Science.gov

Sample records for hipaa privacy security

  1. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security... temporarily waived by the Secretary. (c) Security requirements—(1) Standard. An endorsed sponsor must...

  2. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

  3. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  4. Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules.

    PubMed

    Choi, Young B; Capitan, Kathleen E; Krause, Joshua S; Streeper, Meredith M

    2006-02-01

    This paper discusses the challenges associated with privacy in health care in the electronic information age based on the Health Insurance Portability and Accountability Act (HIPAA) and the Security Rules. We examine the storing and transmission of sensitive patient data in the modem health care system and discuss current security practices that health care providers institute to comply with HIPAA Security Rule regulations. Based on our research results, we address current outstanding issues that act as impediments to the successful implementation of security measures and conclude the discussion and offer possible avenues of future research.

  5. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 2 2014-10-01 2014-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL PROVISIONS SPECIAL PROGRAMS AND PROJECTS...

  6. A cryptographic key management solution for HIPAA privacy/security regulations.

    PubMed

    Lee, W-B; Lee, C-D

    2008-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

  7. A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations.

    PubMed

    Lee, Chien-Ding; Ho, Kevin I-J; Lee, Wei-Bin

    2011-07-01

    Digitizing medical records facilitates the healthcare process. However, it can also cause serious security and privacy problems, which are the major concern in the Health Insurance Portability and Accountability Act (HIPAA). While various conventional encryption mechanisms can solve some aspects of these problems, they cannot address the illegal distribution of decrypted medical images, which violates the regulations defined in the HIPAA. To protect decrypted medical images from being illegally distributed by an authorized staff member, the model proposed in this paper provides a way to integrate several cryptographic mechanisms. In this model, the malicious staff member can be tracked by a watermarked clue. By combining several well-designed cryptographic mechanisms and developing a key management scheme to facilitate the interoperation among these mechanisms, the risk of illegal distribution can be reduced.

  8. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

    PubMed

    2013-01-25

    The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

  9. 78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-07

    ..., Health records, Hospitals, Investigations, Medicaid, Medical research, Medicare, Penalties, Privacy... information to the Department of State to determine medical suitability for the purpose of a required security..., Health, Health care, Health facilities, Health insurance, Health records, Hospitals, Medicaid,...

  10. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  11. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    PubMed

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

  12. 78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-25

    ... electronic health records and other formats. This final rule also makes changes to the HIPAA rules that are... changes are consistent with, and arise in part from, the Department's obligations under Executive Order... rule implements changes to the HIPAA Rules under a number of authorities. First, the final...

  13. HIPAA Privacy 101: essentials for case management practice.

    PubMed

    DiBenedetto, Deborah V

    2003-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard.

  14. 75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-14

    ... a person's social security number; date of birth; driver's license number, State identification.... 104-191), which added a new part C to title XI of the Social Security Act (sections 1171-1179 of the Social Security Act, 42 U.S.C. 1320d-1320d-8). The Health Information Technology for Economic...

  15. Compliance with HIPAA security standards in U.S. Hospitals.

    PubMed

    Davis, Diane; Having, Karen

    2006-01-01

    With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

  16. HIPAA's Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

    ERIC Educational Resources Information Center

    Stephens, James H.; Parrillo, Anthony V.

    2011-01-01

    The confidentiality of a patient's information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient's privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual's health information on the web. Consequently, if a…

  17. Assessing the effects of the HIPAA privacy rule on release of patient information by healthcare facilities.

    PubMed

    Houser, Shannon H; Houser, Howard W; Shewchuk, Richard M

    2007-03-23

    The HIPAA privacy rule (HIPAA) has had both positive and negative effects on the release of patient information by healthcare facilities. Although the intention of HIPAA was to protect patient privacy and to promote security and confidentiality of patient information, it has had unintended consequences for facilities. To identify some of these unintended effects, two expert panels of health information management directors from healthcare facilities participated in the nominal group technique meetings. They identified 70 barriers related to release of patient information associated with the implementation of HIPAA. The perceived biggest barriers were increases in the public's misunderstanding about release of patient information, lack of an umbrella policy or regulation defining infractions and enforcement that allows individual institutions to make their own interpretations, and challenges to health information management professionals in controlling safeguards related to release of information given the transition to electronic health records and the increased involvement of information technology. The findings from this study suggest there is a need for additional clarification of the regulations governing HIPAA, standardized instructions, and extensive training of healthcare workers.

  18. Implementing HIPAA security in a membership organization.

    PubMed

    Hillabrant, L P; Gaignard, K E

    2000-01-01

    The upcoming HIPAA security regulations are forcing a change in business and operating procedures that many, if not most, healthcare organizations are ill-prepared to tackle. Of all healthcare organizational structures, membership organizations will most likely face the greatest number of obstacles in preparing for and implementing the HIPAA security regulations. This is because the membership organization as a whole must find a way to accommodate the disparate technologies, business and operating methodologies and processes, and available, limited resources of its individual member organizations, and integrate these into a uniform implementation plan. Compounding these obvious difficulties is the unique challenge of enforcement authority. The individual member organizations are autonomous business entities, whereas the membership organization as a whole merely acts as an advisor or consultant, and has only limited enforcement authority over any individual member organization. This article explores this unique situation in depth. We focus on PROMINA Health System, a nonprofit healthcare membership organization that consists of five disparate member healthcare organizations. We examine the challenges PROMINA has encountered in its quest to institute an organization-wide HIPAA security program and its methodology for accomplishing program implementation.

  19. HIPAA the Health Care Hippo: Despite the Rhetoric, Is Privacy Still an Issue?

    ERIC Educational Resources Information Center

    Kuczynski, Kay; Gibbs-Wahlberg, Patty

    2005-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (PL. 104-191) is a multitiered, comprehensive, convoluted, and controversial federal law for sweeping health care reform. Although HIPAA is dramatically broader in scope than privacy protections for health care information, a provision for privacy in the form of a Privacy Rule…

  20. What if? The one question every administrator should ask. Use HIPAA rules as a blueprint for broader safety, security.

    PubMed

    Redling, Bob

    2007-08-01

    Are you doing enough to control security and privacy at your practice? Could you cope if your organization suffered a disaster that destroyed facilities, business documents and patient records? Although Health Insurance Portability and Accountability Act (HIPAA) security and privacy rules focus on patient health information, they also point the way to a more comprehensive approach to managing risk. By using HIPAA rules as a blueprint, you can design policies and procedures to address everything from safeguarding financial information to protecting the personal safety of patients, physicians and staff.

  1. HIPAA Privacy and Security Standards: A Gap Analysis for the Compliance Challenge at the Northern Arizona VA Health Care System (NAVAHCS)

    DTIC Science & Technology

    2006-05-31

    and his rights of independence, self-reliance, and privacy (Morreim, 1995). Autonomy is a core value in the field of bioethics and an important...component of privacy. Our culture has been transformed in the last two decades by the rapid introduction of astounding new technology into the world of...increasingly information driven health and business culture . Will the expeditious and unrestricted flow of information make life better? How will it

  2. A HIPAA-compliant architecture for securing clinical images.

    PubMed

    Liu, Brent J; Zhou, Zheng; Huang, H K

    2006-06-01

    The Health Insurance Portability and Accountability Act (HIPAA, instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems [e.g., picture archiving and communication system (PACS)] have components that generate log files for application debugging purposes, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log data generated by these multiple components within a PACS. We have designed a HIPAA-compliant architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, we developed HIPAA-compliant auditing system (H-CAS) based on parts of this HIPAA-compliant architecture. H-CAS was implemented within a test-bed PACS simulator located in the Image Processing and Informatics lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as on normal operational activity. Integration and implementation pitfalls were also noted and included.

  3. A HIPAA-compliant architecture for securing clinical images

    NASA Astrophysics Data System (ADS)

    Liu, Brent J.; Zhou, Zheng; Huang, H. K.

    2005-04-01

    The HIPAA (Health Insurance Portability and Accountability Act, Instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems (eg, PACS) have components that generate log files as a solution to address the HIPAA mandate, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log file data generated by these multiple components within a PACS. We have designed and developed a HIPAA Compliant Architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, a software toolkit was implemented based on the HIPAA Compliant architecture. The toolkit was implemented within a testbed PACS Simulator located in the Image Processing and Informatics (IPI) lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS Simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as normal operational activity.

  4. 75 FR 23214 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-03

    ... Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act... Accountability Act of 1996 (HIPAA) Privacy Rule to receive an accounting of disclosures of protected health... entities and business associates of accounting for such disclosures, and other information that may...

  5. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  6. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  7. Privacy and security in Pennsylvania: ensuring privacy and security of health information exchange in Pennsylvania.

    PubMed

    Marshall, Glen F; Gillespie, William; Fox, Steven J

    2009-01-01

    Though HIPAA addresses privacy and security on a nationwide basis, state laws and regulations vary. This paper describes the landscape for privacy and security in Pennsylvania and its key elements. It addresses common myths and misunderstandings and provides an overview of what is actually required to provide needed protections privacy policies from government and the stakeholders; risk analysis and management; and technical and non-technical means to enforce policies and mitigate risks. Also covered are the enablers, barriers and key recommendations for the future.

  8. mHealth data security: the need for HIPAA-compliant standardization.

    PubMed

    Luxton, David D; Kayl, Robert A; Mishkind, Matthew C

    2012-05-01

    The rise in the use of mobile devices, such as smartphones, tablet personal computers, and wireless medical devices, as well as the wireless networks that enable their use, has raised new concerns for data security and integrity. Standardized Health Insurance Portability and Accountability Act of 1996 (HIPAA)-compliant electronic data security that will allow ubiquitous use of mobile health technologies is needed. The lack of standardized data security to assure privacy, to allow interoperability, and to maximize the full capabilities of mobile devices presents a significant barrier to care. The purpose of this article is to provide an overview of the issue and to encourage discussion of this important topic. Current security needs, standards, limitations, and recommendations for how to address this barrier to care are discussed.

  9. Privacy in the digital world: medical and health data outside of HIPAA protections.

    PubMed

    Glenn, Tasha; Monteith, Scott

    2014-11-01

    Increasing quantities of medical and health data are being created outside of HIPAA protection, primarily by patients. Data sources are varied, including the use of credit cards for physician visit and medication co-pays, Internet searches, email content, social media, support groups, and mobile health apps. Most medical and health data not covered by HIPAA are controlled by third party data brokers and Internet companies. These companies combine this data with a wide range of personal information about consumer daily activities, transactions, movements, and demographics. The combined data are used for predictive profiling of individual health status, and often sold for advertising and other purposes. The rapid expansion of medical and health data outside of HIPAA protection is encroaching on privacy and the doctor-patient relationship, and is of particular concern for psychiatry. Detailed discussion of the appropriate handling of this medical and health data is needed by individuals with a wide variety of expertise.

  10. Beef up your information security with the new HIPAA-mandated standards.

    PubMed

    1999-12-01

    Beef up information security using HIPAA standards. This month, the federal Department of Health and Human Services will release the final standards for information security mandated by the 1996 Health Insurance Portability and Accountability Act (HIPAA). To comply with HIPAA, you must perform an applications and data criticality analysis and develop a data backup plan, a disaster recovery plan, and an emergency mode operation plan.

  11. How to avoid a HIPAA horror story.

    PubMed

    Withrow, Scott C

    2010-08-01

    The Health Information Technology for Economic and Clinical Health Act of 2009 significantly expands the financial risk of violations of the Health Insurance Portability and Accountability Act (HIPAA) and extends HIPAA procedures and penalties to business associates. Hospitals, physicians, and their business associates should ensure that HIPAA privacy and security provisions are adopted. Compliance efforts should focus on high-risk areas, including information access management, access control, and impermissible disclosures of protected health information.

  12. Making sense of HIPAA Privacy: solutions for complex compliance dilemmas.

    PubMed

    Rovner, Jack A

    2004-01-01

    This Article examines and proposes solutions for the following compliance problems under the Health Information Portability and Accountability Act's Privacy Rule: (a) determining compliance requirements when multiple provisions of the Privacy Rule allow a use or disclosure of protected health information; (b) managing minimum necessary for disclosures to noncovered entities; (c) managing interaction between organized healthcare arrangements and noncovered providers; (d) processing joint health and life/disability insurance applications; (e) reconciling family coverage explanations of benefits and family member's confidential communication demands; and (f) explaining denial of protected health information access based on endangerment. In the course of the analysis, the Article presents a Privacy Rule Compliance Tool that summarizes the compliance requirements associated with each Privacy Rule provision that allows protected health information use or disclosure.

  13. Challenges and Insights in Using HIPAA Privacy Rule for Clinical Text Annotation

    PubMed Central

    Kayaalp, Mehmet; Browne, Allen C.; Sagan, Pamela; McGee, Tyne; McDonald, Clement J.

    2015-01-01

    The Privacy Rule of Health Insurance Portability and Accountability Act (HIPAA) requires that clinical documents be stripped of personally identifying information before they can be released to researchers and others. We have been manually annotating clinical text since 2008 in order to test and evaluate an algorithmic clinical text de-identification tool, NLM Scrubber, which we have been developing in parallel. Although HIPAA provides some guidance about what must be de-identified, translating those guidelines into practice is not as straightforward, especially when one deals with free text. As a result we have changed our manual annotation labels and methods six times. This paper explains why we have made those annotation choices, which have been evolved throughout seven years of practice on this field. The aim of this paper is to start a community discussion towards developing standards for clinical text annotation with the end goal of studying and comparing clinical text de-identification systems more accurately. PMID:26958206

  14. HIPAA and information security risk: implementing an enterprise-wide risk management strategy

    NASA Astrophysics Data System (ADS)

    Alberts, Christopher J.; Dorofee, Audrey

    2001-08-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 effectively establishes a standard of due care for healthcare information security. One of the challenges of implementing policies, procedures, and practices consistent with HIPAA requirements in the Department of Defense Military Health System is the need for a method that can tailor the requirements to a variety of organizational contexts. This paper will describe a self- directed information security risk evaluation that will enable military healthcare providers to assess their risks and to develop mitigation strategies consistent with HIPAA guidelines.

  15. What to do before the office for civil rights comes knocking: Part II. Coping with breaches, enforcement, and other fallout of HIPAA: the significance of harm.

    PubMed

    Cascardo, Debra

    2012-01-01

    Physicians and their lawyers must review business associates that are subject to HIPAA and must revisit their HIPAA privacy and security efforts to comply with the new rules. In particular, they must: (1) review and revise their HIPAA privacy and security notices, policies, administrative materials, and training manuals; (2) review, negotiate, and revise their business associate agreements; and (3) train any employees who have access to PHI with respect to the changes to HIPAA's rules as a result of ARRA.

  16. HIPAA compliant auditing system for medical images.

    PubMed

    Zhou, Zheng; Liu, Brent J

    2005-01-01

    As an official regulation for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) mandates health institutions to protect health information against unauthorized use or disclosure. One such method proposed by HIPAA Security Standards is audit trail, which records and examines health information access activities. HIPAA mandates healthcare providers to have the ability to generate audit trails on data access activities for any specific patient. Although current medical imaging systems generate activity logs, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. This paper outlines the design of a HIPAA compliant auditing system (HCAS) for medical images in imaging systems such as PACS and discusses the development of a security monitoring (SM) toolkit based on some of the partial components in HCAS.

  17. Logical Specification of the GLBA and HIPAA Privacy Laws

    DTIC Science & Technology

    2010-04-29

    Office contract on Perpetually Available and Secure Information Systems (DAAD19-02-1-0389) to Carnegie Mellon CyLab, the NSF Science and Technology...LPU, the evolving system is modeled as a trace σ: an infinite sequence of states σ = s0s1s2 · · · . Each LPU state is a tuple si = (κi, ρi, ai) of a...should not affect the roles held by the various principals in the system . This intuition gives us properties which must be satisfied by the first-order

  18. Can EHRs and HIEs get along with HIPAA security requirements?

    PubMed

    Sarrico, Christine; Hauenstein, Jim

    2011-02-01

    For Enloe Medical Center in California, a good-faith effort to self-report a breach in the privacy of a patient's medical record resulted in a six-figure fine imposed by a state regulatory agency. Hospitals face a "catch-22" situation in responding to the conflicting mandates of developing electronic health records that allow information sharing across institutions versus ensuring absolute protection and security of patients' individual health information. Some industry analysts suggest that the sanctions for security breaches such as the one experienced by Enloe will have the unintended effect of discouraging self-reporting of breaches.

  19. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  20. The Health Insurance Portability and Accountability Act: security and privacy requirements.

    PubMed

    Tribble, D A

    2001-05-01

    The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

  1. Evaluating re-identification risks with respect to the HIPAA privacy rule

    PubMed Central

    Benitez, Kathleen

    2010-01-01

    Objective Many healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share “de-identified” records. Such policies, however, are often applied without knowledge of the risk of “re-identification”. The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists. Measurements We define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries. Results The percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17 000, further confirming risk variability. Conclusions This work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data. PMID:20190059

  2. Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

    ERIC Educational Resources Information Center

    Johnson, James R.

    2013-01-01

    The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

  3. Leveraging HIPAA to support consumer empowerment.

    PubMed

    Niedzwiecki, P; Priest, S L; Pivnicny, V C; Ruffino, B C

    2000-01-01

    The consumer empowerment movement needs to provide consumers with more access and control of their healthcare records. The premise of this article is that there is a fundamental market shift towards consumer empowerment--and technology is the driving force. We contend the results will satisfy the intent of the HIPAA mandate. Two restrictions impede the market from moving toward real consumer empowerment. First, managing one's own health history record is difficult because the complete record is segmented in disparate systems that are difficult to integrate. This is because unique identifiers and consistent coding are nonexistent. Second, security and control of patient identifiable health information is still evolving. There is no consensus among providers for Internet security, as we can see by all the legislative privacy bills trying to address the issue. HIPAA is both a legislative mandate and an enabler of the next healthcare paradigm. Providers must comply with the HIPAA mandates for electronic data interchange (EDI) code sets, administrative simplification, and privacy and confidentiality protocols. By recognizing HIPAA as part of a consumer-driven movement, organizations can incorporate empowerment strategies into a planning process that creates consumer options in healthcare and leverages HIPAA compliance to benefit both providers and consumers. This article suggests methods for meeting HIPAA compliance through innovative consumer empowerment methods.

  4. Privacy and Security: A Bibliography.

    ERIC Educational Resources Information Center

    Computer and Business Equipment Manufacturers Association, Washington, DC.

    Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

  5. Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

    PubMed

    Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

    2013-04-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

  6. Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

    PubMed Central

    Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

    2013-01-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

  7. Application of the HIPAA privacy rule to employer benefit plans and a compliance theory of statutory interpretation.

    PubMed

    Bennett, Barbara

    2004-01-01

    The application of the federal privacy regulations promulgated pursuantto the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to employer benefit plans is arguably the most conceptually difficult area of a complex law. A purely textual reading of the Rule, when applied to employer plans, results in varying interpretations on some significant issues and puzzling results on others. This Article offers a practical approach for interpreting the rule when clear-cut answers are not provided by the text and DHHS guidance is nonexistent or unclear. In addition, this approach can be applied to the interpretation of other statutes and regulations.

  8. HIPAA brings new requirements, new opportunities.

    PubMed

    Moynihan, J J; McLure, M L

    2000-03-01

    The passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) brought with it the need for Federal rules to implement the act's simplification and cost-reduction efforts. HHS has published proposed rules related to security for the electronic transmission of health information, privacy of individually identifiable health information, transactions and code sets, and national provider and employer identifiers. Additional proposed rules will be published this year for claims attachments and health plan identifiers. Although HIPAA does not require providers to conduct business electronically, the new standards give providers the opportunity to reduce healthcare administrative costs significantly and undertake electronic commerce efficiently and cost-effectively.

  9. HIPAA Compliance in U.S. Hospitals: A Self-Report of Progress Toward the Security Rule

    PubMed Central

    Having, Karen; Davis, Diane C

    2005-01-01

    In January 2004, a random sampling of 1,000 U.S. hospitals was surveyed by researchers at a midwestern university to determine perceived level of compliance with the security requirements of the federal Health Insurance Portability and Accountability Act (HIPAA). Exactly one year later, a follow-up survey was sent to the 286 respondents of the 2004 survey, yielding a 50 percent return rate (n = 144). There was an overall trend in increased HIPAA security compliance from 2004 to 2005. There was no significant difference in perceived level of compliance based on the size of the hospital for the majority of security standards. PMID:18066377

  10. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients.

