Science.gov

Sample records for hipaa privacy security

  1. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  2. Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules.

    PubMed

    Choi, Young B; Capitan, Kathleen E; Krause, Joshua S; Streeper, Meredith M

    2006-02-01

    This paper discusses the challenges associated with privacy in health care in the electronic information age based on the Health Insurance Portability and Accountability Act (HIPAA) and the Security Rules. We examine the storing and transmission of sensitive patient data in the modem health care system and discuss current security practices that health care providers institute to comply with HIPAA Security Rule regulations. Based on our research results, we address current outstanding issues that act as impediments to the successful implementation of security measures and conclude the discussion and offer possible avenues of future research.

  3. 42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ..., implementation specifications, and requirements in 45 CFR parts 160, 162, and 164. (b) HIPAA privacy requirements... in the Standards for Privacy of Individually Identifiable Health Information, 45 CFR parts 160 and 164, subparts A and E, in the same manner as a health plan, except to the extent such requirements...

  4. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

    PubMed

    2013-01-25

    The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

  5. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

    PubMed Central

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

  6. 78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-06-07

    ... 160 Administrative practice and procedure, Computer technology, Electronic information system..., Computer technology, ] Electronic information system, Electronic transactions, Employer benefit plan... Rules (``the HIPAA Rules'') pursuant to statutory amendments under the Health Information Technology...

  7. HIPAA Privacy 101: essentials for case management practice.

    PubMed

    DiBenedetto, Deborah V

    2003-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard. PMID:12555039

  8. Impact of HIPAA on confidentiality and privacy issues. Health Insurance Portability and Accountability Act.

    PubMed

    Gallagher, Brian

    2002-01-01

    All covered entities must comply with new HIPAA regulations governing transaction sets, privacy, and security. The deadline for implementation of new privacy requirements is scheduled for April 14, 2003. Pharmacists should prepare to implement these new requirements as soon as possible. HIPAA rules are complex. Penalties for violations could be severe, so pharmacists are advised to take appropriate measures to avoid liability.

  9. 78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-25

    ...), which added a new part C to title XI of the Social Security Act (sections 1171-1179 of the Social... Reinvestment Act of 2009 (ARRA), Public Law 111-5, modifies certain provisions of the Social Security Act... the Act, which is the subject of a separate proposed rule published on May 31, 2011, at 76 FR...

  10. 75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-14

    ...,'' were issued on December 28, 2000, and amended on August 14, 2002. See 65 FR 82462, as amended at 67 FR... the ``Security Rule,'' were issued on February 20, 2003. See 68 FR 8334. The Compliance and... as the ``Enforcement Rule,'' were issued as an interim final rule on April 17, 2003 (68 FR...

  11. HIPAA privacy: the compliance challenges ahead.

    PubMed

    Rosati, Kristen B

    2002-01-01

    This Article reviews the HIPAA Privacy Standards' impact on healthcare organizations. It discusses whether a healthcare organization is a "Covered Entity" under the regulations, what information the Privacy Standards protect, what restrictions the regulations place on the use and disclosure of protected health information, what individual rights the Privacy Standards create, and what agreements they require between healthcare organizations and their business associates. The author provides relatively extensive guidance to organizations that are embarking upon their voyage of compliance with these broadly applicable regulations, but notes that the full extent of necessary compliance remains unclear, pending DHHS issuance of the next iteration of the rulemaking in this area. The Article was finalized in January 2002, before HHS issued any modifications to the Privacy Standards.

  12. Assessing the HIPAA standard in practice: PHR privacy policies.

    PubMed

    Carrión, Inmaculada; Alemán, José Luis Fernández; Toval, Ambrosio

    2011-01-01

    Health service providers are starting to become interested in providing PHRs (Personal Health Records). With PHRs, access to data is controlled by the patient, and not by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. A number of benefits can be achieved with PHRs, but important challenges related to security and privacy must be addressed. This paper presents a review of the privacy policies of 20 free web-based PHRs. Security and privacy characteristics were extracted and assessed according to the HIPAA standard. The results show a number of important differences in the characteristics analyzed. Some improvements can be made to current PHR privacy policies to enhance the audit and management of access to users' PHRs. A questionnaire has been defined to assist PHR designers in this task.

  13. Quality consciousness...auditing for HIPAA Privacy Compliance.

    PubMed

    LePar, Kathleen

    2004-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) privacy deadline has passed. Now it is essential to comply with the regulations. The stakes are high; therefore, a HIPAA Privacy Compliance Program must be part of an organization's quality initiatives. This article provides guidelines for the challenges of continual program improvement, successful cultural change, and effective monitoring of the existing program. Healthcare organizations will attain compliance goals through internal audits on the processes, policies, and training efforts of their HIPAA program.

  14. Compliance with HIPAA security standards in U.S. Hospitals.

    PubMed

    Davis, Diane; Having, Karen

    2006-01-01

    With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

  15. HIPAA's Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

    ERIC Educational Resources Information Center

    Stephens, James H.; Parrillo, Anthony V.

    2011-01-01

    The confidentiality of a patient's information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient's privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual's health information on the web. Consequently, if a…

  16. HIPAA privacy implementation issues in Pennsylvania healthcare facilities.

    PubMed

    Firouzan, Patricia Anania; McKinnon, James

    2004-04-30

    A 20-question survey was sent in the mail to HIM directors in Pennsylvania healthcare facilities to solicit feedback regarding implementation issues of the HIPAA privacy rule requirements. Questions focused on gathering basic demographic data, information on HIM involvement with the privacy rule requirements, the procedures whereby facilities were meeting the privacy rule requirements, occurrences of confidentiality breaches, and respondents' perceptions about the privacy rule. Findings suggested that HIM professionals continue to be involved with many areas of the privacy rule and have taken on new responsibilities with this involvement. Findings also suggested that respondents did not think the privacy rule would prevent future confidentiality breaches. Only half of respondents thought that the privacy regulations were even necessary. Many respondents felt their level of importance within their facility increased.

  17. New HIPAA rules: a guide for radiology providers.

    PubMed

    Dresevic, Adrienne; Mikel, Clinton

    2013-01-01

    The Office for Civil Rights issued its long awaited final regulations modifying the HIPAA privacy, security, enforcement, and breach notification rules--the HIPAA Megarule. The new HIPAA rules will require revisions to Notice of Privacy Practices, changes to business associate agreements, revisions to HIPAA privacy and security policies and procedures, and an overall assessment of HIPAA compliance. The HIPAA Megarule formalizes the HITECH Act requirements, and makes it clear that the OCRs ramp up of HIPAA enforcement is not merely a passing trend. The new rules underscore that both covered entities and business associates must reassess and strengthen HIPAA compliance.

  18. HIPAA the Health Care Hippo: Despite the Rhetoric, Is Privacy Still an Issue?

    ERIC Educational Resources Information Center

    Kuczynski, Kay; Gibbs-Wahlberg, Patty

    2005-01-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (PL. 104-191) is a multitiered, comprehensive, convoluted, and controversial federal law for sweeping health care reform. Although HIPAA is dramatically broader in scope than privacy protections for health care information, a provision for privacy in the form of a Privacy Rule…

  19. Does the HIPAA Privacy Rule Allow Parents the Right to See Their Children's Medical Records?

    MedlinePlus

    ... Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records? Answer: Yes, ... your contact information below. Email Office for Civil Rights Headquarters U.S. Department of Health & Human Services 200 ...

  20. Preparing the front office staff to carry out HIPAA privacy procedures.

    PubMed

    Welker, Jan; Podleski, Joan M

    2003-01-01

    Although training is one way to ensure compliance with new HIPAA privacy rules, awareness is only the first step in preparing front office staff for implementing procedures related to the new rules. Role-based training is required to empower staff to carry out specific HIPAA privacy procedures. Each procedure offers options for training content, and the use of training tools with actual script is recommended as one method to clearly define expectations of staff when applying the procedures.

  1. HIPAA, HIPAA, Hooray?

    PubMed Central

    Joshi, Sanjaya

    2008-01-01

    A review of the current challenges, trends and initiatives around the various regulations as related to Health Informatics in the United States is presented. A summary of the functions in a workflow-based approach organized into the process and compliance for HIPAA, secure email and fax communications interfaces, e-prescriptions and patient safety and the health information technology savings claims versus costs follows: HIPAA compliance is complex; data interoperability and integration remains difficult.Email and faxing is possible with current over-the-shelf technologies within the purview of the HIPAA Security and Privacy rule.Integration of e-prescribing and NPI data is an area where health informatics can make a real difference.Medical errors remain high.There are no real savings yet from the usage of health information technologies; the costs for implementation remain high, and the business model has not evolved to meet the needs.Health Information Technology (Health IT) projects continue to have a significant failure rate; Open Source technologies are a viable alternative both for cost reduction and scalability. A discussion on the macro view of health informatics is also presented within the context of healthcare models and a comparison of the U.S. system against other countries. PMID:27429554

  2. The End of the HIPAA Privacy Rule? Currents in Contemporary Bioethics.

    PubMed

    Rothstein, Mark A

    2016-06-01

    The HIPAA Privacy Rule is notoriously weak because of its incomplete coverage, numerous exclusions and exemptions, and limited rights for individuals. The three areas in which it provides the most protection are fundraising, marketing, and research. Provisions of the 21st Century Cures Act, pending in Congress, and the Notice of Proposed Rulemaking to amend the federal research regulations (Common Rule), awaiting final regulatory action, would weaken the privacy protections for research. If these measures are adopted, the HIPAA Privacy Rule would have so little value that it might not be worth the aggravation and burden. PMID:27338610

  3. Health privacy is difficult but not impossible in a post-HIPAA data-driven world.

    PubMed

    Terry, Nicolas

    2014-09-01

    In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission. PMID:25180726

  4. Health privacy is difficult but not impossible in a post-HIPAA data-driven world.

    PubMed

    Terry, Nicolas

    2014-09-01

    In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission.

  5. Applying your corporate compliance skills to the HIPAA security standard.

    PubMed

    Carter, P I

    2000-01-01

    Compliance programs are an increasingly hot topic among healthcare providers. These programs establish policies and procedures covering billing, referrals, gifts, confidentiality of patient records, and many other areas. The purpose is to help providers prevent and detect violations of the law. These programs are voluntary, but are also simply good business practice. Any compliance program should now incorporate the Health Insurance Portability and Accountability Act (HIPAA) security standard. Several sets of guidelines for development of compliance programs have been issued by the federal government, and each is directed toward a different type of healthcare provider. These guidelines share certain key features with the HIPAA security standard. This article examines the common areas between compliance programs and the HIPAA security standard to help you to do two very important things: (1) Leverage your resources by combining compliance with the security standard with other legal and regulatory compliance efforts, and (2) apply the lessons learned in developing your corporate compliance program to developing strategies for compliance with the HIPAA security standard.

  6. Benchmarking HIPAA compliance.

    PubMed

    Wagner, James R; Thoman, Deborah J; Anumalasetty, Karthikeyan; Hardre, Pat; Ross-Lazarov, Tsvetomir

    2002-01-01

    One of the nation's largest academic medical centers is benchmarking its operations using internally developed software to improve privacy/confidentiality of protected health information (PHI) and to enhance data security to comply with HIPAA regulations. It is also coordinating the development of a web-based interactive product that can help hospitals, physician practices, and managed care organizations measure their compliance with HIPAA regulations.

  7. Privacy and security of patient data in the pathology laboratory

    PubMed Central

    Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  8. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  9. Privacy and security of patient data in the pathology laboratory.

    PubMed

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

  10. Protecting Patients in Health Information Exchange: Defense of The HIPAA Privacy Rule

    PubMed Central

    McDonald, Clement J

    2009-01-01

    Regional health information organizations (RHIOs) rapidly integrate and deliver patient information to clinicians from multiple independent care organizations. By providing such information they will reduce the care costs and improve care safety. Special concerns about privacy arise as these regional systems connect nationally. We should add special barriers beyond the protections of HIPAA to protect against surprises at the national level. At the local level, we should remain within HIPAA rules because the application of additional barriers within RHIO access would interfere with efficient and safe care. PMID:19276002

  11. The Legal Implications of HIPAA Privacy and Public Health Reporting for Correctional Facilities.

    PubMed

    Barraza, Leila; Collmer, Veda; Meza, Nick; Penunuri, Kristin

    2015-07-01

    Inmates in cramped living quarters, a situation common to correctional facilities, are especially vulnerable to disease. Cramped living conditions, coupled with above-average rates of HIV, tuberculosis, and other communicable diseases, increase inmates' risk of problematic health outcomes. Thus, high-quality health care and sustained efforts to prevent disease are especially important to improve inmate health within correctional facilities. Compliance with federal privacy restrictions pursuant to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and state disease reporting requirements will foster inmate health and assist efforts to prevent the spread of disease. This article examines the interplay between HIPAA rules and state reporting laws to preserve health information privacy and to control the spread of disease. PMID:25953838

  12. mHealth data security: the need for HIPAA-compliant standardization.

    PubMed

    Luxton, David D; Kayl, Robert A; Mishkind, Matthew C

    2012-05-01

    The rise in the use of mobile devices, such as smartphones, tablet personal computers, and wireless medical devices, as well as the wireless networks that enable their use, has raised new concerns for data security and integrity. Standardized Health Insurance Portability and Accountability Act of 1996 (HIPAA)-compliant electronic data security that will allow ubiquitous use of mobile health technologies is needed. The lack of standardized data security to assure privacy, to allow interoperability, and to maximize the full capabilities of mobile devices presents a significant barrier to care. The purpose of this article is to provide an overview of the issue and to encourage discussion of this important topic. Current security needs, standards, limitations, and recommendations for how to address this barrier to care are discussed.

  13. mHealth data security: the need for HIPAA-compliant standardization.

