Science.gov

Sample records for hipaa privacy security

  1. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  2. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  3. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  4. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  5. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  6. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  7. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... in 45 CFR parts 160, 162, and 164 as set forth in this section. Those functions of an endorsed..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160...

  8. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

    PubMed

    2013-01-25

    The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities. PMID:23476971

  9. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  10. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  11. HIPAA Privacy 101: essentials for case management practice.

    PubMed

    DiBenedetto, Deborah V

    2003-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard. PMID:12555039

  12. 75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-14

    ...,'' were issued on December 28, 2000, and amended on August 14, 2002. See 65 FR 82462, as amended at 67 FR... the ``Security Rule,'' were issued on February 20, 2003. See 68 FR 8334. The Compliance and... as the ``Enforcement Rule,'' were issued as an interim final rule on April 17, 2003 (68 FR...

  13. HIPAA enhancements to improve emergency department security.

    PubMed

    Freeman, Jeffrey

    2004-05-01

    The Health Insurance Portability and Accountability Act (HIPAA) seems to be as useful as is capitalism to the medically uninsured (or perhaps, as necessary as another leukotriene inhibitor for asthma). Is the emergency medical community doing enough? Can we improve on HIPAA to increase privacy in the emergency department? HIPAA regulations are reviewed in all their wondrous complexity and simplified so that even your medical director can understand them. PMID:15111925

  14. Assessing the HIPAA standard in practice: PHR privacy policies.

    PubMed

    Carrión, Inmaculada; Alemán, José Luis Fernández; Toval, Ambrosio

    2011-01-01

    Health service providers are starting to become interested in providing PHRs (Personal Health Records). With PHRs, access to data is controlled by the patient, and not by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. A number of benefits can be achieved with PHRs, but important challenges related to security and privacy must be addressed. This paper presents a review of the privacy policies of 20 free web-based PHRs. Security and privacy characteristics were extracted and assessed according to the HIPAA standard. The results show a number of important differences in the characteristics analyzed. Some improvements can be made to current PHR privacy policies to enhance the audit and management of access to users' PHRs. A questionnaire has been defined to assist PHR designers in this task. PMID:22254820

  15. Final HIPAA security regulations: a review.

    PubMed

    Garner, John C

    2003-01-01

    This article examines the national standards for safeguarding the confidentiality, integrity, and availability of electronic protected health information under the final Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). The standards require entities covered by the rule to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission. The final privacy rule applies to protected health information in any form. PMID:14983648

  16. HIPAA's Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

    ERIC Educational Resources Information Center

    Stephens, James H.; Parrillo, Anthony V.

    2011-01-01

    The confidentiality of a patient's information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient's privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual's health information on the web. Consequently, if a…

  17. HIPAA the Health Care Hippo: Despite the Rhetoric, Is Privacy Still an Issue?

    ERIC Educational Resources Information Center

    Kuczynski, Kay; Gibbs-Wahlberg, Patty

    2005-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (PL. 104-191) is a multitiered, comprehensive, convoluted, and controversial federal law for sweeping health care reform. Although HIPAA is dramatically broader in scope than privacy protections for health care information, a provision for privacy in the form of a Privacy Rule…

  18. Does the HIPAA Privacy Rule Allow Parents the Right to See Their Children's Medical Records?

    MedlinePlus

    ... Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records? Answer: Yes, ... your contact information below. Email Office for Civil Rights Headquarters U.S. Department of Health & Human Services 200 ...

  19. The End of the HIPAA Privacy Rule? Currents in Contemporary Bioethics.

    PubMed

    Rothstein, Mark A

    2016-06-01

    The HIPAA Privacy Rule is notoriously weak because of its incomplete coverage, numerous exclusions and exemptions, and limited rights for individuals. The three areas in which it provides the most protection are fundraising, marketing, and research. Provisions of the 21st Century Cures Act, pending in Congress, and the Notice of Proposed Rulemaking to amend the federal research regulations (Common Rule), awaiting final regulatory action, would weaken the privacy protections for research. If these measures are adopted, the HIPAA Privacy Rule would have so little value that it might not be worth the aggravation and burden. PMID:27338610

  20. What Judicial Officers Need to Know about the HIPAA Privacy Rule

    ERIC Educational Resources Information Center

    Rowe, Linda P.

    2005-01-01

    This article reviews and analyzes how the Standards for Privacy of Individually Identifiable Health Information, or "Privacy Rule" of Public Law 104-191 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), have impacted the administration of student judicial affairs in higher education. In addition to briefly summarizing the…

  1. Health privacy is difficult but not impossible in a post-HIPAA data-driven world.

    PubMed

    Terry, Nicolas

    2014-09-01

    In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission. PMID:25180726

  2. A HIPAA-compliant architecture for securing clinical images

    NASA Astrophysics Data System (ADS)

    Liu, Brent J.; Zhou, Zheng; Huang, H. K.

    2005-04-01

    The HIPAA (Health Insurance Portability and Accountability Act, Instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems (eg, PACS) have components that generate log files as a solution to address the HIPAA mandate, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log file data generated by these multiple components within a PACS. We have designed and developed a HIPAA Compliant Architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, a software toolkit was implemented based on the HIPAA Compliant architecture. The toolkit was implemented within a testbed PACS Simulator located in the Image Processing and Informatics (IPI) lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS Simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as normal operational activity.

  3. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  4. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  5. The Legal Implications of HIPAA Privacy and Public Health Reporting for Correctional Facilities.

    PubMed

    Barraza, Leila; Collmer, Veda; Meza, Nick; Penunuri, Kristin

    2015-07-01

    Inmates in cramped living quarters, a situation common to correctional facilities, are especially vulnerable to disease. Cramped living conditions, coupled with above-average rates of HIV, tuberculosis, and other communicable diseases, increase inmates' risk of problematic health outcomes. Thus, high-quality health care and sustained efforts to prevent disease are especially important to improve inmate health within correctional facilities. Compliance with federal privacy restrictions pursuant to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and state disease reporting requirements will foster inmate health and assist efforts to prevent the spread of disease. This article examines the interplay between HIPAA rules and state reporting laws to preserve health information privacy and to control the spread of disease. PMID:25953838

  6. The HIPAA privacy rule: practical advice for academic and research institutions.

    PubMed

    Gunter, Kim P

    2002-02-01

    The Final Standards for Privacy of Individually Identifiable Health Information (privacy rule) of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 holds particular importance for academic and research organizations because they use patient information in the provision of experimental healthcare services. In developing a strategy to comply with the final privacy rule, these organizations require an understanding of certain standards that hold significance for them. Specifically, organizations should establish patient privacy guidelines for non-employee researchers the organization should consider partners in business with whom the organization should share its researcher guidelines. These organizations also should understand the difference between consent and authorization, how requirements of the final privacy rule build upon those of the Federal Policy for the Protection of Human Subjects, and the differing roles of privacy boards and institutional review boards. PMID:11842502

  7. mHealth data security: the need for HIPAA-compliant standardization.

    PubMed

    Luxton, David D; Kayl, Robert A; Mishkind, Matthew C

    2012-05-01

    The rise in the use of mobile devices, such as smartphones, tablet personal computers, and wireless medical devices, as well as the wireless networks that enable their use, has raised new concerns for data security and integrity. Standardized Health Insurance Portability and Accountability Act of 1996 (HIPAA)-compliant electronic data security that will allow ubiquitous use of mobile health technologies is needed. The lack of standardized data security to assure privacy, to allow interoperability, and to maximize the full capabilities of mobile devices presents a significant barrier to care. The purpose of this article is to provide an overview of the issue and to encourage discussion of this important topic. Current security needs, standards, limitations, and recommendations for how to address this barrier to care are discussed. PMID:22400974

  8. Medical image security in a HIPAA mandated PACS environment.

    PubMed

    Cao, F; Huang, H K; Zhou, X Q

    2003-01-01

    Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information. PMID:12620309

  9. How to avoid a HIPAA horror story.

    PubMed

    Withrow, Scott C

    2010-08-01

    The Health Information Technology for Economic and Clinical Health Act of 2009 significantly expands the financial risk of violations of the Health Insurance Portability and Accountability Act (HIPAA) and extends HIPAA procedures and penalties to business associates. Hospitals, physicians, and their business associates should ensure that HIPAA privacy and security provisions are adopted. Compliance efforts should focus on high-risk areas, including information access management, access control, and impermissible disclosures of protected health information. PMID:20707266

  10. Challenges and Insights in Using HIPAA Privacy Rule for Clinical Text Annotation

    PubMed Central

    Kayaalp, Mehmet; Browne, Allen C.; Sagan, Pamela; McGee, Tyne; McDonald, Clement J.