  11. Privacy preservation and information security protection for patients' portable electronic health records.

    PubMed

    Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

    2009-09-01

    As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

  12. Privacy and security in teleradiology.

    PubMed

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  13. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  14. CIOs' views of HIPAA Security Rule implementation--an application of Q-methodology.

    PubMed

    Ao, Mei; Walker, Rosemary

    2005-01-01

    The purpose of this study is to uncover the attitudes held by chief information officers (CIOs) regarding the implementation of HIPAA's Security Rule. In March and April of 2004, five Chicago area CIOs were surveyed and asked to rank 26 opinion statements that presented possible implementation barriers to the Security Rule. Q-methodology, which is a powerful tool in subjective study, was employed to identify and categorize the viewpoints of CIOs toward the barriers. Two factors (opinion types) that represented two different views--socially motivated CIOs and resources-motivated CIOs--regarding the implementation barriers were extracted. The study sheds light on the attitudes and perceptions of CIOs as they begin rule implementation. Current CIOs can use this information as a way to begin to examine what the prevailing attitude may be at their institution and, therefore, how to begin building a successful implementation strategy.

  15. Panel: RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Fu, Kevin

    The panel on RFID security and privacy included Ross Anderson, Jon Callas, Yvo Desmedt, and Kevin Fu. Topics for discussion included the "chip and PIN" EMV payment systems, e-Passports, "mafia" attacks, and RFID-enabled credit cards. Position papers by the panelists appear in the following pages, and the RFID-enabled credit card work appears separately in these proceedings.

  16. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS). Final rule.

    PubMed

    2016-01-06

    The Department of Health and Human Services (HHS or "the Department'') is issuing this final rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal "mental health prohibitor'' that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on Federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this final rule, only covered entities with lawful authority to make the adjudications or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, are permitted to disclose the information needed for these purposes. The disclosure is restricted to limited demographic and certain other information needed for NICS purposes. The rule specifically prohibits the disclosure of diagnostic or clinical information, from medical records or other sources, and any mental health information beyond the indication that the individual

  17. Never too old for anonymity: a statistical standard for demographic data sharing via the HIPAA Privacy Rule

    PubMed Central

    Benitez, Kathleen; Masys, Daniel

    2010-01-01

    Objective Healthcare organizations must de-identify patient records before sharing data. Many organizations rely on the Safe Harbor Standard of the HIPAA Privacy Rule, which enumerates 18 identifiers that must be suppressed (eg, ages over 89). An alternative model in the Privacy Rule, known as the Statistical Standard, can facilitate the sharing of more detailed data, but is rarely applied because of a lack of published methodologies. The authors propose an intuitive approach to de-identifying patient demographics in accordance with the Statistical Standard. Design The authors conduct an analysis of the demographics of patient cohorts in five medical centers developed for the NIH-sponsored Electronic Medical Records and Genomics network, with respect to the US census. They report the re-identification risk of patient demographics disclosed according to the Safe Harbor policy and the relative risk rate for sharing such information via alternative policies. Measurements The re-identification risk of Safe Harbor demographics ranged from 0.01% to 0.19%. The findings show alternative de-identification models can be created with risks no greater than Safe Harbor. The authors illustrate that the disclosure of patient ages over the age of 89 is possible when other features are reduced in granularity. Limitations The de-identification approach described in this paper was evaluated with demographic data only and should be evaluated with other potential identifiers. Conclusion Alternative de-identification policies to the Safe Harbor model can be derived for patient demographics to enable the disclosure of values that were previously suppressed. The method is generalizable to any environment in which population statistics are available. PMID:21169618

  18. 76 FR 56712 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-14

    ... provider; the enrollment, payment, claims adjudication, and case or medical management record systems... in such form or format. The Privacy Rule permits covered entities to charge a reasonable, cost-based... the cost of copying (including supplies and labor) and postage, if the patient requests that the...

  19. Prospective study of clinician-entered research data in the Emergency Department using an Internet-based system after the HIPAA Privacy Rule

    PubMed Central

    Kline, Jeffrey A; Johnson, Charles L; Webb, William B; Runyon, Michael S

    2004-01-01

    Background Design and test the reliability of a web-based system for multicenter, real-time collection of data in the emergency department (ED), under waiver of authorization, in compliance with HIPAA. Methods This was a phase I, two-hospital study of patients undergoing evaluation for possible pulmonary embolism. Data were collected by on-duty clinicians on an HTML data collection form (prospective e-form), populated using either a personal digital assistant (PDA) or personal computer (PC). Data forms were uploaded to a central, offsite server using secure socket protocol transfer. Each form was assigned a unique identifier, and all PHI data were encrypted, but were password-accessible by authorized research personnel to complete a follow-up e-form. Results From April 15, 2003-April 15 2004, 1022 prospective e-forms and 605 follow-up e-forms were uploaded. Complexities of PDA use compelled clinicians to use PCs in the ED for data entry for most forms. No data were lost and server log query revealed no unauthorized entry. Prospectively obtained PHI data, encrypted upon server upload, were successfully decrypted using password-protected access to allow follow-up without difficulty in 605 cases. Non-PHI data from prospective and follow-up forms were available to the study investigators via standard file transfer protocol. Conclusions Data can be accurately collected from on-duty clinicians in the ED using real-time, PC-Internet data entry in compliance with the Privacy Rule. Deidentification-reidentification of PHI was successfully accomplished by a password-protected encryption-deencryption mechanism to permit follow-up by approved research personnel. PMID:15479471

  20. 76 FR 31425 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-31

    ... intelligence purposes as provided in Sec. 164.512(k)(2); To correctional institutions or law enforcement... notification purposes as provided in Sec. 164.510; (v) for national security or intelligence purposes...

  1. The Regulatory Framework for Privacy and Security

    NASA Astrophysics Data System (ADS)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  2. Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

    2006-03-01

    The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

  3. Educational RIS/PACS simulator integrated with the HIPAA compliant auditing (HCA) toolkit

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Zhang, J.

    2005-04-01

    Health Insurance Portability and Accountability Act (HIPAA), a guideline for healthcare privacy and security, has been officially instituted recently. HIPAA mandates healthcare providers to follow its privacy and security rules, one of which is to have the ability to generate audit trails on the data access for any specific patient on demand. Although most current medical imaging systems such as PACS utilize logs to record their activities, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. In this paper, we present a HIPAA compliant auditing (HCA) toolkit for auditing the image data flow of PACS. The toolkit can extract pertinent auditing information from the logs of various PACS components and store the information in a centralized auditing database. The HIPAA compliant audit trails can be generated based on the database, which can also be utilized for data analysis to facilitate the dynamic monitoring of the data flow of PACS. In order to demonstrate the HCA toolkit in a PACS environment, it was integrated with the PACS Simulator, that was presented as an educational tool in 2003 and 2004 SPIE. With the integration of the HCA toolkit with the PACS simulator, users can learn HIPAA audit concepts and how to generate audit trails of image data access in PACS, as well as trace the image data flow of PACS Simulator through the toolkit.

  4. Roadmap to HIPAA: keeping occupational health nurses on track.

    PubMed

    Lucas, Barbara; Adams, Sandra; Wachs, Joy E

    2004-04-01

    So what does HIPAA require most covered entities to do? At this point, the Privacy Rule compliance date has already passed for all covered entities except small health plans. Most of the requirements under the Privacy Rule dictate the development of appropriate policies and procedures, a notice of privacy practices and other forms, implementation of measures to secure the privacy of PHI, contracting with Business Associates, and training of all involved. For covered entities, testing of the electronic standard transactions to exchange data between participating parties should have begun by April 16, 2003. Although full implementation of the electronic transactions should have taken place by October 16, 2003, the government has allowed covered entities that are still actively working toward compliance to operate under contingency plans. It remains unclear when the use of such plans will be disallowed. After standards are published for claim attachments and first report of injury, these electronic standard transactions will be incorporated by the designated compliance date. Appropriate use of national identifiers will be implemented after final rules and standards are published. For the occupational health nurse who is not a covered entity, the most critical implementation factor is a HIPAA compliant authorization form so the occupational health nurse can continue to obtain necessary PHI. This is essential when attempting to obtain medical information, even for workers' compensation or disability case management. Although these plans are not considered health plans under HIPAA and, therefore, would not require the designation of covered entity, the occupational health nurse frequently needs to obtain PHI to manage these cases. Most providers in the health care community will be covered entities under HIPAA and will not be able to release PHI without a signed HIPAA compliant authorization form. In addition, providers will want a HIPAA compliant authorization form

  5. Family Caregiver Research and the HIPAA Factor

    ERIC Educational Resources Information Center

    Albert, Steven M.; Levine, Carol

    2005-01-01

    Research in family caregiving recently has become more challenging because of the strict protection of privacy mandated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We ask when should Institutional Review Boards (IRBs) follow HIPAA rules to the letter and when might they use the waiver option? What is the appropriate…

  6. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security.... The program is no longer in operation within the Transportation Security Administration and associated..., Privacy Policy and Compliance, TSA-36, Transportation Security Administration, 601 South 12th......

  7. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  8. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  9. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  10. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  11. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  12. Measuring and Modeling Security and Privacy Laws

    ERIC Educational Resources Information Center

    Romanosky, Sasha

    2012-01-01

    This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

  13. Privacy and Security in Computer Systems.

    ERIC Educational Resources Information Center

    Liu, Yung-Ying

    Materials in the Library of Congress (LC) concerned with the topic of privacy and security in computer systems are listed in this "LC Science Tracer Bullet." The guide includes a total of 59 sources: (1) an introductory source; (2) relevant LC subject headings; (3) basic and additional texts; (4) handbooks, encyclopedias, and…

  14. From Hippocrates to HIPAA: privacy and confidentiality in emergency medicine--Part I: conceptual, moral, and legal foundations.

    PubMed

    Moskop, John C; Marco, Catherine A; Larkin, Gregory Luke; Geiderman, Joel M; Derse, Arthur R

    2005-01-01

    Respect for patient privacy and confidentiality is an ancient and a contemporary professional responsibility of physicians. Carrying out this responsibility may be more challenging and more important in the emergency department than in many other clinical settings. Part I of this 2-part article outlines the basic concepts of privacy and confidentiality, reviews the moral and legal foundations and limits of these concepts, and highlights the new federal privacy regulations implemented under the Health Insurance Portability and Accountability Act of 1996. Part II of the article examines specific privacy and confidentiality issues commonly encountered in the ED.

  15. It’s Time for Innovation in the Health Insurance Portability and Accountability Act (HIPAA)

    PubMed Central

    2016-01-01

    Whether it is the result of a tragic news story, a thoughtful commentary, or a segment on the entertainment networks, patient privacy rights are never far from the top of our minds. The Privacy and Security Rules contained in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) represent a concerted effort to protect the privacy and security of the volumes of patient data generated by the health care system. However, the last twenty years has seen innovations and advancements in health information technology that were unimaginable at that time. It is time for innovation to the Privacy and Security Rules. We offer a common and relatable scenario as proof that certain Privacy and Security Rules can tie the hands of educators and innovators and need to be transformed. PMID:27806923

  16. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    ... SECURITY Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--DHS/TSA-001 Transportation Security Enforcement Record System System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records Update. SUMMARY:...

  17. HIPAA security: compliance in radiology--an academic radiology department's plan contrasted with a small private practice.

    PubMed

    Haramati, N

    2000-01-01

    In complying with the HIPAA security regulations, the large, multi-site academic radiology department is quite different from the small, private radiology practice. This article compares and contrasts the methods each of these two model organizations use to achieve compliance. In common between the two organizations is that complete documentation of the procedures and processes involved in data management must be prepared and reviewed. Although not required in the regulations, having the documentation conform to the regulation allows for easy monitoring, auditing, and certification of compliance by future independent bodies. The level to which each organization must secure their data, perform threat assessments, and implement security procedures and intrusion detection systems are very different. The regulations do not specify what level of due diligence is required. This must be determined by each organization using their own common-sense dictum. Although the solutions used by these two types of organizations may not be the same as those adopted by other radiology departments and practices, the approaches may still serve as useful templates to guide compliance efforts by others.

  18. Security and privacy issues of personal health.

    PubMed

    Blobel, Bernd; Pharow, Peter

    2007-01-01

    While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

  19. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices

    PubMed Central

    WATZLAF, VALERIE J.M.; DEALMEIDA, DILHARI R.; ZHOU, LEMING; HARTMAN, LINDA M.

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  20. 75 FR 8363 - Office for Civil Rights; Workshop on the HIPAA Privacy Rule's De-Identification Standard; Notice...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-24

    ... panels. Each panel will address a specific topic related to the Privacy Rule's de-identification... will explore the following topics related to the de-identification of protected health information... accommodate persons with physical disabilities or special needs. If you require special accommodations due...

  1. 77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security... Security Administration-002 Transportation Security Threat Assessment System System of Records (May 19... Transportation Worker Identification Credentialing and other Transportation Security......

  2. The law of unintended (financial) consequences: the expansion of HIPAA business associate liability.

    PubMed

    Tomes, Jonathan P

    2013-01-01

    The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.

  3. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--006 Correspondence and Matters Tracking Records AGENCY: Privacy Office, DHS. ] ACTION: Notice to alter an existing Privacy Act system of records. SUMMARY: In accordance with...

  4. Cyber security challenges in Smart Cities: Safety, security and privacy

    PubMed Central

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  5. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  6. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--002 Transportation Security Threat Assessment System System of Records AGENCY... accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and...

  7. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security.../Transportation Security Administration- 019, Secure Flight Records (November 9, 2007, 72 FR 63711) to cover the..., Director, Privacy Policy and Compliance, TSA-36, Transportation Security Administration, 601......

  8. HIPAA: SOP: HIPAA as standard operating procedures.

    PubMed

    Kiel, Joan M

    2010-01-01

    Upon the debut of the Health Insurance Portability and Accountability Act (HIPAA), many health care managers felt that the implementation process would be too expensive, arduous, and time-consuming. Now, several years later, it is clear that the way to manage HIPAA is to make it a part of one's standard operating procedures. Using this approach, HIPAA is cost-effective, manageable, and efficient. Health care managers can utilize the step-by-step procedures presented here to efficaciously implement and manage HIPAA.

  9. Privacy and Security of Criminal History Information. An Analysis of Privacy Issues.

    ERIC Educational Resources Information Center

    Trubow, George B.

    Policies and issues associated with the privacy and security of criminal history information are presented. The first chapter discusses general concepts regarding privacy and security of criminal justice information, including definitions of basic terms, considerations of interests requiring attention when developing policy, relevance of fair…

  10. Privacy, security and access with sensitive health information.

    PubMed

    Croll, Peter

    2010-01-01

    This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

  11. 42 CFR 600.350 - Privacy and security of information.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information. 600.350 Section 600.350 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State...

  12. HIPAA notice of privacy practices used in U.S. dental schools: factors related to readability or lack thereof.

    PubMed

    Ha, Anh T; Gansky, Stuart A

    2007-03-01

    The Health Insurance Portability and Accountability Act of 1996 requires Notices of Privacy Practices (NPP) in plain (clear, concise, and easily understood) language. The objectives of this study were to test the readability of U.S. dental school NPPs; examine factors relating to readability; and develop a plain language NPP supplement. Readability statistics were Flesch Reading Ease (FRE) and Flesch-Kincaid Grade Level (FKGL). Social capital measures of potential resources available to people in a civil society (e.g., perceived trust, perceived reciprocity, and per capita voluntary organization membership) along with lawyers per capita for each state were examined for potential relationships with readability levels. One-sample t-tests assessed plain language (FRE=60, FKGL=8), and analyses of variance compared groups. Spearman rank correlations (r(s)) compared social capital to readability. A plain language NPP supplement was developed. All fifty-six U.S. dental school NPPs were obtained (100 percent response). Forty-eight of fifty-six schools (86 percent) had website NPPs. FRE and FKGL were significantly more complex than plain language, overall (both p<0.0001, 95% CIs: FRE=37.6, 40.5; FKGL=11.2, 11.8) and by region (all p<0.014). Readability did not differ by region. Social capital measures moderately related to readability (0.18 < or = |r(s)| < or =0.39) with reciprocity being most related (FRE r(s)=0.36, FKGL r(s)=-0.39). U.S. dental school NPPs are more complex than "plain language."

  13. HIPAA compliance questions for business partner agreements.

    PubMed

    Roach, M C

    2001-02-01

    If your organization is covered by HIPAA, do you know what's expected of you--and of your vendors--with regard to privacy of health information? To make sure your organization is in compliance, contracts with business partners will need careful review. The author offers an overview of the proposed regulations and offers some tips to get started.

  14. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  15. HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

    NASA Astrophysics Data System (ADS)

    Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

    2006-03-01

    As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

  16. Privacy and Security in Mobile Health: A Research Agenda

    PubMed Central

    Kotz, David; Gunter, Carl A.; Kumar, Santosh; Weiner, Jonathan P.

    2017-01-01

    Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges. PMID:28344359

  17. PREDICT: Privacy and Security Enhancing Dynamic Information Monitoring

    DTIC Science & Technology

    2015-08-03

    aggregation, secure multiparty communication protocols were developed and evaluated [22]. These protocols permit the evaluation of certain functions...Li Xiong, Privacy Enhancing Dynamic Information Collection and Monitoring, Invited talk, Kyoto University, Kyoto , Japan, July 2015. [3] Li Xiong

  18. Privacy and Security in Mobile Health: A Research Agenda.

    PubMed

    Kotz, David; Gunter, Carl A; Kumar, Santosh; Weiner, Jonathan P

    2016-06-01

    Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges.

  19. 76 FR 5603 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-01

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Office of Operations... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security is giving notice...

  20. The new ethical trilemma: Security, privacy and transparency

    NASA Astrophysics Data System (ADS)

    Ganascia, Jean-Gabriel

    2011-09-01

    Numerous ethical and societal issues are related to the development of nanotechnology. Among them, the risk for privacy has long been discussed. Some people say that technology is neutral and that it does not really change the nature of problems, which are mainly political, while others state that its contemporary developments considerably amplify them; there are even persons who assert that it will make privacy protection obsolete. This article discusses those different positions by making reference to the classical Panopticon that is an architecture for surveillance, which characterizes the total absence of privacy. It envisages the possible evolutions of the Panopticon due to the development of nanotechnologies. It shows that the influence of nanotechnology on privacy concerns cannot be dissociated from the influence of computers and biotechnologies, i.e. from what is currently called the NBIC convergence. Lastly, it concludes on the new ethical trade-off that has to be made between three contradictory requirements that are security, transparency and privacy.

  1. Safety, security, hygiene and privacy in migrant farmworker housing.

    PubMed

    Arcury, Thomas A; Weir, Maria M; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F; Bischoff, Werner E; Quandt, Sara A

    2012-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed.

  2. SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

    PubMed Central

    Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

    2013-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  3. Security and Privacy in Cyber-Physical Systems

    SciTech Connect

    Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.; MacDonald, Douglas G.; Crawford, Cary E.

    2016-08-30

    As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them across application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.

  4. 78 FR 10623 - Privacy Act of 1974; Department of Homeland Security Immigration and Customs Enforcement-007...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-14

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Immigration and... Office, Department of Homeland Security. ACTION: Notice of modification to existing Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security,...

  5. 77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security... and programs. The Transportation Security Administration will rely upon Department of Homeland.../Transportation Security Administration (TSA)-009 General Legal Records (August 18, 2003, 68 FR 49496), which......

  6. Future of security and privacy in medical information.

    PubMed

    Wiederhold, Gio

    2002-01-01

    Today, issues of privacy and confidentiality in healthcare are dealt largely informally. Little legislation exists, and the awkwardness of accessing paper records makes violations of patients' privacy sporadic. As healthcare institutions move towards a future where all information is kept in an Electronic Medical Record (EMR), the casual attitudes that are prevalent will be in conflict with the desires and expectations of the patients. Legislation has been passed to make the holders of medical data responsible for securely protecting the patients privacy. Specific implementation guidelines are still lacking. There is much institutional resistance to the adoption of rigorous rules, but we expect that in the near future reliable procedures will have to be implemented to comply both with legal guidelines and patient's expectations. After introducing the issue more precisely we provide an overview over the concepts needed to understand the roles of technology of privacy and security and the people that must manage the technology. We then discuss the components of secure EMR systems and will point out where adequate technology exists and where future improvements are essential. We conclude with some advice to healthcare management facing the demands for security and privacy that the future will bring.