    PubMed

    Luxton, David D; Kayl, Robert A; Mishkind, Matthew C

    2012-05-01

    The rise in the use of mobile devices, such as smartphones, tablet personal computers, and wireless medical devices, as well as the wireless networks that enable their use, has raised new concerns for data security and integrity. Standardized Health Insurance Portability and Accountability Act of 1996 (HIPAA)-compliant electronic data security that will allow ubiquitous use of mobile health technologies is needed. The lack of standardized data security to assure privacy, to allow interoperability, and to maximize the full capabilities of mobile devices presents a significant barrier to care. The purpose of this article is to provide an overview of the issue and to encourage discussion of this important topic. Current security needs, standards, limitations, and recommendations for how to address this barrier to care are discussed. PMID:22400974

  14. How to avoid a HIPAA horror story.

    PubMed

    Withrow, Scott C

    2010-08-01

    The Health Information Technology for Economic and Clinical Health Act of 2009 significantly expands the financial risk of violations of the Health Insurance Portability and Accountability Act (HIPAA) and extends HIPAA procedures and penalties to business associates. Hospitals, physicians, and their business associates should ensure that HIPAA privacy and security provisions are adopted. Compliance efforts should focus on high-risk areas, including information access management, access control, and impermissible disclosures of protected health information.

  15. How to avoid a HIPAA horror story.

    PubMed

    Withrow, Scott C

    2010-08-01

    The Health Information Technology for Economic and Clinical Health Act of 2009 significantly expands the financial risk of violations of the Health Insurance Portability and Accountability Act (HIPAA) and extends HIPAA procedures and penalties to business associates. Hospitals, physicians, and their business associates should ensure that HIPAA privacy and security provisions are adopted. Compliance efforts should focus on high-risk areas, including information access management, access control, and impermissible disclosures of protected health information. PMID:20707266

  16. Challenges and Insights in Using HIPAA Privacy Rule for Clinical Text Annotation

    PubMed Central

    Kayaalp, Mehmet; Browne, Allen C.; Sagan, Pamela; McGee, Tyne; McDonald, Clement J.

    2015-01-01

    The Privacy Rule of Health Insurance Portability and Accountability Act (HIPAA) requires that clinical documents be stripped of personally identifying information before they can be released to researchers and others. We have been manually annotating clinical text since 2008 in order to test and evaluate an algorithmic clinical text de-identification tool, NLM Scrubber, which we have been developing in parallel. Although HIPAA provides some guidance about what must be de-identified, translating those guidelines into practice is not as straightforward, especially when one deals with free text. As a result we have changed our manual annotation labels and methods six times. This paper explains why we have made those annotation choices, which have been evolved throughout seven years of practice on this field. The aim of this paper is to start a community discussion towards developing standards for clinical text annotation with the end goal of studying and comparing clinical text de-identification systems more accurately. PMID:26958206

  17. HIPAA and information security risk: implementing an enterprise-wide risk management strategy

    NASA Astrophysics Data System (ADS)

    Alberts, Christopher J.; Dorofee, Audrey

    2001-08-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 effectively establishes a standard of due care for healthcare information security. One of the challenges of implementing policies, procedures, and practices consistent with HIPAA requirements in the Department of Defense Military Health System is the need for a method that can tailor the requirements to a variety of organizational contexts. This paper will describe a self- directed information security risk evaluation that will enable military healthcare providers to assess their risks and to develop mitigation strategies consistent with HIPAA guidelines.

  18. Information Systems, Security, and Privacy.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    1984-01-01

    Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

  19. High standards. A decade after the law went into effect, there is still debate about the pros and cons of the HIPAA privacy and electronic transaction regulations.

    PubMed

    Edlin, Mari; Johns, Stephanie

    2006-01-01

    When congress passed the Health Insurance Portability and Accountability act in 1996, the goal was to create a simpler, more standardized system that would eventually lower health care costs; reduce errors through safe, universally accepted electronic communication of health care transactions; and eliminate paper claims. Ten years later, the jury is still out on whether HIPAA has been worth the time, energy, and financial investment for insurers. That's not to say, however, that HIPAA hasn't generated benefits while also creating new challenges. "Standards made sense," says Tom Fitzpatrick, Horizon Blue Cross Blue Shield of New Jersey's director of enterprise strategic planning, "but no one ever said it would be fast, cheap, or easy. It was challenging to integrate proprietary claims systems and legacy software with the new standards that took effect in October 2003. But that wasn't the end of the story. HIPAA's privacy and security rules and the standard identifiers have meant even more upgrades and improvements and have required payers to spend millions of additional dollars over the past three years on HIPAA compliance." According to a set of quarterly surveys conducted by HIMSS/Phoenix Health Systems, progress has actually been fairly rapid. On the other hand, some things have remained much the same. In 2003, payers cited "understanding/interpreting the legal requirements" as the most difficult aspect of the HIPAA remediation process, followed by "achieving successful integration of new policies and procedures" and "resolving issues with third parties". In 2006, the barriers are similar, with users citing the same top two struggles. PMID:17175737

  20. Health Insurance Portability and Accountability Act (HIPAA) legislation and its implication on speech privacy design in health care facilities

    NASA Astrophysics Data System (ADS)

    Tocci, Gregory C.; Storch, Christopher A.

    2005-09-01

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (104th Congress, H.R. 3103, January 3, 1986), among many things, individual patient records and information be protected from unnecessary issue. This responsibility is assigned to the U.S. Department of Health and Human Services (HHS) which has issued a Privacy Rule most recently dated August 2002 with a revision being proposed in 2005 to strengthen penalties for inappropriate breaches of patient privacy. Despite this, speech privacy, in many instances in health care facilities need not be guaranteed by the facility. Nevertheless, the regulation implies that due regard be given to speech privacy in both facility design and operation. This presentation will explore the practical aspects of implementing speech privacy in health care facilities and make recommendations for certain specific speech privacy situations.

  1. Evaluating re-identification risks with respect to the HIPAA privacy rule

    PubMed Central

    Benitez, Kathleen

    2010-01-01

    Objective Many healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share “de-identified” records. Such policies, however, are often applied without knowledge of the risk of “re-identification”. The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists. Measurements We define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries. Results The percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17 000, further confirming risk variability. Conclusions This work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data. PMID:20190059

  2. Counterfeit Compliance with the HIPAA Security Rule: A Study of Information System Success

    ERIC Educational Resources Information Center

    Johnson, James R.

    2013-01-01

    The intent of the security standards adopted by the Department of Health and Human Services (DHS) implementing some of the requirements of the Administrative Simplification (AS) subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was to improve Federal and private health care programs and to improve the…

  3. Privacy and Security: A Bibliography.

    ERIC Educational Resources Information Center

    Computer and Business Equipment Manufacturers Association, Washington, DC.

    Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

  4. The ethical and legal implications of Jaffee v Redmond and the HIPAA medical privacy rule for psychotherapy and general psychiatry.

    PubMed

    Mosher, Paul W; Swire, Peter P

    2002-09-01

    The 1996 Jaffee v Redmond US Supreme Court decision established a privilege for psychotherapeutic communications in the federal courts. The new privilege has both substantive and symbolic importance. In its strongly worded opinion in Jaffee v Redmond, the US Supreme Court made clear that confidentiality in psychotherapy takes precedence over certain other important societal goals. The new Health Insurance Portability and Accountability Act (HIPAA) medical privacy rule promulgated by the Department of Health and Human Services relies on Jaffee v Redmond in providing additional legal protections for confidential psychotherapy. Both the US Supreme Court's Jaffee v Redmond ruling and the HIPAA rule support the ethical protection of confidentiality of conversations between psychiatrists and patients. PMID:12232971

  5. HIPAA privacy rule and public health. Guidance from CDC and the U.S. Department of Health and Human Services.

    PubMed

    2003-05-01

    New national health information privacy standards have been issued by the U.S. Department of Health and Human Services (DHHS), pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new regulations provide protection for the privacy of certain individually identifiable health data, referred to as protected health information (PHI). Balancing the protection of individual health information with the need to protect public health, the Privacy Rule expressly permits disclosures without individual authorization to public health authorities authorized by law to collect or receive the information for the purpose of preventing or controlling disease, injury or disability including but not limited to public health surveillance, investigation, and intervention. Public health practice often requires the acquisition, use, and exchange of PHI to perform public health activities (e.g., public health surveillance, program evaluation, terrorism preparedness, outbreak investigations, direct health services, and public health research). Such information enables public health authorities to implement mandated activities (e.g., identifying, monitoring, and responding to death, disease, and disability among populations) and accomplish public health objectives. Public health authorities have a long history of respecting the confidentiality of PHI, and the majority of states as well as the federal government have laws that govern the use of, and serve to protect, identifiable information collected by public health authorities. The purpose of this report is to help public health agencies and others understand and interpret their responsibilities under the Privacy Rule. Elsewhere, comprehensive DHHS guidance is located at the HIPAA website of the Office for Civil Rights (http://www. hhs.gov/ocr/hipaa/). PMID:12741579

  6. Finding HIPAA in your soup.

    PubMed

    Anderson, Frances

    2007-02-01

    From the time when compliance with the Health Insurance Portability and Accountability Act (HIPAA) "privacy rule" became mandatory in April 2003 through April 2005, 12,542 complaints of privacy violations were filed nationally. But what constitutes a violation? Widespread confusion about the rule unnecessarily complicates nurses' relationships with patients and sometimes affects their clinical performance. A nurse responsible for HIPAA compliance at one hospital untangles the many threads of HIPAA's privacy rule and details its implications for nurses' everyday work.

  7. Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

    PubMed Central

    Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

    2013-01-01

    Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

  8. HIPAA--clinical and ethical considerations for nurses.

    PubMed

    Erlen, Judith A

    2004-01-01

    Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to protect patients' basic rights to privacy and their control over the disclosure of their personal health information. Advances in and the more widespread use of communication technology were increasing the public's concerns over the ease with which their health information could be transmitted, how protected that information was during such transmissions, and their lack of approval for the use of that information by known and unknown third parties. This article, the first of two papers focusing on HIPAA, discusses HIPAA from the clinical perspective and focuses primarily on the HIPAA Privacy Rule. Under what circumstances can a covered entity disclose protected health information? What are the ethical issues inherent in HIPAA? What does HIPAA require of covered entities? What are the implications of HIPAA for professional nurses? The goal of HIPAA is to ensure the protection of confidential health information through having appropriate security systems to guard against unintentional disclosure of that information.

  9. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. PMID:25467897

  10. Security of electronic medical information and patient privacy: what you need to know.

    PubMed

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients.

  11. HIPAA brings new requirements, new opportunities.

    PubMed

    Moynihan, J J; McLure, M L

    2000-03-01

    The passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) brought with it the need for Federal rules to implement the act's simplification and cost-reduction efforts. HHS has published proposed rules related to security for the electronic transmission of health information, privacy of individually identifiable health information, transactions and code sets, and national provider and employer identifiers. Additional proposed rules will be published this year for claims attachments and health plan identifiers. Although HIPAA does not require providers to conduct business electronically, the new standards give providers the opportunity to reduce healthcare administrative costs significantly and undertake electronic commerce efficiently and cost-effectively. PMID:10847916

  12. HIPAA Compliance in U.S. Hospitals: A Self-Report of Progress Toward the Security Rule

    PubMed Central

    Having, Karen; Davis, Diane C

    2005-01-01

    In January 2004, a random sampling of 1,000 U.S. hospitals was surveyed by researchers at a midwestern university to determine perceived level of compliance with the security requirements of the federal Health Insurance Portability and Accountability Act (HIPAA). Exactly one year later, a follow-up survey was sent to the 286 respondents of the 2004 survey, yielding a 50 percent return rate (n = 144). There was an overall trend in increased HIPAA security compliance from 2004 to 2005. There was no significant difference in perceived level of compliance based on the size of the hospital for the majority of security standards. PMID:18066377

  13. HIPAA compliance in U.S. hospitals: a self-report of progress toward the security rule.

    PubMed

    Having, Karen; Davis, Diane C

    2005-11-10

    In January 2004, a random sampling of 1,000 U.S. hospitals was surveyed by researchers at a midwestern university to determine perceived level of compliance with the security requirements of the federal Health Insurance Portability and Accountability Act (HIPAA). Exactly one year later, a follow-up survey was sent to the 286 respondents of the 2004 survey, yielding a 50 percent return rate (n = 144). There was an overall trend in increased HIPAA security compliance from 2004 to 2005. There was no significant difference in perceived level of compliance based on the size of the hospital for the majority of security standards.

  14. Effective Management of Information Security and Privacy

    ERIC Educational Resources Information Center

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  15. HIPAA--a real world perspective.

    PubMed

    Nulan, C

    2001-01-01

    An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and

  16. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS). Final rule.

    PubMed

    2016-01-01

    The Department of Health and Human Services (HHS or "the Department'') is issuing this final rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal "mental health prohibitor'' that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on Federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this final rule, only covered entities with lawful authority to make the adjudications or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, are permitted to disclose the information needed for these purposes. The disclosure is restricted to limited demographic and certain other information needed for NICS purposes. The rule specifically prohibits the disclosure of diagnostic or clinical information, from medical records or other sources, and any mental health information beyond the indication that the individual

  17. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS). Final rule.

    PubMed

    2016-01-01

    The Department of Health and Human Services (HHS or "the Department'') is issuing this final rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal "mental health prohibitor'' that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on Federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this final rule, only covered entities with lawful authority to make the adjudications or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, are permitted to disclose the information needed for these purposes. The disclosure is restricted to limited demographic and certain other information needed for NICS purposes. The rule specifically prohibits the disclosure of diagnostic or clinical information, from medical records or other sources, and any mental health information beyond the indication that the individual

  18. Bioterrorism surveillance and privacy: intersection of HIPAA, the Common Rule, and public health law.

    PubMed

    Nordin, James D; Kasimow, Sophie; Levitt, Mary Jeanne; Goodman, Michael J

    2008-05-01

    The threat of bioterrorism in the wake of the September 11, 2001, terrorist attacks cannot be ignored. Syndromic surveillance, the practice of electronically monitoring and reporting real-time medical data to proactively identify unusual disease patterns, highlights the conflict between safeguarding public health while protecting individual privacy. Both the Health Insurance Portability and Accountability Act and the Common Rule (which promulgates protections for individuals in federally sponsored medical research programs) safeguard individuals. Public health law protects the entire populace; uneven state-level implementation lacks adequate privacy protections. We propose 3 models for a nationwide bioterrorism surveillance review process: a nationally coordinated systems approach to using protected health information, creating public health information privacy boards, expanding institutional review boards, or some combination of these. PMID:18382006

  19. Never too old for anonymity: a statistical standard for demographic data sharing via the HIPAA Privacy Rule

    PubMed Central

    Benitez, Kathleen; Masys, Daniel

    2010-01-01

    Objective Healthcare organizations must de-identify patient records before sharing data. Many organizations rely on the Safe Harbor Standard of the HIPAA Privacy Rule, which enumerates 18 identifiers that must be suppressed (eg, ages over 89). An alternative model in the Privacy Rule, known as the Statistical Standard, can facilitate the sharing of more detailed data, but is rarely applied because of a lack of published methodologies. The authors propose an intuitive approach to de-identifying patient demographics in accordance with the Statistical Standard. Design The authors conduct an analysis of the demographics of patient cohorts in five medical centers developed for the NIH-sponsored Electronic Medical Records and Genomics network, with respect to the US census. They report the re-identification risk of patient demographics disclosed according to the Safe Harbor policy and the relative risk rate for sharing such information via alternative policies. Measurements The re-identification risk of Safe Harbor demographics ranged from 0.01% to 0.19%. The findings show alternative de-identification models can be created with risks no greater than Safe Harbor. The authors illustrate that the disclosure of patient ages over the age of 89 is possible when other features are reduced in granularity. Limitations The de-identification approach described in this paper was evaluated with demographic data only and should be evaluated with other potential identifiers. Conclusion Alternative de-identification policies to the Safe Harbor model can be derived for patient demographics to enable the disclosure of values that were previously suppressed. The method is generalizable to any environment in which population statistics are available. PMID:21169618

  20. 76 FR 56712 - CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-14

    ... December 28, 2000, the Department published a final rule in the Federal Register (65 FR 82462) entitled... was amended on August 14, 2002 (67 FR 53182). The Privacy Rule at 45 CFR 164.524 provides individuals... conflict with the CLIA requirements that limited patient access to test reports (65 FR 82485)....

