while the other (control) group received only the journal article. All students were instructed to prepare for a test on their understanding about HIPAA by the end of the clinical rotation. The test was analyzed, and items clarified to yield a reliable Web-based examination with 20 questions, 18 of which were used in the analysis. The students' scores were analyzed before and after the instruction, and the methods of instruction were compared. The study findings demonstrated significant differences between experimental-group and control-group students' performance on a knowledge test of HIPAA, as well as overall satisfaction with learning the material by CD-ROM among students who used it. The tutorial is now available for all students, and the Web-based examination provides automatic scoring to a preestablished competence level. PMID:16130345

  3. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... through a Web site or self-service kiosk from a passenger or non-traveling individual in order to comply... (b) of this section. (3) Third party Web site. Each covered aircraft operator must ensure that...

  4. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... through a Web site or self-service kiosk from a passenger or non-traveling individual in order to comply... (b) of this section. (3) Third party Web site. Each covered aircraft operator must ensure that...

  5. Student Privacy Rights Involving Strip Searches

    ERIC Educational Resources Information Center

    Essex, Nathan L.

    2005-01-01

    The Fourth Amendment to the US Constitution provides protection of all citizens against unreasonable search and seizure. The US Supreme Court has affirmed that the basic purpose of the Fourth Amendment is to safeguard the privacy and security of individuals against unreasonable intrusive searches by governmental officials. Since students possess…

  6. Choose Privacy Week: Educate Your Students (and Yourself) about Privacy

    ERIC Educational Resources Information Center

    Adams, Helen R.

    2016-01-01

    The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…

  7. 76 FR 66933 - Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG-014 Military Pay...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... titled, ``DHS/USCG-014 Military Pay and Personnel System of Records'' 73 FR 77743, December 19, 2008... out national security, law enforcement, immigration, intelligence, or other functions consistent with...; achievement and aptitude test results; academic performance records; correspondence course rate...

  8. An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

    ERIC Educational Resources Information Center

    Maar, Michael C.

    2013-01-01

    This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

  9. 32 CFR Appendix E to Part 806b - Privacy Impact Assessment

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes minimum security practices for Federal computer systems. 14 http://csrc.nist.gov/secplcy/csa_87.txt....

  10. 32 CFR Appendix E to Part 806b - Privacy Impact Assessment

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes minimum security practices for Federal computer systems. 14 http://csrc.nist.gov/secplcy/csa_87.txt....

  11. 32 CFR Appendix E to Part 806b - Privacy Impact Assessment

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes minimum security practices for Federal computer systems. 14 http://csrc.nist.gov/secplcy/csa_87.txt....

  12. Will you accept the government's friend request? Social networks and privacy concerns.

    PubMed

    Siegel, David A

    2013-01-01

    Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

  13. Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

    PubMed Central

    Siegel, David A.

    2013-01-01

    Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

  14. A HIPAA-compliant key management scheme with revocation of authorization.

    PubMed

    Lee, Wei-Bin; Lee, Chien-Ding; Ho, Kevin I-J

    2014-03-01

    Patient control over electronic protected health information (ePHI) is one of the major concerns in the Health Insurance and Accountability Act (HIPAA). In this paper, a new key management scheme is proposed to facilitate control by providing two functionalities. First, a patient can authorize more than one healthcare institute within a designated time period to access his or her ePHIs. Second, a patient can revoke authorization and add new authorized institutes at any time as necessary. In the design, it is not required to re-encrypt ePHIs for adding and revoking authorizations, and the implementation is time- and cost-efficient. Consent exception is also considered by the proposed scheme. PMID:24480372

  15. Privacy policies for health social networking sites

    PubMed Central

    Li, Jingquan

    2013-01-01

    Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data. PMID:23599228

  16. Privacy, confidentiality, and electronic medical records.

    PubMed Central

    Barrows, R C; Clayton, P D

    1996-01-01

    The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

  17. Information Privacy Revealed

    ERIC Educational Resources Information Center

    Lavagnino, Merri Beth

    2013-01-01

    Why is Information Privacy the focus of the January-February 2013 issue of "EDUCAUSE Review" and "EDUCAUSE Review Online"? Results from the 2012 annual survey of the International Association of Privacy Professionals (IAPP) indicate that "meeting regulatory compliance requirements continues to be the top perceived driver…

  18. Emerging Privacy Issues.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    As the issue of information privacy increases in complexity in terms of the number of organizations involved, the intricacy of the information flows, and the difficulty of conceiving appropriate legal safeguards, it is not certain that the practices and laws that have been developed for current privacy protection can work for new situations.…

  19. Toward practicing privacy

    PubMed Central

    Dwork, Cynthia; Pottenger, Rebecca

    2013-01-01

    Private data analysis—the useful analysis of confidential data—requires a rigorous and practicable definition of privacy. Differential privacy, an emerging standard, is the subject of intensive investigation in several diverse research communities. We review the definition, explain its motivation, and discuss some of the challenges to bringing this concept to practice. PMID:23243088

  20. Children's Online Privacy.

    ERIC Educational Resources Information Center

    Aidman, Amy

    2000-01-01

    The first federal Internet privacy law (the Children's Online Privacy Protection Act) provides safeguards for children by regulating collection of their personal information. Unfortunately, teens are not protected. Legislation is pending to protect children from online marketers such as ZapMe! Interactive technologies require constant vigilance.…