  7. Privacy and Security - a Way to Manage the Dilemma

    NASA Astrophysics Data System (ADS)

    Peissl, Walter

    Privacy and security are often seen as opposites in a zero-sum game. The more you want from one, the less you get from the other. To overcome this dilemma the PRISE project (EU-funded by PASR/DG Enterprise) developed a methodology to establish sets of criteria for privacy enhancing security technologies. These sets of criteria are applicable on different levels (research, development, implementation) and by different actors (research coordinators, industry, policy-makers, public and private users). The use of these criteria is intended to contribute directly to a tangible and demonstrable improvement in security as accepted and acceptable security technologies will be more easily implemented, more widely used and confronted with less rejection by the general public and users of these technologies. A similar set of criteria is used for certification for the European Privacy Seal. Both the privacy by design approach and the certification scheme should increase the competitiveness of European security industries by providing guidance on the provision of widely acceptable security technologies.

  8. Toward protocols for quantum-ensured privacy and secure voting

    NASA Astrophysics Data System (ADS)

    Bonanome, Marianna; Bužek, Vladimír; Hillery, Mark; Ziman, Mário

    2011-08-01

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Bužek, and M. Bieliková, Phys. Lett. APYLAAG0375-960110.1016/j.physleta.2005.09.010 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  9. Toward protocols for quantum-ensured privacy and secure voting

    SciTech Connect

    Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

    2011-08-15

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  10. [Legislative Implications of Privacy, Security and Confidentiality.

    ERIC Educational Resources Information Center

    Cullen, Mike

    In the face of more sophisticated data collection technology, California voters have demonstrated an increasing concern about their own privacy. In response, Assemblyman Cullen has proposed a bill to the state legislature which would require anyone opening an automated information system to send notice to the Secretary of State. This notice would…

  11. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the...

  12. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 2 2014-10-01 2014-10-01 false Ensuring the privacy and security of data. 401.713... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity must... require the qualified entity to maintain privacy and security protocols throughout the duration of...

  13. Online Privacy, Security and Ethical Dilemma: A Recent Study.

    ERIC Educational Resources Information Center

    Karmakar, Nitya L.

    The Internet remains as a wonder for the 21st century and its growth is phenomenon. According to a recent survey, the online population is now about 500 million globally and if this trend continues, it should reach 700 million by the end of 2002. This exponential growth of the Internet has given rise to several security, privacy and ethical…

  14. Security, privacy, and confidentiality issues on the Internet

    PubMed Central

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  15. Privacy and Security in an Oncology Information System

    PubMed Central

    Blum, Bruce I.; Lenhard, Raymond E.

    1978-01-01

    The growing number of automated medical data bases has focused attention upon the problems associated with privacy and security of patient data. This paper briefly reviews some of the approaches to data base protection and then describes the solution to these problems which have been implemented in the Johns Hopkins Oncology Center Clinical Information System.

  16. Security, privacy, and confidentiality issues on the Internet.

    PubMed

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

  17. 78 FR 69858 - Privacy Act of 1974; Department of Homeland Security/Federal Emergency Management Agency-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-21

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/Federal Emergency... AGENCY: Department of Homeland Security, Privacy Office. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes...

  18. Data Privacy and Security in Higher Education

    ERIC Educational Resources Information Center

    Williams, Tracy

    2003-01-01

    As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

  19. Aligning the Effective Use of Student Data with Student Privacy and Security Laws

    ERIC Educational Resources Information Center

    Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

    2011-01-01

    This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

  20. Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

    PubMed

    Pavone, Vincenzo; Esposti, Sara Degli

    2012-07-01

    As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

  1. Security and privacy issues with health care information technology.

    PubMed

    Meingast, Marci; Roosta, Tanya; Sastry, Shankar

    2006-01-01

    The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

  2. Privacy and Security in Mobile Health (mHealth) Research

    PubMed Central

    Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  3. Privacy and Security in Mobile Health (mHealth) Research.

    PubMed

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

  4. 76 FR 42003 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... of Homeland Security Transportation Security Administration--023 Workplace Violence Prevention...--023 Workplace Violence Prevention Program System of Records'' from certain provisions of the Privacy.../Transportation Security Administration--023 Workplace Violence Prevention Program System of Records'' from one...

  5. 77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-18

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration....

  6. SPECS: Secure and Privacy Enhancing Communications Schemes for VANETs

    NASA Astrophysics Data System (ADS)

    Chim, T. W.; Yiu, S. M.; Hui, L. C. K.; Jiang, Zoe L.; Li, Victor O. K.

    Vehicular ad hoc network (VANET) is an emerging type of networks which facilitates vehicles on roads to communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely heavily on a tamper-proof hardware device, or cannot satisfy the privacy requirement and do not have an effective message verification scheme. In this paper, we provide a software-based solution which makes use of only two shared secrets to satisfy the privacy requirement and gives lower message overhead and at least 45% higher successful rate than previous solutions in the message verification phase using the bloom filter and the binary search techniques. We also provide the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles.

  7. Privacy Protection by Masking Moving Objects for Security Cameras

    NASA Astrophysics Data System (ADS)

    Yabuta, Kenichi; Kitazawa, Hitoshi; Tanaka, Toshihisa

    Because of an increasing number of security cameras, it is crucial to establish a system that protects the privacy of objects in the recorded images. To this end, we propose a framework of image processing and data hiding for security monitoring and privacy protection. First, we state the requirements of the proposed monitoring systems and suggest possible implementation that satisfies those requirements. The underlying concept of our proposed framework is as follows: (1) in the recorded images, the objects whose privacy should be protected are deteriorated by appropriate image processing; (2) the original objects are encrypted and watermarked into the output image, which is encoded using an image compression standard; (3) real-time processing is performed such that no future frame is required to generate on output bitstream. It should be noted that in this framework, anyone can observe the decoded image that includes the deteriorated objects that are unrecognizable or invisible. On the other hand, for crime investigation, this system allows a limited number of users to observe the original objects by using a special viewer that decrypts and decodes the watermarked objects with a decoding password. Moreover, the special viewer allows us to select the objects to be decoded and displayed. We provide an implementation example, experimental results, and performance evaluations to support our proposed framework.

  8. Neurosecurity: security and privacy for neural devices.

    PubMed

    Denning, Tamara; Matsuoka, Yoky; Kohno, Tadayoshi

    2009-07-01

    An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved-and in some cases entirely new-forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define "neurosecurity"-a version of computer science security principles and methods applied to neural engineering-and discuss why neurosecurity should be a critical consideration in the design of future neural devices.

  9. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., SSA, as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy... persons. The Privacy Act, as amended, regulates the use of computer matching by Federal agencies...

  10. 77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-06

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA..., SSA, as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy... persons. The Privacy Act, as amended, regulates the use of computer matching by Federal agencies...

  11. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... denying a person's benefits or payments. B. SSA Computer Matches Subject to the Privacy Act We have...

  12. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    SciTech Connect

    Not Available

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  13. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel... to update and reissue Department of Homeland Security/ALL--023 Personnel Security Management System... separate from Department of Homeland Security/ALL 026--Personal Identity Verification Management System...

  14. 76 FR 53918 - Privacy Act of 1974; Department of Homeland Security/Federal Emergency Management Agency-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-30

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/Federal Emergency Management Agency--001 National Emergency Family Registry and Locator System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy...

  15. 76 FR 24905 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-DHS/USCG-007...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-03

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security United States Coast Guard--DHS/USCG-007 Special Needs Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of 1974, the...

  16. Intelligent security and privacy solutions for enabling personalized telepathology

    PubMed Central

    2011-01-01

    Starting with the paradigm change of health systems towards personalized health services, the paper introduces the technical paradigms to be met for enabling ubiquitous pHealth including ePathology. The system-theoretical, architecture-centric approach to mobile, pervasive and autonomous solutions has to be based on an open component system framework such as the Generic Component Model. The crucial challenge to be met for comprehensive interoperability is multi-disciplinary knowledge representation, which must be integrated into the aforementioned framework. The approach is demonstrated for security and privacy services fundamental for any eHealth or ePathology environment. PMID:21489199

  17. Intelligent security and privacy solutions for enabling personalized telepathology.

    PubMed

    Blobel, Bernd

    2011-03-30

    Starting with the paradigm change of health systems towards personalized health services, the paper introduces the technical paradigms to be met for enabling ubiquitous pHealth including ePathology. The system-theoretical, architecture-centric approach to mobile, pervasive and autonomous solutions has to be based on an open component system framework such as the Generic Component Model. The crucial challenge to be met for comprehensive interoperability is multi-disciplinary knowledge representation, which must be integrated into the aforementioned framework. The approach is demonstrated for security and privacy services fundamental for any eHealth or ePathology environment.

  18. Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

    PubMed

    Sahi, Aqeel; Lai, David; Li, Yan

    2016-11-01

    Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects.

  19. 77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-25

    ... Accountability Office (GAO), --Presentation on healthcare information technology security, --Cybersecurity Updates from Director of Cybersecurity, White House, --Presentation on Security, Privacy and Information... agencies with the National Cybersecurity and Communications Integration Center (NCCIC, DHS)...

  20. 77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-13

    ... COMMISSION 47 CFR Part 64 Privacy and Security of Information Stored on Mobile Communications Devices AGENCY... privacy and data security practices of mobile wireless services providers with respect to customer information stored on their users' mobile communications devices. In addition, the document seeks comment...

  1. DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2010

    2010-01-01

    The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

  2. 76 FR 9034 - Privacy Act of 1974; Department of Homeland Security United States Citizenship and Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-16

    ... Security (DHS) United States Citizenship and Immigration Services (USCIS) proposes to establish a new DHS... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security United States... Security system of records titled, ``Department of Homeland Security/ United States Citizenship...

  3. Secure and privacy enhanced gait authentication on smart phone.

    PubMed

    Hoang, Thang; Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

  4. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source.

  5. Secure and Privacy Enhanced Gait Authentication on Smart Phone

    PubMed Central

    Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  6. 78 FR 43893 - Privacy Act of 1974; Department of Homeland Security U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-22

    ... Immigration Services--011 E-Verify Program System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of... Homeland Security system of records titled ``Department of Homeland Security/United States Citizenship...

  7. 78 FR 31958 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-007...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-28

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-007-Border Crossing Information System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the...

  8. Straight talk: new approaches in health care. HIPAA: deadlines are looming. Are providers prepared?

    PubMed

    Fusile, Jeffrey P; Arges, George S; Barrett, Lee B

    2002-06-24

    This is the fourth installment in a series of group discussions by top executives on key issues in healthcare today. Modern Healthcare and PricewaterhouseCoopers present Straight Talk. This session tackles the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and where providers are today in the compliance process and where they need to go. The discussion was held on June 4, 2002 at Modern Healthcare's Chicago headquarters. The moderator was Jeffrey P. Fusile, Healthcare Consulting Partner with PricewaterhouseCoopers, Atlanta. The act protects consumers' health-insurance coverage after job changes. It also mandates significant modifications in the way providers handle the submission of claims and other related transactions and provides protection for the privacy and security of patients' health information. The law requires providers to comply with regulations governing electronic transactions and code sets by October 2003--assuming they file for an extension by October 2002--and privacy regulations by April 2003. The security compliance date has not yet been determined, but it is widely agreed that much of the security rules' requirements will be necessary to honor an organization's privacy commitments in April 2003.

  9. Assessing the privacy policies in mobile personal health records.

    PubMed

    Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

    2014-01-01

    The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs.

  10. The study on privacy preserving data mining for information security

    NASA Astrophysics Data System (ADS)

    Li, Xiaohui

    2012-04-01

    Privacy preserving data mining have a rapid development in a short year. But it still faces many challenges in the future. Firstly, the level of privacy has different definitions in different filed. Therefore, the measure of privacy preserving data mining technology protecting private information is not the same. So, it's an urgent issue to present a unified privacy definition and measure. Secondly, the most of research in privacy preserving data mining is presently confined to the theory study.

  11. The privacy rule that's not.

    PubMed

    Sobel, Richard

    2007-01-01

    HIPAA is often described as a privacy rule. It is not. In fact, HIPAA is a disclosure regulation, and it has effectively dismantled the longstanding moral and legal tradition of patient confidentiality. By permitting broad and easy dissemination of patients' medical information, with no audit trails for most disclosures, it has undermined both medical ethics and the effectiveness of medical care.

  12. Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

    NASA Astrophysics Data System (ADS)

    Choudhury, Debesh

    2016-04-01

    We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

  13. A secure steganography for privacy protection in healthcare system.

    PubMed

    Liu, Jing; Tang, Guangming; Sun, Yifeng

    2013-04-01

    Private data in healthcare system require confidentiality protection while transmitting. Steganography is the art of concealing data into a cover media for conveying messages confidentially. In this paper, we propose a steganographic method which can provide private data in medical system with very secure protection. In our method, a cover image is first mapped into a 1D pixels sequence by Hilbert filling curve and then divided into non-overlapping embedding units with three consecutive pixels. We use adaptive pixel pair match (APPM) method to embed digits in the pixel value differences (PVD) of the three pixels and the base of embedded digits is dependent on the differences among the three pixels. By solving an optimization problem, minimal distortion of the pixel ternaries caused by data embedding can be obtained. The experimental results show our method is more suitable to privacy protection of healthcare system than prior steganographic works.

  14. Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

    PubMed

    Britton, Katherine E; Britton-Colonnese, Jennifer D

    2017-03-01

    Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

  15. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    PubMed Central

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  16. A Secure and Privacy-Preserving Targeted Ad-System

    NASA Astrophysics Data System (ADS)

    Androulaki, Elli; Bellovin, Steven M.

    Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

  17. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false FOIA/Privacy Act Offices of the Department of... SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Pt. 5, App. A Appendix A to Part 5—FOIA/Privacy Act Offices... of Homeland Security, FOIA and Privacy Act requests should be sent to the Departmental...

  18. 78 FR 4347 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security; U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-22

    ..., Acting Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528... Rulings, U.S. Customs and Border Protection, Mint Annex, 799 9th Street NW., Washington, DC 20229-1177..., Privacy Office, Department of Homeland Security, Washington, DC 20528. SUPPLEMENTARY INFORMATION:...

  19. Securing the data economy: translating privacy and enacting security in the development of DataSHIELD.

    PubMed

    Murtagh, M J; Demir, I; Jenkings, K N; Wallace, S E; Murtagh, B; Boniol, M; Bota, M; Laflamme, P; Boffetta, P; Ferretti, V; Burton, P R

    2012-01-01

    Contemporary bioscience is seeing the emergence of a new data economy: with data as its fundamental unit of exchange. While sharing data within this new 'economy' provides many potential advantages, the sharing of individual data raises important social and ethical concerns. We examine ongoing development of one technology, DataSHIELD, which appears to elide privacy concerns about sharing data by enabling shared analysis while not actually sharing any individual-level data. We combine presentation of the development of DataSHIELD with presentation of an ethnographic study of a workshop to test the technology. DataSHIELD produced an application of the norm of privacy that was practical, flexible and operationalizable in researchers' everyday activities, and one which fulfilled the requirements of ethics committees. We demonstrated that an analysis run via DataSHIELD could precisely replicate results produced by a standard analysis where all data are physically pooled and analyzed together. In developing DataSHIELD, the ethical concept of privacy was transformed into an issue of security. Development of DataSHIELD was based on social practices as well as scientific and ethical motivations. Therefore, the 'success' of DataSHIELD would, likewise, be dependent on more than just the mathematics and the security of the technology.

  20. 76 FR 8755 - Privacy Act of 1974; Department of Homeland Security/ALL-032 Official Passport Application and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--032 Official... titled, ``Department of Homeland Security/ ALL--032 Official Passport Application and Maintenance Records..., Privacy Office, Department of Homeland Security, Washington, DC 20528. Instructions: All...

  1. Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

    PubMed

    Charbonneau, Deborah H

    2016-08-01

    While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

  2. Privacy and data security in E-health: requirements from the user's perspective.

    PubMed

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  3. 76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-11

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to Federal computer systems. Details regarding... relating to computer security research, --Presentation on Access of Classified Information,...

  4. 75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Exemptions; Department of Homeland Security Transportation Security Administration-023 Workplace Violence... Security Administration-023 Workplace Violence Prevention Program System of Records and this proposed... a new system of records under the Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace...

  5. Protecting Privacy and Securing the Gathering of Location Proofs - The Secure Location Verification Proof Gathering Protocol

    NASA Astrophysics Data System (ADS)

    Graham, Michelle; Gray, David

    As wireless networks become increasingly ubiquitous, the demand for a method of locating a device has increased dramatically. Location Based Services are now commonplace but there are few methods of verifying or guaranteeing a location provided by a user without some specialised hardware, especially in larger scale networks. We propose a system for the verification of location claims, using proof gathered from neighbouring devices. In this paper we introduce a protocol to protect this proof gathering process, protecting the privacy of all involved parties and securing it from intruders and malicious claiming devices. We present the protocol in stages, extending the security of this protocol to allow for flexibility within its application. The Secure Location Verification Proof Gathering Protocol (SLVPGP) has been designed to function within the area of Vehicular Networks, although its application could be extended to any device with wireless & cryptographic capabilities.

  6. 77 FR 33753 - Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection, DHS/CBP...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security, U.S. Customs and...: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department...

  7. Providing Strong Security and High Privacy in Low-Cost RFID Networks

    NASA Astrophysics Data System (ADS)

    David, Mathieu; Prasad, Neeli R.

    Since the dissemination of Radio Frequency IDentification (RFID) tags is getting larger and larger, the requirement for strong security and privacy is also increasing. Low-cost and ultra-low-cost tags are being implemented on everyday products, and their limited resources constraints the security algorithms to be designed especially for those tags. In this paper, a complete solution providing strong security and high privacy during the whole product lifetime is presented. Combining bit-wise operations and secret keys, the algorithm proposed addresses and solves all the common security attacks.

  8. Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents

    DTIC Science & Technology

    visit Canada. Rather than traditional biometrics, we use privacy enhancing techniques to derive references from the biometrics so that no biometric...TA) system in which foreign passport holders obtain electronic credentials which permit entry to Canada. This b-TA can be seen as a privacy preserving

  9. Authentication, privacy, security can exploit brainwave by biomarker

    NASA Astrophysics Data System (ADS)

    Jenkins, Jeffrey; Sweet, Charles; Sweet, James; Noel, Steven; Szu, Harold

    2014-05-01

    We seek to augment the current Common Access Control (CAC) card and Personal Identification Number (PIN) verification systems with an additional layer of classified access biometrics. Among proven devices such as fingerprint readers and cameras that can sense the human eye's iris pattern, we introduced a number of users to a sequence of 'grandmother images', or emotionally evoked stimuli response images from other users, as well as one of their own, for the purpose of authentication. We performed testing and evaluation of the Authenticity Privacy and Security (APS) brainwave biometrics, similar to the internal organ of the human eye's iris which cannot easily be altered. `Aha' recognition through stimulus-response habituation can serve as a biomarker, similar to keystroke dynamics analysis for inter and intra key fluctuation time of a memorized PIN number (FIST). Using a non-tethered Electroencephalogram (EEG) wireless smartphone/pc monitor interface, we explore the appropriate stimuli-response biomarker present in DTAB low frequency group waves. Prior to login, the user is shown a series of images on a computer display. They have been primed to click their mouse when the image is presented. DTAB waves are collected with a wireless EEG and are sent via Smartphone to a cloud based processing infrastructure. There, we measure fluctuations in DTAB waves from a wireless, non-tethered, single node EEG device between the Personal Graphic Image Number (PGIN) stimulus image and the response time from an individual's mental performance baseline. Towards that goal, we describe an infrastructure that supports distributed verification for web-based EEG authentication. The performance of machine learning on the relative Power Spectral Density EEG data may uncover features required for subsequent access to web or media content. Our approach provides a scalable framework wrapped into a robust Neuro-Informatics toolkit, viable for use in the Biomedical and mental health

  10. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... security requirements. (a) General. HHS will oversee and monitor the Federally-facilitated Exchanges and... 45 Public Welfare 1 2014-10-01 2014-10-01 false Oversight and monitoring of privacy and security requirements. 155.280 Section 155.280 Public Welfare Department of Health and Human Services...

  11. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... security requirements. (a) General. HHS will oversee and monitor the Federally-facilitated Exchanges and... 45 Public Welfare 1 2013-10-01 2013-10-01 false Oversight and monitoring of privacy and security requirements. 155.280 Section 155.280 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES...

  12. 77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-01

    ... ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security... the provisions of the Privacy Act, as amended, this notice announces a renewal of an existing computer.... SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law...