    2015-01-01

    The Privacy Rule of Health Insurance Portability and Accountability Act (HIPAA) requires that clinical documents be stripped of personally identifying information before they can be released to researchers and others. We have been manually annotating clinical text since 2008 in order to test and evaluate an algorithmic clinical text de-identification tool, NLM Scrubber, which we have been developing in parallel. Although HIPAA provides some guidance about what must be de-identified, translating those guidelines into practice is not as straightforward, especially when one deals with free text. As a result we have changed our manual annotation labels and methods six times. This paper explains why we have made those annotation choices, which have been evolved throughout seven years of practice on this field. The aim of this paper is to start a community discussion towards developing standards for clinical text annotation with the end goal of studying and comparing clinical text de-identification systems more accurately. PMID:26958206

  11. HIPAA and information security risk: implementing an enterprise-wide risk management strategy

    NASA Astrophysics Data System (ADS)

    Alberts, Christopher J.; Dorofee, Audrey

    2001-08-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 effectively establishes a standard of due care for healthcare information security. One of the challenges of implementing policies, procedures, and practices consistent with HIPAA requirements in the Department of Defense Military Health System is the need for a method that can tailor the requirements to a variety of organizational contexts. This paper will describe a self- directed information security risk evaluation that will enable military healthcare providers to assess their risks and to develop mitigation strategies consistent with HIPAA guidelines.

  12. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  13. High standards. A decade after the law went into effect, there is still debate about the pros and cons of the HIPAA privacy and electronic transaction regulations.

    PubMed

    Edlin, Mari; Johns, Stephanie

    2006-01-01

    When congress passed the Health Insurance Portability and Accountability act in 1996, the goal was to create a simpler, more standardized system that would eventually lower health care costs; reduce errors through safe, universally accepted electronic communication of health care transactions; and eliminate paper claims. Ten years later, the jury is still out on whether HIPAA has been worth the time, energy, and financial investment for insurers. That's not to say, however, that HIPAA hasn't generated benefits while also creating new challenges. "Standards made sense," says Tom Fitzpatrick, Horizon Blue Cross Blue Shield of New Jersey's director of enterprise strategic planning, "but no one ever said it would be fast, cheap, or easy. It was challenging to integrate proprietary claims systems and legacy software with the new standards that took effect in October 2003. But that wasn't the end of the story. HIPAA's privacy and security rules and the standard identifiers have meant even more upgrades and improvements and have required payers to spend millions of additional dollars over the past three years on HIPAA compliance." According to a set of quarterly surveys conducted by HIMSS/Phoenix Health Systems, progress has actually been fairly rapid. On the other hand, some things have remained much the same. In 2003, payers cited "understanding/interpreting the legal requirements" as the most difficult aspect of the HIPAA remediation process, followed by "achieving successful integration of new policies and procedures" and "resolving issues with third parties". In 2006, the barriers are similar, with users citing the same top two struggles. PMID:17175737

  14. Health Insurance Portability and Accountability Act (HIPAA) legislation and its implication on speech privacy design in health care facilities

    NASA Astrophysics Data System (ADS)

    Tocci, Gregory C.; Storch, Christopher A.

    2005-09-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (104th Congress, H.R. 3103, January 3, 1986), among many things, individual patient records and information be protected from unnecessary issue. This responsibility is assigned to the U.S. Department of Health and Human Services (HHS) which has issued a Privacy Rule most recently dated August 2002 with a revision being proposed in 2005 to strengthen penalties for inappropriate breaches of patient privacy. Despite this, speech privacy, in many instances in health care facilities need not be guaranteed by the facility. Nevertheless, the regulation implies that due regard be given to speech privacy in both facility design and operation. This presentation will explore the practical aspects of implementing speech privacy in health care facilities and make recommendations for certain specific speech privacy situations.

  15. Evaluating re-identification risks with respect to the HIPAA privacy rule

    PubMed Central

    Benitez, Kathleen

    2010-01-01

    Objective Many healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share “de-identified” records. Such policies, however, are often applied without knowledge of the risk of “re-identification”. The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists. Measurements We define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries. Results The percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17 000, further confirming risk variability. Conclusions This work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data. PMID:20190059

  16. The Health Insurance Portability and Accountability Act: security and privacy requirements.

    PubMed

    Tribble, D A

    2001-05-01

    The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information. PMID:11351916

  17. Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

    ERIC Educational Resources Information Center

    Johnson, James R.

    2013-01-01

    The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

  18. Privacy and Security: A Bibliography.

    ERIC Educational Resources Information Center

    Computer and Business Equipment Manufacturers Association, Washington, DC.

    Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

  19. The ethical and legal implications of Jaffee v Redmond and the HIPAA medical privacy rule for psychotherapy and general psychiatry.

    PubMed

    Mosher, Paul W; Swire, Peter P

    2002-09-01

    The 1996 Jaffee v Redmond US Supreme Court decision established a privilege for psychotherapeutic communications in the federal courts. The new privilege has both substantive and symbolic importance. In its strongly worded opinion in Jaffee v Redmond, the US Supreme Court made clear that confidentiality in psychotherapy takes precedence over certain other important societal goals. The new Health Insurance Portability and Accountability Act (HIPAA) medical privacy rule promulgated by the Department of Health and Human Services relies on Jaffee v Redmond in providing additional legal protections for confidential psychotherapy. Both the US Supreme Court's Jaffee v Redmond ruling and the HIPAA rule support the ethical protection of confidentiality of conversations between psychiatrists and patients. PMID:12232971

  20. Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

    PubMed Central

    Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

    2013-01-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

  1. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. PMID:25467897

  2. Privacy and security in teleradiology.

    PubMed

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. PMID:19914020

  3. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  4. Panel: RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Fu, Kevin

    The panel on RFID security and privacy included Ross Anderson, Jon Callas, Yvo Desmedt, and Kevin Fu. Topics for discussion included the "chip and PIN" EMV payment systems, e-Passports, "mafia" attacks, and RFID-enabled credit cards. Position papers by the panelists appear in the following pages, and the RFID-enabled credit card work appears separately in these proceedings.

  5. HIPAA--a real world perspective.

    PubMed

    Nulan, C

    2001-01-01

    An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and

  6. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS). Final rule.

    PubMed

    2016-01-01

    The Department of Health and Human Services (HHS or "the Department'') is issuing this final rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal "mental health prohibitor'' that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on Federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this final rule, only covered entities with lawful authority to make the adjudications or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, are permitted to disclose the information needed for these purposes. The disclosure is restricted to limited demographic and certain other information needed for NICS purposes. The rule specifically prohibits the disclosure of diagnostic or clinical information, from medical records or other sources, and any mental health information beyond the indication that the individual

  7. 76 FR 56712 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-14

    ... December 28, 2000, the Department published a final rule in the Federal Register (65 FR 82462) entitled... was amended on August 14, 2002 (67 FR 53182). The Privacy Rule at 45 CFR 164.524 provides individuals... conflict with the CLIA requirements that limited patient access to test reports (65 FR 82485)....

  8. 76 FR 31425 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-31

    ... August 14, 2002). See 65 FR 82462, as amended at 67 FR 53182. The Privacy Rule at 45 CFR 164.528 requires... certification criterion to account for disclosures at 45 CFR 170.210(e) and 170.302(v), 75 FR 2014, 2044, 2046... rule (75 FR 44623), ONC discussed its rationale for retaining the standard for accounting for...

  9. Never too old for anonymity: a statistical standard for demographic data sharing via the HIPAA Privacy Rule

    PubMed Central

    Benitez, Kathleen; Masys, Daniel

    2010-01-01

    Objective Healthcare organizations must de-identify patient records before sharing data. Many organizations rely on the Safe Harbor Standard of the HIPAA Privacy Rule, which enumerates 18 identifiers that must be suppressed (eg, ages over 89). An alternative model in the Privacy Rule, known as the Statistical Standard, can facilitate the sharing of more detailed data, but is rarely applied because of a lack of published methodologies. The authors propose an intuitive approach to de-identifying patient demographics in accordance with the Statistical Standard. Design The authors conduct an analysis of the demographics of patient cohorts in five medical centers developed for the NIH-sponsored Electronic Medical Records and Genomics network, with respect to the US census. They report the re-identification risk of patient demographics disclosed according to the Safe Harbor policy and the relative risk rate for sharing such information via alternative policies. Measurements The re-identification risk of Safe Harbor demographics ranged from 0.01% to 0.19%. The findings show alternative de-identification models can be created with risks no greater than Safe Harbor. The authors illustrate that the disclosure of patient ages over the age of 89 is possible when other features are reduced in granularity. Limitations The de-identification approach described in this paper was evaluated with demographic data only and should be evaluated with other potential identifiers. Conclusion Alternative de-identification policies to the Safe Harbor model can be derived for patient demographics to enable the disclosure of values that were previously suppressed. The method is generalizable to any environment in which population statistics are available. PMID:21169618

  10. HIPAA-FERPA Revisited

    ERIC Educational Resources Information Center

    Bergren, Martha Dewey

    2004-01-01

    Since April 2003, school nurse and school health officials have been clamoring for guidance on how the Health Insurance Portability and Accountability Act (HIPAA) and the Family Education Rights Privacy Act (FERPA) interface in the school environment. This article provides an up-to-date explanation of how school health leaders are interpreting the…

  11. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    NASA Astrophysics Data System (ADS)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  12. The Regulatory Framework for Privacy and Security

    NASA Astrophysics Data System (ADS)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  13. A HIPAA strategy for dental schools.