  1. HIPAA-FERPA Revisited

    ERIC Educational Resources Information Center

    Bergren, Martha Dewey

    2004-01-01

    Since April 2003, school nurse and school health officials have been clamoring for guidance on how the Health Insurance Portability and Accountability Act (HIPAA) and the Family Education Rights Privacy Act (FERPA) interface in the school environment. This article provides an up-to-date explanation of how school health leaders are interpreting the…

  2. The Regulatory Framework for Privacy and Security

    NASA Astrophysics Data System (ADS)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  3. Prospective study of clinician-entered research data in the Emergency Department using an Internet-based system after the HIPAA Privacy Rule

    PubMed Central

    Kline, Jeffrey A; Johnson, Charles L; Webb, William B; Runyon, Michael S

    2004-01-01

    Background Design and test the reliability of a web-based system for multicenter, real-time collection of data in the emergency department (ED), under waiver of authorization, in compliance with HIPAA. Methods This was a phase I, two-hospital study of patients undergoing evaluation for possible pulmonary embolism. Data were collected by on-duty clinicians on an HTML data collection form (prospective e-form), populated using either a personal digital assistant (PDA) or personal computer (PC). Data forms were uploaded to a central, offsite server using secure socket protocol transfer. Each form was assigned a unique identifier, and all PHI data were encrypted, but were password-accessible by authorized research personnel to complete a follow-up e-form. Results From April 15, 2003-April 15 2004, 1022 prospective e-forms and 605 follow-up e-forms were uploaded. Complexities of PDA use compelled clinicians to use PCs in the ED for data entry for most forms. No data were lost and server log query revealed no unauthorized entry. Prospectively obtained PHI data, encrypted upon server upload, were successfully decrypted using password-protected access to allow follow-up without difficulty in 605 cases. Non-PHI data from prospective and follow-up forms were available to the study investigators via standard file transfer protocol. Conclusions Data can be accurately collected from on-duty clinicians in the ED using real-time, PC-Internet data entry in compliance with the Privacy Rule. Deidentification-reidentification of PHI was successfully accomplished by a password-protected encryption-deencryption mechanism to permit follow-up by approved research personnel. PMID:15479471

  4. Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

    2006-03-01

    The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

  5. Security and Privacy at a Public University.

    ERIC Educational Resources Information Center

    Bomzer, Herbert W.

    The data center and the user offices at a public university have a responsibility to maintain security and to protect the privacy of the individuals whose data they process. This persists even though much personal data are accessible in libraries. How to identify "private" data, what security precautions to take to protect these data from being…

  6. Educational RIS/PACS simulator integrated with the HIPAA compliant auditing (HCA) toolkit

    NASA Astrophysics Data System (ADS)

    Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Zhang, J.

    2005-04-01

    Health Insurance Portability and Accountability Act (HIPAA), a guideline for healthcare privacy and security, has been officially instituted recently. HIPAA mandates healthcare providers to follow its privacy and security rules, one of which is to have the ability to generate audit trails on the data access for any specific patient on demand. Although most current medical imaging systems such as PACS utilize logs to record their activities, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. In this paper, we present a HIPAA compliant auditing (HCA) toolkit for auditing the image data flow of PACS. The toolkit can extract pertinent auditing information from the logs of various PACS components and store the information in a centralized auditing database. The HIPAA compliant audit trails can be generated based on the database, which can also be utilized for data analysis to facilitate the dynamic monitoring of the data flow of PACS. In order to demonstrate the HCA toolkit in a PACS environment, it was integrated with the PACS Simulator, that was presented as an educational tool in 2003 and 2004 SPIE. With the integration of the HCA toolkit with the PACS simulator, users can learn HIPAA audit concepts and how to generate audit trails of image data access in PACS, as well as trace the image data flow of PACS Simulator through the toolkit.

  7. Family Caregiver Research and the HIPAA Factor

    ERIC Educational Resources Information Center

    Albert, Steven M.; Levine, Carol

    2005-01-01

    Research in family caregiving recently has become more challenging because of the strict protection of privacy mandated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We ask when should Institutional Review Boards (IRBs) follow HIPAA rules to the letter and when might they use the waiver option? What is the appropriate…

  8. Banking on privacy. Hospitals must protect patient information--and their own liability--as banks balk at HIPAA.

    PubMed

    Haugh, Richard

    2004-02-01

    Thanks to HIPAA, banks stand to earn billions of dollars in new business by processing electronic claims for health care providers and payers. And the health care industry could realize $35 billion a year in efficiency gains and cost savings. But overshadowing it all is the question of how protected patient information will be--and how liable hospitals will be for any breach of that information by their business partners.

  9. Banking on privacy. Hospitals must protect patient information--and their own liability--as banks balk at HIPAA.

    PubMed

    Haugh, Richard

    2004-02-01

    Thanks to HIPAA, banks stand to earn billions of dollars in new business by processing electronic claims for health care providers and payers. And the health care industry could realize $35 billion a year in efficiency gains and cost savings. But overshadowing it all is the question of how protected patient information will be--and how liable hospitals will be for any breach of that information by their business partners. PMID:14999878

  10. 48 CFR 52.239-1 - Privacy or Security Safeguards.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish...

  11. Information Security and Privacy in Network Environments.

    ERIC Educational Resources Information Center

    Congress of the U.S., Washington, DC. Office of Technology Assessment.

    The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

  12. Measuring and Modeling Security and Privacy Laws

    ERIC Educational Resources Information Center

    Romanosky, Sasha

    2012-01-01

    This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

  13. Security and privacy issues of personal health.

    PubMed

    Blobel, Bernd; Pharow, Peter

    2007-01-01

    While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

  14. 77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security... Privacy Act of 1974, the Department of Homeland Security is giving notice that it will retire...

  15. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security... Privacy Act of 1974, the Department of Homeland Security is giving notice that it will retire...

  16. 77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland Security... Privacy Act of 1974, the Department of Homeland Security is giving notice that it will retire...

  17. Update: electronic transactions, HIPAA, and Medicare reimbursement.

    PubMed

    McMahon, Erin Brisbay

    2003-10-01

    Physician practices that transmit any health information in electronic form in connection with a transaction covered by the HIPAA transactions and code sets rule will be required to comply with the rule no later than October 16, 2003. Under the rule, if certain transactions, such as the filing of claims, are conducted electronically, they must contain certain data content and be formatted in a particular way. On and after October 16, 2003, Medicare will require claims to be submitted electronically unless a physician practice has less than 10 full-time equivalent employees. Practices with fewer than 10 FTEs can continue to submit paper claims to Medicare without any further action on their part. At a minimum, physician practices must have the ability to capture the data required by the rule for covered transactions conducted electronically, and either use a clearinghouse to translate the data to X12N format or obtain a translator and electronic connectivity to ensure that the practice can send electronically compliant claims by October 16, 2003. Trading partner agreements may specify the duties and responsibilities of each party to the agreement in conducting a covered transaction electronically, but they are not required under HIPAA. Business associate agreements are required under HIPAA if a practice chooses to use a business associate (a person who performs an activity falling under the rule on behalf of the practice), including a health care clearinghouse, to conduct electronic covered transactions for it, and the agreement must comply with the HIPAA transactions and code sets rule, the privacy rule, and the security rule. This article is not, and should not be construed as, legal advice or an opinion on specific situations. PMID:16871309

  18. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices.

    PubMed

    Watzlaf, Valerie J M; Dealmeida, Dilhari R; Zhou, Leming; Hartman, Linda M

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  19. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices

    PubMed Central

    WATZLAF, VALERIE J.M.; DEALMEIDA, DILHARI R.; ZHOU, LEMING; HARTMAN, LINDA M.

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated. PMID:27563383

  20. Protocol for a Systematic Review of Telehealth Privacy and Security Research to Identify Best Practices.

    PubMed

    Watzlaf, Valerie J M; Dealmeida, Dilhari R; Zhou, Leming; Hartman, Linda M

    2015-01-01

    Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH) and could benefit from the guidance provided by best practices in Privacy and Security (P&S). This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P). The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s) and study design of the systematic review) are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated.

  1. From Hippocrates to HIPAA: privacy and confidentiality in emergency medicine--Part II: Challenges in the emergency department.

    PubMed

    Moskop, John C; Marco, Catherine A; Larkin, Gregory Luke; Geiderman, Joel M; Derse, Arthur R

    2005-01-01

    Part I of this article reviewed the concepts of privacy and confidentiality and described the moral and legal foundations and limits of these values in health care. Part II highlights specific privacy and confidentiality issues encountered in the emergency department (ED). Discussed first are physical privacy issues in the ED, including problems of ED design and crowding, issues of patient and staff safety, the presence of visitors, law enforcement officers, students, and other observers, and filming activities. The article then examines confidentiality issues in the ED, including protecting medical records, the duty to warn, reportable conditions, telephone inquiries, media requests, communication among health care professionals, habitual patient files, the use of patient images, electronic communication, and information about minor patients.

  2. Cyber security challenges in Smart Cities: Safety, security and privacy

    PubMed Central

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  3. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  4. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  5. DHHS wisely proposed to remove the "consent" requirement from the HIPAA privacy standards. Department of Health and Human Services.

    PubMed

    Rosati, Kristen

    2002-01-01

    The author contends that requiring advance written consent to use and disclose health information interferes with patient care, is unnecessary in view of other rigorous privacy protections, and imposes an unwarranted burden on healthcare providers. Consequently, the author commends DHHS for taking the "practical and apolitical step" of removing this requirement.

  6. Security and Privacy in a DACS.

    PubMed

    Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

    2016-01-01

    The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents. PMID:27577355

  7. 78 FR 73868 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-09

    .... Electronic access is limited by computer security measures that are strictly enforced. TSA file areas are... SECURITY Privacy Act of 1974; Department of Homeland Security Transportation Security Administration--DHS/TSA-001 Transportation Security Enforcement Record System System of Records AGENCY: Privacy...

  8. 76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from National Strategy...

  9. The law of unintended (financial) consequences: the expansion of HIPAA business associate liability.

    PubMed

    Tomes, Jonathan P

    2013-01-01

    The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.

  10. 75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... SECURITY Office of the Secretary Privacy Act of 1974: System of Records; Department of Homeland Security...: In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue an existing Department of Homeland Security system of records notice titled,...

  11. Access anxiety: HIPAA and historical research.

    PubMed

    Lawrence, Susan C

    2007-10-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes new standards for the protection of private health information in the United States. The Privacy Rule, one of the specific regulatory provisions of the act, went into effect 14 April 2003 for covered health care providers, institutions, and businesses. The Privacy Rule directly affected medical archivists and their collections. It has significant implications for historians of health care, as well. The Privacy Rule is the first major regulation that protects the privacy of the deceased in perpetuity. It establishes requirements that researchers must satisfy in order to gain access to "individually identifiable health information" held by HIPAA-protected institutions. While these requirements will burden historians in some cases, the Privacy Rule could open up opportunities for well-prepared historians to work with a more extensive range of twentieth-century documents.

  12. Privacy and security requirements of distributed computer based patient records.

    PubMed

    Moehr, J R

    1994-02-01

    Privacy and security issues increase in complexity as we move from the conventional patient record to the computer based patient record (CPR) supporting patient care and to cross-institutional networked CPRs. The privacy and security issues surrounding the CPR are outlined. Measures for privacy and security protection are summarized. It is suggested that we lack a key component of an information sharing culture. We need means for semantic indexing in the form of a metadata base at the level of the instantiation of a data base rather than at the level of its schemas.

  13. 75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Security Administration--023 Workplace Violence Prevention Program System of Records AGENCY: Privacy Office..., ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention... and maintain records on their Workplace Violence Prevention Program. Additionally, the Department...

  14. Anonymizer-Enabled Security and Privacy for RFID

    NASA Astrophysics Data System (ADS)

    Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

    RFID-based systems are becoming a widely deployed pervasive technology that is more and more used in applications where privacy-sensitive information is entrusted to RFID tags. Thus, a careful analysis in appropriate security and privacy models is needed before deployment to practice.

  15. HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

    NASA Astrophysics Data System (ADS)

    Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

    2006-03-01

    As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

  16. Safety, security, hygiene and privacy in migrant farmworker housing.

    PubMed

    Arcury, Thomas A; Weir, Maria M; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F; Bischoff, Werner E; Quandt, Sara A

    2012-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed.

  17. SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

    PubMed Central

    Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

    2013-01-01

    Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

  18. Future of security and privacy in medical information.

    PubMed

    Wiederhold, Gio

    2002-01-01

    Today, issues of privacy and confidentiality in healthcare are dealt largely informally. Little legislation exists, and the awkwardness of accessing paper records makes violations of patients' privacy sporadic. As healthcare institutions move towards a future where all information is kept in an Electronic Medical Record (EMR), the casual attitudes that are prevalent will be in conflict with the desires and expectations of the patients. Legislation has been passed to make the holders of medical data responsible for securely protecting the patients privacy. Specific implementation guidelines are still lacking. There is much institutional resistance to the adoption of rigorous rules, but we expect that in the near future reliable procedures will have to be implemented to comply both with legal guidelines and patient's expectations. After introducing the issue more precisely we provide an overview over the concepts needed to understand the roles of technology of privacy and security and the people that must manage the technology. We then discuss the components of secure EMR systems and will point out where adequate technology exists and where future improvements are essential. We conclude with some advice to healthcare management facing the demands for security and privacy that the future will bring.