  13. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  14. Users Do the Darndest Things: True Stories from the CyLab Usable Privacy and Security Laboratory

    NASA Astrophysics Data System (ADS)

    Cranor, Lorrie Faith

    How can we make security and privacy software more usable? The first step is to study our users. Ideally, we would watch them interacting with security or privacy software in situations where they face actual risk. But everyday computer users don't sit around fiddling with security software, and subjecting users to actual security attacks raises ethical and legal concerns. Thus, it can be difficult to observe users interacting with security and privacy software in their natural habitat. At the CyLab Usable Privacy and Security Laboratory, we've conducted a wide variety of studies aimed at understanding how users think about security and privacy and how they interact with security and privacy software. In this talk I'll give a behind the scenes tour of some of the techniques we've used to study users both in the laboratory and in the wild. I'll discuss the trials and tribulations of designing and carrying out security and privacy user studies, and highlight some of our surprising observations. Find out what privacy-sensitive items you can actually get study participants to purchase, how you can observe users' responses to a man-in-the-middle attack without actually conducting such an attack, why it's hard to get people to use high tech cell phones even when you give them away, and what's actually in that box behind the couch in my office.

  15. Privacy and security in mobile health apps: a review and recommendations.

    PubMed

    Martínez-Pérez, Borja; de la Torre-Díez, Isabel; López-Coronado, Miguel

    2015-01-01

    In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users' personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.

  16. Localization to Enhance Security and Services in Wi-Fi Networks under Privacy Constraints

    NASA Astrophysics Data System (ADS)

    Ayres, Gareth; Mehmood, Rashid; Mitchell, Keith; Race, Nicholas J. P.

    Developments of seamless mobile services are faced with two broad challenges, systems security and user privacy - access to wireless systems is highly insecure due to the lack of physical boundaries and, secondly, location based services (LBS) could be used to extract highly sensitive user information. In this paper, we describe our work on developing systems which exploit location information to enhance security and services under privacy constraints. We describe two complimentary methods which we have developed to track node location information within production University Campus Networks comprising of large numbers of users. The location data is used to enhance security and services. Specifically, we describe a method for creating geographic firewalls which allows us to restrict and enhance services to individual users within a specific containment area regardless of physical association. We also report our work on LBS development to provide visualization of spatio-temporal node distribution under privacy considerations.

  17. An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

    SciTech Connect

    Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua; Prasanna, Viktor K.

    2011-07-09

    Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Grid Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.

  18. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

  19. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

    PubMed

    Meganathan, Navamani Thandava; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols.

  20. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks

    PubMed Central

    Thandava Meganathan, Navamani; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  1. Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

    ERIC Educational Resources Information Center

    Buckman, Joel; Gold, Stephanie

    2012-01-01

    This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

  2. Privacy, security, and the public health researcher in the era of electronic health record research

    PubMed Central

    Sarwate, Anand D.

    2016-01-01

    Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools. PMID:28210428

  3. Privacy, security, and the public health researcher in the era of electronic health record research.

    PubMed

    Goldstein, Neal D; Sarwate, Anand D

    2016-01-01

    Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

  4. 76 FR 26738 - Privacy Act of 1974; Department of Homeland Security/United States Citizenship and Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-09

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/United States... 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of records titled ``Department of Homeland Security/United States Citizenship...

  5. Assuring image authenticity within a data grid using lossless digital signature embedding and a HIPAA-compliant auditing system

    NASA Astrophysics Data System (ADS)

    Lee, Jasper C.; Ma, Kevin C.; Liu, Brent J.

    2008-03-01

    A Data Grid for medical images has been developed at the Image Processing and Informatics Laboratory, USC to provide distribution and fault-tolerant storage of medical imaging studies across Internet2 and public domain. Although back-up policies and grid certificates guarantee privacy and authenticity of grid-access-points, there still lacks a method to guarantee the sensitive DICOM images have not been altered or corrupted during transmission across a public domain. This paper takes steps toward achieving full image transfer security within the Data Grid by utilizing DICOM image authentication and a HIPAA-compliant auditing system. The 3-D lossless digital signature embedding procedure involves a private 64 byte signature that is embedded into each original DICOM image volume, whereby on the receiving end the signature can to be extracted and verified following the DICOM transmission. This digital signature method has also been developed at the IPILab. The HIPAA-Compliant Auditing System (H-CAS) is required to monitor embedding and verification events, and allows monitoring of other grid activity as well. The H-CAS system federates the logs of transmission and authentication events at each grid-access-point and stores it into a HIPAA-compliant database. The auditing toolkit is installed at the local grid-access-point and utilizes Syslog [1], a client-server standard for log messaging over an IP network, to send messages to the H-CAS centralized database. By integrating digital image signatures and centralized logging capabilities, DICOM image integrity within the Medical Imaging and Informatics Data Grid can be monitored and guaranteed without loss to any image quality.

  6. Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

    PubMed

    Rosenbaum, Benjamin P

    2014-03-01

    Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

  7. Privacy, Security, & Compliance: Strange Bedfellows or a Marriage Made in Heaven?

    ERIC Educational Resources Information Center

    Corn, Michael; Rosenthal, Jane

    2013-01-01

    Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

  8. 76 FR 42004 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... of Homeland Security Federal Emergency Management Agency--011 Training and Exercise Program Records... Training and Exercise Program Records System of Records'' from certain provisions of the Privacy Act... Management Agency--011 Training and Exercise Program Records System of Records'' from one or more...

  9. 76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... Management Agency--011 Training and Exercise Program Records System of Records AGENCY: Privacy Office, DHS... titled, ``Department of Homeland Security Federal Emergency Management Agency--011 Training and Exercise.../Federal Emergency Management Agency to collect and maintain records on its training and exercise...

  10. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  11. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  12. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  13. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  14. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  15. Security and Privacy Preservation in Human-Involved Networks

    NASA Astrophysics Data System (ADS)

    Asher, Craig; Aumasson, Jean-Philippe; Phan, Raphael C.-W.

    This paper discusses security within human-involved networks, with a focus on social networking services (SNS). We argue that more secure networks could be designed using semi-formal security models inspired from cryptography, as well as notions like that of ceremony, which exploits human-specific abilities and psychology to assist creating more secure protocols. We illustrate some of our ideas with the example of the SNS Facebook.

  16. 76 FR 53921 - Privacy Act of 1974; Department of Homeland Security ALL-034 Emergency Care Medical Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-30

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security ALL--034 Emergency... of Homeland Security/ ALL--034 Emergency Care Medical Records System of Records Notice.'' This system... of Homeland Security, Washington, DC 20528. Instructions: All submissions received must include...

  17. 76 FR 39408 - Privacy Act of 1974; Department of Homeland Security/ALL-030 Use of the Terrorist Screening...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-030 Use of the... Homeland Security/ALL-030 Use of the Terrorist Screening Database System of Records.'' The Department of... of Homeland Security, Washington, DC 20528. Instructions: All submissions received must include...

  18. 77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-004 General... Homeland Security system of records notice titled, Department of Homeland Security/ALL-004 General..., Washington, DC 20528. Instructions: All submissions received must include the agency name and docket...

  19. 75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records... Security is giving concurrent notice of an updated and reissued system of records pursuant to the Privacy... Security System of Records and this proposed rulemaking. In this proposed rulemaking, the...

  20. 75 FR 39184 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-029 Civil...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    ... provisions of Title VI of the Civil Rights Act of 1964. The Department's civil rights and civil liberties... Privacy Act of 1974 for the Department of Homeland Security/ALL--029 Civil Rights and Civil Liberties... Privacy Act for DHS/ALL--029 Civil Rights and Civil Liberties Records System......

  1. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    PubMed Central

    Fernández, Gonzalo; López-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

  2. Practical security and privacy attacks against biometric hashing using sparse recovery

    NASA Astrophysics Data System (ADS)

    Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

    2016-12-01

    Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

  3. Protecting the Privacy of Social Security Numbers Act of 2013

    THOMAS, 113th Congress

    Rep. Frelinghuysen, Rodney P. [R-NJ-11

    2013-05-22

    06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  4. Personal Data Privacy and Security Act of 2014

    THOMAS, 113th Congress

    Rep. Shea-Porter, Carol [D-NH-1

    2014-02-04

    03/20/2014 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  5. 76 FR 34732 - Privacy Act of 1974; Department of Homeland Security/National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... the Privacy Act because of criminal, civil, and administrative enforcement requirements. This newly... security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses... criminal, civil, and administrative enforcement requirements. This newly established system of records...

  6. 76 FR 41274 - Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable Accommodations Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable... to ] establish a new system of records titled, ``Department of Homeland Security/ALL-033 Reasonable..., Washington, DC 20528. Instructions: All submissions received must include the agency name and docket...

  7. 75 FR 39266 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights...,'' January 6, 2004. The system name is being changed to, ``Department of Homeland Security/ALL-029 Civil... Department Office for Civil Rights and Civil Liberties, as well as all component offices that perform...

  8. 78 FR 52553 - Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity Index Prototype System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity... titled, ``Department of Homeland Security/ ALL--035 Common Entity Index Prototype System of Records.... Instructions: All submissions received must include the agency name and docket number for this rulemaking....

  9. 75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    .../ALL--027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office... Act of 1974 for the ``Department of Homeland Security/ALL--027 The History of the Department of... Department exempts portions of the ``Department of Homeland Security/ALL--027 The History of the...

  10. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

    PubMed

    Zhang, Lifu; Zhang, Heng

    2016-03-26

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas.

  11. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

    PubMed Central

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  12. Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels

    SciTech Connect

    Deutsch, D.; Ekert, A.; Jozsa, R.; Macchiavello, C.; Popescu, S.; Sanpera, A. ||

    1996-09-01

    Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyze and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an {open_quote}{open_quote}entanglement purification{close_quote}{close_quote} procedure which, because it requires only a few quantum controlled-not and single-qubit operations, could be implemented using technology that is currently being developed. {copyright} {ital 1996 The American Physical Society.}

  13. Security and privacy issues in implantable medical devices: A comprehensive survey.

    PubMed

    Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

    2015-06-01

    Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase.

  14. Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

    PubMed

    Richardson, Joshua E; Ancker, Jessica S

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

  15. Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

    PubMed Central

    Richardson, Joshua E.; Ancker, Jessica S.

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  16. Exploring security and privacy issues in hospital information system: an Information Boundary Theory perspective.

    PubMed

    Zakaria, Nasriah; Stanton, Jeffrey; Stam, Kathryn

    2003-01-01

    A small community hospital (67 beds) in Central New York was undergoing a major technological change within the organization, as they move from the use of several legacy information systems to a hospital-wide information system. The focus of the present research is to explore the privacy and security information issues using a framework called Information Boundary Theory [Stanton, 2002]. IBT explains the motivational factors that lead to the revelation or disclosing of information.

  17. 75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-13

    ... Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August 4, 2010, from 9 a.m. until 5 p.m. Thursday, August 5, 2010, from 8:30 a.m. until 5 p.m., and Friday, August 6, 2010 from 8 a.m. until 12:30 p.m. All sessions will be open to the public. DATES: The meeting will be held on...

  18. Protecting the Privacy of Social Security Numbers Act of 2009

    THOMAS, 111th Congress

    Rep. Frelinghuysen, Rodney P. [R-NJ-11

    2009-01-06

    02/09/2009 Referred to the Subcommittee on Crime, Terrorism, and Homeland Security. (All Actions) Notes: For further action, see S.3789, which became Public Law 111-318 on 12/18/2010. Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  19. Making U.S. Security and Privacy Rights Compatible

    DTIC Science & Technology

    2013-09-01

    Twelve Questions Answered, Clovis answers questions from Chris Bellavita regarding Homeland Security, (May 2010), Naval Postgraduate School (U.S...The Wars of the Twenty-First Century, 289. 339 Clovis , Letter to the Editor: Twelve questions Answered, 7. 78 that I do not see this as a zero sum

  20. Department of Homeland Security Component Privacy Officer Act of 2009

    THOMAS, 111th Congress

    Rep. Carney, Christopher P. [D-PA-10

    2009-03-19

    03/26/2009 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

  1. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  2. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Administration--011, Transportation Security Intelligence Service Operations Files Systems of... Administration--011 Transportation Security Intelligence Service Operations Files previously published on... Transportation Security Intelligence Service Operations Filing System contains records on individuals...

  3. Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

    PubMed

    Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

    2013-08-01

    Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

  4. A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs.

    PubMed

    Wang, Lingling; Liu, Guozhu; Sun, Lijun

    2017-03-24

    Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme.

  5. SecureMA: protecting participant privacy in genetic association meta-analysis

    PubMed Central

    Xie, Wei; Kantarcioglu, Murat; Bush, William S.; Crawford, Dana; Denny, Joshua C.; Heatherly, Raymond; Malin, Bradley A.

    2014-01-01

    Motivation: Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. Results: We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Availability and implementation: Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService Contact: b.malin@vanderbilt.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:25147357

  6. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  7. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

    PubMed

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-02-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

  8. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

    PubMed Central

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  9. Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

    PubMed

    Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

    2015-11-01

    Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

  10. Privacy enhanced group communication in clinical environment

    NASA Astrophysics Data System (ADS)

    Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha

    2005-04-01

    Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.

  11. Quantifying the Correctness, Computational Complexity, and Security of Privacy-Preserving String Comparators for Record Linkage.

    PubMed

    Durham, Elizabeth; Xue, Yuan; Kantarcioglu, Murat; Malin, Bradley

    2012-10-01

    Record linkage is the task of identifying records from disparate data sources that refer to the same entity. It is an integral component of data processing in distributed settings, where the integration of information from multiple sources can prevent duplication and enrich overall data quality, thus enabling more detailed and correct analysis. Privacy-preserving record linkage (PPRL) is a variant of the task in which data owners wish to perform linkage without revealing identifiers associated with the records. This task is desirable in various domains, including healthcare, where it may not be possible to reveal patient identity due to confidentiality requirements, and in business, where it could be disadvantageous to divulge customers' identities. To perform PPRL, it is necessary to apply string comparators that function in the privacy-preserving space. A number of privacy-preserving string comparators (PPSCs) have been proposed, but little research has compared them in the context of a real record linkage application. This paper performs a principled and comprehensive evaluation of six PPSCs in terms of three key properties: 1) correctness of record linkage predictions, 2) computational complexity, and 3) security. We utilize a real publicly-available dataset, derived from the North Carolina voter registration database, to evaluate the tradeoffs between the aforementioned properties. Among our results, we find that PPSCs that partition, encode, and compare strings yield highly accurate record linkage results. However, as a tradeoff, we observe that such PPSCs are less secure than those that map and compare strings in a reduced dimensional space.

  12. Security and Privacy Grand Challenges for the Internet of Things

    SciTech Connect

    Fink, Glenn A.; Zarzhitsky, Dimitri V.; Carroll, Thomas E.; Farquhar, Ethan D.

    2015-08-20

    Abstract— The growth of the Internet of Things (IoT) is driven by market pressures, and while security is being considered, the relationship between the unintended consequences of billions of such devices connecting to the Internet cannot be described with existing mathematical methods. The possibilities for illicit surveillance through lifestyle analysis, unauthorized access to information, and new attack vectors will continue to increase by 2020, when up-to 50 billion devices may be connected. This paper discusses various kinds of vulnerabilities that can be expected to arise, and presents a research agenda for mitigating the worst of the impacts. We hope to draw research attention to the potential dangers of IoT so that many of these problems can be avoided.

  13. Security Concerns in Android mHealth Apps

    PubMed Central

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A.; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  14. Security Concerns in Android mHealth Apps.

    PubMed

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data.

  15. 75 FR 38824 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-06

    ...] Privacy Act of 1974; Department of Homeland Security/ALL--029 Civil Rights and Civil Liberties Records... system name is being changed to, ``Department of Homeland Security/ALL--029 Civil Rights and Civil... Rights and Civil Liberties, as well as all component offices that perform civil rights and...

  16. 76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-23

    ... [Docket No. DHS-2011-0094] Privacy Act of 1974; Department of Homeland Security/ALL--017 General Legal.../ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in providing..., Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must...

  17. 76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... records titled, ``Department of Homeland Security/United States Coast Guard-027 Recruiting Files System of Records.'' This system of records allows the Department of Homeland Security/United States Coast Guard to...: Marilyn Scott-Perez (202-475-3515), Privacy Officer, United States Coast Guard, 2100 2nd Street, SW.,...

  18. 76 FR 27847 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-13

    ....S. Coast Guard--008 Courts Martial Case Files System of Records AGENCY: Privacy Office, DHS. ACTION..., ``Department of Homeland Security/U.S. Coast Guard--008 Courts Martial Case Files System of Records'' from... Homeland Security/U.S. Coast Guard--008 Courts Martial Case Files System of Records from one or...

  19. Informed consent and clinical research involving children and adolescents: implications of the revised APA ethics code and HIPAA.

    PubMed

    Fisher, Celia B

    2004-12-01

    In 2003, 2 new sets of rules and regulations affecting the conduct of clinical research involving children and adolescents went into effect: the revised American Psychological Association's (APA) Ethical Principles of Psychologists and Code of Conduct (APA, 2002; effective June 1, 2003) and the Privacy Rule (45 CFR Part 160 and A and E of Part 164; effective April; 14, 2003) of the Health Insurance Portability and Accountability Act (HIPAA: Public Law 104-191). This article highlights those APA ethical standards and HIPAA regulations relevant to clinical research involving children and adolescents and discusses how psychologists can apply these rules in ways that will ensure ethical and legal compliance.

  20. Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

    PubMed

    Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

    2015-01-01

    This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

  1. Patient privacy and social media.

    PubMed

    Hader, Amy L; Brown, Evan D

    2010-08-01

    Healthcare providers using social media must remain mindful of professional boundaries and patients' privacy rights. Facebook and other online postings must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable facility policy, state law, and AANA's Code of Ethics.

  2. Security and privacy in molecular communication and networking: opportunities and challenges.

    PubMed

    Loscrí, Valeria; Marchal, César; Mitton, Nathalie; Fortino, Giancarlo; Vasilakos, Athanasios V

    2014-09-01

    Molecular Communication (MC) is an emerging and promising communication paradigm for several multi-disciplinary domains like bio-medical, industry and military. Differently to the traditional communication paradigm, the information is encoded on the molecules, that are then used as carriers of information. Novel approaches related to this new communication paradigm have been proposed, mainly focusing on architectural aspects and categorization of potential applications. So far, security and privacy aspects related to the molecular communication systems have not been investigated at all and represent an open question that need to be addressed. The main motivation of this paper lies on providing some first insights about security and privacy aspects of MC systems, by highlighting the open issues and challenges and above all by outlining some specific directions of potential solutions. Existing cryptographic methods and security approaches are not suitable for MC systems since do not consider the pecific issues and challenges, that need ad-hoc solutions. We will discuss directions in terms of potential solutions by trying to highlight the main advantages and potential drawbacks for each direction considered. We will try to answer to the main questions: 1) why this solution can be exploited in the MC field to safeguard the system and its reliability? 2) which are the main issues related to the specific approach?

  3. A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

    PubMed

    Mishra, Raghavendra; Barnwal, Amit Kumar

    2015-05-01

    The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

  4. Security and Privacy in a Sensor-Based Search and Rescue System

    NASA Astrophysics Data System (ADS)

    Huang, Jyh-How; Black, John; Mishra, Shivakant

    With the emergence of small devices equipped with wireless communication, several sophisticated systems for search and rescue have been proposed and developed. However, a key obstacle in large deployment of these systems is vulnerability to users' security and privacy. On one hand, search and rescue systems need to collect as much information about a user's location and movement as possible to locate that user in a timely manner. On the other hand, this very capability can be misused by adversaries to stalk a person, which in turn drives users away from using such a system. This paper describes the design, implementation and performance of a security and privacy framework for SenSearch, which is a sensor-based search and rescue system for people in emergency situation in wilderness areas. This framework has been carefully built by employing a combination of symmetric and asymmetric key cryptography to meet the constraints of resource-limited devices and short time intervals during which most security operations have to be performed.

  5. A Framework for Privacy-preserving Classification of Next-generation PHR data.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

    2014-01-01

    Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy.

  6. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    NASA Astrophysics Data System (ADS)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  7. The ethical dimension of terahertz and millimeter-wave imaging technologies: security, privacy, and acceptability

    NASA Astrophysics Data System (ADS)

    Ammicht Quinn, R.; Rampp, B.