  1. Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

    PubMed Central

    Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

    2014-01-01

    As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

  2. Taking the next step to privacy compliance for hospitals: implementing the OHA guidelines.

    PubMed

    Beardwood, John

    2003-01-01

    The recently released "Guidelines for Managing Privacy, Data Protection and Security for Ontario Hospitals," prepared by the Ontario Hospital eHealth Council Privacy and Security Working Group (the "Guidelines") are useful in that they provide a comprehensive overview of the types of issues raised for hospitals by existing and pending privacy legislation, and a very high-level framework for addressing same. However, the Guidelines are, as stated high-level guidelines only,--leaving hospital management to grapple with the next big step towards privacy compliance: how to operationalize the Guidelines within their particular hospital. PMID:14674181

  3. 76 FR 56501 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-13

    ... the Currency (OCC) give notice of alterations to the Privacy Act systems of records entitled ``CC .210-- Bank Securities Dealers System,'' ``CC .220--Section 914 Tracking System;'' and ``CC .600--Consumer... covered individuals related to national banks: Treasury/CC .210--Bank Securities Dealers System;...

  4. 76 FR 3098 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-19

    ... National Security Agency/Central Security Service (NSA/CSS) by other agencies and in some instances... Freedom of Information Act Program; DoD 5400.11- R, Department of Defense Privacy Program; NSA/CSS Policy 1-5; NSA/CSS Freedom of Information Act Program; NSA/CSS Policy 1-34; Implementation of the...

  5. Testing Privacy Awareness

    NASA Astrophysics Data System (ADS)

    Bergmann, Mike

    In web-based business processes the disclosure of personal data by the user is an essential part and mandatory for the processes. Privacy policies help to inform the user about his/her rights and to protect the user’s privacy. In this paper we present a test to empirically measure how the user’s privacy awareness changes by presenting specific elements of the privacy policy in close proximity to the required data items. We compare an experimental group using an enhanced interface to a control group using a conventional interface regarding their capability to recall the agreed privacy-related facts. A concrete online survey has been performed. The major results are presented.

  6. Guidelines for Network Security in the Learning Environment.

    ERIC Educational Resources Information Center

    Littman, Marlyn Kemper

    1996-01-01

    Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

  7. Leveraging Social Links for Trust and Privacy in Networks

    NASA Astrophysics Data System (ADS)

    Cutillo, Leucio Antonio; Molva, Refik; Strufe, Thorsten

    Existing on-line social networks (OSN) such as Facebook suffer from several weaknesses regarding privacy and security due to their inherent handling of personal data. As pointed out in [4], a preliminary analysis of existing OSNs shows that they are subject to a number of vulnerabilities, ranging from cloning legitimate users to sybil attacks through privacy violations. Starting from these OSN vulnerabilities as the first step of a broader research activity, we came up with a new approach that is very promising in re-visiting security and privacy problems in distributed systems and networks. We suggest a solution that both aims at avoiding any centralized control and leverages on the real life trust between users, that is part of the social network application itself. An anonymization technique based on multi-hop routing among trusted nodes guarantees privacy in data access and, generally speaking, in all the OSN operations.

  8. Legal issues concerning electronic health information: privacy, quality, and liability.

    PubMed

    Hodge, J G; Gostin, L O; Jacobson, P D

    1999-10-20

    Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections. PMID:10535438

  9. Data privacy preservation in telemedicine: the PAIRSE project.

    PubMed

    Nageba, Ebrahim; Defude, Bruno; Morvan, Franck; Ghedira, Chirine; Fayn, Jocelyne

    2011-01-01

    The preservation of medical data privacy and confidentiality is a major challenge in eHealth systems and applications. A technological solution based on advanced information and communication systems architectures is needed in order to retrieve and exchange the patient's data in a secure and reliable manner. In this paper, we introduce the project PAIRSE, Preserving Privacy in Peer to Peer (P2P) environments, which proposes an original web service oriented framework preserving the privacy and confidentiality of shared or exchanged medical data. PMID:21893830

  10. 6 CFR Appendix C to Part 5 - DHS Systems of Records Exempt From the Privacy Act

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 6 Domestic Security 1 2011-01-01 2011-01-01 false DHS Systems of Records Exempt From the Privacy Act C Appendix C to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY... Department of Homeland Security (DHS) to exempt its systems of records from provisions of the Act. During...

  11. The Privacy Jungle:On the Market for Data Protection in Social Networks

    NASA Astrophysics Data System (ADS)

    Bonneau, Joseph; Preibusch, Sören

    We have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, nondecisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites' privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites' privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximize sign-up numbers and encourage data sharing from the pragmatic majority of users.

  12. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  13. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  14. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  15. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  16. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  17. Health insurance reform; modifications to the Health Insurance Portability and Accountability Act (HIPAA) electronic transaction standards. Final rule.

    PubMed

    2009-01-16

    This final rule adopts updated versions of the standards for electronic transactions originally adopted under the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This final rule also adopts a transaction standard for Medicaid pharmacy subrogation. In addition, this final rule adopts two standards for billing retail pharmacy supplies and professional services, and clarifies who the "senders" and "receivers" are in the descriptions of certain transactions. PMID:19385110

  18. 75 FR 9012 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/U.S. Department of Health and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-26

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY... Enforcement (OCSE)--Match 1306 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an... Matching and Privacy Protection Act of 1988 (Pub. L. 100-503), amended the Privacy Act (5 U.S.C. 552a)...

  19. Trust and Privacy Solutions Based on Holistic Service Requirements

    PubMed Central

    Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

    2015-01-01

    The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

  20. Trust and Privacy Solutions Based on Holistic Service Requirements.

    PubMed

    Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

    2015-01-01

    The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752