    PubMed

    Walker, Rosemary

    2002-05-01

    Certain health care organizations, including dental schools, should be readying themselves to comply with the numerous requirements described within the administrative simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The intent of administrative simplification is to streamline the management of health care transactions while protecting the privacy of certain written, oral, and electronic patient information. There are no field-tested plans for implementing the law because only recently has the health care industry begun to respond to the multitude of requirements. It is essential that each organization create a customized compliance plan that best fits its structure and needs. The purpose of this paper is to propose a five-stage theoretical strategy that could assist a dental school in achieving HIPAA compliance. The first stage involves the selection of a HIPAA task force. The second stage selects the applicable HIPAA requirements, determines the current states of confidentiality and security, manages the electronic transactions standards, and composes a gap analysis. The third stage examines risk analysis and management. The fourth stage encompasses technical modifications, policies and procedures, legal input, and training. The fifth stage addresses the maintenance of the implementation. PMID:12056767

  14. HIPAA standards offer more accuracy and eventual cost savings.

    PubMed

    Hamby, P H; McLaughlin, M

    2001-04-01

    More than four years after passage of the Health Insurance Portability and Accountability Act (HIPAA), HHS has yet to issue final rules regarding implementation of many of the statute's provisions. Of immediate concern to the healthcare industry are the final rules regarding electronic transactions and privacy and the proposed rule regarding security. The electronic transactions final rule addresses seven transaction types covered by HIPAA. The final rule mandates the use of standard implementation guides developed by the American National Standards Institute and specifies which code sets are to be used with each type of transaction. Under the security proposed rule, covered entities would be required to develop a security plan addressing four specific areas. Under the privacy final rule, covered entities must meet specific requirements regarding patients rights, including obtaining consent or, in some instances, authorization to use and disclose patients' personal health information. PMID:11300004

  15. Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

    2006-03-01

    The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

  16. Security and Privacy at a Public University.

    ERIC Educational Resources Information Center

    Bomzer, Herbert W.

    The data center and the user offices at a public university have a responsibility to maintain security and to protect the privacy of the individuals whose data they process. This persists even though much personal data are accessible in libraries. How to identify "private" data, what security precautions to take to protect these data from being…

  17. Educational RIS/PACS simulator integrated with the HIPAA compliant auditing (HCA) toolkit

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Zhang, J.

    2005-04-01

    Health Insurance Portability and Accountability Act (HIPAA), a guideline for healthcare privacy and security, has been officially instituted recently. HIPAA mandates healthcare providers to follow its privacy and security rules, one of which is to have the ability to generate audit trails on the data access for any specific patient on demand. Although most current medical imaging systems such as PACS utilize logs to record their activities, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. In this paper, we present a HIPAA compliant auditing (HCA) toolkit for auditing the image data flow of PACS. The toolkit can extract pertinent auditing information from the logs of various PACS components and store the information in a centralized auditing database. The HIPAA compliant audit trails can be generated based on the database, which can also be utilized for data analysis to facilitate the dynamic monitoring of the data flow of PACS. In order to demonstrate the HCA toolkit in a PACS environment, it was integrated with the PACS Simulator, that was presented as an educational tool in 2003 and 2004 SPIE. With the integration of the HCA toolkit with the PACS simulator, users can learn HIPAA audit concepts and how to generate audit trails of image data access in PACS, as well as trace the image data flow of PACS Simulator through the toolkit.

  18. Banking on privacy. Hospitals must protect patient information--and their own liability--as banks balk at HIPAA.

    PubMed

    Haugh, Richard

    2004-02-01

    Thanks to HIPAA, banks stand to earn billions of dollars in new business by processing electronic claims for health care providers and payers. And the health care industry could realize $35 billion a year in efficiency gains and cost savings. But overshadowing it all is the question of how protected patient information will be--and how liable hospitals will be for any breach of that information by their business partners. PMID:14999878

  19. Family Caregiver Research and the HIPAA Factor

    ERIC Educational Resources Information Center

    Albert, Steven M.; Levine, Carol

    2005-01-01

    Research in family caregiving recently has become more challenging because of the strict protection of privacy mandated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We ask when should Institutional Review Boards (IRBs) follow HIPAA rules to the letter and when might they use the waiver option? What is the appropriate…

  20. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  1. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  2. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  3. Information Security and Privacy in Network Environments.

    ERIC Educational Resources Information Center

    Congress of the U.S., Washington, DC. Office of Technology Assessment.

    The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

  4. Measuring and Modeling Security and Privacy Laws

    ERIC Educational Resources Information Center

    Romanosky, Sasha

    2012-01-01

    This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

  5. Ownership, Privacy, Confidentiality, and Security Data.

    ERIC Educational Resources Information Center

    Staman, E. Michael

    1986-01-01

    One of the areas most often neglected by those responsible for information systems in colleges and universities relates to ownership, privacy, confidentiality, and security of data. Background information and definitions are provided, and a suggested environment is described. Model recommendations for institutional policy are offered. (MLW)

  6. Securing your PC and protecting your privacy.

    PubMed

    Schloman, Barbara F

    2005-01-01

    Working in a networked information environment brings new opportunities for getting and sharing information. Regrettably, these benefits of the Internet are challenged by forces that would interfere to satisfy their own profit or malevolent motives. Your networked computer can be infected by viruses, worms, or Trojan horses or infiltrated by spyware, adware, or pop-ups. Without being aware of the dangers and taking precautionary steps, your PC is susceptible to being compromised and your privacy invaded. This column will highlight some of the dangers and offer basic steps for securing your computer and protecting your privacy. PMID:15727543

  7. Update: electronic transactions, HIPAA, and Medicare reimbursement.

    PubMed

    McMahon, Erin Brisbay

    2003-10-01

    Physician practices that transmit any health information in electronic form in connection with a transaction covered by the HIPAA transactions and code sets rule will be required to comply with the rule no later than October 16, 2003. Under the rule, if certain transactions, such as the filing of claims, are conducted electronically, they must contain certain data content and be formatted in a particular way. On and after October 16, 2003, Medicare will require claims to be submitted electronically unless a physician practice has less than 10 full-time equivalent employees. Practices with fewer than 10 FTEs can continue to submit paper claims to Medicare without any further action on their part. At a minimum, physician practices must have the ability to capture the data required by the rule for covered transactions conducted electronically, and either use a clearinghouse to translate the data to X12N format or obtain a translator and electronic connectivity to ensure that the practice can send electronically compliant claims by October 16, 2003. Trading partner agreements may specify the duties and responsibilities of each party to the agreement in conducting a covered transaction electronically, but they are not required under HIPAA. Business associate agreements are required under HIPAA if a practice chooses to use a business associate (a person who performs an activity falling under the rule on behalf of the practice), including a health care clearinghouse, to conduct electronic covered transactions for it, and the agreement must comply with the HIPAA transactions and code sets rule, the privacy rule, and the security rule. This article is not, and should not be construed as, legal advice or an opinion on specific situations. PMID:16871309

  8. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices.

    PubMed

    Watzlaf, Valerie J M; Dealmeida, Dilhari R; Zhou, Leming; Hartman, Linda M

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  9. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices

    PubMed Central

    WATZLAF, VALERIE J.M.; DEALMEIDA, DILHARI R.; ZHOU, LEMING; HARTMAN, LINDA M.

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  10. Cyber security challenges in Smart Cities: Safety, security and privacy

    PubMed Central

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  11. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  12. New security and privacy laws require basic changes in professional practice

    NASA Astrophysics Data System (ADS)

    Sykes, David M.

    2005-09-01

    Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

  13. Security and Privacy in a DACS.

    PubMed

    Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

    2016-01-01

    The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents. PMID:27577355

  14. 42 CFR 600.350 - Privacy and security of information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State must comply with the standards and procedures set forth in 45 CFR 155.260(b) and (c) as are applicable to the... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information....

  15. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy or Security Safeguards. 52.239-1 Section 52.239-1 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52.239-1 Privacy or Security...

  16. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from National Strategy...

  17. 78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-07

    ... effectiveness and to increase flexibility for and decrease burden on the regulated entities. See 78 FR 5566... FR 82707. Given that Sec. 164.512(k)(4)(i) relates to uses and disclosures of protected health... 160 Administrative practice and procedure, Computer technology, Electronic information...

  18. 78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-25

    ... / Friday, January 25, 2013 / Rules and Regulations#0;#0; ] DEPARTMENT OF HEALTH AND HUMAN SERVICES Office... certain requirements with those under the Department's Human Subjects Protections regulations. These... 13563 to conduct a retrospective review of our existing regulations for the purpose of identifying...

  19. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  20. The Health Insurance Portability and Accountability Act (HIPAA): its broad effect on practice.

    PubMed

    Feld, Andrew D

    2005-07-01

    The Health Insurance Portability and Accountability Act (HIPAA), and its final rule, raised fears among practitioners of new and complex regulations that might interfere with medical practice, lead to inadvertent liability and unwanted expense. It generated a dizzying set of health-care administrative activities and a new work for legal consultants. It has extensive scope, and includes most health plans and practitioners. It has regulated both privacy and security, including electronic, paper, and oral communications. However, after a HIPAA compliant office structure is established, and the privacy notice is reviewed and signed by the patient, disclosure of medical information for treatment, payment or "health-care operations" is permitted without recurrent consent forms, thus allowing substantially familiar patterns of doctor-to-doctor communication about treatment. Further, the initial approach to enforcement appears to some legal observers to be more likely corrective rather than punitive, although providers remain uneasy over the mere possibility of criminal penalties. As regards medical research, uncertainties about the application of HIPAA seem less resolved and more variably interpreted by different institutions, with ongoing fear in the research community that important public health and epidemiologic research activity may be compromised by well meaning IRBs using inconsistent, overly strict or erroneous interpretation of the intent of HIPAA regulations. PMID:15984962

  1. HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

    NASA Astrophysics Data System (ADS)

    Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

    2006-03-01

    As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

  2. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Enforcement Record System (69 FR 71828, December 10, 2004.) TSA's mission is to protect... rule published on August 4, 2006 in 71 FR 44223. II. Privacy Act The Privacy Act embodies fair... records is also based on ``need to know.'' Electronic access is limited by computer security measures...