  19. Privacy and Security - a Way to Manage the Dilemma

    NASA Astrophysics Data System (ADS)

    Peissl, Walter

    Privacy and security are often seen as opposites in a zero-sum game. The more you want from one, the less you get from the other. To overcome this dilemma the PRISE project (EU-funded by PASR/DG Enterprise) developed a methodology to establish sets of criteria for privacy enhancing security technologies. These sets of criteria are applicable on different levels (research, development, implementation) and by different actors (research coordinators, industry, policy-makers, public and private users). The use of these criteria is intended to contribute directly to a tangible and demonstrable improvement in security as accepted and acceptable security technologies will be more easily implemented, more widely used and confronted with less rejection by the general public and users of these technologies. A similar set of criteria is used for certification for the European Privacy Seal. Both the privacy by design approach and the certification scheme should increase the competitiveness of European security industries by providing guidance on the provision of widely acceptable security technologies.

  20. Toward protocols for quantum-ensured privacy and secure voting

    SciTech Connect

    Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

    2011-08-15

    We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

  1. 75 FR 18860 - Privacy Act of 1974, Department of Homeland Security Transportation Security Administration-013...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Officer Record System (FDORS), previously published on August 18, 2003 (68 FR 49496). TSA's mission is to... reflected in the final rule published on June 25, 2004, 69 FR 35536. Consistent with the Privacy Act... Security Administration--013 Federal Flight Deck Officer Record System AGENCY: Privacy Office, DHS....

  2. Security, privacy, and confidentiality issues on the Internet

    PubMed Central

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  3. Security, privacy, and confidentiality issues on the Internet.

    PubMed

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  4. Online Privacy, Security and Ethical Dilemma: A Recent Study.

    ERIC Educational Resources Information Center

    Karmakar, Nitya L.

    The Internet remains as a wonder for the 21st century and its growth is phenomenon. According to a recent survey, the online population is now about 500 million globally and if this trend continues, it should reach 700 million by the end of 2002. This exponential growth of the Internet has given rise to several security, privacy and ethical…

  5. Privacy and Security in an Oncology Information System

    PubMed Central

    Blum, Bruce I.; Lenhard, Raymond E.

    1978-01-01

    The growing number of automated medical data bases has focused attention upon the problems associated with privacy and security of patient data. This paper briefly reviews some of the approaches to data base protection and then describes the solution to these problems which have been implemented in the Johns Hopkins Oncology Center Clinical Information System.

  6. Impact of HIPAA on Subject Recruitment and Retention

    PubMed Central

    Wipke-Tevis, Deidre D.; Pickett, Melissa A.

    2009-01-01

    Recruiting and retaining an adequate sample of subjects is critical to the success of any research project involving human subjects. Recent reports indicate the Health Insurance Portability and Accountability Act (HIPAA) Privacy rule has adversely impacted research. Few resources are available to help researchers and their staff navigate the challenges to subject recruitment and retention after the implementation of the HIPAA Privacy rule. This article will address obstacles to subject recruitment in prospective, clinical research studies related specifically to the HIPAA Privacy rule as well as HIPAA compliant strategies to enhance subject recruitment and retention. Recruitment challenges discussed include evolving interpretations of the HIPAA regulations, inability to directly contact potential subjects, complexity of the HIPAA required documents, the increased cost of subject recruitment, and an expanding administrative burden. Among the strategies addressed are preparatory research reviews, use of clinical collaborators/staff liaisons, pre-screening of potential subjects, minimizing subject burden during the consent process, enhancing follow-up of subjects, facilitating recruitment for future studies and streamlining compliance training for research staff. PMID:17551087

  7. 75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-10

    ... SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal... of Homeland Security is giving notice that it proposes to retire Department of Homeland Security..., Department of Homeland Security, Washington, DC 20472. For privacy issues please contact: Mary......

  8. 76 FR 67621 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ... national security, law enforcement, immigration, intelligence, or other functions consistent with the... Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528...: For general questions please contact: Laurence E. Castelli (202) 325-0280), CBP Privacy...

  9. Observer success rates for identification of 3D surface reconstructed facial images and implications for patient privacy and security

    NASA Astrophysics Data System (ADS)

    Chen, Joseph J.; Siddiqui, Khan M.; Fort, Leslie; Moffitt, Ryan; Juluru, Krishna; Kim, Woojin; Safdar, Nabile; Siegel, Eliot L.

    2007-03-01

    3D and multi-planar reconstruction of CT images have become indispensable in the routine practice of diagnostic imaging. These tools cannot only enhance our ability to diagnose diseases, but can also assist in therapeutic planning as well. The technology utilized to create these can also render surface reconstructions, which may have the undesired potential of providing sufficient detail to allow recognition of facial features and consequently patient identity, leading to violation of patient privacy rights as described in the HIPAA (Health Insurance Portability and Accountability Act) legislation. The purpose of this study is to evaluate whether 3D reconstructed images of a patient's facial features can indeed be used to reliably or confidently identify that specific patient. Surface reconstructed images of the study participants were created used as candidates for matching with digital photographs of participants. Data analysis was performed to determine the ability of observers to successfully match 3D surface reconstructed images of the face with facial photographs. The amount of time required to perform the match was recorded as well. We also plan to investigate the ability of digital masks or physical drapes to conceal patient identity. The recently expressed concerns over the inability to truly "anonymize" CT (and MRI) studies of the head/face/brain are yet to be tested in a prospective study. We believe that it is important to establish whether these reconstructed images are a "threat" to patient privacy/security and if so, whether minimal interventions from a clinical perspective can substantially reduce this possibility.

  10. Aligning the Effective Use of Student Data with Student Privacy and Security Laws

    ERIC Educational Resources Information Center

    Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

    2011-01-01

    This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

  11. Privacy and Security in Mobile Health (mHealth) Research.

    PubMed

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  12. Privacy and Security in Mobile Health (mHealth) Research

    PubMed Central

    Arora, Shifali; Yttri, Jennifer; Nilsen, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions—some in real time—while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions. PMID:26259009

  13. Security and privacy issues with health care information technology.

    PubMed

    Meingast, Marci; Roosta, Tanya; Sastry, Shankar

    2006-01-01

    The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

  14. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration...

  15. SPECS: Secure and Privacy Enhancing Communications Schemes for VANETs

    NASA Astrophysics Data System (ADS)

    Chim, T. W.; Yiu, S. M.; Hui, L. C. K.; Jiang, Zoe L.; Li, Victor O. K.

    Vehicular ad hoc network (VANET) is an emerging type of networks which facilitates vehicles on roads to communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely heavily on a tamper-proof hardware device, or cannot satisfy the privacy requirement and do not have an effective message verification scheme. In this paper, we provide a software-based solution which makes use of only two shared secrets to satisfy the privacy requirement and gives lower message overhead and at least 45% higher successful rate than previous solutions in the message verification phase using the bloom filter and the binary search techniques. We also provide the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles.

  16. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-02

    ... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's..., --Update on Privacy and Civil Liberties Oversight Board (PCLOB), and --Update on NIST Computer Security... National Institute of Standards and Technology Open Meeting of the Information Security and...

  17. Intelligent security and privacy solutions for enabling personalized telepathology

    PubMed Central

    2011-01-01

    Starting with the paradigm change of health systems towards personalized health services, the paper introduces the technical paradigms to be met for enabling ubiquitous pHealth including ePathology. The system-theoretical, architecture-centric approach to mobile, pervasive and autonomous solutions has to be based on an open component system framework such as the Generic Component Model. The crucial challenge to be met for comprehensive interoperability is multi-disciplinary knowledge representation, which must be integrated into the aforementioned framework. The approach is demonstrated for security and privacy services fundamental for any eHealth or ePathology environment. PMID:21489199

  18. A Research on Issues Related to RFID Security and Privacy

    NASA Astrophysics Data System (ADS)

    Kim, Jongki; Yang, Chao; Jeon, Jinhwan

    Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

  19. Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network.

    PubMed

    Greenberg, Michael D; Ridgely, M Susan; Hillestad, Richard J

    2009-01-01

    More than a decade after passage of the Health Insurance Portability and Accountability Act (HIPAA), concerns about the privacy and security of personal health information remain a major policy issue. Now, the emergence of the Nationwide Health Information Network (NHIN) presents deeper underlying privacy challenges, which will require renewed attention from policymakers as federal and state privacy rules need to be revisited. This is necessary because the current framework of privacy laws is not well suited for regulating a transformed health care system, where computer networks supersede conventional communications media. PMID:19276003

  20. Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network.

    PubMed

    Greenberg, Michael D; Ridgely, M Susan; Hillestad, Richard J

    2009-01-01

    More than a decade after passage of the Health Insurance Portability and Accountability Act (HIPAA), concerns about the privacy and security of personal health information remain a major policy issue. Now, the emergence of the Nationwide Health Information Network (NHIN) presents deeper underlying privacy challenges, which will require renewed attention from policymakers as federal and state privacy rules need to be revisited. This is necessary because the current framework of privacy laws is not well suited for regulating a transformed health care system, where computer networks supersede conventional communications media.

  1. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    SciTech Connect

    Not Available

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  2. 75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... records notice titled, DHS/TSA-006 Correspondence Matters Tracking System Records (CMTR) (68 FR 49496... purposes of investigating any matter before DHS/TSA. These changes will allow DHS/TSA to thoroughly and... Security Administration--006 Correspondence and Matters Tracking Records AGENCY: Privacy Office,...

  3. 77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... Administration-015 Registered Traveler Operations Files (November 8, 2005, 69 FR 67735), which was written to...)-015 Registered Traveler (RT) Operations File Files (November 8, 2005, 69 FR 67735), which was written... Transportation Security Administration System of Records AGENCY: Privacy Office, Department of Homeland...

  4. Secure and privacy enhanced gait authentication on smart phone.

    PubMed

    Hoang, Thang; Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  5. Secure and Privacy Enhanced Gait Authentication on Smart Phone

    PubMed Central

    Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

  6. Secure and privacy enhanced gait authentication on smart phone.

    PubMed

    Hoang, Thang; Choi, Deokjai

    2014-01-01

    Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

  7. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. PMID:27256131

  8. Exploring Trust, Security and Privacy in Digital Business

    NASA Astrophysics Data System (ADS)

    Fischer-Hübner, Simone; Furnell, Steven; Lambrinoudakis, Costas

    Security and privacy are widely held to be fundamental requirements for establishing trust in digital business. This paper examines the relationship between the factors, and the different strategies that may be needed in order to provide an adequate foundation for users’ trust. The discussion begins by recognising that users often lack confidence that sufficient security and privacy safeguards can be delivered from a technology perspective, and therefore require more than a simple assurance that they are protected. One contribution in this respect is the provision of a Trust Evaluation Function, which supports the user in reaching more informed decisions about the safeguards provided in different contexts. Even then, however, some users will not be satisfied with technology-based assurances, and the paper consequently considers the extent to which risk mitigation can be offered via routes, such as insurance. The discussion concludes by highlighting a series of further open issues that also require attention in order for trust to be more firmly and widely established.

  9. Privacy and Security within Biobanking: The Role of Information Technology.

    PubMed

    Heatherly, Raymond

    2016-03-01

    Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source.

  10. DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2010

    2010-01-01

    The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

  11. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 42 Public Health 2 2012-10-01 2012-10-01 false Ensuring the privacy and security of data. 401.713 Section 401.713 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity...

  12. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 42 Public Health 2 2013-10-01 2013-10-01 false Ensuring the privacy and security of data. 401.713 Section 401.713 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity...

  13. 42 CFR 401.713 - Ensuring the privacy and security of data.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 2 2014-10-01 2014-10-01 false Ensuring the privacy and security of data. 401.713 Section 401.713 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity...

  14. The study on privacy preserving data mining for information security

    NASA Astrophysics Data System (ADS)

    Li, Xiaohui

    2012-04-01

    Privacy preserving data mining have a rapid development in a short year. But it still faces many challenges in the future. Firstly, the level of privacy has different definitions in different filed. Therefore, the measure of privacy preserving data mining technology protecting private information is not the same. So, it's an urgent issue to present a unified privacy definition and measure. Secondly, the most of research in privacy preserving data mining is presently confined to the theory study.

  15. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Management System of Records (74 FR 3084, January 16, 2009) for the collection and maintenance of records... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel... to update and reissue Department of Homeland Security/ALL--023 Personnel Security Management...

  16. Privacy-preserving microbiome analysis using secure computation

    PubMed Central

    Wagner, Justin; Paulson, Joseph N.; Wang, Xiao; Bhattacharjee, Bobby; Corrada Bravo, Héctor

    2016-01-01

    Motivation: Developing targeted therapeutics and identifying biomarkers relies on large amounts of research participant data. Beyond human DNA, scientists now investigate the DNA of micro-organisms inhabiting the human body. Recent work shows that an individual’s collection of microbial DNA consistently identifies that person and could be used to link a real-world identity to a sensitive attribute in a research dataset. Unfortunately, the current suite of DNA-specific privacy-preserving analysis tools does not meet the requirements for microbiome sequencing studies. Results: To address privacy concerns around microbiome sequencing, we implement metagenomic analyses using secure computation. Our implementation allows comparative analysis over combined data without revealing the feature counts for any individual sample. We focus on three analyses and perform an evaluation on datasets currently used by the microbiome research community. We use our implementation to simulate sharing data between four policy-domains. Additionally, we describe an application of our implementation for patients to combine data that allows drug developers to query against and compensate patients for the analysis. Availability and implementation: The software is freely available for download at: http://cbcb.umd.edu/∼hcorrada/projects/secureseq.html Supplementary information: Supplementary data are available at Bioinformatics online. Contact: hcorrada@umiacs.umd.edu PMID:26873931

  17. A secure steganography for privacy protection in healthcare system.

    PubMed

    Liu, Jing; Tang, Guangming; Sun, Yifeng

    2013-04-01

    Private data in healthcare system require confidentiality protection while transmitting. Steganography is the art of concealing data into a cover media for conveying messages confidentially. In this paper, we propose a steganographic method which can provide private data in medical system with very secure protection. In our method, a cover image is first mapped into a 1D pixels sequence by Hilbert filling curve and then divided into non-overlapping embedding units with three consecutive pixels. We use adaptive pixel pair match (APPM) method to embed digits in the pixel value differences (PVD) of the three pixels and the base of embedded digits is dependent on the differences among the three pixels. By solving an optimization problem, minimal distortion of the pixel ternaries caused by data embedding can be obtained. The experimental results show our method is more suitable to privacy protection of healthcare system than prior steganographic works.