    2009-05-01

    Terahertz and millimeter-wave imaging technologies, wherever they are applied to human beings, generate problems with the "naked" body. Security issues thus inevitably lead to ethical questions of privacy and intimacy. Less apparent but no less important are other issues such as discrimination and the question of reducing this problem through post processing of data; scalability; questions of controlling the controllers; questions of proliferation. Ethical research alone can not provide acceptability. However, ultimately innovative technologies will not achieve widespread and sustainable acceptance without a fundamental clarification of the ethically relevant issues.

  8. Security and privacy services in pathology for enabling trustworthy personal health.

    PubMed

    Blobel, Bernd

    2012-01-01

    Ubiquitous personalized health services including ePathology require comprehensive, but trusted interoperability. Contrary to regulated traditional health services with pre-defined policies, the solutions enabled by mobile, pervasive and autonomous technology have to follow dynamic policies reflecting the customers changing health services needs, expectations and wishes as well as contextual and environmental conditions. The paper introduces an advanced approach to trustworthy architecture-centric, policy-driven pHealth solutions. To some details, it also addresses security and privacy ontologies to represent the required policies.

  9. Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

    NASA Astrophysics Data System (ADS)

    Slamanig, Daniel; Stingl, Christian

    In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

  10. Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

    ERIC Educational Resources Information Center

    Coronado, Adolfo S.

    2012-01-01

    Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

  11. A security and privacy preserving e-prescription system based on smart cards.

    PubMed

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

  12. Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle.

    PubMed

    Tipton, Stephen J; Forkey, Sara; Choi, Young B

    2016-04-01

    This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

  13. Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs.

    PubMed

    Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

    2016-01-01

    Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP).

  14. Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

    ERIC Educational Resources Information Center

    Edwards, Keith

    2015-01-01

    Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

  15. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  16. From sniffer dogs to emerging sniffer devices for airport security: an opportunity to rethink privacy implications?

    PubMed

    Bonfanti, Matteo E

    2014-09-01

    Dogs are known for their incredible ability to detect odours, extracting them from a "complex" environment and recognising them. This makes sniffer dogs precious assets in a broad variety of security applications. However, their use is subject to some intrinsic restrictions. Dogs can only be trained to a limited set of applications, get tired after a relatively short period, and thus require a high turnover. This has sparked a drive over the past decade to develop artificial sniffer devices-generally known as "chemical sniffers" or "electronic noses"-able to complement and possibly replace dogs for some security applications. Such devices have been already deployed, or are intended to be deployed, at borders, airports and other critical installation security checkpoints. Similarly to dogs, they are adopted for detecting residual traces that indicate either the presence of, or recent contact with, substances like drugs and explosives. It goes without saying that, as with sniffer dogs, the use of artificial sniffer devices raises many sensitive issues. Adopting an ethical and legal perspective, the present paper discusses the privacy and data protection implications of the possible deployment of a hand-held body scanning sniffer for screening passengers at EU airport security checkpoints.

  17. 76 FR 39245 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ....S. Coast Guard--008 Courts Martial Case Files System of Records; Correction AGENCY: Privacy Office.../U.S. Coast Guard--008 Courts Martial Case Files System of Records'' from certain provisions of the... system of records titled, ``Department of Homeland Security/U.S. Coast Guard -008 Courts Martial...

  18. 76 FR 66940 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-004 Protection...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... Service--004 Protection Information System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of..., ``Department of Homeland Security/United States Secret Service--004 Protection Information System of Records.'' As a result of biennial review of this system, information has been updated within the categories...

  19. Security and privacy issues in wireless sensor networks for healthcare applications.

    PubMed

    Al Ameen, Moshaddique; Liu, Jingwei; Kwak, Kyungsup

    2012-02-01

    The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures.

  20. Personal health records: Consumer attitudes toward privacy and security of their personal health information.

    PubMed

    Lafky, Deborah Beranek; Horan, Thomas A

    2011-03-01

    Personal health record (PHR) systems are a subject of intense interest in the move to improve healthcare accessibility and quality. Although a number of vendors continue to put forward PHR systems, user-centered design research has lagged, and it has not been clear what features are important to prospective PHR users. Here, we report on a user-centered design study that combines qualitative and quantitative approaches to investigate several dimensions relevant to PHR design, and to look at the effect of health status on user needs. The results indicate that health status, especially disability and chronic illness, is relevant to PHR design. Further, the results provide empirical evidence about the role of privacy and security in users' attitudes toward PHR use. The exact nature of these attitudes differs from widely held perceptions about consumer values in healthcare information management.

  1. Assuring the privacy and security of transmitting sensitive electronic health information.

    PubMed

    Peng, Charlie; Kesarinath, Gautam; Brinks, Tom; Young, James; Groves, David

    2009-11-14

    The interchange of electronic health records between healthcare providers and public health organizations has become an increasingly desirable tool in reducing healthcare costs, improving healthcare quality, and protecting population health. Assuring privacy and security in nationwide sharing of Electronic Health Records (EHR) in an environment such as GRID has become a top challenge and concern. The Centers for Disease Control and Prevention's (CDC) and The Science Application International Corporation (SAIC) have jointly conducted a proof of concept study to find and build a common secure and reliable messaging platform (the SRM Platform) to handle this challenge. The SRM Platform is built on the open standards of OASIS, World Wide Web Consortium (W3C) web-services standards, and Web Services Interoperability (WS-I) specifications to provide the secure transport of sensitive EHR or electronic medical records (EMR). Transmitted data may be in any digital form including text, data, and binary files, such as images. This paper identifies the business use cases, architecture, test results, and new connectivity options for disparate health networks among PHIN, NHIN, Grid, and others.

  2. Assuring the Privacy and Security of Transmitting Sensitive Electronic Health Information

    PubMed Central

    Peng, Charlie; Kesarinath, Gautam; Brinks, Tom; Young, James; Groves, David

    2009-01-01

    The interchange of electronic health records between healthcare providers and public health organizations has become an increasingly desirable tool in reducing healthcare costs, improving healthcare quality, and protecting population health. Assuring privacy and security in nationwide sharing of Electronic Health Records (EHR) in an environment such as GRID has become a top challenge and concern. The Centers for Disease Control and Prevention’s (CDC) and The Science Application International Corporation (SAIC) have jointly conducted a proof of concept study to find and build a common secure and reliable messaging platform (the SRM Platform) to handle this challenge. The SRM Platform is built on the open standards of OASIS, World Wide Web Consortium (W3C) web-services standards, and Web Services Interoperability (WS-I) specifications to provide the secure transport of sensitive EHR or electronic medical records (EMR). Transmitted data may be in any digital form including text, data, and binary files, such as images. This paper identifies the business use cases, architecture, test results, and new connectivity options for disparate health networks among PHIN, NHIN, Grid, and others. PMID:20351909

  3. Protocols development for security and privacy of radio frequency identification systems

    NASA Astrophysics Data System (ADS)

    Sabbagha, Fatin

    There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

  4. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... or prosecutions of violations of criminal law are exempt under 5 U.S.C. 552a(j)(2). These exemptions..., and persons when DHS/TSA suspects or has confirmed that the security or confidentiality of an... entities where it would assist in the enforcement of civil or criminal laws. Additionally, DHS/TSA...

  5. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... records containing the results from TSA's intelligence-driven risk- based analysis of Secure Flight... CFR Sec. 1560. \\1\\ 77 FR 69491 (Nov. 19, 2012). Under sec. 4012(a)(1)-(2) of the Intelligence Reform... Intelligence Agency, the Secretary of the Treasury, and the Secretary of Defense. The Attorney General,...

  6. A Practitioner's Response to the New Health Privacy Regulations

    ERIC Educational Resources Information Center

    Yang, Julia A.; Kombarakaran, Francis A.

    2006-01-01

    The established professional practice requiring informed consent for the disclosure of personal health information with its implied right to privacy suffered a serious setback with the first federal privacy initiative of the Bush administration. The new Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L. 104-191) privacy…

  7. Privacy Act

    EPA Pesticide Factsheets

    Learn about the Privacy Act of 1974, the Electronic Government Act of 2002, the Federal Information Security Management Act, and other information about the Environmental Protection Agency maintains its records.

  8. 75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-10

    ... Stamp be distributed. The records in the system are considered permanent Federal Government records, as... Emergency Management Agency System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of retirement of a Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974 the...

  9. 'Second generation' Internet e-health: the gladiator for HIPAA compliance?

    PubMed

    Korpman, R A; Rose, J S

    2001-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) is intended to simplify administrative processes and improve health information security. There are a number of traditional ways to address the expense and complexities of simplification, but none of them are bargains or beauties to behold: (1) Do-it-yourself encryption; (2) new back-end system purchases; (3) legacy system re-programming; or (4) onerous paper documentation. The good news is that 'second generation' e-health solutions are emerging that act as internal "wrappers" for health plan or provider data systems. They provide both an interface for end-users and a layer of security for organizational information and allow detailed patient-related data to remain at the system owner's physical location. These second generation solutions don't just 'connect,' data, they actually 'understand' the information, and can use data elements to invoke necessary rules, processing pathways, or personalization for specific stakeholders as required by HIPAA.

  10. The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

    PubMed Central

    Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

    2015-01-01

    Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater

  11. The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

    PubMed

    Pandya, Sheel M

    2010-05-01

    Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data.

  12. Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks.

    PubMed

    Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions.

  13. Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

    PubMed Central

    Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  14. The Secret to Health Information Technology's Success within the Diabetes Patient Population: A Comprehensive Privacy and Security Framework

    PubMed Central

    Pandya, Sheel M.

    2010-01-01

    Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. PMID:20513342

  15. Implementing HIPAA: a manager's blueprint.

    PubMed

    Entin, A

    2001-12-01

    The Health Insurance Portability and Accountability Act of 1996 will prove to be one of the most far-reaching health care reform laws of our generation. Virtually every sector of health care will need to reengineer its systems to protect its patient information infrastructure, and combat waste and abuse. The benefits will justify the efforts and costs if the result is a system in which patient medical information is protected, and information will begin to flow between payers and providers in a seamless, standardized and secure fashion. This article studies various strategies and approaches that management may use to maximize compliance efforts.

  16. Advances and current state of the security and privacy in electronic health records: survey from a social perspective.

    PubMed

    Tejero, Antonio; de la Torre, Isabel

    2012-10-01

    E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

  17. Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

    PubMed

    Namoğlu, Nihan; Ulgen, Yekta

    2013-01-01

    Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

  18. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

  19. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    PubMed

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas.

  20. Privacy preserving, real-time and location secured biometrics for mCommerce authentication

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Al-Assam, Hisham; Jassim, Sabah; Lami, Ihsan A.

    2011-06-01

    Secure wireless connectivity between mobile devices and financial/commercial establishments is mature, and so is the security of remote authentication for mCommerce. However, the current techniques are open for hacking, false misrepresentation, replay and other attacks. This is because of the lack of real-time and current-precise-location in the authentication process. This paper proposes a new technique that includes freshly-generated real-time personal biometric data of the client and present-position of the mobile device used by the client to perform the mCommerce so to form a real-time biometric representation to authenticate any remote transaction. A fresh GPS fix generates the "time and location" to stamp the biometric data freshly captured to produce a single, real-time biometric representation on the mobile device. A trusted Certification Authority (CA) acts as an independent authenticator of such client's claimed realtime location and his/her provided fresh biometric data. Thus eliminates the necessity of user enrolment with many mCommerce services and application providers. This CA can also "independently from the client" and "at that instant of time" collect the client's mobile device "time and location" from the cellular network operator so to compare with the received information, together with the client's stored biometric information. Finally, to preserve the client's location privacy and to eliminate the possibility of cross-application client tracking, this paper proposes shielding the real location of the mobile device used prior to submission to the CA or authenticators.

  1. Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs

    PubMed Central

    Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

    2016-01-01

    Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP). PMID:28269828

  2. College Student Records: Legal Issues, Privacy, and Security Concerns. ERIC Digest.

    ERIC Educational Resources Information Center

    Holub, Tamara

    This digest briefly reviews the provisions of the Family Educational Rights and Privacy Act (FERPA) of 1974 (the Buckley Amendment), which sets out legal guidelines regarding the privacy of student records and the provisions of the U.S. Patriot Act, along with the measures some colleges are implementing to comply with these laws and improve the…

  3. 76 FR 34616 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... Facility Anti-Terrorism Standards Personnel Surety Program System of Records AGENCY: Privacy Office, DHS... Standards Personnel Surety Program System of Records and this proposed rulemaking. In this proposed... of the Privacy Act because of criminal, civil, and administrative enforcement requirements....

  4. 76 FR 42005 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... Tracker and Senior Watch Officer Logs Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final... Officer Logs Records System of Records'' from certain provisions of the Privacy Act. Specifically, the... Officer Logs Records System of Records. The DHS/OPS-002 National Operations Center Tracker and...

  5. Comparing HIPAA practices in two multi-hospital systems.

    PubMed

    Rada, Roy; Klawans, Chuck; Newton, Tom

    2002-01-01

    The comparison of HIPAA compliance efforts at two multi-hospital networks (Children's Health System and Carilion Health System) suggests a framework for classifying practices and for facilitating the integration of further case studies into a national library of HIPAA practices.

  6. A new concept of real-time security camera monitoring with privacy protection by masking moving objects

    NASA Astrophysics Data System (ADS)

    Yabuta, Kenichi; Kitazawa, Hitoshi; Tanaka, Toshihisa

    2006-02-01

    Recently, monitoring cameras for security have been extensively increasing. However, it is normally difficult to know when and where we are monitored by these cameras and how the recorded images are stored and/or used. Therefore, how to protect privacy in the recorded images is a crucial issue. In this paper, we address this problem and introduce a framework for security monitoring systems considering the privacy protection. We state requirements for monitoring systems in this framework. We propose a possible implementation that satisfies the requirements. To protect privacy of recorded objects, they are made invisible by appropriate image processing techniques. Moreover, the original objects are encrypted and watermarked into the image with the "invisible" objects, which is coded by the JPEG standard. Therefore, the image decoded by a normal JPEG viewer includes the objects that are unrecognized or invisible. We also introduce in this paper a so-called "special viewer" in order to decrypt and display the original objects. This special viewer can be used by limited users when necessary for crime investigation, etc. The special viewer allows us to choose objects to be decoded and displayed. Moreover, in this proposed system, real-time processing can be performed, since no future frame is needed to generate a bitstream.

  7. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    PubMed

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  8. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    PubMed Central

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  9. Privacy vs Usability: A Qualitative Exploration of Patients' Experiences With Secure Internet Communication With Their General Practitioner

    PubMed Central

    Tran, Trung; Faxvaag, Arild

    2005-01-01

    Background Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. Objectives The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Methods Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Results Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Conclusions Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using

  10. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

    PubMed Central

    2013-01-01

    Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or

  11. Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

    PubMed Central

    Fernández-Alemán, José Luis; Toval, Ambrosio

    2012-01-01

    Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

  12. 78 FR 55657 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-11

    ... certified true copy of the information, prior to TSA approving eligibility of the applicant for the TSA Pre... Subjects in 6 CFR Part 5 Freedom of information; Privacy. For the reasons stated in the preamble,...

  13. Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

    PubMed Central

    Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

    2015-01-01

    Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose

  14. Conceptual privacy framework for health information on wearable device.

    PubMed

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup.

  15. Conceptual Privacy Framework for Health Information on Wearable Device

    PubMed Central

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

  16. Automated secured cost effective key refreshing technique to enhance WiMAX privacy key management

    NASA Astrophysics Data System (ADS)

    Sridevi, B.; Sivaranjani, S.; Rajaram, S.

    2013-01-01

    In all walks of life the way of communication is transformed by the rapid growth of wireless communication and its pervasive use. A wireless network which is fixed and richer in bandwidth is specified as IEEE 802.16, promoted and launched by an industrial forum is termed as Worldwide Interoperability for Microwave Access (WiMAX). This technology enables seamless delivery of wireless broadband service for fixed and/or mobile users. The obscurity is the long delay which occurs during the handoff management in every network. Mobile WiMAX employs an authenticated key management protocol as a part of handoff management in which the Base Station (BS) controls the distribution of keying material to the Mobile Station (MS). The protocol employed is Privacy Key Management Version 2- Extensible Authentication Protocol (PKMV2-EAP) which is responsible for the normal and periodical authorization of MSs, reauthorization as well as key refreshing. Authorization key (AK) and Traffic Encryption key (TEK) plays a vital role in key exchange. When the lifetime of key expires, MS has to request for a new key to BS which in turn leads to repetition of authorization, authentication as well as key exchange. To avoid service interruption during reauthorization , two active keys are transmitted at the same time by BS to MS. The consequences of existing work are hefty amount of bandwidth utilization, time consumption and large storage. It is also endured by Man in the Middle attack and Impersonation due to lack of security in key exchange. This paper designs an automatic mutual refreshing of keys to minimize bandwidth utilization, key storage and time consumption by proposing Previous key and Iteration based Key Refreshing Function (PKIBKRF). By integrating PKIBKRF in key generation, the simulation results indicate that 21.8% of the bandwidth and storage of keys are reduced and PKMV2 mutual authentication time is reduced by 66.67%. The proposed work is simulated with Qualnet model and

  17. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed Central

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can’t. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk. PMID:27186282

  18. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can't. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk.

  19. 78 FR 25282 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-008...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-30

    ... private sector in disaster management pursuant to 6 U.S.C. 313(b)(2); added (H)(6) to facilitate the... uses; incorporate congressionally mandated routine uses per 42 U.S.C. 5714(f)(2) as to sharing.... Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland...

  20. 78 FR 43890 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-22

    ... magnetic disc, tape, and digital media. Retrievability: Records may be retrieved by individual's name... Program Web site and routine use (K) for sharing information with news media and the public, with approval... organization. K. To the news media and the public, with the approval of the Chief Privacy Officer...

  1. Balancing Student Privacy, Campus Security, and Public Safety: Issues for Campus Leaders. Perspectives, Winter 2008

    ERIC Educational Resources Information Center

    McBain, Lesley

    2008-01-01

    The complex issues of promoting student mental health, privacy and public safety, and the balance among them, weigh on the minds of institutional leaders, educational policymakers, and local, state and federal officials. American campuses have a proud history of intellectual freedom, openness and public accessibility to their communities. However,…

  2. 76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-28

    ... making the disclosure. J. To the news media and the public, with the approval of the Chief Privacy... magnetic disc, tape, digital media, and CD-ROM. Retrievability: Records may be retrieved by case/incident..., attract significant attention in the media, attract congressional attention, result in substantive...

  3. 75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ..., Reporting, Analysis, and Fusion System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed..., and Fusion System of Records and this proposed rulemaking. In this proposed rulemaking, the Department... Fusion System of Records.'' This system of records will allow DHS/OPS, including the NOC, to...

  4. 76 FR 12609 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-08

    ... Operations Center Tracker and Senior Watch Officer Logs System of Records AGENCY: Privacy Office, DHS. ACTION... and Senior Watch Officer Logs System of Records and this proposed rulemaking. The National Operations... records titled, ``DHS/OPS--002 National Operations Center Tracker and Senior Watch Officer Logs System...

  5. 77 FR 31371 - Public Workshop: Privacy Compliance Workshop

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-25

    ... compliance fundamentals, privacy and data security, and the privacy compliance life cycle. A learning lunch... SECURITY Office of the Secretary Public Workshop: Privacy Compliance Workshop AGENCY: Privacy Office, DHS. ACTION: Notice Announcing Public Workshop. SUMMARY: The Department of Homeland Security Privacy...

  6. 75 FR 9085 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-01

    ... Federal Regulations, which is published #0;under 50 titles pursuant to 44 U.S.C. 1510. #0; #0;The Code of... Visa Security Program Tracking System (VSPTS-Net) in support of Section 428 of the Homeland Security Act of 2002. Under the Visa Security Program, ICE conducts security reviews of visa applicants....

  7. HIPAA Business Associate Contracts: the value of contracts for case managers.

    PubMed

    Muller, Lynn S

    2003-01-01

    Case Managers are in the middle of the upcoming HIPAA regulation changes, with the issuance of the Final Privacy Rule. Every case obliges case managers to work with Individually Identifiable Health Information (IIHI) and Protected Health Information (PHI). The purpose of this article is to provide case managers in all practice settings with a clear understanding of a "Business Associate," of a "Covered Entity," and of the specifics of a Business Associate Contract. This information will demonstrate how case managers can benefit from the use of these contracts in their business life. As an essential component of an organization's compliance plan, Business Associate Contracts can become a sword or a shield. This article is particularly helpful to case managers in independent practice, as well as those who work for Covered Entities.