  3. VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie R.; Ondich, Briana

    2012-01-01

    Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant; most did not. While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes. Recommendations are provided for VoIP companies, providers, and clients/consumers. PMID:25945194

  4. VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance.

    PubMed

    Watzlaf, Valerie R; Ondich, Briana

    2012-01-01

    Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant; most did not. While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes. Recommendations are provided for VoIP companies, providers, and clients/consumers. PMID:25945194

  5. SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

    PubMed Central

    Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

    2013-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  6. Safety, security, hygiene and privacy in migrant farmworker housing.

    PubMed

    Arcury, Thomas A; Weir, Maria M; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F; Bischoff, Werner E; Quandt, Sara A

    2012-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  7. Privacy and Security - a Way to Manage the Dilemma

    NASA Astrophysics Data System (ADS)

    Peissl, Walter

    Privacy and security are often seen as opposites in a zero-sum game. The more you want from one, the less you get from the other. To overcome this dilemma the PRISE project (EU-funded by PASR/DG Enterprise) developed a methodology to establish sets of criteria for privacy enhancing security technologies. These sets of criteria are applicable on different levels (research, development, implementation) and by different actors (research coordinators, industry, policy-makers, public and private users). The use of these criteria is intended to contribute directly to a tangible and demonstrable improvement in security as accepted and acceptable security technologies will be more easily implemented, more widely used and confronted with less rejection by the general public and users of these technologies. A similar set of criteria is used for certification for the European Privacy Seal. Both the privacy by design approach and the certification scheme should increase the competitiveness of European security industries by providing guidance on the provision of widely acceptable security technologies.

  8. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... following Privacy Act system of records notice, DHS/TSA-017 Secure Flight Test Records (June 22, 2005, 70 FR.../Transportation Security Administration- 019, Secure Flight Records (November 9, 2007, 72 FR 63711) to cover the...)-017 Secure Flight Test Records (June 22, 2005, 70 FR 36320), from its inventory of record systems....

  9. Toward protocols for quantum-ensured privacy and secure voting

    SciTech Connect

    Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

    2011-08-15

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  10. Toward protocols for quantum-ensured privacy and secure voting

    NASA Astrophysics Data System (ADS)

    Bonanome, Marianna; Bužek, Vladimír; Hillery, Mark; Ziman, Mário

    2011-08-01

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Bužek, and M. Bieliková, Phys. Lett. APYLAAG0375-960110.1016/j.physleta.2005.09.010 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  11. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 45 Public Welfare 1 2014-10-01 2014-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... compliance with privacy and security standards that meet the requirements of this section or other...

  12. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 42 Public Health 2 2013-10-01 2013-10-01 false Ensuring the privacy and security of data. 401.713... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity must... require the qualified entity to maintain privacy and security protocols throughout the duration of...

  13. 75 FR 18860 - Privacy Act of 1974, Department of Homeland Security Transportation Security Administration-013...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Officer Record System (FDORS), previously published on August 18, 2003 (68 FR 49496). TSA's mission is to... reflected in the final rule published on June 25, 2004, 69 FR 35536. Consistent with the Privacy Act... Security Administration--013 Federal Flight Deck Officer Record System AGENCY: Privacy Office, DHS....

  14. Online Patron Records and Privacy: Service vs. Security.

    ERIC Educational Resources Information Center

    Fouty, Kathleen G.

    1993-01-01

    Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

  15. Online Privacy, Security and Ethical Dilemma: A Recent Study.

    ERIC Educational Resources Information Center

    Karmakar, Nitya L.

    The Internet remains as a wonder for the 21st century and its growth is phenomenon. According to a recent survey, the online population is now about 500 million globally and if this trend continues, it should reach 700 million by the end of 2002. This exponential growth of the Internet has given rise to several security, privacy and ethical…

  16. Security, privacy, and confidentiality issues on the Internet.

    PubMed

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  17. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security Safeguards. 52.239-1 Section 52.239-1 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses...

  18. Impact of HIPAA on Subject Recruitment and Retention

    PubMed Central

    Wipke-Tevis, Deidre D.; Pickett, Melissa A.

    2009-01-01

    Recruiting and retaining an adequate sample of subjects is critical to the success of any research project involving human subjects. Recent reports indicate the Health Insurance Portability and Accountability Act (HIPAA) Privacy rule has adversely impacted research. Few resources are available to help researchers and their staff navigate the challenges to subject recruitment and retention after the implementation of the HIPAA Privacy rule. This article will address obstacles to subject recruitment in prospective, clinical research studies related specifically to the HIPAA Privacy rule as well as HIPAA compliant strategies to enhance subject recruitment and retention. Recruitment challenges discussed include evolving interpretations of the HIPAA regulations, inability to directly contact potential subjects, complexity of the HIPAA required documents, the increased cost of subject recruitment, and an expanding administrative burden. Among the strategies addressed are preparatory research reviews, use of clinical collaborators/staff liaisons, pre-screening of potential subjects, minimizing subject burden during the consent process, enhancing follow-up of subjects, facilitating recruitment for future studies and streamlining compliance training for research staff. PMID:17551087

  19. Data Privacy and Security in Higher Education

    ERIC Educational Resources Information Center

    Williams, Tracy

    2003-01-01

    As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

  20. Aligning the Effective Use of Student Data with Student Privacy and Security Laws

    ERIC Educational Resources Information Center

    Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

    2011-01-01

    This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

  1. Observer success rates for identification of 3D surface reconstructed facial images and implications for patient privacy and security

    NASA Astrophysics Data System (ADS)

    Chen, Joseph J.; Siddiqui, Khan M.; Fort, Leslie; Moffitt, Ryan; Juluru, Krishna; Kim, Woojin; Safdar, Nabile; Siegel, Eliot L.

    2007-03-01

    3D and multi-planar reconstruction of CT images have become indispensable in the routine practice of diagnostic imaging. These tools cannot only enhance our ability to diagnose diseases, but can also assist in therapeutic planning as well. The technology utilized to create these can also render surface reconstructions, which may have the undesired potential of providing sufficient detail to allow recognition of facial features and consequently patient identity, leading to violation of patient privacy rights as described in the HIPAA (Health Insurance Portability and Accountability Act) legislation. The purpose of this study is to evaluate whether 3D reconstructed images of a patient's facial features can indeed be used to reliably or confidently identify that specific patient. Surface reconstructed images of the study participants were created used as candidates for matching with digital photographs of participants. Data analysis was performed to determine the ability of observers to successfully match 3D surface reconstructed images of the face with facial photographs. The amount of time required to perform the match was recorded as well. We also plan to investigate the ability of digital masks or physical drapes to conceal patient identity. The recently expressed concerns over the inability to truly "anonymize" CT (and MRI) studies of the head/face/brain are yet to be tested in a prospective study. We believe that it is important to establish whether these reconstructed images are a "threat" to patient privacy/security and if so, whether minimal interventions from a clinical perspective can substantially reduce this possibility.

  2. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    PubMed

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected. PMID:23823165

  3. Privacy and Security in Mobile Health (mHealth) Research.

    PubMed

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  4. Privacy and Security in Mobile Health (mHealth) Research

    PubMed Central

    Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  5. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration...

  6. SPECS: Secure and Privacy Enhancing Communications Schemes for VANETs

    NASA Astrophysics Data System (ADS)

    Chim, T. W.; Yiu, S. M.; Hui, L. C. K.; Jiang, Zoe L.; Li, Victor O. K.

    Vehicular ad hoc network (VANET) is an emerging type of networks which facilitates vehicles on roads to communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely heavily on a tamper-proof hardware device, or cannot satisfy the privacy requirement and do not have an effective message verification scheme. In this paper, we provide a software-based solution which makes use of only two shared secrets to satisfy the privacy requirement and gives lower message overhead and at least 45% higher successful rate than previous solutions in the message verification phase using the bloom filter and the binary search techniques. We also provide the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles.

  7. Intelligent security and privacy solutions for enabling personalized telepathology

    PubMed Central

    2011-01-01

    Starting with the paradigm change of health systems towards personalized health services, the paper introduces the technical paradigms to be met for enabling ubiquitous pHealth including ePathology. The system-theoretical, architecture-centric approach to mobile, pervasive and autonomous solutions has to be based on an open component system framework such as the Generic Component Model. The crucial challenge to be met for comprehensive interoperability is multi-disciplinary knowledge representation, which must be integrated into the aforementioned framework. The approach is demonstrated for security and privacy services fundamental for any eHealth or ePathology environment. PMID:21489199

  8. A Research on Issues Related to RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Kim, Jongki; Yang, Chao; Jeon, Jinhwan

    Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

  9. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    SciTech Connect

    Not Available

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  10. Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network.