  18. Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

    NASA Astrophysics Data System (ADS)

    Choudhury, Debesh

    2016-04-01

    We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

  19. Assessing the privacy policies in mobile personal health records.

    PubMed

    Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

    2014-01-01

    The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs. PMID:25571104

  20. 76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-28

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security Federal Emergency... Department of Homeland Security proposes to establish a new system of records titled, ``Department of....'' This system of records allows the Department of Homeland Security/Federal Emergency Management...

  1. A Secure and Privacy-Preserving Targeted Ad-System

    NASA Astrophysics Data System (ADS)

    Androulaki, Elli; Bellovin, Steven M.

    Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

  2. 76 FR 12609 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-08

    ... Security Operations Center Database (April 18, 2005, 70 FR 20061). The Privacy Act embodies fair... Operations Center Tracker and Senior Watch Officer Logs System of Records AGENCY: Privacy Office, DHS. ACTION... and Senior Watch Officer Logs System of Records and this proposed rulemaking. The National...

  3. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    PubMed Central

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  4. Securing the data economy: translating privacy and enacting security in the development of DataSHIELD.

    PubMed

    Murtagh, M J; Demir, I; Jenkings, K N; Wallace, S E; Murtagh, B; Boniol, M; Bota, M; Laflamme, P; Boffetta, P; Ferretti, V; Burton, P R

    2012-01-01

    Contemporary bioscience is seeing the emergence of a new data economy: with data as its fundamental unit of exchange. While sharing data within this new 'economy' provides many potential advantages, the sharing of individual data raises important social and ethical concerns. We examine ongoing development of one technology, DataSHIELD, which appears to elide privacy concerns about sharing data by enabling shared analysis while not actually sharing any individual-level data. We combine presentation of the development of DataSHIELD with presentation of an ethnographic study of a workshop to test the technology. DataSHIELD produced an application of the norm of privacy that was practical, flexible and operationalizable in researchers' everyday activities, and one which fulfilled the requirements of ethics committees. We demonstrated that an analysis run via DataSHIELD could precisely replicate results produced by a standard analysis where all data are physically pooled and analyzed together. In developing DataSHIELD, the ethical concept of privacy was transformed into an issue of security. Development of DataSHIELD was based on social practices as well as scientific and ethical motivations. Therefore, the 'success' of DataSHIELD would, likewise, be dependent on more than just the mathematics and the security of the technology.

  5. Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

    PubMed

    Charbonneau, Deborah H

    2016-08-01

    While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age. PMID:27253081

  6. Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

    PubMed

    Charbonneau, Deborah H

    2016-08-01

    While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

  7. 75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-23

    ... National Institute of Standards and Technology Announcing a Meeting of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY... Technology Laboratory, National Institute of Standards and Technology, 100 Bureau Drive, Stop...

  8. Complicated game. HISPC privacy and security collaborative hands off three years of work.

    PubMed

    Dimick, Chris

    2009-05-01

    The ambitious experiment to identify and lower the privacy and security barriers to health information exchange is winding down. The legacy, say participants, is awareness, resources, and proof that collaboration works. What happens next, however, is uncertain.

  9. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  10. Privacy and data security in E-health: requirements from the user's perspective.

    PubMed

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  11. 76 FR 9034 - Privacy Act of 1974; Department of Homeland Security United States Citizenship and Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-16

    ... authorization in the United States. I. To a third party commercial identity assurance provider (IdP) under... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security United States... Security (DHS) United States Citizenship and Immigration Services (USCIS) proposes to establish a new...

  12. 75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... Exemptions; Department of Homeland Security Transportation Security Administration-023 Workplace Violence... Security Administration-023 Workplace Violence Prevention Program System of Records and this proposed... a new system of records under the Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace...

  13. 76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-11

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to Federal computer systems. Details regarding... relating to computer security research, --Presentation on Access of Classified Information,...

  14. 77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-01

    ... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... NIST Computer Security Division. Note that agenda items may change without notice because of possible... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security...

  15. 78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-30

    ... changing reporting categories, and --Update of NIST Computer Security Division. Note that agenda items may... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 12,...

  16. 76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-28

    ... public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by... Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems... Discussion on cyber R&D Strategy, and --Update of NIST Computer Security Division. Note that agenda items...

  17. 75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-13

    ... ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal... Director of NIST on security and privacy issues pertaining to federal computer systems. Details regarding... National Institute of Standards and Technology Announcing a Meeting of the Information Security and...

  18. 78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-02

    ..., --Legislative Updates, and --Update of NIST Computer Security Division. Note that agenda items may change... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and.... SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February...

  19. Protecting Privacy and Securing the Gathering of Location Proofs - The Secure Location Verification Proof Gathering Protocol

    NASA Astrophysics Data System (ADS)

    Graham, Michelle; Gray, David

    As wireless networks become increasingly ubiquitous, the demand for a method of locating a device has increased dramatically. Location Based Services are now commonplace but there are few methods of verifying or guaranteeing a location provided by a user without some specialised hardware, especially in larger scale networks. We propose a system for the verification of location claims, using proof gathered from neighbouring devices. In this paper we introduce a protocol to protect this proof gathering process, protecting the privacy of all involved parties and securing it from intruders and malicious claiming devices. We present the protocol in stages, extending the security of this protocol to allow for flexibility within its application. The Secure Location Verification Proof Gathering Protocol (SLVPGP) has been designed to function within the area of Vehicular Networks, although its application could be extended to any device with wireless & cryptographic capabilities.

  20. Secure Message Distribution Scheme with Configurable Privacy in Heterogeneous Wireless Sensor Networks

    NASA Astrophysics Data System (ADS)

    Li, Yahui; Ma, Jianfeng; Moon, Sangjae

    Security and privacy of wireless sensor networks are key research issues recently. Most existing researches regarding wireless sensor networks security consider homogenous sensor networks. To achieve better security and performance, we adopt a heterogeneous wireless sensor network (HWSN) model that consists of physically different types of sensor nodes. This paper presents a secure message distribution scheme with configurable privacy for HWSNs, which takes advantage of powerful high-end sensor nodes. The scheme establishes a message distribution topology in an efficient and secure manner. The sensor node only need generate one signature for all the messages for all the users, which can greatly save the communication and computation cost of the sensor node. On the other hand, the user can only know the messages that let him know based on a pre-set policy, which can meet the requirement of the privacy. We show that the scheme has small bandwidth requirements and it is resilient against the node compromise attack.

  1. Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

    PubMed

    Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

    2008-01-01

    As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

  2. Authentication, privacy, security can exploit brainwave by biomarker

    NASA Astrophysics Data System (ADS)

    Jenkins, Jeffrey; Sweet, Charles; Sweet, James; Noel, Steven; Szu, Harold

    2014-05-01

    We seek to augment the current Common Access Control (CAC) card and Personal Identification Number (PIN) verification systems with an additional layer of classified access biometrics. Among proven devices such as fingerprint readers and cameras that can sense the human eye's iris pattern, we introduced a number of users to a sequence of 'grandmother images', or emotionally evoked stimuli response images from other users, as well as one of their own, for the purpose of authentication. We performed testing and evaluation of the Authenticity Privacy and Security (APS) brainwave biometrics, similar to the internal organ of the human eye's iris which cannot easily be altered. `Aha' recognition through stimulus-response habituation can serve as a biomarker, similar to keystroke dynamics analysis for inter and intra key fluctuation time of a memorized PIN number (FIST). Using a non-tethered Electroencephalogram (EEG) wireless smartphone/pc monitor interface, we explore the appropriate stimuli-response biomarker present in DTAB low frequency group waves. Prior to login, the user is shown a series of images on a computer display. They have been primed to click their mouse when the image is presented. DTAB waves are collected with a wireless EEG and are sent via Smartphone to a cloud based processing infrastructure. There, we measure fluctuations in DTAB waves from a wireless, non-tethered, single node EEG device between the Personal Graphic Image Number (PGIN) stimulus image and the response time from an individual's mental performance baseline. Towards that goal, we describe an infrastructure that supports distributed verification for web-based EEG authentication. The performance of machine learning on the relative Power Spectral Density EEG data may uncover features required for subsequent access to web or media content. Our approach provides a scalable framework wrapped into a robust Neuro-Informatics toolkit, viable for use in the Biomedical and mental health

  3. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-07-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA.... ACTION: Notice of a renewal of an existing computer matching program that expired on May 10,...

  4. For telehealth to succeed, privacy and security risks must be identified and addressed.

    PubMed

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  5. Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

    PubMed Central

    Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

    2012-01-01

    Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

  6. Users Do the Darndest Things: True Stories from the CyLab Usable Privacy and Security Laboratory

    NASA Astrophysics Data System (ADS)

    Cranor, Lorrie Faith

    How can we make security and privacy software more usable? The first step is to study our users. Ideally, we would watch them interacting with security or privacy software in situations where they face actual risk. But everyday computer users don't sit around fiddling with security software, and subjecting users to actual security attacks raises ethical and legal concerns. Thus, it can be difficult to observe users interacting with security and privacy software in their natural habitat. At the CyLab Usable Privacy and Security Laboratory, we've conducted a wide variety of studies aimed at understanding how users think about security and privacy and how they interact with security and privacy software. In this talk I'll give a behind the scenes tour of some of the techniques we've used to study users both in the laboratory and in the wild. I'll discuss the trials and tribulations of designing and carrying out security and privacy user studies, and highlight some of our surprising observations. Find out what privacy-sensitive items you can actually get study participants to purchase, how you can observe users' responses to a man-in-the-middle attack without actually conducting such an attack, why it's hard to get people to use high tech cell phones even when you give them away, and what's actually in that box behind the couch in my office.

  7. Privacy and security in mobile health apps: a review and recommendations.

    PubMed

    Martínez-Pérez, Borja; de la Torre-Díez, Isabel; López-Coronado, Miguel

    2015-01-01

    In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users' personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.

  8. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

  9. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS. PMID:25298362

  10. Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks

    PubMed Central

    Thandava Meganathan, Navamani; Palanichamy, Yogesh

    2015-01-01

    Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols. PMID:26484361

  11. A compressive sensing based secure watermark detection and privacy preserving storage framework.

    PubMed

    Qia Wang; Wenjun Zeng; Jun Tian

    2014-03-01

    Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

  12. Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

    ERIC Educational Resources Information Center

    Buckman, Joel; Gold, Stephanie

    2012-01-01

    This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

  13. 76 FR 8755 - Privacy Act of 1974; Department of Homeland Security/ALL-032 Official Passport Application and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--032 Official... of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ``Department of Homeland Security/ ALL--032 Official Passport Application and Maintenance......

  14. Business associates: a HIPAA compliance challenge.

    PubMed

    Gradle, Brian D

    2002-02-01

    The final rule implementing the privacy standards mandated by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 imposes substantial requirements on covered entities with respect to their business associates--those parties providing certain services to, or on behalf of, the covered entities. A covered entity must develop a contract with each of its business associates that sets forth the conditions under which the business associate may use or disclose the protected health information it receives from the covered entity. The contract also must delineate the covered entity's obligations with respect to the business associate, which include ensuring individuals' access to their protected health information and taking certain steps to respond to a breach of the privacy standards by the business associate. The business associate requirements do not apply to the covered entity's workforce, disclosures to providers for treatment purposes, certain financial transactions, certain jointly administered government programs, and, provided that certain other restrictions are met, disclosures made by group health plans to plan sponsors.

  15. Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

    PubMed

    Rosenbaum, Benjamin P

    2014-03-01

    Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

  16. 75 FR 9085 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Immigration...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-01

    ... 30, 2009, DHS ICE published a system of records in the Federal Register (74 FR 50228) establishing a... in the Federal Register (74 FR 50148) to exempt this system of records from a number of provisions of... Immigration and Customs Enforcement--012 Visa Security Program Records AGENCY: Privacy Office, DHS....

  17. 77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-13

    ... devices, stating: `` ecisions about what personal data to store, or not to store, on a mobile device rest... privacy and data security practices of mobile wireless services providers with respect to customer... Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998). Electronic Filers: Comments...

  18. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally...) and (c)(2) of the Affordable Care Act; (3) Be equal to or more stringent than the requirements for... violation of section 1411(g) of the Affordable Care Act will be subject to a civil penalty of not more...

  19. 45 CFR 155.260 - Privacy and security of personally identifiable information.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally...) and (c)(2) of the Affordable Care Act; (3) Be equal to or more stringent than the requirements for... violation of section 1411(g) of the Affordable Care Act will be subject to a civil penalty of not more...

  20. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  1. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  2. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  3. 28 CFR 20.24 - State laws on privacy and security.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... Section 20.24 Judicial Administration DEPARTMENT OF JUSTICE CRIMINAL JUSTICE INFORMATION SYSTEMS State and Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof,...

  4. Privacy, Security, & Compliance: Strange Bedfellows or a Marriage Made in Heaven?

    ERIC Educational Resources Information Center

    Corn, Michael; Rosenthal, Jane

    2013-01-01

    Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

  5. 76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--017 General... Security/ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in..., Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must...

  6. 77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-27

    ... DHS/ALL-004 General Information Technology Access Account Records System of Records (73 FR 28139, May... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-004 General... Homeland Security system of records notice titled, Department of Homeland Security/ALL-004...

  7. 75 FR 8092 - Privacy Act of 1974; Department of Homeland Security/ALL-027 The History of the Department of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--027 The History..., Department of Homeland Security-2004- 0004 Oral History Program: The History of the Department of Homeland.../ALL-027 The History of the Department of Homeland Security System of Records and will consist...

  8. Assuring image authenticity within a data grid using lossless digital signature embedding and a HIPAA-compliant auditing system

    NASA Astrophysics Data System (ADS)

    Lee, Jasper C.; Ma, Kevin C.; Liu, Brent J.