  8. Security: keeping the flame alive.

    PubMed

    Amatayakul, Margret

    2005-02-01

    With HIPAA's information security deadline looming, providers shouldn't lose sight of why they're putting forth so much effort. The end goal isn't merely one-time compliance, but establishing ongoing protections for the organization.

  9. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... on Doctrine of Cybersecurity relating to computer security research, --Presentation on from National...'', --Medical Device and relating security concerns, --Presentation on National Initiative for Cybersecurity Education (NICE) and Cybersecurity Awareness, --Presentations from Mississippi State Research on...

  10. 78 FR 27276 - Privacy Act; System of Records: Security Records, State-36

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-09

    ... Act; System of Records: Security Records, State-36 SUMMARY: Notice is hereby given that the Department of State proposes to amend an existing system of records, Security Records, State-36, pursuant to the... Department of State proposes that the current system retain the name ``Security Records''...

  11. HIPAA and the military health system: organizing technological and organizational reform in large enterprises

    NASA Astrophysics Data System (ADS)

    Collmann, Jeff R.

    2001-08-01

    The global scale, multiple units, diverse operating scenarios and complex authority structure of the Department of Defense Military Health System (MHS) create social boundaries that tend to reduce communication and collaboration about data security. Under auspices of the Defense Health Information Assurance Program (DHIAP), the Telemedicine and Advanced Technology Research Center (TATRC) is contributing to the MHS's efforts to prepare for and comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 through organizational and technological innovations that bridge such boundaries. Building interdisciplinary (clinical, administrative and information technology) medical information security readiness teams (MISRT) at each military treatment facility (MTF) constitutes the heart of this process. DHIAP is equipping and training MISRTs to use new tools including 'OCTAVE', a self-directed risk assessment instrument and 'RIMR', a web-enabled Risk Information Management Resource. DHIAP sponsors an interdisciplinary, triservice workgroup for review and revision of relevant DoD and service policies and participates in formal DoD health information assurance activities. These activities help promote a community of proponents across the MHS supportive of improved health information assurance. The MHS HIPAA-compliance effort teaches important general lessons about organizational reform in large civilian or military enterprises.

  12. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

    PubMed

    Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

    2014-08-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community.

  13. 76 FR 70638 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ..., the enforcement of civil and criminal laws; investigations, inquiries, and proceedings there under... Privacy Act because of criminal, civil, and administrative enforcement requirements. DATES: Effective Date... more provisions of the Privacy Act because of criminal, civil, and administrative...

  14. 75 FR 10633 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-09

    ... United States Immigration and Customs Enforcement-- 011 Immigration and Enforcement Operational Records... Security/U.S. Immigration and Customs Enforcement system of records titled, ``Department of Homeland Security/U.S. Immigration and Customs Enforcement--011 Removable Alien Records System of Records''...

  15. 76 FR 60387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ..., manages this process. To reduce any risk of unauthorized access, FEMA SARs are secured in a room monitored by FEMA OCSO special agents and analysts. FEMA SARs may shared with federal, state, local, and tribal.... FEMA SARs that do not have a nexus to terrorism or hazards to homeland security, as determined by...

  16. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Model privacy form and examples. 160.2 Section 160.2 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A...

  17. 6 CFR 1002.4 - Responses to Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Responses to Privacy Act requests. 1002.4 Section 1002.4 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.4 Responses to Privacy Act requests. (a) Acknowledgement. The Privacy Act...

  18. Potential impact of HITECH security regulations on medical imaging.

    PubMed

    Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

    2009-01-01

    Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers.

  19. 78 FR 55274 - Privacy Act of 1974; Department of Homeland Security/Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... security threat assessment of law enforcement, immigration, and intelligence databases, including a fingerprint-based criminal history records check conducted through the Federal Bureau of Investigation (FBI... misidentification or inaccurate criminal or immigration records. Consistent with 28 CFR 50.12 in cases...

  20. 75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-19

    ... available at http://csrc.nist.gov/groups/SMA/ispab/index.html/ . Agenda: --Cloud Computing Implementations... --Cloud Computing Implementations --Security Issues in Broadband Plan --NIST Issues--research, key...

  1. Technology in Counselor Education: HIPAA and HITECH as Best Practice

    ERIC Educational Resources Information Center

    Wilkinson, Tyler; Reinhardt, Rob

    2015-01-01

    The use of technology in counseling is expanding. Ethical use of technology in counseling practice is now a stand-alone section in the 2014 American Counseling Association "Code of Ethics." The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act…

  2. HIPAA administrative simplification: enforcement. Interim final rule; request for comments.

    PubMed

    2009-10-30

    The Secretary of the Department of Health and Human Services (HHS) adopts this interim final rule to conform the enforcement regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the effective statutory revisions made pursuant to the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), which was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA). More specifically, this interim final rule amends HIPAA's enforcement regulations, as they relate to the imposition of civil money penalties, to incorporate the HITECH Act's categories of violations, tiered ranges of civil money penalty amounts, and revised limitations on the Secretary's authority to impose civil money penalties for established violations of HIPAA's Administrative Simplification rules (HIPAA rules). This interim final rule does not make amendments with respect to those enforcement provisions of the HITECH Act that are not yet effective under the applicable statutory provisions. Such amendments will be subject to forthcoming rulemaking(s).

  3. HIPAA Compliance with Mobile Devices Among ACGME Programs.

    PubMed

    McKnight, Randall; Franko, Orrin

    2016-05-01

    To analyze self-reported HIPAA compliance with mobile technologies among residents, fellows, and attendings at ACGME training programs. A digital survey was sent to 678 academic institutions over a 1-month period. 2427 responses were analyzed using Chi-squared tests for independence. Post-hoc Bonferroni correction was applied for all comparisons between training levels, clinical setting, and specialty. 58 % of all residents self-report violating HIPAA by sharing protected health information (PHI) via text messaging with 27 % reporting they do it "often" or "routinely" compared to 15-19 % of attendings. For all specialties, 35 % of residents use text messaging photo or video sharing with PHI. Overall, 5 % of respondents "often" or "routinely" used HIPAA compliant (HCApps) with no significant differences related to training level. 20 % of residents admitted to using non-encrypted email at some point. 53 % of attendings and 41 % of residents utilized encrypted email routinely. Physicians from surgical specialties compared to non-surgical specialties demonstrated higher rates of HIPAA violations with SMS use (35 % vs. 17.7 %), standard photo/video messages (16.3 % vs. 4.7 %), HCApps (10.9 % vs. 4.9 %), and non-HCApps (5.6 % vs 1.5 %). The most significant barriers to complying with HIPAA were inconvenience (58 %), lack of knowledge (37 %), unfamiliarity (34 %), inaccessible (29 %) and habit (24 %). Medical professionals must acknowledge that despite laws to protect patient confidentiality in the era of mobile technology, over 50 % of current medical trainees knowingly violate these rules regularly despite the threat of severe consequences. The medical community must further examine the reason for these inconsistencies and work towards possible solutions.

  4. 76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-08

    ... magnetic disc, tape, digital media, and CD-ROM. Retrievability: Much of the data within this system does... media in the interest of the public. A review of this system is being conducted to determine if the... security analysis and reporting; Public source data including commercial databases, media, newspapers,...

  5. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-02

    ... 20899-8930, telephone: (301) 975- 2006, or by email at: annie.sokol@nist.gov . SUPPLEMENTARY INFORMATION... Commerce, the Director of the Office of Management and Budget, and the Director of NIST on security and... available at http://csrc.nist.gov/groups/SMA/ispab/index.html . The agenda is expected to include...

  6. 78 FR 31955 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-28

    ..., immigration, intelligence, or other homeland security functions. In addition, information may be shared with... commentary from immigration enforcement officers, which includes references to active criminal and other..., intelligence, and other DHS mission-related functions. Data is also used to provide associated...

  7. 77 FR 33605 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... data is not used against an individual. System users are trained to verify information obtained from... rule is effective June 7, 2012. FOR FURTHER INFORMATION CONTACT: For general questions please contact... 20528. SUPPLEMENTARY INFORMATION: Background The Department of Homeland Security (DHS) Office...

  8. 76 FR 18954 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program... Agency--011 Training and Exercise Program Records System of Records'' and this proposed rulemaking. In... DHS system of records titled, ``DHS/FEMA--011 Training and Exercise Program Records System of...

  9. 75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-23

    ... Research in Computer Forensics, --CIO Panel discussion on value of clearances for understanding of threat.... All sessions will be open to the public. The ISPAB was established by the Computer ] Security Act of... pertaining to federal computer systems. Details regarding the ISPAB's activities are available at...

  10. EGRP Privacy Policy & Disclaimers

    Cancer.gov

    The Epidemiology and Genomics Research Program complies with requirements for privacy and security established by the Office of Management and Budget, Department of Health and Human Services, the National Institutes of Health, and the National Cancer Institute.

  11. Inter-BSs virtual private network for privacy and security enhanced 60 GHz radio-over-fiber system

    NASA Astrophysics Data System (ADS)

    Zhang, Chongfu; Chen, Chen; Zhang, Wei; Jin, Wei; Qiu, Kun; Li, Changchun; Jiang, Ning

    2013-06-01

    A novel inter-basestations (inter-BSs) based virtual private network (VPN) for the privacy and security enhanced 60 GHz radio-over-fiber (RoF) system using optical code-division multiplexing (OCDM) is proposed and demonstrated experimentally. By establishing inter-BSs VPN overlaying the network structure of a 60 GHz RoF system, the express and private paths for the communication of end-users under different BSs can be offered. In order to effectively establish the inter-BSs VPN, the OCDM encoding/decoding technology is employed in the RoF system. In each BS, a 58 GHz millimeter-wave (MMW) is used as the inter-BSs VPN channel, while a 60 GHz MMW is used as the common central station (CS)-BSs communication channel. The optical carriers used for the downlink, uplink and VPN link transmissions are all simultaneously generated in a lightwave-centralized CS, by utilizing four-wave mixing (FWM) effect in a semiconductor optical amplifier (SOA). The obtained results properly verify the feasibility of our proposed configuration of the inter-BSs VPN in the 60 GHz RoF system.

  12. November 18, 1998 meeting Forum on Privacy and Security in Healthcare

    DTIC Science & Technology

    2007-11-02

    complies with such policy was perceived to be an equally challenging task. With these problems as a back-drop, high-level education was provided to...and Technology), opened the meeting by providing background on the sponsoring organizations. The purpose of NIAP is to increase the quality of...assessing compliance of security-enhanced IT products to such policies and regulations. Given the impact of such policies and regulations to all in

  13. Measures for assessing architectural speech security (privacy) of closed offices and meeting rooms

    NASA Astrophysics Data System (ADS)

    Gover, Bradford N.; Bradley, John S.

    2004-12-01

    Objective measures were investigated as predictors of the speech security of closed offices and rooms. A new signal-to-noise type measure is shown to be a superior indicator for security than existing measures such as the Articulation Index, the Speech Intelligibility Index, the ratio of the loudness of speech to that of noise, and the A-weighted level difference of speech and noise. This new measure is a weighted sum of clipped one-third-octave-band signal-to-noise ratios; various weightings and clipping levels are explored. Listening tests had 19 subjects rate the audibility and intelligibility of 500 English sentences, filtered to simulate transmission through various wall constructions, and presented along with background noise. The results of the tests indicate that the new measure is highly correlated with sentence intelligibility scores and also with three security thresholds: the threshold of intelligibility (below which speech is unintelligible), the threshold of cadence (below which the cadence of speech is inaudible), and the threshold of audibility (below which speech is inaudible). The ratio of the loudness of speech to that of noise, and simple A-weighted level differences are both shown to be well correlated with these latter two thresholds (cadence and audibility), but not well correlated with intelligibility. .

  14. Privacy in confidential administrative micro data: implementing statistical disclosure control in a secure computing environment.

    PubMed

    Hochfellner, Daniela; Müller, Dana; Schmucker, Alexandra

    2014-12-01

    The demand for comprehensive and innovative data is constantly growing in social science. In particular, micro data from various social security agencies become more and more attractive. In contrast to survey data, administrative data offer a census with highly reliable information but are restricted in their usage. To make them accessible for researchers, data or research output either have to be anonymized or released after disclosure review procedures have been used. This article discusses the trade-off between maintaining a high capability of research potential while protecting private information, by exploiting the data disclosure portfolio and the adopted disclosure strategies of the Research Data Center of the German Federal Employment Agency.

  15. 75 FR 28035 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ..., and to prevent discrimination and identity theft), program analysis, monitoring and compliance... identity theft. II. Privacy Act The Privacy Act embodies fair information principles in a statutory..., managers, and administrators; and Individuals who may have been victims of identity theft and have...

  16. 76 FR 70637 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ... certain provisions of the Privacy Act. Specifically, the Department exempts portions of the ``Department... Automated Background Functions System of Records'' from one or more provisions of the Privacy Act because of... 29, 2011, proposing to exempt portions of the system of records from one or more provisions of...

  17. Federal Privacy Laws That Apply to Children and Education. Safeguarding Data

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2014

    2014-01-01

    This table identifies and briefly describes the following federal policies that safeguard and protect the confidentiality of personal information: (1) Family Educational Rights and Privacy Act (FERPA); (2) Protection of Pupil Rights Amendment (PPRA); (3) Health Insurance Portability and Accountability Act (HIPAA); (4) Children's Online Privacy…

  18. A tracking and verification system implemented in a clinical environment for partial HIPAA compliance

    NASA Astrophysics Data System (ADS)

    Guo, Bing; Documet, Jorge; Liu, Brent; King, Nelson; Shrestha, Rasu; Wang, Kevin; Huang, H. K.; Grant, Edward G.

    2006-03-01

    The paper describes the methodology for the clinical design and implementation of a Location Tracking and Verification System (LTVS) that has distinct benefits for the Imaging Department at the Healthcare Consultation Center II (HCCII), an outpatient imaging facility located on the USC Health Science Campus. A novel system for tracking and verification of patients and staff in a clinical environment using wireless and facial biometric technology to monitor and automatically identify patients and staff was developed in order to streamline patient workflow, protect against erroneous examinations and create a security zone to prevent and audit unauthorized access to patient healthcare data under the HIPAA mandate. This paper describes the system design and integration methodology based on initial clinical workflow studies within a clinical environment. An outpatient center was chosen as an initial first step for the development and implementation of this system.

  19. THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

    NASA Astrophysics Data System (ADS)

    Karabat, Cagatay; Kiraz, Mehmet Sabir; Erdogan, Hakan; Savas, Erkay

    2015-12-01

    In this paper, we introduce a new biometric verification and template protection system which we call THRIVE. The system includes novel enrollment and authentication protocols based on threshold homomorphic encryption where a private key is shared between a user and a verifier. In the THRIVE system, only encrypted binary biometric templates are stored in a database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during authentication. Due to the underlying threshold homomorphic encryption scheme, a malicious database owner cannot perform full decryption on encrypted templates of the users in the database. In addition, security of the THRIVE system is enhanced using a two-factor authentication scheme involving user's private key and biometric data. Using simulation-based techniques, the proposed system is proven secure in the malicious model. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form, but needs to prove her identity by using biometrics. The system can be used with any biometric modality where a feature extraction method yields a fixed size binary template and a query template is verified when its Hamming distance to the database template is less than a threshold. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biometric templates on a desktop PC running with quad core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real-life applications.

  20. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  1. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in...

  2. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  3. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Model privacy form and... (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A...

  4. Location Privacy in RFID Applications

    NASA Astrophysics Data System (ADS)

    Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

    RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

  5. 76 FR 58524 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-21

    ... Imaging Technology by the Transportation Security Administration's Privacy Officer. In addition, the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Privacy and Integrity Advisory Committee will meet on October 5, 2011, in Arlington, VA. The meeting...

  6. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule....

  7. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule....

  8. 6 CFR 1002.3 - Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 6 Domestic Security 1 2014-01-01 2014-01-01 false Privacy Act requests. 1002.3 Section 1002.3 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.3 Privacy Act requests. (a) Requests to determine if you are the subject of a record. You...

  9. 75 FR 404 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-009...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ... branches of the U.S. Government. The Privacy Act exemptions for this system go unchanged and the Final Rule... provided. Docket: For access to the docket to read background documents or comments received go to...

  10. 78 FR 7798 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-010...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    ... more accurately reflect the types of information collected and maintained on Confidential Informants... place of birth, immigration history, documentation of information received and monetary payment, and... residents. As a matter of policy, DHS extends administrative Privacy Act protections to all...

  11. 76 FR 67621 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ... of the Privacy Act because of criminal, civil, and administrative enforcement requirements. DATES... the subject to avoid detection or apprehension. The exemptions proposed here are standard law... of civil and criminal laws; investigations, inquiries, and proceedings thereunder; national...

  12. Modifications of graduate public/community health nursing internships to facilitate compliance with Institutional Review Board and Health Insurance Portability and Accountability Act (HIPAA) regulations.

    PubMed

    Foss, Gwendolyn F

    2005-01-01

    This paper describes the changes that were made to a two-semester graduate internship course to facilitate student compliance with Institutional Review Board (IRB) and agency requirements for compliance with the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). Students now spend the first semester of the internship developing collaborative relationships with the agency and conceptualizing, planning, and developing all aspects of the project, including preparing materials for an IRB review. A series of workshops about the IRB process, the Privacy Rule of HIPAA, and on-line resources have been developed. A password-protected web site and other resources were developed for preceptors. The result of the changes has been primarily positive. By having to conceptualize and develop the entire project at the beginning, students demonstrate a better understanding of program development and evaluation. Their writing has markedly improved. Preceptors like the course revisions, the convenience of on-line resources, and the enhanced course focus on the protection of health care information and of potential participants in health education programs or program evaluation projects.

  13. Speech privacy: Beyond architectural solutions

    NASA Astrophysics Data System (ADS)

    Mazer, Susan

    2005-09-01

    HIPAA regulations have brought unparalleled pressures on healthcare organizations to protect private and confidential information from reaching third parties. Yet, as this paper explains, often in the middle of noisy corridors and waiting rooms, this same information needs to be quickly transferred from physician to nurse to family member to others for the care of patients. Research and examples are presented that show that when families, patients, staff are participating together, although independently, in the same or adjacent spaces, the ``caf effect'' produces rising noise levels as each person competes to be heard. This threatens the very confidentiality demanded by HIPAA. Solutions to this problem are not easy or completely resolved by engineering or design specifications. This paper makes the case that it is ultimately the culture of a healthcare organization that determines the ``sound'' of a hospital, and any other organization that battles openness with privacy. It presents and discusses proven solutions to address culture in tandem with architectural and acoustic design interventions.

  14. A Formalization of HIPAA for a Medical Messaging System

    NASA Astrophysics Data System (ADS)

    Lam, Peifung E.; Mitchell, John C.; Sundaram, Sharada

    The complexity of regulations in healthcare, financial services, and other industries makes it difficult for enterprises to design and deploy effective compliance systems. We believe that in some applications, it may be practical to support compliance by using formalized portions of applicable laws to regulate business processes that use information systems. In order to explore this possibility, we use a stratified fragment of Prolog with limited use of negation to formalize a portion of the US Health Insurance Portability and Accountability Act (HIPAA). As part of our study, we also explore the deployment of our formalization in a prototype hospital Web portal messaging system.

  15. Instrumentation for measuring speech privacy in rooms

    NASA Astrophysics Data System (ADS)

    Horrall, Thomas; Pirn, Rein; Markham, Ben

    2003-10-01

    Federal legislation pertaining to oral privacy in healthcare and financial services industries has increased the need for a convenient and economical way to document speech privacy conditions in offices, medical examination rooms, and certain other workspaces. This legislation is embodied in the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA). Both laws require that reasonable measures be put in place to safeguard the oral privacy of patients and clients. While techniques for privacy documentation are known within the acoustical consulting community, it is unlikely that community alone has the capacity to provide the surveys needed to evaluate acoustical conditions and demonstrate compliance with the legislation. A portable computer with integrated soundboard and a suitable amplified loudspeaker and test microphone are all that are needed to perform in situ measurements of articulation index or other accepted indices of speech privacy. Along with modest training, such instrumentation allows technicians to survey a large number of sites economically. Cost-effective components are shown that can meet the requirements for testing in most common environments where oral privacy is likely to be required. Example cases are presented to demonstrate the feasibility of such instrumentation.

  16. 75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... missions and functions, including, but not limited to the enforcement of civil and criminal laws... because of criminal, civil, and administrative enforcement requirements. DATES: Effective Date: This final... records from one or more provisions of the Privacy Act because of criminal, civil, and...