    PubMed

    Greenberg, Michael D; Ridgely, M Susan; Hillestad, Richard J

    2009-01-01

    More than a decade after passage of the Health Insurance Portability and Accountability Act (HIPAA), concerns about the privacy and security of personal health information remain a major policy issue. Now, the emergence of the Nationwide Health Information Network (NHIN) presents deeper underlying privacy challenges, which will require renewed attention from policymakers as federal and state privacy rules need to be revisited. This is necessary because the current framework of privacy laws is not well suited for regulating a transformed health care system, where computer networks supersede conventional communications media. PMID:19276003

  11. A Progress Report on Information Privacy and Data Security.

    ERIC Educational Resources Information Center

    Salton, Gerard

    1980-01-01

    Describes the role of information privacy in modern society, examines recent legal cases to illustrate how privacy cases are adjudicated and to identify the limits of available privacy protection, and raises issues regarding techniques for insuring data confidentiality. (FM)

  12. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. PMID:27256131

  13. Exploring Trust, Security and Privacy in Digital Business

    NASA Astrophysics Data System (ADS)

    Fischer-Hübner, Simone; Furnell, Steven; Lambrinoudakis, Costas

    Security and privacy are widely held to be fundamental requirements for establishing trust in digital business. This paper examines the relationship between the factors, and the different strategies that may be needed in order to provide an adequate foundation for users’ trust. The discussion begins by recognising that users often lack confidence that sufficient security and privacy safeguards can be delivered from a technology perspective, and therefore require more than a simple assurance that they are protected. One contribution in this respect is the provision of a Trust Evaluation Function, which supports the user in reaching more informed decisions about the safeguards provided in different contexts. Even then, however, some users will not be satisfied with technology-based assurances, and the paper consequently considers the extent to which risk mitigation can be offered via routes, such as insurance. The discussion concludes by highlighting a series of further open issues that also require attention in order for trust to be more firmly and widely established.

  14. Secure and privacy enhanced gait authentication on smart phone.

    PubMed

    Hoang, Thang; Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  15. Secure and Privacy Enhanced Gait Authentication on Smart Phone

    PubMed Central

    Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  16. DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2010

    2010-01-01

    The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

  17. Privacy Preserving Nearest Neighbor Search

    NASA Astrophysics Data System (ADS)

    Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

    Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

  18. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Management System of Records (74 FR 3084, January 16, 2009) for the collection and maintenance of records... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel... to update and reissue Department of Homeland Security/ALL--023 Personnel Security Management...

  19. Privacy-preserving microbiome analysis using secure computation

    PubMed Central

    Wagner, Justin; Paulson, Joseph N.; Wang, Xiao; Bhattacharjee, Bobby; Corrada Bravo, Héctor

    2016-01-01

    Motivation: Developing targeted therapeutics and identifying biomarkers relies on large amounts of research participant data. Beyond human DNA, scientists now investigate the DNA of micro-organisms inhabiting the human body. Recent work shows that an individual’s collection of microbial DNA consistently identifies that person and could be used to link a real-world identity to a sensitive attribute in a research dataset. Unfortunately, the current suite of DNA-specific privacy-preserving analysis tools does not meet the requirements for microbiome sequencing studies. Results: To address privacy concerns around microbiome sequencing, we implement metagenomic analyses using secure computation. Our implementation allows comparative analysis over combined data without revealing the feature counts for any individual sample. We focus on three analyses and perform an evaluation on datasets currently used by the microbiome research community. We use our implementation to simulate sharing data between four policy-domains. Additionally, we describe an application of our implementation for patients to combine data that allows drug developers to query against and compensate patients for the analysis. Availability and implementation: The software is freely available for download at: http://cbcb.umd.edu/∼hcorrada/projects/secureseq.html Supplementary information: Supplementary data are available at Bioinformatics online. Contact: hcorrada@umiacs.umd.edu PMID:26873931

  20. A secure steganography for privacy protection in healthcare system.

    PubMed

    Liu, Jing; Tang, Guangming; Sun, Yifeng

    2013-04-01

    Private data in healthcare system require confidentiality protection while transmitting. Steganography is the art of concealing data into a cover media for conveying messages confidentially. In this paper, we propose a steganographic method which can provide private data in medical system with very secure protection. In our method, a cover image is first mapped into a 1D pixels sequence by Hilbert filling curve and then divided into non-overlapping embedding units with three consecutive pixels. We use adaptive pixel pair match (APPM) method to embed digits in the pixel value differences (PVD) of the three pixels and the base of embedded digits is dependent on the differences among the three pixels. By solving an optimization problem, minimal distortion of the pixel ternaries caused by data embedding can be obtained. The experimental results show our method is more suitable to privacy protection of healthcare system than prior steganographic works. PMID:23321975

  1. Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

    NASA Astrophysics Data System (ADS)

    Choudhury, Debesh

    2016-04-01

    We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

  2. Assessing the privacy policies in mobile personal health records.

    PubMed

    Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

    2014-01-01

    The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs. PMID:25571104

  3. Complying with HIPAA: A Guide for the University and Its Counsel.

    ERIC Educational Resources Information Center

    Scaraglino, Pietrina

    2003-01-01

    Identifies and summarizes key provisions of the privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Suggests approaches a university can take to achieve compliance with those provisions, and discusses issues raised by the privacy regulations that are of particular relevance to the academic community. (EV)

  4. A Secure and Privacy-Preserving Targeted Ad-System

    NASA Astrophysics Data System (ADS)

    Androulaki, Elli; Bellovin, Steven M.

    Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

  5. Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

    PubMed

    Charbonneau, Deborah H

    2016-08-01

    While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age. PMID:27253081

  6. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    PubMed Central

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  7. Privacy and data security in E-health: requirements from the user's perspective.

    PubMed

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly. PMID:23011814

  8. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-02

    ... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... Cybersecurity (78 FR 11737, February 19, 2013); Development of New Cybersecurity Framework; Request for Information (RFI)--Developing a Framework to Improve Critical Infrastructure Cybersecurity (78 FR...

  9. 76 FR 8755 - Privacy Act of 1974; Department of Homeland Security/ALL-032 Official Passport Application and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--032 Official... titled, ``Department of Homeland Security/ ALL--032 Official Passport Application and Maintenance Records..., Privacy Office, Department of Homeland Security, Washington, DC 20528. Instructions: All...

  10. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-02

    ..., --Legislative Updates, and --Update of NIST Computer Security Division. Note that agenda items may change... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February...

  11. 76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-28

    ... public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by... Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems... Discussion on cyber R&D Strategy, and --Update of NIST Computer Security Division. Note that agenda items...

  12. 77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-25

    ..., --Presentation/Discussion on Radios used by federal civilian agencies, and --Update of NIST Computer Security... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 10,...

  13. 77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-01

    ... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... NIST Computer Security Division. Note that agenda items may change without notice because of possible... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security...

  14. 75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-13

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to federal computer systems. Details regarding... National Institute of Standards and Technology Announcing a Meeting of the Information Security and...

  15. 76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-11

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to Federal computer systems. Details regarding... relating to computer security research, --Presentation on Access of Classified Information,...

  16. 78 FR 55657 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-11

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/Transportation Security Administration-021, TSA Pre[check]TM; Application Program System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt......

  17. 75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Exemptions; Department of Homeland Security Transportation Security Administration-023 Workplace Violence... Security Administration-023 Workplace Violence Prevention Program System of Records and this proposed... a new system of records under the Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace...

  18. Authentication, privacy, security can exploit brainwave by biomarker

    NASA Astrophysics Data System (ADS)

    Jenkins, Jeffrey; Sweet, Charles; Sweet, James; Noel, Steven; Szu, Harold

    2014-05-01

    We seek to augment the current Common Access Control (CAC) card and Personal Identification Number (PIN) verification systems with an additional layer of classified access biometrics. Among proven devices such as fingerprint readers and cameras that can sense the human eye's iris pattern, we introduced a number of users to a sequence of 'grandmother images', or emotionally evoked stimuli response images from other users, as well as one of their own, for the purpose of authentication. We performed testing and evaluation of the Authenticity Privacy and Security (APS) brainwave biometrics, similar to the internal organ of the human eye's iris which cannot easily be altered. `Aha' recognition through stimulus-response habituation can serve as a biomarker, similar to keystroke dynamics analysis for inter and intra key fluctuation time of a memorized PIN number (FIST). Using a non-tethered Electroencephalogram (EEG) wireless smartphone/pc monitor interface, we explore the appropriate stimuli-response biomarker present in DTAB low frequency group waves. Prior to login, the user is shown a series of images on a computer display. They have been primed to click their mouse when the image is presented. DTAB waves are collected with a wireless EEG and are sent via Smartphone to a cloud based processing infrastructure. There, we measure fluctuations in DTAB waves from a wireless, non-tethered, single node EEG device between the Personal Graphic Image Number (PGIN) stimulus image and the response time from an individual's mental performance baseline. Towards that goal, we describe an infrastructure that supports distributed verification for web-based EEG authentication. The performance of machine learning on the relative Power Spectral Density EEG data may uncover features required for subsequent access to web or media content. Our approach provides a scalable framework wrapped into a robust Neuro-Informatics toolkit, viable for use in the Biomedical and mental health

  19. The HIPAA headache. It just won't go away. An exclusive survey of privacy officers says full compliance with the 1-year-old regulations is still elusive.