    2008-03-01

    A Data Grid for medical images has been developed at the Image Processing and Informatics Laboratory, USC to provide distribution and fault-tolerant storage of medical imaging studies across Internet2 and public domain. Although back-up policies and grid certificates guarantee privacy and authenticity of grid-access-points, there still lacks a method to guarantee the sensitive DICOM images have not been altered or corrupted during transmission across a public domain. This paper takes steps toward achieving full image transfer security within the Data Grid by utilizing DICOM image authentication and a HIPAA-compliant auditing system. The 3-D lossless digital signature embedding procedure involves a private 64 byte signature that is embedded into each original DICOM image volume, whereby on the receiving end the signature can to be extracted and verified following the DICOM transmission. This digital signature method has also been developed at the IPILab. The HIPAA-Compliant Auditing System (H-CAS) is required to monitor embedding and verification events, and allows monitoring of other grid activity as well. The H-CAS system federates the logs of transmission and authentication events at each grid-access-point and stores it into a HIPAA-compliant database. The auditing toolkit is installed at the local grid-access-point and utilizes Syslog [1], a client-server standard for log messaging over an IP network, to send messages to the H-CAS centralized database. By integrating digital image signatures and centralized logging capabilities, DICOM image integrity within the Medical Imaging and Informatics Data Grid can be monitored and guaranteed without loss to any image quality.

  9. The challenge for security and privacy services in distributed health settings.

    PubMed

    Katsikas, Sokratis; Lopez, Javier; Pernul, Günther

    2008-01-01

    The health care sector is quickly exploiting Information and Communication Technologies towards the provision of e-health services. According to recent surveys, one of the most severe restraining factors for the proliferation of e-health is the (lack of) security measures required to assure both service providers and patients that their relationship and transactions will be carried out in privacy, correctly, and timely. A large number of individuals are not willing to engage in e-health (or are only participating at a reduced level) simply because they do not trust the e-health service providers' sites and the underlying information and communication technologies to be secure enough. This paper considers privacy and security issues and challenges for e-health applications.

  10. Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

    PubMed

    Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

    2008-01-01

    As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects. PMID:18999216

  11. Protecting the Privacy of Social Security Numbers Act of 2013

    THOMAS, 113th Congress

    Rep. Frelinghuysen, Rodney P. [R-NJ-11

    2013-05-22

    06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  12. Personal Data Privacy and Security Act of 2014

    THOMAS, 113th Congress

    Rep. Shea-Porter, Carol [D-NH-1

    2014-02-04

    03/20/2014 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

  13. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    PubMed Central

    Fernández, Gonzalo; López-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

  14. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

    PubMed

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  15. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

    PubMed Central

    Zhang, Lifu; Zhang, Heng

    2016-01-01

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

  16. A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

    PubMed

    Zhang, Lifu; Zhang, Heng

    2016-03-26

    Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas.

  17. 76 FR 41274 - Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable Accommodations Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-13

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-033 Reasonable... to ] establish a new system of records titled, ``Department of Homeland Security/ALL-033 Reasonable..., Washington, DC 20528. Instructions: All submissions received must include the agency name and docket...

  18. 75 FR 28035 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and... titled, ``Department of Homeland Security/U.S. Citizenship and Immigration Services--011 E-Verify Program System of Records.'' The U.S. Citizenship and Immigration Services E-Verify Program allows employers...

  19. Secure and Privacy-Preserving Distributed Information Brokering

    ERIC Educational Resources Information Center

    Li, Fengjun

    2010-01-01

    As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

  20. Security and privacy issues in implantable medical devices: A comprehensive survey.

    PubMed

    Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

    2015-06-01

    Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase.

  1. Exploring security and privacy issues in hospital information system: an Information Boundary Theory perspective.

    PubMed

    Zakaria, Nasriah; Stanton, Jeffrey; Stam, Kathryn

    2003-01-01

    A small community hospital (67 beds) in Central New York was undergoing a major technological change within the organization, as they move from the use of several legacy information systems to a hospital-wide information system. The focus of the present research is to explore the privacy and security information issues using a framework called Information Boundary Theory [Stanton, 2002]. IBT explains the motivational factors that lead to the revelation or disclosing of information.

  2. Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

    PubMed Central

    Richardson, Joshua E.; Ancker, Jessica S.

    2015-01-01

    Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

  3. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency. PMID:26084587

  4. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  5. The Relationship of HIPAA to Special Education

    ERIC Educational Resources Information Center

    Benitz, Catherine, Comp.

    2006-01-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes important, but limited, protections for millions of working Americans and their families around the ability to obtain and keep health coverage. Among its specific protections, HIPAA: (1) Limits the use of preexisting condition exclusions; (2) Prohibits group health…

  6. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

    PubMed Central

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  7. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

    PubMed

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

  8. Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

    PubMed

    Zhu, Hui; Gao, Lijuan; Li, Hui

    2016-01-01

    With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

  9. Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

    PubMed Central

    Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

    2015-01-01

    Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

  10. Security and Privacy Grand Challenges for the Internet of Things

    SciTech Connect

    Fink, Glenn A.; Zarzhitsky, Dimitri V.; Carroll, Thomas E.; Farquhar, Ethan D.

    2015-08-20

    Abstract— The growth of the Internet of Things (IoT) is driven by market pressures, and while security is being considered, the relationship between the unintended consequences of billions of such devices connecting to the Internet cannot be described with existing mathematical methods. The possibilities for illicit surveillance through lifestyle analysis, unauthorized access to information, and new attack vectors will continue to increase by 2020, when up-to 50 billion devices may be connected. This paper discusses various kinds of vulnerabilities that can be expected to arise, and presents a research agenda for mitigating the worst of the impacts. We hope to draw research attention to the potential dangers of IoT so that many of these problems can be avoided.

  11. Privacy enhanced group communication in clinical environment

    NASA Astrophysics Data System (ADS)

    Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha

    2005-04-01

    Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.

  12. 77 FR 47411 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-08

    ... Office, Department of Homeland Security. ACTION: Notice of Privacy Act system of records. SUMMARY: In..., 73 FR 48231) and renaming it Fraud Detection and National Security Records. This system of records... residence), naturalization (granting United States citizenship), asylum and refugee status, and...

  13. 75 FR 39266 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-08

    ...)-001 Matters System of Records (69 FR 70464, December 6, 2004) and other component specific systems of... the DHS/OIG-002 Investigative Records System of Records (74 FR 55569, October 28, 2009). The data... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil...

  14. 75 FR 38824 - Privacy Act of 1974; Department of Homeland Security/ALL-029 Civil Rights and Civil Liberties...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-07-06

    ...)-001 Matters System of Records (69 FR 70464, December 6, 2004) and other component specific systems of... the DHS/OIG-002 Investigative Records System of Records (74 FR 55569, October 28, 2009). The data... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security/ALL--029 Civil...

  15. 76 FR 53921 - Privacy Act of 1974; Department of Homeland Security ALL-034 Emergency Care Medical Records...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-30

    ... employees, their records are considered part of the OPM/GOVT-10--Employee Medical File System Records, 71 FR... considered part of the OPM/GOVT- ] 10--Employee Medical File System Records, 71 FR 35360 (Jun. 19, 2006... SECURITY Office of the Secretary Privacy Act of 1974; Department of Homeland Security ALL--034...

  16. 76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... records titled, ``Department of Homeland Security/United States Coast Guard-027 Recruiting Files System of Records.'' This system of records allows the Department of Homeland Security/United States Coast Guard to...: Marilyn Scott-Perez (202-475-3515), Privacy Officer, United States Coast Guard, 2100 2nd Street, SW.,...

  17. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false FOIA/Privacy Act Offices of the Department of... Transportation Security Directorate of Emergency Preparedness and Response Directorate of Information Analysis.... Metropolitan Medical Response System, b. National Disaster Medical System, and c. Office of...

  18. 76 FR 27847 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-13

    ....S. Coast Guard--008 Courts Martial Case Files System of Records AGENCY: Privacy Office, DHS. ACTION..., ``Department of Homeland Security/U.S. Coast Guard--008 Courts Martial Case Files System of Records'' from... Homeland Security/U.S. Coast Guard--008 Courts Martial Case Files System of Records from one or...

  19. Protecting patient privacy in clinical data mining.

    PubMed

    Goodwin, Linda K; Prather, Jonathan C

    2002-01-01

    This paper investigates whether HIPAA de-identification requirements--as well as proposed AAMC de-identification standards--were met in a large clinical data mining study (1997-2001) conducted at Duke University prior to the publication of the final rule. While HIPAA has improved de-identification standards, the study also shows that privacy issues may persist even in de-identified large clinical databases.

  20. Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

    PubMed

    Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

    2015-01-01

    This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

  1. A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

    PubMed

    Mishra, Raghavendra; Barnwal, Amit Kumar

    2015-05-01

    The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes. PMID:25750176

  2. Security and privacy in molecular communication and networking: opportunities and challenges.

    PubMed

    Loscrí, Valeria; Marchal, César; Mitton, Nathalie; Fortino, Giancarlo; Vasilakos, Athanasios V

    2014-09-01

    Molecular Communication (MC) is an emerging and promising communication paradigm for several multi-disciplinary domains like bio-medical, industry and military. Differently to the traditional communication paradigm, the information is encoded on the molecules, that are then used as carriers of information. Novel approaches related to this new communication paradigm have been proposed, mainly focusing on architectural aspects and categorization of potential applications. So far, security and privacy aspects related to the molecular communication systems have not been investigated at all and represent an open question that need to be addressed. The main motivation of this paper lies on providing some first insights about security and privacy aspects of MC systems, by highlighting the open issues and challenges and above all by outlining some specific directions of potential solutions. Existing cryptographic methods and security approaches are not suitable for MC systems since do not consider the pecific issues and challenges, that need ad-hoc solutions. We will discuss directions in terms of potential solutions by trying to highlight the main advantages and potential drawbacks for each direction considered. We will try to answer to the main questions: 1) why this solution can be exploited in the MC field to safeguard the system and its reliability? 2) which are the main issues related to the specific approach?

  3. St. Mary's Hospital, rescued climber meet reporters as HIPAA rules begin.

    PubMed

    Botvin, Judith D

    2003-01-01

    St. Mary's Hospital, Grand Junction, Colo., is a regional hospital whose PR team is accustomed to media exposure. Just as tehy were instituting the patient privacy rules of HIPAA, a true-life reality drama landed on their doorstep. Aron Ralston, a 27-year old experienced mountain climber, became the hospital's highest profile patient and attracted worldwide media coverage after courageously rescuing himself from a near-disaster.

  4. Security and privacy services in pathology for enabling trustworthy personal health.

    PubMed

    Blobel, Bernd

    2012-01-01

    Ubiquitous personalized health services including ePathology require comprehensive, but trusted interoperability. Contrary to regulated traditional health services with pre-defined policies, the solutions enabled by mobile, pervasive and autonomous technology have to follow dynamic policies reflecting the customers changing health services needs, expectations and wishes as well as contextual and environmental conditions. The paper introduces an advanced approach to trustworthy architecture-centric, policy-driven pHealth solutions. To some details, it also addresses security and privacy ontologies to represent the required policies.

  5. The ethical dimension of terahertz and millimeter-wave imaging technologies: security, privacy, and acceptability

    NASA Astrophysics Data System (ADS)

    Ammicht Quinn, R.; Rampp, B.

    2009-05-01

    Terahertz and millimeter-wave imaging technologies, wherever they are applied to human beings, generate problems with the "naked" body. Security issues thus inevitably lead to ethical questions of privacy and intimacy. Less apparent but no less important are other issues such as discrimination and the question of reducing this problem through post processing of data; scalability; questions of controlling the controllers; questions of proliferation. Ethical research alone can not provide acceptability. However, ultimately innovative technologies will not achieve widespread and sustainable acceptance without a fundamental clarification of the ethically relevant issues.

  6. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    NASA Astrophysics Data System (ADS)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  7. Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

    NASA Astrophysics Data System (ADS)

    Slamanig, Daniel; Stingl, Christian

    In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

  8. 78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... for expedited screening at participating airport security checkpoints. This updated system will be... identification of passengers who are eligible for expedited screening at participating airport security... participating airport security checkpoints. \\10\\ ``Sterile area'' means a portion of an airport defined in...

  9. Security Concerns in Android mHealth Apps

    PubMed Central

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A.; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  10. Security Concerns in Android mHealth Apps.

    PubMed

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data.

  11. A Framework for Privacy-preserving Classification of Next-generation PHR data.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

    2014-01-01

    Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy. PMID:25000030

  12. A Framework for Privacy-preserving Classification of Next-generation PHR data.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

    2014-01-01

    Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy.

  13. Clouds and rainbows on the HIPAA horizon.

    PubMed

    Tennant, R M

    1999-01-01

    In the planning phase for several years, the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) finally appear ready for implementation. The Health Care Financing Administration (HCFA) expects that the major HIPAA measures will be released in late 1999. For group practices, it is expected that implementation of these provisions will be complicated and consume significant amounts of time and money. Still, the end result should justify the effort.

  14. Clouds and rainbows on the HIPAA horizon.

    PubMed

    Tennant, R M

    1999-01-01

    In the planning phase for several years, the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) finally appear ready for implementation. The Health Care Financing Administration (HCFA) expects that the major HIPAA measures will be released in late 1999. For group practices, it is expected that implementation of these provisions will be complicated and consume significant amounts of time and money. Still, the end result should justify the effort. PMID:10788078

  15. A security and privacy preserving e-prescription system based on smart cards.

    PubMed

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

  16. A security and privacy preserving e-prescription system based on smart cards.

    PubMed

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations. PMID:22407399

  17. Informed consent and clinical research involving children and adolescents: implications of the revised APA ethics code and HIPAA.

    PubMed

    Fisher, Celia B

    2004-12-01

    In 2003, 2 new sets of rules and regulations affecting the conduct of clinical research involving children and adolescents went into effect: the revised American Psychological Association's (APA) Ethical Principles of Psychologists and Code of Conduct (APA, 2002; effective June 1, 2003) and the Privacy Rule (45 CFR Part 160 and A and E of Part 164; effective April; 14, 2003) of the Health Insurance Portability and Accountability Act (HIPAA: Public Law 104-191). This article highlights those APA ethical standards and HIPAA regulations relevant to clinical research involving children and adolescents and discusses how psychologists can apply these rules in ways that will ensure ethical and legal compliance.