  17. 76 FR 66937 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-003 Non...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... Service--003 Non-Criminal Investigation Information System of Records AGENCY: Privacy Office, DHS. ACTION... Investigation Information System.'' As a result of biennial review of this system, records have been updated...-Criminal Investigation Information System of Records. As a result of biennial review of this...

  18. 76 FR 49497 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-001 Criminal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... Service--001 Criminal Investigation Information System of Records AGENCY: Privacy Office; DHS. ACTION... Investigation Information System of Records.'' As a result of biennial review of this system, records have been..., DHS/USSS-001 Criminal Investigation Information System. As a result of biennial review of this...

  19. 77 FR 33683 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security, U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... Intelligence (AFI) System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking... Border Protection--017 Analytical Framework for Intelligence (AFI) System of Records'' and this proposed... Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.''...

  20. 77 FR 47767 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-10

    ....S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of... Framework for Intelligence (AFI) System of Records'' from certain provisions of the Privacy Act... Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records'' from one or...

  1. Privacy Issues and New Technologies.

    ERIC Educational Resources Information Center

    Colman, Sue

    1997-01-01

    Issues of privacy, anonymity, and computer security emerging with advancing information technology are outlined, and implications for universities are discussed. Emphasis is on the Australian context and on Australian government and international initiatives concerning privacy. Sensitive information categories are identified, and measures…

  2. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  3. 48 CFR 1552.224-70 - Social security numbers of consultants and certain sole proprietors and Privacy Act statement.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Social security numbers of... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.224-70 Social security numbers of consultants and... provision in all solicitations. Social Security Numbers of Consultants and Certain Sole Proprietors...

  4. 78 FR 51197 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-20

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office... Privacy and Integrity Advisory Committee will meet on September 12, 2013, in Washington, DC. The meeting will be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet...

  5. 76 FR 39406 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy and... applicants for appointment to the DHS Data Privacy and Integrity Advisory Committee. DATES: Applications...

  6. 76 FR 8754 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee meeting. SUMMARY: The DHS Data Privacy and Integrity.... DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Wednesday, March 9, 2011,...

  7. 77 FR 37685 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-22

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy and... applicants for appointment to the DHS Data Privacy and Integrity Advisory Committee. ] DATES:...

  8. 75 FR 8087 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and Integrity.... DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Thursday, March 18, 2010,...

  9. 75 FR 52769 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-27

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee meeting. SUMMARY: The DHS Data Privacy and Integrity... public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Tuesday, September...

  10. 78 FR 55088 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-09

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy and... applicants for appointment to the DHS Data Privacy and Integrity Advisory Committee. DATES: Applications...

  11. 32 CFR 806b.51 - Privacy and the Web.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when... 32 National Defense 6 2011-07-01 2011-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post...

  12. 32 CFR 806b.51 - Privacy and the Web.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post...

  13. 76 FR 19110 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... the Department. The assessments were approved and published on the Privacy Office's Web site between May 3, 2010 and January 7, 2011. DATES: The Privacy Impact Assessments are available on the DHS...

  14. 20 CFR 401.30 - Privacy Act and other responsibilities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Privacy Act and other responsibilities. 401.30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.30 Privacy Act and other responsibilities....

  15. 20 CFR 401.30 - Privacy Act and other responsibilities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Privacy Act and other responsibilities. 401.30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.30 Privacy Act and other responsibilities....

  16. 20 CFR 401.30 - Privacy Act and other responsibilities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Privacy Act and other responsibilities. 401.30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.30 Privacy Act and other responsibilities....

  17. State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2011

    2011-01-01

    Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

  18. Development of a HIPAA-compliant environment for translational research data and analytics.

    PubMed

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58.

  19. Privacy-enhanced electronic mail

    NASA Astrophysics Data System (ADS)

    Bishop, Matt

    1990-06-01

    The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

  20. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices §...

  1. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices §...

  2. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt...

  3. 75 FR 28051 - Public Workshop: Pieces of Privacy

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Agreements. A case study will be used to illustrate a step-by-step approach to researching, preparing, and... SECURITY Office of the Secretary Public Workshop: Pieces of Privacy AGENCY: Privacy Office, DHS. ACTION: Notice announcing public workshop. SUMMARY: The Department of Homeland Security Privacy Office will...

  4. 75 FR 5614 - Privacy Act of 1974; Department of Homeland Security/ALL-025 Law Enforcement Authority in Support...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... secured by DHS. The results are also used to pursue criminal prosecutions or civil penalty actions against... carry out national security, law enforcement, immigration, intelligence, or other functions consistent... person or entity involved in, or suspected of being involved in, criminal acts against the...

  5. 76 FR 60385 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    .... This system will improve customer service; increase efficiency for processing benefits; better identify... Exemptions; Department of Homeland Security U.S. Citizenship and Immigration Services-016 Electronic... Homeland Security U.S. Citizenship and Immigration Services-016 Electronic Immigration System-3...

  6. 76 FR 59926 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-28

    .... This system will improve customer service; increase efficiency for processing benefits; better identify... Exemptions; Department of Homeland Security/U.S. Citizenship and Immigration Services-015 Electronic... Security/U.S. Citizenship and Immigration Services-015 Electronic Immigration System-2 Account and...

  7. 78 FR 23872 - HIPAA Privacy Rule and the National Instant Criminal Background Check System (NICS)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-23

    ... or mental illness, as well as commitments for other reasons, such as for drug use. The term does not... a result of marked subnormal intelligence, or mental illness, incompetency, condition, or disease... Barack Obama announced a series of Executive Actions to reduce gun violence in the United...

  8. Does the HIPAA Privacy Rule Allow Parents the Right to See Their Children's Medical Records?

    MedlinePlus

    ... A A Print Share FAQs Categories Authorizations (30) Business Associates (45) Compliance Dates (5) Covered Entities (17) Decedents (8) Disclosures for Law Enforcement Purposes (7) Disclosures for Rule Enforcement (2) ...

  9. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during...

  10. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual...

  11. 77 FR 56625 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-13

    ...-0111] Privacy Act of 1974; Systems of Records AGENCY: National Security Agency/Central Security Service... Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will be effective on October.... Kris Grein, National Security Agency/Central Security Service, Freedom of Information Act and...

  12. 75 FR 81371 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-28

    .../United States Citizenship and Immigration Services- 012 Citizenship and Immigration Data Repository... of records titled ``Department of Homeland Security/United States Citizenship and Immigration Services-012 Citizenship and Immigration Data Repository System of Records'' from certain provisions of...

  13. 76 FR 70735 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ... customer service; increase efficiency for processing benefits; better identify potential national security... Immigration Services--016 Electronic Immigration System-3 Automated Background Functions System of Records... and Immigration Services--016 Electronic Immigration System-3 Automated Background Functions System...

  14. 75 FR 51619 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-23

    .../United States Citizenship and Immigration Services-- 009 Compliance Tracking and Management System of.../United States Citizenship and Immigration system of records entitled the ``United States Citizenship and... Homeland Security/United States Citizenship and Immigration Services--009 Compliance Tracking...

  15. 76 FR 21768 - Privacy Act of 1974; Consolidation of System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-18

    ... SECURITY Office of the Secretary Privacy Act of 1974; Consolidation of System of Records AGENCY: Privacy Office, DHS. ACTION: Notice to consolidate one Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security is giving notice that...

  16. Location Privacy

    NASA Astrophysics Data System (ADS)

    Meng, Xiaofeng; Chen, Jidong

    With rapid development of sensor and wireless mobile devices, it is easy to access mobile users' location information anytime and anywhere. On one hand, LBS is becoming more and more valuable and important. On the other hand, location privacy issues raised by such applications have also gained more attention. However, due to the specificity of location information, traditional privacy-preserving techniques in data publishing cannot be used. In this chapter, we will introduce location privacy, and analyze the challenges of location privacy-preserving, and give a survey of existing work including the system architecture, location anonymity and query processing.

  17. 75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-10

    ... Exemptions; Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity... Sharing Environment Suspicious Activity Reporting Initiative System of Records'' and this proposed... establish a new DHS system of records titled, ``DHS/ALL-031 Information Sharing Environment (ISE)...

  18. Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

    PubMed

    Arshad, Hamed; Rasoolzadegan, Abbas

    2016-11-01

    Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

  19. 77 FR 53893 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-005...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-04

    ...'' system is maintained in a secure, web-based environment hosted by ICE. Foreign DARTTS permits authorized..., this information may also be disclosed externally to federal, state, local, tribal, territorial... consultation assistance from them regarding a matter within that person's former area of...

  20. 75 FR 79947 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-21

    ....ncirc.gov . BITS Comment: BITS values the Department's commitment and efforts to improve information... of the accounting would therefore present a serious impediment to law enforcement efforts and/or...-sensitive information that could be detrimental to homeland security. (c) From subsection (e)(1)...

  1. 76 FR 28795 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-024 Auxiliary...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-18

    ... titled, ``Department of Homeland Security/United States Coast Guard-024 Auxiliary Database (AUXDATA... Coast Guard to track and report contact, activity, performance, and achievement information about the members of its volunteer workforce element, the United States Coast Guard Auxiliary. As a result of...

  2. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... Office, Department of Homeland Security, Washington, DC 20528. The Headquarters components are: A Office..., Room 6883, U.S. Department of Commerce, Washington, DC 20230 2. FIRESTAT (formerly the Integrated.... Department of Energy, 1000 Independence Avenue, SW., Washington, DC 20585 1. Energy Assurance Office...

  3. 77 FR 47419 - Privacy Act of 1974; Department of Homeland Security U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-08

    ... ``Category of Individuals'' to remove USCIS employees and contractors, which are covered under the DHS/ALL... Compliance Tracking and Management System (CTMS) SORN (74 FR 24022); (5) updating the system location... Security, Washington, DC 20528. Instructions: All submissions received must include the agency name...

  4. The need for technical solutions for maintaining the privacy of EHR.

    PubMed

    Ray, Pradeep; Wimalasiri, Jaminda

    2006-01-01

    Electronic Health Records (EHR)/Electronic Patient Records (EPR)/Electronic Medical Records (EMR) provide the basis for e-Health services. Since information in these records (containing patient healthcare information) need to be shared amongst multiple healthcare providers and healthcare professionals, privacy issues of EHR have been a major inhibitor in the implementation of EHR/EMR/EPR systems. This paper presents EHR privacy requirements in the context of two major e-Health frameworks, namely HealthLink in Australia and HIPAA in USA. The paper concludes with a discussion of some evolving Web-based solutions.

  5. A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

    NASA Technical Reports Server (NTRS)

    Bishop, Matt

    1991-01-01

    The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

  6. Biometrics, e-identity, and the balance between security and privacy: case study of the passenger name record (PNR) system.

    PubMed

    Nouskalis, G

    2011-03-01

    The implementation of biometrics entails either the establishment of an identity or tracing a person's identity. Biometric passport data (e.g., irises, fingers, faces) can be used in order to verify a passenger's identity. The proposed Passenger Name Record (PNR) system contains all the information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in the flight schedule, seat preferences, and other information. In the aftermath of the September 11 attacks, a new emergency political-law status of society was established: the continuous state of "war" against the so-called unlawful combatants of the "enemy". Officially, the enemy is the terrorists, but the victims of the privacy invasions caused by the above new form of data processing are the civilians. The data processing based on biometrics is covered both by Directive 95/46 EC and Article 8 of the Convention on the Protection of Human Rights and Fundamental Freedoms (now the European Convention on Human Rights, "ECHR"). According to Article 2, Paragraph a of the above Directive, personal data shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity.

  7. Comprehensive quantitative analysis on privacy leak behavior.

    PubMed

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects.

  8. Comprehensive Quantitative Analysis on Privacy Leak Behavior

    PubMed Central

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects. PMID:24066046

  9. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    PubMed

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

  10. Wireless local area network security.

    PubMed

    Bergeron, Bryan P

    2004-01-01

    Wireless local area networks (WLANs) are increasingly popular in clinical settings because they facilitate the use of wireless PDAs, laptops, and other pervasive computing devices at the point of care. However, because of the relative immaturity of wireless network technology and evolving standards, WLANs, if improperly configured, can present significant security risks. Understanding the security limitations of the technology and available fixes can help minimize the risks of clinical data loss and maintain compliance with HIPAA guidelines.

  11. 78 FR 15730 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-12

    ... SECURITY Office of the Secretary Privacy Act of 1974; Computer Matching Program AGENCY: U.S. Citizenship...: Privacy Act of 1974; Computer Matching Program between the Department of Homeland Security, U.S... notice of the existence of a computer matching program between the Department of Homeland Security,...

  12. 78 FR 41962 - Privacy Act of 1974: Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-12

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice... Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Securities and Exchange Commission (``Commission''...

  13. Gaussian operations and privacy

    SciTech Connect

    Navascues, Miguel; Acin, Antonio

    2005-07-15

    We consider the possibilities offered by Gaussian states and operations for two honest parties, Alice and Bob, to obtain privacy against a third eavesdropping party, Eve. We first extend the security analysis of the protocol proposed in [Navascues et al. Phys. Rev. Lett. 94, 010502 (2005)]. Then, we prove that a generalized version of this protocol does not allow one to distill a secret key out of bound entangled Gaussian states.

  14. The role of privacy protection in healthcare information systems adoption.

    PubMed

    Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

    2013-10-01

    Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

  15. What was privacy?

    PubMed

    McCreary, Lew

    2008-10-01

    Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line.

  16. 2013 HIPAA Changes Provide Opportunities and Challenges for Researchers: Perspectives from a Cancer Center.

    PubMed

    Freedman, Ralph S; Cantor, Scott B; Merriman, Kelly W; Edgerton, Mary E

    2016-02-01

    In 2013, the U.S. Department of Health and Human Services modified the Health Insurance Portability and Accountability Act Privacy Rule to "strengthen privacy and security protections" while "improving workability and effectiveness to increase flexibility for and decrease burden on regulated entities." In this article, we attempt to translate these generalized goals into the real-world implications of these changes. Under the new rules, researchers can obtain participants' permission to use their protected health information for more research activities with a single, upfront authorization (thereby reducing paperwork for participants, researchers, and institutional review boards) while providing potential participants with more information upon which to base their decisions about participation. The combined authorizations can be used in clinical trials and their optional substudies and in stand-alone biospecimen-banking research that includes authorization to permit future research use. We also suggest best practices for taking advantage of the flexibility offered by the new rules while maintaining strong privacy protections for human subjects.

  17. Zip it!

    PubMed

    Conde, Crystal

    2012-07-01

    When it comes to enforcing HIPAA data security and privacy standards, the federal government means business. In fact, the government is conducting a national pilot program to audit 150 physicians and others that HIPAA covers as the first phase of a concerted effort to crack down on HIPAA violations.

  18. Reconsidering the Right to Privacy in Canada

    ERIC Educational Resources Information Center

    Shade, Leslie Regan

    2008-01-01

    This article argues that post-September 11 political debates and legislation around security necessitates a reconsideration of a right to privacy in Canada. It looks at the proposal for a Canadian Charter of Privacy Rights promoted by Senator Sheila Finestone in the late 1990s and the current challenges of emergent material technologies…

  19. 20 CFR 401.30 - Privacy Act and other responsibilities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... Officer also ensures the integration of privacy principles into information technology systems... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Privacy Act and other responsibilities. 401.30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE...

  20. 76 FR 25361 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-04

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting SUMMARY: The DHS Data... open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on...

  1. 76 FR 35459 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-17

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data... be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet...

  2. 76 FR 70464 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-14

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data... will be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet...

  3. 78 FR 75930 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-13

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data... will be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet...

  4. 77 FR 60131 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-02

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data... will be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet...

  5. 76 FR 78934 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-20

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... approved and published on the Privacy Office's web site between September 1, 2011 and November 30, 2011. DATES: The PIAs will be available on the DHS Web site until February 21, 2012, after which they may...

  6. 76 FR 30952 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-27

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... assessments were approved and published on the Privacy Office's web site between January 8, 2011 and March 31, 2011. DATES: The PIAs will be available on the DHS Web site until July 26, 2011, after which they...

  7. 76 FR 37823 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-28

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... assessments were approved and published on the Privacy Office's Web site between March 31, 2011 and May 31, 2011. DATES: The PIAs will be available on the DHS Web site until August 29, 2011, after which they...

  8. 77 FR 16846 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-22

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... approved and published on the Privacy Office's Web site between December 1, 2011 and February 29, 2012. DATES: The PIAs will be available on the DHS Web site until May 21, 2012, after which they may...

  9. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 47 Telecommunication 1 2012-10-01 2012-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  10. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 47 Telecommunication 1 2011-10-01 2011-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  11. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 47 Telecommunication 1 2013-10-01 2013-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  12. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 47 Telecommunication 1 2010-10-01 2010-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  13. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 47 Telecommunication 1 2014-10-01 2014-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  14. A privacy protection for an mHealth messaging system

    NASA Astrophysics Data System (ADS)

    Aaleswara, Lakshmipathi; Akopian, David; Chronopoulos, Anthony T.

    2015-03-01

    In this paper, we propose a new software system that employs features that help the organization to comply with USA HIPAA regulations. The system uses SMS as the primary way of communication to transfer information. Lack of knowledge about some diseases is still a major reason for some harmful diseases spreading. The developed system includes different features that may help to communicate amongst low income people who don't even have access to the internet. Since the software system deals with Personal Health Information (PHI) it is equipped with an access control authentication system mechanism to protect privacy. The system is analyzed for performance to identify how much overhead the privacy rules impose.

  15. Ethics Committees in the Rural Midwest: Exploring the Impact of HIPAA

    ERIC Educational Resources Information Center

    Having, Karen M.; Hale, Dena; Lautar, Charla J.

    2008-01-01

    Context: Confidentiality of personal health information is an ethical principle and a legislated mandate; however, the impact of the Health Insurance Portability and Accountability Act (HIPAA) on ethics committees ethics committees is limited. Purpose: This study investigates the prevalence, activity, and composition of ethics committees located…

  16. Implementing your privacy program: putting theory into practice.

    PubMed

    Seaton, Brendan

    2004-01-01

    Healthcare organizations across Canada are challenged with the new spectre of information privacy. While security and confidentiality have long been part of our culture in healthcare, privacy is a surprisingly new issue. With the introduction of privacy legislation and codes based on the CSA Model Code for the Protection of Personal Information (CSA Privacy Code), healthcare providers are subject to new obligations, and patients now enjoy new rights.

  17. 76 FR 60510 - DHS Data Privacy and Integrity Advisory Committee; Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee; Meeting AGENCY: Privacy Office, DHS. ACTION: Notice. SUMMARY: On Wednesday, September 21, 2011, the DHS Privacy Office announced.... DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Wednesday, October 5,...

  18. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule....

  19. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Annual privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule....

  20. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice...

  1. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Initial privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial...

  2. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You...

  3. 45 CFR 164.522 - Rights to request privacy protection for protected health information.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 45 Public Welfare 1 2011-10-01 2011-10-01 false Rights to request privacy protection for protected... ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights to request privacy protection for protected health information....

  4. 45 CFR 164.520 - Notice of privacy practices for protected health information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Notice of privacy practices for protected health... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a)...

  5. 45 CFR 164.522 - Rights to request privacy protection for protected health information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Rights to request privacy protection for protected... ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights to request privacy protection for protected health information....

  6. 45 CFR 164.522 - Rights to request privacy protection for protected health information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 45 Public Welfare 1 2012-10-01 2012-10-01 false Rights to request privacy protection for protected... ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights to request privacy protection for protected health information....

  7. 45 CFR 164.520 - Notice of privacy practices for protected health information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 45 Public Welfare 1 2012-10-01 2012-10-01 false Notice of privacy practices for protected health... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a)...

  8. [Patients' perception about privacy in the hospital].

    PubMed

    Pupulim, Jussara Simone Lenzi; Sawada, Namie Okino

    2012-01-01

    This qualitative study aimed to describe the hospitalized patient's perception on privacy, using the content analysis. Thirty-four patients, who have been at least three days hospitalized, participated in the study. The analysis of the information was based on the theoretical reference framework of privacy, and evidenced three thematic categories: dignity and respect, autonomy, personal and territorial space. The subjects pointed out behavioral factors, which contribute or not for the protection and maintenance of the privacy in the hospital, highlighting respect as the most important aspect, followed by personal control over situations that violate privacy. Patients believe that privacy is linked to dignity and respect, depends on the demarcation of the personal/territorial space and the autonomy's security; and that these concepts and attitudes are connected and essential to protect privacy in the hospital context.