    PubMed

    Morrissey, John

    2004-04-12

    After a year of HIPAA, there's still some adjusting to do. Some don't grasp the value of accounting to patients about disclosures, but HHS' Richard Campanelli, left, says it offers patients reassurance that their data was safeguarded. Baylor's Donna Bowers, on the cover, says caregivers are now understanding that "Maybe (patients) do care that I'm asking all these personal questions in front of all these people." PMID:15124410

  20. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA... Vocational Rehabilitation and Employment Records--VA'' (58VA21/22/28), first published at 74 FR 14865...

  1. 76 FR 60387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/Federal Emergency Management Agency-012 Suspicious Activity Reporting System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of......

  2. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth. PMID:24493763

  3. Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

    PubMed Central

    Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

    2012-01-01

    Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

  4. Users Do the Darndest Things: True Stories from the CyLab Usable Privacy and Security Laboratory

    NASA Astrophysics Data System (ADS)

    Cranor, Lorrie Faith

    How can we make security and privacy software more usable? The first step is to study our users. Ideally, we would watch them interacting with security or privacy software in situations where they face actual risk. But everyday computer users don't sit around fiddling with security software, and subjecting users to actual security attacks raises ethical and legal concerns. Thus, it can be difficult to observe users interacting with security and privacy software in their natural habitat. At the CyLab Usable Privacy and Security Laboratory, we've conducted a wide variety of studies aimed at understanding how users think about security and privacy and how they interact with security and privacy software. In this talk I'll give a behind the scenes tour of some of the techniques we've used to study users both in the laboratory and in the wild. I'll discuss the trials and tribulations of designing and carrying out security and privacy user studies, and highlight some of our surprising observations. Find out what privacy-sensitive items you can actually get study participants to purchase, how you can observe users' responses to a man-in-the-middle attack without actually conducting such an attack, why it's hard to get people to use high tech cell phones even when you give them away, and what's actually in that box behind the couch in my office.

  5. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

    PubMed

    Meganathan, Navamani Thandava; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  6. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks

    PubMed Central

    Thandava Meganathan, Navamani; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  7. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS. PMID:25298362

  8. 75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-10

    ... of Intelligence and Analysis, Department of Homeland Security, Washington, DC 20528. For privacy... Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), as amended. The NSI establishes a nationwide... to official DHS national security, law enforcement, immigration, intelligence activities,...

  9. Usable SPACE: Security, Privacy, and Context for the Mobile User

    NASA Astrophysics Data System (ADS)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  10. Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

    ERIC Educational Resources Information Center

    Buckman, Joel; Gold, Stephanie

    2012-01-01

    This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

  11. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 6 Domestic Security 1 2012-01-01 2012-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Pt. 5, App. A Appendix A to Part 5—FOIA/Privacy Act Offices of the Department of Homeland...

  12. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 6 Domestic Security 1 2011-01-01 2011-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  13. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  14. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false FOIA/Privacy Act Offices of the Department of Homeland Security A Appendix A to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE... of the Department of Homeland Security I. For the following Headquarters components of the...

  15. 78 FR 28867 - Privacy Act of 1974; Department of Homeland Security/U.S. Immigration and Customs Enforcement-014...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ...In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ``Department of Homeland Security/ U.S. Immigration and Customs Enforcement--014 Homeland Security Investigations Forensic Laboratory System of Records.'' This system of records allows the Department of Homeland Security/U.S.......

  16. Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

    PubMed

    Rosenbaum, Benjamin P

    2014-03-01

    Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords. PMID:24578170

  17. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  18. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  19. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  20. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  1. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  2. 76 FR 12609 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-08

    ... established system will be included in DHS's inventory of record systems. The NOC and SWO tracking functions... Security Operations Center Database (April 18, 2005, 70 FR 20061). The Privacy Act embodies fair... under the control of an agency from which information is retrieved by the name of the individual or...

  3. 77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-18

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA... October 8, 1999 (64 FR 54930), as amended on May 3, 2000 (65 FR 25775). We will match the OPM data with data in our Medicare Database (MDB), SOR 60-0321, last published at 71 FR 42159 (July 25, 2006)....

  4. 77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-06

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., Education, and Vocational Rehabilitation and Employment Records-VA'' (58VA21/22/28), published at 74 FR... FR 42159 (July 25, 2006). 2. Number of Records VA's data file will consist of approximately...

  5. Maintaining Security and Privacy in Educational Computer Centers: A Growing Problem

    ERIC Educational Resources Information Center

    Ball, Leslie D.

    1977-01-01

    Discusses a number of potential security and privacy problems that are frequently found in educational information systems and presents a framework for reviewing potential risks in an educational information system and procedures for insuring that adequate countermeasure exist. (Author/IRT)

  6. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally...) and (c)(2) of the Affordable Care Act; (3) Be equal to or more stringent than the requirements for... violation of section 1411(g) of the Affordable Care Act will be subject to a civil penalty of not more...

  7. 76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-23

    ...The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 26, 2011, from 8 a.m. until 5 p.m., Thursday, October 27, 2011, from 8:30 a.m. until 5 p.m., and Friday, October 28, 2011 from 8 a.m. until 12 p.m. All sessions will be open to the...

  8. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable information. 155.260 Section 155.260 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES REQUIREMENTS... Medicaid, CHIP or the BHP for the exchange of eligibility information must: (1) Meet any...

  9. Privacy, Security, & Compliance: Strange Bedfellows or a Marriage Made in Heaven?

    ERIC Educational Resources Information Center

    Corn, Michael; Rosenthal, Jane

    2013-01-01

    Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

  10. 75 FR 8092 - Privacy Act of 1974; Department of Homeland Security/ALL-027 The History of the Department of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security System of Records (69 FR 56781, September 22, 2004) for the collection and maintenance of records... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--027 The History..., Department of Homeland Security-2004- 0004 Oral History Program: The History of the Department of...

  11. 77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... DHS/ALL-004 General Information Technology Access Account Records System of Records (73 FR 28139, May... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-004 General... Homeland Security system of records notice titled, Department of Homeland Security/ALL-004...

  12. 76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--017 General... Security/ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in..., Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must...

  13. Assuring image authenticity within a data grid using lossless digital signature embedding and a HIPAA-compliant auditing system

    NASA Astrophysics Data System (ADS)

    Lee, Jasper C.; Ma, Kevin C.; Liu, Brent J.

    2008-03-01

    A Data Grid for medical images has been developed at the Image Processing and Informatics Laboratory, USC to provide distribution and fault-tolerant storage of medical imaging studies across Internet2 and public domain. Although back-up policies and grid certificates guarantee privacy and authenticity of grid-access-points, there still lacks a method to guarantee the sensitive DICOM images have not been altered or corrupted during transmission across a public domain. This paper takes steps toward achieving full image transfer security within the Data Grid by utilizing DICOM image authentication and a HIPAA-compliant auditing system. The 3-D lossless digital signature embedding procedure involves a private 64 byte signature that is embedded into each original DICOM image volume, whereby on the receiving end the signature can to be extracted and verified following the DICOM transmission. This digital signature method has also been developed at the IPILab. The HIPAA-Compliant Auditing System (H-CAS) is required to monitor embedding and verification events, and allows monitoring of other grid activity as well. The H-CAS system federates the logs of transmission and authentication events at each grid-access-point and stores it into a HIPAA-compliant database. The auditing toolkit is installed at the local grid-access-point and utilizes Syslog [1], a client-server standard for log messaging over an IP network, to send messages to the H-CAS centralized database. By integrating digital image signatures and centralized logging capabilities, DICOM image integrity within the Medical Imaging and Informatics Data Grid can be monitored and guaranteed without loss to any image quality.

  14. Protecting the Privacy of Social Security Numbers Act of 2013

    THOMAS, 113th Congress

    Rep. Frelinghuysen, Rodney P. [R-NJ-11

    2013-05-22

    06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  15. Personal Data Privacy and Security Act of 2014

    THOMAS, 113th Congress

    Rep. Shea-Porter, Carol [D-NH-1

    2014-02-04

    03/20/2014 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  16. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    PubMed Central

    Fernández, Gonzalo; López-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

  17. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

    PubMed

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  18. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

    PubMed Central

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  19. 77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-01

    ... From the Federal Register Online via the Government Publishing Office ] SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal...

  20. 78 FR 28761 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Immigration and Customs Enforcement--014 Homeland Security Investigations Forensic Laboratory System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt......

  1. 76 FR 41274 - Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable Accommodations Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable... to ] establish a new system of records titled, ``Department of Homeland Security/ALL-033 Reasonable..., Washington, DC 20528. Instructions: All submissions received must include the agency name and docket...

  2. Security and privacy issues in implantable medical devices: A comprehensive survey.

    PubMed

    Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

    2015-06-01

    Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. PMID:25917056

  3. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  4. 75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-23

    ...The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, November 3, 2010, from 9 a.m. until 4:30 p.m., Thursday, November 4, 2010, from 8:30 a.m. until 5 p.m., and Friday, November 5, 2010 from 8 a.m. until 12:30 p.m. All sessions will be open to the...

  5. Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

    PubMed

    Richardson, Joshua E; Ancker, Jessica S

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  6. Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

    PubMed Central

    Richardson, Joshua E.; Ancker, Jessica S.

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  7. The Relationship of HIPAA to Special Education

    ERIC Educational Resources Information Center

    Benitz, Catherine, Comp.