  18. Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

    ERIC Educational Resources Information Center

    Coronado, Adolfo S.

    2012-01-01

    Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

  19. Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

    ERIC Educational Resources Information Center

    Edwards, Keith

    2015-01-01

    Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

  20. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  1. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  2. From sniffer dogs to emerging sniffer devices for airport security: an opportunity to rethink privacy implications?

    PubMed

    Bonfanti, Matteo E

    2014-09-01

    Dogs are known for their incredible ability to detect odours, extracting them from a "complex" environment and recognising them. This makes sniffer dogs precious assets in a broad variety of security applications. However, their use is subject to some intrinsic restrictions. Dogs can only be trained to a limited set of applications, get tired after a relatively short period, and thus require a high turnover. This has sparked a drive over the past decade to develop artificial sniffer devices-generally known as "chemical sniffers" or "electronic noses"-able to complement and possibly replace dogs for some security applications. Such devices have been already deployed, or are intended to be deployed, at borders, airports and other critical installation security checkpoints. Similarly to dogs, they are adopted for detecting residual traces that indicate either the presence of, or recent contact with, substances like drugs and explosives. It goes without saying that, as with sniffer dogs, the use of artificial sniffer devices raises many sensitive issues. Adopting an ethical and legal perspective, the present paper discusses the privacy and data protection implications of the possible deployment of a hand-held body scanning sniffer for screening passengers at EU airport security checkpoints.

  3. 76 FR 60385 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... Transformation, Increment I'' (August 29, 2011, 76 FR 53764) to make it possible for USCIS to transition to an... Exemptions; Department of Homeland Security U.S. Citizenship and Immigration Services-016 Electronic Immigration System-3 Automated Background Functions System of Records AGENCY: Privacy Office, DHS....

  4. 75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... FR 7979, February 23, 2010) proposing to exempt portions of the system of records from one or more... published concurrently in the Federal Register, (75 FR 8092, February 23, 2010) and comments were invited on.../ALL--027 The History of the Department of Homeland Security System of Records AGENCY: Privacy...

  5. Security and privacy issues in wireless sensor networks for healthcare applications.

    PubMed

    Al Ameen, Moshaddique; Liu, Jingwei; Kwak, Kyungsup

    2012-02-01

    The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures.

  6. 75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-19

    ... Transportation Security Threat Assessment System of Records (70 FR 33383, November 8, 2005). TSA's mission is to... systems as reflected in the final rule published on June 25, 2004 in 69 FR 35536. The information is..., intelligence, or other functions consistent with the routine uses set forth in this system of records...

  7. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-04-13

    ... Security Intelligence Service (TSIS) Operations Files System of Records (69 FR 71828, December 10, 2004...(j)(2), (k)(1), (k)(2) and (k)(5) as reflected in the final rule published on August 4, 2006 in 71 FR...)(2), and (k)(5) as reflected in the final rule published on August 4, 2006, in 71 FR 44223....

  8. Protocols development for security and privacy of radio frequency identification systems

    NASA Astrophysics Data System (ADS)

    Sabbagha, Fatin

    There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

  9. A Practitioner's Response to the New Health Privacy Regulations

    ERIC Educational Resources Information Center

    Yang, Julia A.; Kombarakaran, Francis A.

    2006-01-01

    The established professional practice requiring informed consent for the disclosure of personal health information with its implied right to privacy suffered a serious setback with the first federal privacy initiative of the Bush administration. The new Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L. 104-191) privacy…

  10. Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

    PubMed Central

    Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

    2014-01-01

    With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

  11. The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

    PubMed

    Pandya, Sheel M

    2010-05-01

    Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data.

  12. A framework for privacy-preserving access to next-generation EHRs.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Tsohou, Aggeliki; Vassilacopoulos, George

    2014-01-01

    Although personalized medicine is optimizing the discovery, development and application of therapeutic advances, its full impact on patient and population healthcare management has yet to be realized. Electronic health Records (EHRs), integrated with data from other sources, such as social care data, Personal Healthcare Record (PHR) data and genetic information, are envisaged as having a pivotal role in realizing this individualized approach to healthcare. Thus, a new generation of EHRs will emerge which, in addition to supporting healthcare professionals in making well-informed clinical decisions, shows potential for novel discovery of associations between disease and genetic, environmental or process measures. However, a broad range of ethical, legal and technical reasons may hinder the realization of future EHRs due to potential security and privacy breaches. This paper presents a HIPAA-compliant framework that enables privacy-preserving access to next-generation EHRs.

  13. A framework for privacy-preserving access to next-generation EHRs.

    PubMed

    Koufi, Vassiliki; Malamateniou, Flora; Tsohou, Aggeliki; Vassilacopoulos, George

    2014-01-01

    Although personalized medicine is optimizing the discovery, development and application of therapeutic advances, its full impact on patient and population healthcare management has yet to be realized. Electronic health Records (EHRs), integrated with data from other sources, such as social care data, Personal Healthcare Record (PHR) data and genetic information, are envisaged as having a pivotal role in realizing this individualized approach to healthcare. Thus, a new generation of EHRs will emerge which, in addition to supporting healthcare professionals in making well-informed clinical decisions, shows potential for novel discovery of associations between disease and genetic, environmental or process measures. However, a broad range of ethical, legal and technical reasons may hinder the realization of future EHRs due to potential security and privacy breaches. This paper presents a HIPAA-compliant framework that enables privacy-preserving access to next-generation EHRs. PMID:25160285

  14. Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

    PubMed

    Namoğlu, Nihan; Ulgen, Yekta

    2013-01-01

    Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects. PMID:23823398

  15. Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

    PubMed

    Namoğlu, Nihan; Ulgen, Yekta

    2013-01-01

    Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

  16. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS. PMID:23818249

  17. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

  18. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    PubMed

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas.

  19. Privacy preserving, real-time and location secured biometrics for mCommerce authentication

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Al-Assam, Hisham; Jassim, Sabah; Lami, Ihsan A.

    2011-06-01

    Secure wireless connectivity between mobile devices and financial/commercial establishments is mature, and so is the security of remote authentication for mCommerce. However, the current techniques are open for hacking, false misrepresentation, replay and other attacks. This is because of the lack of real-time and current-precise-location in the authentication process. This paper proposes a new technique that includes freshly-generated real-time personal biometric data of the client and present-position of the mobile device used by the client to perform the mCommerce so to form a real-time biometric representation to authenticate any remote transaction. A fresh GPS fix generates the "time and location" to stamp the biometric data freshly captured to produce a single, real-time biometric representation on the mobile device. A trusted Certification Authority (CA) acts as an independent authenticator of such client's claimed realtime location and his/her provided fresh biometric data. Thus eliminates the necessity of user enrolment with many mCommerce services and application providers. This CA can also "independently from the client" and "at that instant of time" collect the client's mobile device "time and location" from the cellular network operator so to compare with the received information, together with the client's stored biometric information. Finally, to preserve the client's location privacy and to eliminate the possibility of cross-application client tracking, this paper proposes shielding the real location of the mobile device used prior to submission to the CA or authenticators.

  20. Privacy: after the compliance date.

    PubMed

    Mikels, Debbie

    2004-01-01

    This article reviews successful strategies in preparing for HIPAA Privacy compliance. There are ongoing challenges organizations will face after the compliance date, such as managing research issues, identifying all business associates and managing the accounting of disclosures process. Finally, health information professionals must play an active role in ensuring that patient information is protected, while providing appropriate access as new uses for information are developed.

  1. 76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-08

    ... in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR 69603, on... originally published in the SORN and Notice of Proposed Rulemaking (NPRM) in the Federal Register, 75 FR... Initiative (September 10, 2010, 75 FR 55335). II. Privacy Act The Privacy Act embodies fair...

  2. College Student Records: Legal Issues, Privacy, and Security Concerns. ERIC Digest.

    ERIC Educational Resources Information Center

    Holub, Tamara

    This digest briefly reviews the provisions of the Family Educational Rights and Privacy Act (FERPA) of 1974 (the Buckley Amendment), which sets out legal guidelines regarding the privacy of student records and the provisions of the U.S. Patriot Act, along with the measures some colleges are implementing to comply with these laws and improve the…

  3. National Association of School Nurses ISSUE BRIEF: School Health Nurse's Role in Education: Privacy Standards for Student Health Records

    ERIC Educational Resources Information Center

    Pohlman, Katherine; Schwab, Nadine

    2003-01-01

    This article is a reprint of the National Association of School Nurses' "Issue Brief" on Privacy Standards for Student Health Records. It distinguishes between the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HI-PAA), clarifies which of these laws governs the privacy of student health…

  4. HIPAA's transactions regulations. Where are we today?

    PubMed

    Callahan-Morris, Elizabeth; Shields, Juli K

    2003-01-01

    By now, the health care industry is feeling the effects of the implementation of the Standards for Electronic Transactions promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The standards, or transaction rule, have been substantially in final form since Aug. 17, 2000, but it has taken the industry every bit of the allotted time period, including a one-year extension, to work through the technical and interpretative issues to meet the Oct. 16, 2003, compliance deadline. PMID:14628326

  5. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    PubMed

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  6. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    PubMed Central

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  7. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    PubMed

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields. PMID:26955504

  8. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    PubMed

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas. PMID:24446151

  9. Privacy vs Usability: A Qualitative Exploration of Patients' Experiences With Secure Internet Communication With Their General Practitioner

    PubMed Central

    Tran, Trung; Faxvaag, Arild

    2005-01-01

    Background Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. Objectives The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Methods Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Results Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Conclusions Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using

  10. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

    PubMed Central

    2013-01-01

    Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or

  11. 45 CFR 155.280 - Oversight and monitoring of privacy and security requirements.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... RELATING TO HEALTH CARE ACCESS EXCHANGE ESTABLISHMENT STANDARDS AND OTHER RELATED STANDARDS UNDER THE AFFORDABLE CARE ACT General Functions of an Exchange § 155.280 Oversight and monitoring of privacy...

  12. Safeguarding patient privacy in electronic healthcare in the USA: the legal view.

    PubMed

    Walsh, Diana; Passerini, Katia; Varshney, Upkar; Fjermestad, Jerry

    2008-01-01

    The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. While we gradually need higher electronic access to medical information, issues relating to patient privacy and reducing vulnerability to security breaches surmount. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.

  13. Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

    PubMed Central

    Fernández-Alemán, José Luis; Toval, Ambrosio

    2012-01-01

    Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

  14. Automated secured cost effective key refreshing technique to enhance WiMAX privacy key management

    NASA Astrophysics Data System (ADS)

    Sridevi, B.; Sivaranjani, S.; Rajaram, S.

    2013-01-01

    In all walks of life the way of communication is transformed by the rapid growth of wireless communication and its pervasive use. A wireless network which is fixed and richer in bandwidth is specified as IEEE 802.16, promoted and launched by an industrial forum is termed as Worldwide Interoperability for Microwave Access (WiMAX). This technology enables seamless delivery of wireless broadband service for fixed and/or mobile users. The obscurity is the long delay which occurs during the handoff management in every network. Mobile WiMAX employs an authenticated key management protocol as a part of handoff management in which the Base Station (BS) controls the distribution of keying material to the Mobile Station (MS). The protocol employed is Privacy Key Management Version 2- Extensible Authentication Protocol (PKMV2-EAP) which is responsible for the normal and periodical authorization of MSs, reauthorization as well as key refreshing. Authorization key (AK) and Traffic Encryption key (TEK) plays a vital role in key exchange. When the lifetime of key expires, MS has to request for a new key to BS which in turn leads to repetition of authorization, authentication as well as key exchange. To avoid service interruption during reauthorization , two active keys are transmitted at the same time by BS to MS. The consequences of existing work are hefty amount of bandwidth utilization, time consumption and large storage. It is also endured by Man in the Middle attack and Impersonation due to lack of security in key exchange. This paper designs an automatic mutual refreshing of keys to minimize bandwidth utilization, key storage and time consumption by proposing Previous key and Iteration based Key Refreshing Function (PKIBKRF). By integrating PKIBKRF in key generation, the simulation results indicate that 21.8% of the bandwidth and storage of keys are reduced and PKMV2 mutual authentication time is reduced by 66.67%. The proposed work is simulated with Qualnet model and

  15. Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

    PubMed Central

    Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

    2015-01-01

    Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose

  16. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can't. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk. PMID:27186282

  17. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed Central

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can’t. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk. PMID:27186282

  18. Privacy and security in the era of digital health: what should translational researchers know and do about it?

    PubMed

    Filkins, Barbara L; Kim, Ju Young; Roberts, Bruce; Armstrong, Winston; Miller, Mark A; Hultner, Michael L; Castillo, Anthony P; Ducom, Jean-Christophe; Topol, Eric J; Steinhubl, Steven R

    2016-01-01

    The rapid growth in the availability and incorporation of digital technologies in almost every aspect of our lives creates extraordinary opportunities but brings with it unique challenges. This is especially true for the translational researcher, whose work has been markedly enhanced through the capabilities of big data aggregation and analytics, wireless sensors, online study enrollment, mobile engagement, and much more. At the same time each of these tools brings distinctive security and privacy issues that most translational researchers are inadequately prepared to deal with despite accepting overall responsibility for them. For the researcher, the solution for addressing these challenges is both simple and complex. Cyber-situational awareness is no longer a luxury-it is fundamental in combating both the elite and highly organized adversaries on the Internet as well as taking proactive steps to avoid a careless turn down the wrong digital dark alley. The researcher, now responsible for elements that may/may not be beyond his or her direct control, needs an additional level of cyber literacy to understand the responsibilities imposed on them as data owner. Responsibility lies with knowing what you can do about the things you can control and those you can't. The objective of this paper is to describe the data privacy and security concerns that translational researchers need to be aware of, and discuss the tools and techniques available to them to help minimize that risk.

  19. Conceptual privacy framework for health information on wearable device.

    PubMed

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

  20. Conceptual Privacy Framework for Health Information on Wearable Device

    PubMed Central

    Safavi, Seyedmostafa; Shukur, Zarina

    2014-01-01

    Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup. PMID:25478915

  1. 76 FR 44452 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security National...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-26

    ... Register, 75 FR 69603, on November 15, 2010, proposing to exempt portions of the system of records from one... concurrently in the Federal Register, 75 FR 69693, November 15, 2010, and comments were invited on both the... fundamental and necessary part of the Privacy Act protections and staves off mission creep. EPIC cited...