  9. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  10. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... consumers required. 248.4 Section 248.4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.4 Initial privacy notice to...

  11. Governance Through Privacy, Fairness, and Respect for Individuals

    PubMed Central

    Baker, Dixie B.; Kaye, Jane; Terry, Sharon F.

    2016-01-01

    Introduction: Individuals have a moral claim to be involved in the governance of their personal data. Individuals’ rights include privacy, autonomy, and the ability to choose for themselves how they want to manage risk, consistent with their own personal values and life situations. The Fair Information Practices principles (FIPPs) offer a framework for governance. Privacy-enhancing technology that complies with applicable law and FIPPs offers a dynamic governance tool for enabling the fair and open use of individual’s personal data. Perceptions of Risk: Any governance model must protect against the risks posed by data misuse. Individual perceptions of risks are a subjective function involving individuals’ values toward self, family, and society, their perceptions of trust, and their cognitive decision-making skills. The HIPAA Privacy Rule Puts Some Governance in the Hands of Individuals: Individual privacy protections and individuals’ right to choose are codified in the HIPAA Privacy Rule, which attempts to strike a balance between the dual goals of information flow and privacy protection. The choices most commonly given individuals regarding the use of their health information are binary (“yes” or “no”) and immutable. Recent federal recommendations and law recognize the need for granular, dynamic choices. Building a Governance Framework Based in Trust: Avoiding Surprises: Individuals expect that they will govern the use of their own health and genomic data. Failure to build and maintain individuals’ trust increases the likelihood that they will refuse to grant permission to access or use their data. The “no surprises principle” asserts that an individual’s personal information should never be collected, used, transmitted, or disclosed in a way that would surprise the individual were she to learn about it. Fair Information Practices Principles: The FIPPs provide a powerful framework for enabling data sharing and use, while maintaining trust

  12. The development of specifications and discussion of business models for ensuring speech privacy in the healthcare industry

    NASA Astrophysics Data System (ADS)

    Lavallee, Timothy; Good, Kenneth; Sykes, David

    2005-09-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed, among other reasons, to hold healthcare providers accountable for the privacy of patient's personal and medical information. It includes language addressing the need for ``reasonable safeguards'' for speech privacy and oral communication in a healthcare setting. After 50 years of development, speech privacy science and mechanisms are well understood. However, current specifications cannot be directly applied and are not specifically written to address the application of the current acoustical knowledgebase to the health care industry's need for compliance. This is a discussion of the state of existing privacy technology and specifications; the ability and availability of mechanisms currently in the health care industry as a possible route for implementation of the regulation; the state of development of specification to address specifically the industry's needs; and a potential business model for implementation.

  13. Will the new Australian health privacy law provide adequate protection?

    PubMed

    Bomba, David; Hallit, George

    2002-01-01

    Amendments to the original Privacy Act (1988) come at a key point in time, as a national medical record system looms on the Australian horizon. Changes to The Privacy Act have the potential to define a level of information privacy prior to the implementation of such a system. We have therefore collected expert opinions on the ability of the Health Privacy Guidelines (enacted in December 2001 under The Privacy Act and hereafter more specifically known as Health Privacy Legislation) to ensure the privacy and security of patient information. We conclude that the legislation is flawed in its capacity to withstand an increasingly corporatised health sector. Deficiencies in consent requirements, together with feeble enforcement capabilities, mean The Legislation cannot effectively ensure that personally identifiable information will not end up in corporate third party hands. To significantly bolster the new legislation, we argue that it should be supplemented with explicit health data legislation and privacy auditing.

  14. Hacking Facebook Privacy and Security

    DTIC Science & Technology

    2012-08-28

    marketing companies to obtain personal information about you and use it to make some profit or using for marketing purposes. The Apps and websites...love or what comedy movie or action film is on the most wanted list an example of this is Spotify a music service and Netflix a blockbuster streaming...will beneficial marketing companies to see what exactly a 800 million users and counting likes or will like to purchase, they can produce metrics

  15. From Data Privacy to Location Privacy

    NASA Astrophysics Data System (ADS)

    Wang, Ting; Liu, Ling

    Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.

  16. Protecting privacy in a clinical data warehouse.

    PubMed

    Kong, Guilan; Xiao, Zhichun

    2015-06-01

    Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world.

  17. CARAVAN: Providing Location Privacy for VANET

    DTIC Science & Technology

    2005-01-01

    vehicles. However, many challenges including the security and privacy issues remain to be addressed [ 4 ], [5], [6]. The unique requirements of maintaining...REPORT TYPE 3. DATES COVERED 00-00-2005 to 00-00-2005 4 . TITLE AND SUBTITLE CARAVAN: Providing Location Privacy for VANET 5a. CONTRACT NUMBER...pseudonym update, it is still possible to link the new and old pseudonyms of a node using temporal and spatial relation between the new and old locations of

  18. Pre-Capture Privacy for Small Vision Sensors.

    PubMed

    Pittaluga, Francesco; Koppal, Sanjeev

    2016-12-08

    The next wave of micro and nano devices will create a world with trillions of small networked cameras. This will lead to increased concerns about privacy and security. Most privacy preserving algorithms for computer vision are applied after image/video data has been captured. We propose to use privacy preserving optics that filter or block sensitive information directly from the incident light-field before sensor measurements are made, adding a new layer of privacy. In addition to balancing the privacy and utility of the captured data, we address trade-offs unique to miniature vision sensors, such as achieving high-quality field-of-view and resolution within the constraints of mass and volume. Our privacy preserving optics enable applications such as depth sensing, full-body motion tracking, people counting, blob detection and privacy preserving face recognition. While we demonstrate applications on macro-scale devices (smartphones, webcams, etc.) our theory has impact for smaller devices.

  19. Are you ready for an OCR audit?

    PubMed

    Raths, David

    2011-08-01

    Proposed rules aimed at strengthening HIPAA privacy and security requirements have put CIOs and security officers at provider organizations on alert. Experts weigh in on how the changes will play out and what it means for provider organizations.

  20. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Model privacy form: rule of construction. 248.2 Section 248.2 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information...

  1. Standards for health information technology to ensure adolescent privacy.

    PubMed

    Blythe, Margaret J; Del Beccaro, Mark A

    2012-11-01

    Privacy and security of health information is a basic expectation of patients. Despite the existence of federal and state laws safeguarding the privacy of health information, health information systems currently lack the capability to allow for protection of this information for minors. This policy statement reviews the challenges to privacy for adolescents posed by commercial health information technology systems and recommends basic principles for ideal electronic health record systems. This policy statement has been endorsed by the Society for Adolescent Health and Medicine.

  2. Formal Methods for Privacy

    DTIC Science & Technology

    2009-09-01

    Against a vast and rich canvas of diverse types of privacy rights and violations, we argue technology’s dual role in privacy : new technologies raise...new threats to privacy rights and new technologies can help preserve privacy . Formal methods, as just one class of technology , can be applied to...differs from what a teenager thinks, and vice versa [18]. New technologies give rise to new privacy concerns. Warren and Brandeis’s 1890 seminal paper

  3. Privacy Policy Specification and Audit in a Fixed-Point Logic - How to Enforce HIPAA, GLBA and All That

    DTIC Science & Technology

    2010-05-11

    ϕpast2) ∈ Φc, (a) either for all δ, δAf (ϕ+f1(p)) ∩ δAc(ϕ − c2(p)) = ∅ (b) or ϕpast1 = ϕP , and for all P ∈ Ac(ϕ−c2(p)), for each mgu δ such that δP...δAf (ϕ+f1(p)) ∩ δAc(ϕ − c2(p)) = ∅ (b) or ϕpast1 = ϕP , and for all P ∈ Ac(ϕ−c2(p)), for each mgu δ such that δP ∈ δ(Af (ϕ + f1(p))), δϕp ` δϕpast2...Ac(ϕ−c2(p)), for each mgu δ such that δP ∈ δ(Af (ϕ + f1(p))), δϕp ` δϕpast2 Proof. By Lemma D.27. Lemma D.29. For all σ̂, i and σ̂′ such that σ̂]σ̂

  4. Preserving Patient Privacy When Sharing Same-Disease Data.

    PubMed

    Liu, Xiaoping; Li, Xiao-Bai; Motiwalla, Luvai; Li, Wenjun; Zheng, Hua; Franklin, Patricia D

    2016-10-01

    Medical and health data are often collected for studying a specific disease. For such same-disease microdata, a privacy disclosure occurs as long as an individual is known to be in the microdata. Individuals in same-disease microdata are thus subject to higher disclosure risk than those in microdata with different diseases. This important problem has been overlooked in data-privacy research and practice, and no prior study has addressed this problem. In this study, we analyze the disclosure risk for the individuals in same-disease microdata and propose a new metric that is appropriate for measuring disclosure risk in this situation. An efficient algorithm is designed and implemented for anonymizing same-disease data to minimize the disclosure risk while keeping data utility as good as possible. An experimental study was conducted on real patient and population data. Experimental results show that traditional reidentification risk measures underestimate the actual disclosure risk for the individuals in same-disease microdata and demonstrate that the proposed approach is very effective in reducing the actual risk for same-disease data. This study suggests that privacy protection policy and practice for sharing medical and health data should consider not only the individuals' identifying attributes but also the health and disease information contained in the data. It is recommended that data-sharing entities employ a statistical approach, instead of the HIPAA's Safe Harbor policy, when sharing same-disease microdata.

  5. Preserving Patient Privacy When Sharing Same-Disease Data

    PubMed Central

    LIU, XIAOPING; LI, XIAO-BAI; MOTIWALLA, LUVAI; LI, WENJUN; ZHENG, HUA; FRANKLIN, PATRICIA D.

    2016-01-01

    Medical and health data are often collected for studying a specific disease. For such same-disease microdata, a privacy disclosure occurs as long as an individual is known to be in the microdata. Individuals in same-disease microdata are thus subject to higher disclosure risk than those in microdata with different diseases. This important problem has been overlooked in data-privacy research and practice, and no prior study has addressed this problem. In this study, we analyze the disclosure risk for the individuals in same-disease microdata and propose a new metric that is appropriate for measuring disclosure risk in this situation. An efficient algorithm is designed and implemented for anonymizing same-disease data to minimize the disclosure risk while keeping data utility as good as possible. An experimental study was conducted on real patient and population data. Experimental results show that traditional reidentification risk measures underestimate the actual disclosure risk for the individuals in same-disease microdata and demonstrate that the proposed approach is very effective in reducing the actual risk for same-disease data. This study suggests that privacy protection policy and practice for sharing medical and health data should consider not only the individuals’ identifying attributes but also the health and disease information contained in the data. It is recommended that data-sharing entities employ a statistical approach, instead of the HIPAA's Safe Harbor policy, when sharing same-disease microdata. PMID:27867450

  6. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  7. 75 FR 60757 - Office for Civil Rights; Statement of Organization, Functions, and Delegations of Authority

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-01

    ... Department's chief officer and adviser to the Secretary for the enforcement of civil rights and privacy and security rules, including the HIPAA Privacy and Security Rules and the Patient Safety and Quality... ] relating to civil rights and the privacy and security rules and for liaising with other Federal...

  8. 77 FR 61275 - Privacy Act of 1974: Implementation

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-09

    ... rule for the new Federal Bureau of Investigation (FBI) Privacy Act system of records titled FBI Data Warehouse System, JUSTICE/FBI- 022. This system is being exempted from the subsections of the Privacy Act... national security and criminal law enforcement functions and responsibilities of the FBI. DATES:...

  9. 75 FR 17788 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-07

    ... MANAGEMENT Privacy Act of 1974; Computer Matching Program AGENCY: Office of Personnel Management. ACTION: Notice--computer matching between the Office of Personnel Management and the Social Security Administration. SUMMARY: In accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended by the...

  10. 77 FR 74518 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-12-14

    ... MANAGEMENT Privacy Act of 1974; Computer Matching Program AGENCY: Office of Personnel Management. ACTION: Notice--computer matching between the Office of Personnel Management and the Social Security Administration. SUMMARY: In accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended by the...

  11. 78 FR 1275 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-08

    ... MANAGEMENT Privacy Act of 1974; Computer Matching Program AGENCY: Office of Personnel Management. ACTION: Notice--computer matching between the Office of Personnel Management and the Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the Privacy Act of 1974 (5...

  12. 75 FR 31819 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-04

    ... MANAGEMENT Privacy Act of 1974; Computer Matching Program AGENCY: Office of Personnel Management. AGENCY: Notice--computer matching between the Office of Personnel Management and the Social Security Administration. SUMMARY: In accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended by the...

  13. 78 FR 35647 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-13

    ... MANAGEMENT Privacy Act of 1974; Computer Matching Program AGENCY: Office of Personnel Management. ACTION: Notice of computer matching between the Office of Personnel Management and the Social Security... Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503), Office of Management and...

  14. 78 FR 12337 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-22

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office...'s Web ] site between June 1, 2012, and November 30, 2012. DATES: The PIA will be available on the DHS Web site until April 23, 2013, after which they may be obtained by contacting the DHS...

  15. 46 CFR 14.105 - Disclosure and privacy.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 46 Shipping 1 2011-10-01 2011-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes...

  16. 46 CFR 14.105 - Disclosure and privacy.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 46 Shipping 1 2013-10-01 2013-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes...

  17. 46 CFR 14.105 - Disclosure and privacy.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes...

  18. 46 CFR 14.105 - Disclosure and privacy.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 46 Shipping 1 2014-10-01 2014-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes...

  19. 46 CFR 14.105 - Disclosure and privacy.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 46 Shipping 1 2012-10-01 2012-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes...

  20. 45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Compliance dates for initial implementation of the privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually...

  1. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... consumers required. 160.4 Section 160.4 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement. You must provide a clear and...

  2. Privacy-preserving backpropagation neural network learning.

    PubMed

    Chen, Tingting; Zhong, Sheng

    2009-10-01

    With the development of distributed computing environment , many learning problems now have to deal with distributed input data. To enhance cooperations in learning, it is important to address the privacy concern of each data holder by extending the privacy preservation notion to original learning algorithms. In this paper, we focus on preserving the privacy in an important learning model, multilayer neural networks. We present a privacy-preserving two-party distributed algorithm of backpropagation which allows a neural network to be trained without requiring either party to reveal her data to the other. We provide complete correctness and security analysis of our algorithms. The effectiveness of our algorithms is verified by experiments on various real world data sets.

  3. De-identification of unstructured paper-based health records for privacy-preserving secondary use.

    PubMed

    Fenz, Stefan; Heurix, Johannes; Neubauer, Thomas; Rella, Antonio

    2014-07-01

    Abstract Whenever personal data is processed, privacy is a serious issue. Especially in the document-centric e-health area, the patients' privacy must be preserved in order to prevent any negative repercussions for the patient. Clinical research, for example, demands structured health records to carry out efficient clinical trials, whereas legislation (e.g. HIPAA) regulates that only de-identified health records may be used for research. However, unstructured and often paper-based data dominates information technology, especially in the healthcare sector. Existing approaches are geared towards data in English-language documents only and have not been designed to handle the recognition of erroneous personal data which is the result of the OCR-based digitization of paper-based health records.

  4. 32 CFR 701.101 - Privacy program terms and definitions.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... or online collection that directly identifies an individual (e.g., name, address, social security... her (e.g., Social Security Number (SSN), age, military rank, civilian grade, marital status, race... assessment to evaluate adequate practices in balancing privacy concerns with the security needs of...

  5. 75 FR 19622 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-15

    ...] Privacy Act of 1974; System of Records AGENCY: Defense Security Cooperation Agency, DoD. ACTION: Notice to... Certification Program, a voluntary program sponsored by the Defense Security Cooperation Agency and Departments... Policy and DoD Directive 5105.65, Defense Security Cooperation Agency.'' Purpose(s): Delete entry...

  6. 78 FR 6077 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-29

    ... names used, date and place of birth, and Social Security Number.'' Record access procedures: Delete... only former names used, date and place of birth, and Social Security Number.'' Contesting record... of the Secretary Privacy Act of 1974; System of Records AGENCY: Defense Security Service, DoD....

  7. 76 FR 66933 - Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG-014 Military Pay...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ...; achievement and aptitude test results; academic performance records; correspondence course rate advancement records; military performance records; admissions processing records; grade reporting records; academic... Military Justice infractions; Performance evaluations; Background investigation, and security...

  8. 22 CFR 1101.5 - Security, confidentiality and protection of records.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality...

  9. Privacy Act Statement

    EPA Pesticide Factsheets

    Any information you provide to the Environmental Protection Agency’s (EPA) Suspension and Debarment Program will be governed by the Privacy Act and will be included in the EPA Debarment and Suspension Files, a Privacy Act system of records.

  10. Privacy and Library Records

    ERIC Educational Resources Information Center

    Bowers, Stacey L.

    2006-01-01

    This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."

  11. Student Privacy Rights Involving Strip Searches

    ERIC Educational Resources Information Center

    Essex, Nathan L.

    2005-01-01

    The Fourth Amendment to the US Constitution provides protection of all citizens against unreasonable search and seizure. The US Supreme Court has affirmed that the basic purpose of the Fourth Amendment is to safeguard the privacy and security of individuals against unreasonable intrusive searches by governmental officials. Since students possess…

  12. An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

    ERIC Educational Resources Information Center

    Maar, Michael C.

    2013-01-01

    This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

  13. 78 FR 11648 - Privacy Act of 1974; Notice of New System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-19

    ... Identification Number (TIN), and entity address. In the case of a sole proprietor, tax laws allow them to use... individual, only if permitted under the Privacy Act of 1974 and, if appropriate, the Computer Matching and... requirements of the Privacy Act, the Computer Security Act, and the SAM System Security Plan. System roles...

  14. 17 CFR 248.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... customers required. 248.5 Section 248.5 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... Safeguarding Personal Information Privacy and Opt Out Notices § 248.5 Annual privacy notice to customers required. (a)(1) General rule. You must provide a clear and conspicuous notice to customers that...

  15. A HIPAA-compliant key management scheme with revocation of authorization.

    PubMed

    Lee, Wei-Bin; Lee, Chien-Ding; Ho, Kevin I-J

    2014-03-01

    Patient control over electronic protected health information (ePHI) is one of the major concerns in the Health Insurance and Accountability Act (HIPAA). In this paper, a new key management scheme is proposed to facilitate control by providing two functionalities. First, a patient can authorize more than one healthcare institute within a designated time period to access his or her ePHIs. Second, a patient can revoke authorization and add new authorized institutes at any time as necessary. In the design, it is not required to re-encrypt ePHIs for adding and revoking authorizations, and the implementation is time- and cost-efficient. Consent exception is also considered by the proposed scheme.

  16. Choose Privacy Week: Educate Your Students (and Yourself) about Privacy

    ERIC Educational Resources Information Center

    Adams, Helen R.

    2016-01-01

    The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…

  17. Will you accept the government's friend request? Social networks and privacy concerns.

    PubMed

    Siegel, David A

    2013-01-01

    Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

  18. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers

    PubMed Central

    Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

    2014-01-01

    Introduction This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). Methods The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents’ concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Results Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). Conclusions This study underscores the need for enhanced measures to secure patients’ PHI to avoid undermining their trust. PMID:23975624

  19. Efficient Privacy-Aware Record Integration

    PubMed Central

    Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

    2013-01-01

    The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records. PMID:24500681

  20. Space Partitioning for Privacy Enabled 3D City Models

    NASA Astrophysics Data System (ADS)

    Filippovska, Y.; Wichmann, A.; Kada, M.

    2016-10-01

    Due to recent technological progress, data capturing and processing of highly detailed (3D) data has become extensive. And despite all prospects of potential uses, data that includes personal living spaces and public buildings can also be considered as a serious intrusion into people's privacy and a threat to security. It becomes especially critical if data is visible by the general public. Thus, a compromise is needed between open access to data and privacy requirements which can be very different for each application. As privacy is a complex and versatile topic, the focus of this work particularly lies on the visualization of 3D urban data sets. For the purpose of privacy enabled visualizations of 3D city models, we propose to partition the (living) spaces into privacy regions, each featuring its own level of anonymity. Within each region, the depicted 2D and 3D geometry and imagery is anonymized with cartographic generalization techniques. The underlying spatial partitioning is realized as a 2D map generated as a straight skeleton of the open space between buildings. The resulting privacy cells are then merged according to the privacy requirements associated with each building to form larger regions, their borderlines smoothed, and transition zones established between privacy regions to have a harmonious visual appearance. It is exemplarily demonstrated how the proposed method generates privacy enabled 3D city models.