    2006-01-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes important, but limited, protections for millions of working Americans and their families around the ability to obtain and keep health coverage. Among its specific protections, HIPAA: (1) Limits the use of preexisting condition exclusions; (2) Prohibits group health…

  8. Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

    PubMed

    Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

    2013-08-01

    Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship. PMID:23774516

  9. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency. PMID:26084587

  10. SecureMA: protecting participant privacy in genetic association meta-analysis

    PubMed Central

    Xie, Wei; Kantarcioglu, Murat; Bush, William S.; Crawford, Dana; Denny, Joshua C.; Heatherly, Raymond; Malin, Bradley A.

    2014-01-01

    Motivation: Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. Results: We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Availability and implementation: Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService Contact: b.malin@vanderbilt.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:25147357

  11. Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

    PubMed Central

    Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

    2015-01-01

    Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

  12. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

    PubMed

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  13. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

    PubMed Central

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  14. The Health Insurance Portability & Accountability Act and the practice of dentistry in the United States: system security.

    PubMed

    Chasteen, Joseph E; Murphy, Gretchen; Forrey, Arden; Heid, David

    2004-08-15

    This article reviews the issues related to the Health Insurance Portability & Accountability Act (HIPAA) security rule that apply to dental practice. The security rule specifically addresses individually identifiable health information that is transmitted or maintained in electronic media. System security must be applied to the entire technical infrastructure for the practice environment as well as to the work culture on a daily basis and must be thought of as an enterprise asset. Security refers to all of the policies, procedures, tools, and techniques used to assure that privacy and confidentiality are adequately addressed in a healthcare system. HIPAA requires all covered entities that transmit or maintain electronic health information perform, and document, a risk assessment for security and develop a security plan to address major areas of concern. A self-assessment tool is provided in this article. PMID:15318267

  15. Privacy enhanced group communication in clinical environment

    NASA Astrophysics Data System (ADS)

    Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha

    2005-04-01

    Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.

  16. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... records notice titled, DHS/TSA-006 Correspondence Matters Tracking System Records (CMTR) (68 FR 49496... the Federal Register on June 25, 2004 (69 FR 35536). Consistent with the Privacy Act, information... (69 FR 35536). However, TSA will consider individual requests to determine whether or not...

  17. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-015 Registered Traveler Operations Files (November 8, 2005, 69 FR 67735), which was written to...)-015 Registered Traveler (RT) Operations File Files (November 8, 2005, 69 FR 67735), which was written..., Arlington, VA 20598-6036; email: TSAPrivacy@dhs.gov . For privacy issues, please contact: Jonathan...

  18. 75 FR 5609 - Privacy Act of 1974; Department of Homeland Security/ALL-024 Facility and Perimeter Access...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ...In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue Department of Homeland Security/ALL--024 Facility and Perimeter Access Control and Visitor Management System of Records to include record systems within the Federal Protective Service. Categories of individuals, categories of records, purpose and routine uses of this system have been......

  19. 78 FR 15889 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-13

    ...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Customs and Border Protection, DHS/CBP-018--Customs--Trade Partnership Against Terrorism (C-TPAT) System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to......

  20. 76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... records titled, ``Department of Homeland Security/United States Coast Guard-027 Recruiting Files System of Records.'' This system of records allows the Department of Homeland Security/United States Coast Guard to...: Marilyn Scott-Perez (202-475-3515), Privacy Officer, United States Coast Guard, 2100 2nd Street, SW.,...

  1. 75 FR 39184 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-029 Civil...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    .../Civil Rights and Civil Liberties--001 Matters System of Records (69 FR 70464, December 6, 2004) and... Exemptions; Department of Homeland Security/ALL--029 Civil Rights and Civil Liberties Records System of... Privacy Act of 1974 for the Department of Homeland Security/ALL--029 Civil Rights and Civil...

  2. 76 FR 53921 - Privacy Act of 1974; Department of Homeland Security ALL-034 Emergency Care Medical Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-30

    ... employees, their records are considered part of the OPM/GOVT-10--Employee Medical File System Records, 71 FR... considered part of the OPM/GOVT- ] 10--Employee Medical File System Records, 71 FR 35360 (Jun. 19, 2006... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security ALL--034...

  3. Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

    PubMed

    Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

    2015-01-01

    This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology. PMID:25868685

  4. A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

    PubMed

    Mishra, Raghavendra; Barnwal, Amit Kumar

    2015-05-01

    The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes. PMID:25750176

  5. Clouds and rainbows on the HIPAA horizon.

    PubMed

    Tennant, R M

    1999-01-01

    In the planning phase for several years, the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) finally appear ready for implementation. The Health Care Financing Administration (HCFA) expects that the major HIPAA measures will be released in late 1999. For group practices, it is expected that implementation of these provisions will be complicated and consume significant amounts of time and money. Still, the end result should justify the effort. PMID:10788078

  6. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    NASA Astrophysics Data System (ADS)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  7. Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

    NASA Astrophysics Data System (ADS)

    Slamanig, Daniel; Stingl, Christian

    In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

  8. A security and privacy preserving e-prescription system based on smart cards.

    PubMed

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations. PMID:22407399

  9. Quantifying the Correctness, Computational Complexity, and Security of Privacy-Preserving String Comparators for Record Linkage

    PubMed Central

    Durham, Elizabeth; Xue, Yuan; Kantarcioglu, Murat; Malin, Bradley

    2011-01-01

    Record linkage is the task of identifying records from disparate data sources that refer to the same entity. It is an integral component of data processing in distributed settings, where the integration of information from multiple sources can prevent duplication and enrich overall data quality, thus enabling more detailed and correct analysis. Privacy-preserving record linkage (PPRL) is a variant of the task in which data owners wish to perform linkage without revealing identifiers associated with the records. This task is desirable in various domains, including healthcare, where it may not be possible to reveal patient identity due to confidentiality requirements, and in business, where it could be disadvantageous to divulge customers' identities. To perform PPRL, it is necessary to apply string comparators that function in the privacy-preserving space. A number of privacy-preserving string comparators (PPSCs) have been proposed, but little research has compared them in the context of a real record linkage application. This paper performs a principled and comprehensive evaluation of six PPSCs in terms of three key properties: 1) correctness of record linkage predictions, 2) computational complexity, and 3) security. We utilize a real publicly-available dataset, derived from the North Carolina voter registration database, to evaluate the tradeoffs between the aforementioned properties. Among our results, we find that PPSCs that partition, encode, and compare strings yield highly accurate record linkage results. However, as a tradeoff, we observe that such PPSCs are less secure than those that map and compare strings in a reduced dimensional space. PMID:22904698

  10. A Framework for Privacy-preserving Classification of Next-generation PHR data.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

    2014-01-01

    Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy. PMID:25000030

  11. Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

    ERIC Educational Resources Information Center

    Coronado, Adolfo S.

    2012-01-01

    Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

  12. Security Concerns in Android mHealth Apps

    PubMed Central

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A.; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  13. Security Concerns in Android mHealth Apps.

    PubMed

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  14. 77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-009 General Legal Records (August 18, 2003, 68 FR 49496), which was written to assist attorneys in... Security/ ALL-017 General Legal Records (November 23, 2011, 76 FR 72428) to cover its legal activities.../Transportation Security Administration (TSA)-009 General Legal Records (August 18, 2003, 68 FR 49496), which...

  15. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  16. 76 FR 39245 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... Federal Register of May 13, 2011 a final rule that amended its regulations to exempt portions of a... general questions please contact Marilyn Scott-Perez (202-475-3515), Privacy Officer, U.S. Coast Guard... Department of Homeland Security published a document in the Federal Register of May 13, 2011, a final...

  17. 76 FR 60385 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... Immigration System-3 Automated Background Functions System of Records AGENCY: Privacy Office, DHS. ACTION... Homeland Security U.S. Citizenship and Immigration Services-016 Electronic Immigration System-3 Automated... Services (USCIS) proposes to establish a new DHS system of records titled, ``DHS/USCIS-016...

  18. 75 FR 28035 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Homeland Security, Washington, DC 20529. For privacy issues please contact: Mary Ellen Callahan (703-235... Image Storage and Retrieval System (ISRS). If the employee is a non-immigrant, E-Verify queries the Form... the employee getting a TNC but the employee did not try to resolve the issue with SSA or DHS and...

  19. 75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... FR 7979, February 23, 2010) proposing to exempt portions of the system of records from one or more... published concurrently in the Federal Register, (75 FR 8092, February 23, 2010) and comments were invited on.../ALL--027 The History of the Department of Homeland Security System of Records AGENCY: Privacy...

  20. Security and privacy issues in wireless sensor networks for healthcare applications.

    PubMed

    Al Ameen, Moshaddique; Liu, Jingwei; Kwak, Kyungsup

    2012-02-01

    The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures. PMID:20703745

  1. Protocols development for security and privacy of radio frequency identification systems

    NASA Astrophysics Data System (ADS)

    Sabbagha, Fatin

    There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

  2. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... CFR Sec. 1560. \\1\\ 77 FR 69491 (Nov. 19, 2012). Under sec. 4012(a)(1)-(2) of the Intelligence Reform.... \\4\\ 73 FR 64018 (Oct. 28, 2008). TSA established the Secure Flight system of records and published...\\ Information collection falls under OMB Control Number 1652-0046. \\5\\ 72 FR 48392. \\6\\ 72 FR 63711. \\7\\ 77...

  3. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... August 4, 2006 in 71 FR 44223. This updated system will be included in DHS' inventory of record systems.... Electronic access is limited by computer security measures that are strictly enforced. TSA file areas are... rule published on August 4, 2006 in 71 FR 44223. Dated: November 21, 2013. Karen L. Neuman...

  4. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Intelligence Service (TSIS) Operations Files System of Records (69 FR 71828, December 10, 2004...(j)(2), (k)(1), (k)(2) and (k)(5) as reflected in the final rule published on August 4, 2006 in 71 FR...)(2), and (k)(5) as reflected in the final rule published on August 4, 2006, in 71 FR 44223....

  5. 77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-012 Transportation Worker Identification Credentialing System (September 24, 2004, 69 FR 57348..., 2010, 75 FR 28046), which covers the Security Threat Assessment process associated with the... Credentialing (TWIC) System (September 24, 2004, 69 FR 57348), which was written to cover the Prototype Phase...

  6. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Threat Assessment System of Records (70 FR 33383, November 8, 2005). TSA's mission is to... systems as reflected in the final rule published on June 25, 2004 in 69 FR 35536. The information is... Investigation--009 Fingerprint Identification Records System (72 FR 3410, January 1, 2007). ] Exemptions...

  7. 77 FR 33753 - Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection, DHS/CBP...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ...In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ``Department of Homeland Security, U.S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.'' This system of records will allow the Department of Homeland Security/U.S.......

  8. A Practitioner's Response to the New Health Privacy Regulations

    ERIC Educational Resources Information Center

    Yang, Julia A.; Kombarakaran, Francis A.

    2006-01-01

    The established professional practice requiring informed consent for the disclosure of personal health information with its implied right to privacy suffered a serious setback with the first federal privacy initiative of the Bush administration. The new Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L. 104-191) privacy…

  9. Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

    PubMed Central

    Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  10. Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks.

    PubMed

    Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  11. The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

    PubMed Central

    Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

    2015-01-01

    Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater

  12. Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

    PubMed

    Namoğlu, Nihan; Ulgen, Yekta

    2013-01-01

    Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects. PMID:23823398

  13. HIPAA's transactions regulations. Where are we today?

    PubMed

    Callahan-Morris, Elizabeth; Shields, Juli K

    2003-01-01

    By now, the health care industry is feeling the effects of the implementation of the Standards for Electronic Transactions promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The standards, or transaction rule, have been substantially in final form since Aug. 17, 2000, but it has taken the industry every bit of the allotted time period, including a one-year extension, to work through the technical and interpretative issues to meet the Oct. 16, 2003, compliance deadline. PMID:14628326

  14. A framework for privacy-preserving access to next-generation EHRs.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Tsohou, Aggeliki; Vassilacopoulos, George

    2014-01-01

    Although personalized medicine is optimizing the discovery, development and application of therapeutic advances, its full impact on patient and population healthcare management has yet to be realized. Electronic health Records (EHRs), integrated with data from other sources, such as social care data, Personal Healthcare Record (PHR) data and genetic information, are envisaged as having a pivotal role in realizing this individualized approach to healthcare. Thus, a new generation of EHRs will emerge which, in addition to supporting healthcare professionals in making well-informed clinical decisions, shows potential for novel discovery of associations between disease and genetic, environmental or process measures. However, a broad range of ethical, legal and technical reasons may hinder the realization of future EHRs due to potential security and privacy breaches. This paper presents a HIPAA-compliant framework that enables privacy-preserving access to next-generation EHRs. PMID:25160285

  15. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS. PMID:23818249

  16. Privacy preserving, real-time and location secured biometrics for mCommerce authentication

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Al-Assam, Hisham; Jassim, Sabah; Lami, Ihsan A.

    2011-06-01

    Secure wireless connectivity between mobile devices and financial/commercial establishments is mature, and so is the security of remote authentication for mCommerce. However, the current techniques are open for hacking, false misrepresentation, replay and other attacks. This is because of the lack of real-time and current-precise-location in the authentication process. This paper proposes a new technique that includes freshly-generated real-time personal biometric data of the client and present-position of the mobile device used by the client to perform the mCommerce so to form a real-time biometric representation to authenticate any remote transaction. A fresh GPS fix generates the "time and location" to stamp the biometric data freshly captured to produce a single, real-time biometric representation on the mobile device. A trusted Certification Authority (CA) acts as an independent authenticator of such client's claimed realtime location and his/her provided fresh biometric data. Thus eliminates the necessity of user enrolment with many mCommerce services and application providers. This CA can also "independently from the client" and "at that instant of time" collect the client's mobile device "time and location" from the cellular network operator so to compare with the received information, together with the client's stored biometric information. Finally, to preserve the client's location privacy and to eliminate the possibility of cross-application client tracking, this paper proposes shielding the real location of the mobile device used prior to submission to the CA or authenticators.

  17. 75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... FR 55335). The Privacy Act embodies fair information principles in a statutory framework governing..., Planning, Coordination, Reporting, Analysis, and Fusion System of Records AGENCY: Privacy Office, DHS..., Coordination, Reporting, Analysis, and Fusion System of Records and this proposed rulemaking. In this...

  18. 76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-08

    ... in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR 69603, on... originally published in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR... Initiative (September 10, 2010, 75 FR 55335). II. Privacy Act The Privacy Act embodies fair...

  19. College Student Records: Legal Issues, Privacy, and Security Concerns. ERIC Digest.

    ERIC Educational Resources Information Center

    Holub, Tamara

    This digest briefly reviews the provisions of the Family Educational Rights and Privacy Act (FERPA) of 1974 (the Buckley Amendment), which sets out legal guidelines regarding the privacy of student records and the provisions of the U.S. Patriot Act, along with the measures some colleges are implementing to comply with these laws and improve the…

  20. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  1. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  2. 45 CFR 150.207 - Procedure for determining that a State fails to substantially enforce HIPAA requirements.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... substantially enforce HIPAA requirements. 150.207 Section 150.207 Public Welfare DEPARTMENT OF HEALTH AND HUMAN... HIPAA Requirements § 150.207 Procedure for determining that a State fails to substantially enforce HIPAA... is substantially enforcing HIPAA requirements....

  3. National Association of School Nurses ISSUE BRIEF: School Health Nurse's Role in Education: Privacy Standards for Student Health Records

    ERIC Educational Resources Information Center

    Pohlman, Katherine; Schwab, Nadine

    2003-01-01

    This article is a reprint of the National Association of School Nurses' "Issue Brief" on Privacy Standards for Student Health Records. It distinguishes between the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HI-PAA), clarifies which of these laws governs the privacy of student health…

  4. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    PubMed

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields. PMID:26955504

  5. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    PubMed Central

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  6. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    PubMed

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas. PMID:24446151

  7. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

    PubMed Central

    2013-01-01

    Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or

  8. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... RELATING TO HEALTH CARE ACCESS EXCHANGE ESTABLISHMENT STANDARDS AND OTHER RELATED STANDARDS UNDER THE AFFORDABLE CARE ACT General Functions of an Exchange § 155.280 Oversight and monitoring of privacy...

  9. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... RELATING TO HEALTH CARE ACCESS EXCHANGE ESTABLISHMENT STANDARDS AND OTHER RELATED STANDARDS UNDER THE AFFORDABLE CARE ACT General Functions of an Exchange § 155.280 Oversight and monitoring of privacy...

  10. Automated secured cost effective key refreshing technique to enhance WiMAX privacy key management

    NASA Astrophysics Data System (ADS)

    Sridevi, B.; Sivaranjani, S.; Rajaram, S.

    2013-01-01

    In all walks of life the way of communication is transformed by the rapid growth of wireless communication and its pervasive use. A wireless network which is fixed and richer in bandwidth is specified as IEEE 802.16, promoted and launched by an industrial forum is termed as Worldwide Interoperability for Microwave Access (WiMAX). This technology enables seamless delivery of wireless broadband service for fixed and/or mobile users. The obscurity is the long delay which occurs during the handoff management in every network. Mobile WiMAX employs an authenticated key management protocol as a part of handoff management in which the Base Station (BS) controls the distribution of keying material to the Mobile Station (MS). The protocol employed is Privacy Key Management Version 2- Extensible Authentication Protocol (PKMV2-EAP) which is responsible for the normal and periodical authorization of MSs, reauthorization as well as key refreshing. Authorization key (AK) and Traffic Encryption key (TEK) plays a vital role in key exchange. When the lifetime of key expires, MS has to request for a new key to BS which in turn leads to repetition of authorization, authentication as well as key exchange. To avoid service interruption during reauthorization , two active keys are transmitted at the same time by BS to MS. The consequences of existing work are hefty amount of bandwidth utilization, time consumption and large storage. It is also endured by Man in the Middle attack and Impersonation due to lack of security in key exchange. This paper designs an automatic mutual refreshing of keys to minimize bandwidth utilization, key storage and time consumption by proposing Previous key and Iteration based Key Refreshing Function (PKIBKRF). By integrating PKIBKRF in key generation, the simulation results indicate that 21.8% of the bandwidth and storage of keys are reduced and PKMV2 mutual authentication time is reduced by 66.67%. The proposed work is simulated with Qualnet model and