  2. 76 FR 42005 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... Register, March 8, 2011, 76 FR 12745, proposing to exempt portions of the system of records from one or... Register, March 8, 2011, 76 FR 12609, and comments were invited on both the NPRM and SORN. Public Comments... Tracker and Senior Watch Officer Logs Records System of Records AGENCY: Privacy Office, DHS. ACTION:...

  3. Approaches to Privacy and Security in Computer Systems. Publication No. 404.

    ERIC Educational Resources Information Center

    Renninger, Clark R., Ed.

    A conference was held at the National Bureau of Standards on March 4-5, 1974 to continue the dialogue in search of ways to protect confidential information in computer systems. Proposals were presented for meeting governmental needs in safeguarding individual privacy and data confidentiality that were identified at a conference held in November…

  4. Balancing Student Privacy, Campus Security, and Public Safety: Issues for Campus Leaders. Perspectives, Winter 2008

    ERIC Educational Resources Information Center

    McBain, Lesley

    2008-01-01

    The complex issues of promoting student mental health, privacy and public safety, and the balance among them, weigh on the minds of institutional leaders, educational policymakers, and local, state and federal officials. American campuses have a proud history of intellectual freedom, openness and public accessibility to their communities. However,…

  5. 76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... Registration Records system of records (October 5, 2004, 69 FR 192) into this system of records. This newly... Registration Records system of records (October 5, 2004, 69 FR 192) into the this system of records... Management Agency--011 Training and Exercise Program Records System of Records AGENCY: Privacy Office,...

  6. 75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... FR 55335). The Privacy Act embodies fair information principles in a statutory framework governing..., report, analyze, and fuse information related to all-threats and all-hazards, law enforcement activities... officials; and private sector entities or individuals. The NOC collects and fuses information from a...

  7. Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way

    NASA Astrophysics Data System (ADS)

    Cui, Yank; Kobara, Kazukuni; Matsuura, Kanta; Imai, Hideki

    As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

  8. 77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-25

    ... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF COMMERCE... Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice... authorized by 15 U.S.C. 278g-4, as amended, and advises the Secretary of Commerce, the Director of the...

  9. 76 FR 34616 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... (TSC). For more information on the TSDB, see DOJ/FBI--019 Terrorist Screening Records System, 72 FR... Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). Therefore, some information contained in... Facility Anti-Terrorism Standards Personnel Surety Program System of Records AGENCY: Privacy Office,...

  10. 78 FR 55274 - Privacy Act of 1974; Department of Homeland Security/Transportation Security Administration-DHS...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-10

    ... screening at participating U.S. airport security checkpoints. Additionally, the Department of Homeland... ineligible for the program will continue to be screened at airport security checkpoints according to TSA... screening at airport security checkpoints. The Program retains a component of randomness to maintain...

  11. HIPAA, dermatology images, and the law.

    PubMed

    Scheinfeld, Noah; Rothstein, Brooke

    2013-12-01

    From smart phones to iPads, the world has grown increasingly reliant on new technology. In this ever-expanding digital age, medicine is at the forefront of these new technologies. In the field of dermatology and general medicine, digital images have become an important tool used in patient management. Today, one can even find physicians who use their cellular phone cameras to take patient images and transmit them to other physicians. However, as digital imaging technology has become more prevalent so too have concerns about the impact of this technology on the electronic medical record, quality of patient care, and medicolegal issues. This article will discuss the advent of digital imaging technology in dermatology and the legal ramifications digital images have on medical care, abiding by HIPAA, the use of digital images as evidence, and the possible abuses digital images can pose in a health care setting. PMID:24800426

  12. 76 FR 8758 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-002...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-15

    ... titled, ``Department of Homeland Security Federal Emergency Management Agency--002 Quality Assurance... Homeland Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. The Department... Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. In order to provide...

  13. 76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-23

    ... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... of Cybersecurity relating to computer security research, --Presentation from National Protection and... cloud computing, and --Update of NIST Computer Security Division. Note that agenda items may...

  14. HIPAA Business Associate Contracts: the value of contracts for case managers.

    PubMed

    Muller, Lynn S

    2003-01-01

    Case Managers are in the middle of the upcoming HIPAA regulation changes, with the issuance of the Final Privacy Rule. Every case obliges case managers to work with Individually Identifiable Health Information (IIHI) and Protected Health Information (PHI). The purpose of this article is to provide case managers in all practice settings with a clear understanding of a "Business Associate," of a "Covered Entity," and of the specifics of a Business Associate Contract. This information will demonstrate how case managers can benefit from the use of these contracts in their business life. As an essential component of an organization's compliance plan, Business Associate Contracts can become a sword or a shield. This article is particularly helpful to case managers in independent practice, as well as those who work for Covered Entities.

  15. A model for expanded public health reporting in the context of HIPAA.

    PubMed

    Sengupta, Soumitra; Calman, Neil S; Hripcsak, George

    2008-01-01

    The advent of electronic medical records and health information exchange raise the possibility of expanding public health reporting to detect a broad range of clinical conditions and of monitoring the health of the public on a broad scale. Expanding public health reporting may require patient anonymity, matching records, re-identifying cases, and recording patient characteristics for localization. The privacy regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide several mechanisms for public health surveillance, including using laws and regulations, public health activities, de-identification, research waivers, and limited data sets, and in addition, surveillance may be distributed with aggregate reporting. The appropriateness of these approaches varies with the definition of what data may be included, the requirements of the minimum necessary standard, the accounting of disclosures, and the feasibility of the approach. PMID:18579843

  16. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

    PubMed

    Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

    2014-08-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community.

  17. 76 FR 60387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ...); Executive Orders 12333 and 13388; 40 U.S.C. 1315(b)(2)(F); 6 U.S.C. 314; The Homeland Security Act of 2002, as amended; the Intelligence Reform and Terrorism Prevention Act of 2004, as amended; the National... know the information to carry out national security, law enforcement, immigration, intelligence,...

  18. 76 FR 42003 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... notice of proposed rulemaking (NPRM) in the Federal Register, 75 FR 7978, February 23, 2010, proposing to... published concurrently in the Federal Register, 75 FR 8096, February 23, 2010, and comments were invited on... of Homeland Security Transportation Security Administration--023 Workplace Violence...

  19. 78 FR 55657 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-11

    ... receive expedited screening at participating U.S. airport security checkpoints.\\2\\ TSA Pre TM is one of... always will receive expedited screening at airport security checkpoints. The Program retains a component.... Individuals whom TSA determines are ineligible for the program will continue to be screened at...

  20. 78 FR 27276 - Privacy Act; System of Records: Security Records, State-36

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-09

    ... handle PII are required to take the Foreign Service Institute (FSI) distance learning course instructing... published as 72 FR 73057). The records maintained in State-36, Security Records, capture data related...

  1. 75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-19

    ... available at http://csrc.nist.gov/groups/SMA/ispab/index.html/ . Agenda: --Cloud Computing Implementations... --Cloud Computing Implementations --Security Issues in Broadband Plan --NIST Issues--research, key...

  2. 78 FR 25282 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-008...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-30

    ... records entitled, ``DHS/FEMA--008 Disaster Recovery Assistance Files System of Records,'' 74 FR 48763... reasons. Fourth, the legal authorities have been revised to include the Government Performance and Results... name; Applicant's Social Security Number, alien registration number, co-applicant's Social...

  3. 76 FR 18954 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-06

    ... of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program... Agency--011 Training and Exercise Program Records System of Records'' and this proposed rulemaking. In... DHS system of records titled, ``DHS/FEMA--011 Training and Exercise Program Records System of...

  4. 76 FR 42004 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-18

    ... the Federal Register, 76 FR 18954, April 6, 2011, proposing to exempt portions of the system of... (SORN) was published concurrently in the Federal Register, 76 FR 19107, April 6, 2011, and comments were... of Homeland Security Federal Emergency Management Agency--011 Training and Exercise Program...

  5. 75 FR 10633 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security United States...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-09

    ... Security (DHS) published a notice of proposed rulemaking in the Federal Register, 74 FR 30240, June 25... concurrently in the Federal Register, 74 FR 5665, January 30, 2009, and later updated in the Federal Register to add two new routine uses, 74 FR 20719, May 5, 2009. The system is being renamed...

  6. 77 FR 69491 - Privacy Act of 1974: System of Records; Secure Flight Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-19

    ... list, known as the TSDB. \\6\\ 73 FR 64018 (Oct. 28, 2008). TSA established the Secure Flight system of... System (TSERS), 75 FR 28042 (May 19, 2010). Consistent with its ongoing efforts to focus on passengers... records.'' A ``system of records'' is a group of any records under the control of an agency for...

  7. HIPAA and the military health system: organizing technological and organizational reform in large enterprises

    NASA Astrophysics Data System (ADS)

    Collmann, Jeff R.

    2001-08-01

    The global scale, multiple units, diverse operating scenarios and complex authority structure of the Department of Defense Military Health System (MHS) create social boundaries that tend to reduce communication and collaboration about data security. Under auspices of the Defense Health Information Assurance Program (DHIAP), the Telemedicine and Advanced Technology Research Center (TATRC) is contributing to the MHS's efforts to prepare for and comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 through organizational and technological innovations that bridge such boundaries. Building interdisciplinary (clinical, administrative and information technology) medical information security readiness teams (MISRT) at each military treatment facility (MTF) constitutes the heart of this process. DHIAP is equipping and training MISRTs to use new tools including 'OCTAVE', a self-directed risk assessment instrument and 'RIMR', a web-enabled Risk Information Management Resource. DHIAP sponsors an interdisciplinary, triservice workgroup for review and revision of relevant DoD and service policies and participates in formal DoD health information assurance activities. These activities help promote a community of proponents across the MHS supportive of improved health information assurance. The MHS HIPAA-compliance effort teaches important general lessons about organizational reform in large civilian or military enterprises.

  8. EGRP Privacy Policy & Disclaimers

    Cancer.gov

    The Epidemiology and Genomics Research Program complies with requirements for privacy and security established by the Office of Management and Budget, Department of Health and Human Services, the National Institutes of Health, and the National Cancer Institute.

  9. PACS image security server

    NASA Astrophysics Data System (ADS)

    Cao, Fei; Huang, H. K.

    2004-04-01

    Medical image security in a PACS environment has become a pressing issue as communications of images increasingly extends over open networks, and hospitals are currently hard-pushed by Health Insurance Portability and Accountability Act (HIPAA) to be HIPPA complaint for ensuring health data security. Other security-related guidelines and technical standards continue bringing to the public attention in healthcare. However, there is not an infrastructure or systematic method to implement and deploy these standards in a PACS. In this paper, we first review DICOM Part15 standard for secure communications of medical images and the HIPAA impacts on PACS security, as well as our previous works on image security. Then we outline a security infrastructure in a HIPAA mandated PACS environment using a dedicated PACS image security server. The server manages its own database of all image security information. It acts as an image Authority for checking and certificating the image origin and integrity upon request by a user, as a secure DICOM gateway to the outside connections and meanwhile also as a PACS operation monitor for HIPAA supporting information.

  10. Inter-BSs virtual private network for privacy and security enhanced 60 GHz radio-over-fiber system

    NASA Astrophysics Data System (ADS)

    Zhang, Chongfu; Chen, Chen; Zhang, Wei; Jin, Wei; Qiu, Kun; Li, Changchun; Jiang, Ning

    2013-06-01

    A novel inter-basestations (inter-BSs) based virtual private network (VPN) for the privacy and security enhanced 60 GHz radio-over-fiber (RoF) system using optical code-division multiplexing (OCDM) is proposed and demonstrated experimentally. By establishing inter-BSs VPN overlaying the network structure of a 60 GHz RoF system, the express and private paths for the communication of end-users under different BSs can be offered. In order to effectively establish the inter-BSs VPN, the OCDM encoding/decoding technology is employed in the RoF system. In each BS, a 58 GHz millimeter-wave (MMW) is used as the inter-BSs VPN channel, while a 60 GHz MMW is used as the common central station (CS)-BSs communication channel. The optical carriers used for the downlink, uplink and VPN link transmissions are all simultaneously generated in a lightwave-centralized CS, by utilizing four-wave mixing (FWM) effect in a semiconductor optical amplifier (SOA). The obtained results properly verify the feasibility of our proposed configuration of the inter-BSs VPN in the 60 GHz RoF system.

  11. Measures for assessing architectural speech security (privacy) of closed offices and meeting rooms.

    PubMed

    Gover, Bradford N; Bradley, John S

    2004-12-01

    Objective measures were investigated as predictors of the speech security of closed offices and rooms. A new signal-to-noise type measure is shown to be a superior indicator for security than existing measures such as the Articulation Index, the Speech Intelligibility Index, the ratio of the loudness of speech to that of noise, and the A-weighted level difference of speech and noise. This new measure is a weighted sum of clipped one-third-octave-band signal-to-noise ratios; various weightings and clipping levels are explored. Listening tests had 19 subjects rate the audibility and intelligibility of 500 English sentences, filtered to simulate transmission through various wall constructions, and presented along with background noise. The results of the tests indicate that the new measure is highly correlated with sentence intelligibility scores and also with three security thresholds: the threshold of intelligibility (below which speech is unintelligible), the threshold of cadence (below which the cadence of speech is inaudible), and the threshold of audibility (below which speech is inaudible). The ratio of the loudness of speech to that of noise, and simple A-weighted level differences are both shown to be well correlated with these latter two thresholds (cadence and audibility), but not well correlated with intelligibility. PMID:15658699

  12. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY SECURE FLIGHT PROGRAM Collection and Transmission of Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic...

  13. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY SECURE FLIGHT PROGRAM Collection and Transmission of Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic...

  14. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY SECURE FLIGHT PROGRAM Collection and Transmission of Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic...

  15. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY SECURE FLIGHT PROGRAM Collection and Transmission of Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic...

  16. 49 CFR 1560.103 - Privacy notice.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY SECURE FLIGHT PROGRAM Collection and Transmission of Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic...

  17. 76 FR 39245 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Coast...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ....S. Coast Guard--008 Courts Martial Case Files System of Records; Correction AGENCY: Privacy Office.../U.S. Coast Guard--008 Courts Martial Case Files System of Records'' from certain provisions of the... Files System of Records'' from certain provisions of the Privacy Act. Specifically, the...

  18. Quantum key distribution with delayed privacy amplification and its application to the security proof of a two-way deterministic protocol

    NASA Astrophysics Data System (ADS)

    Fung, Chi-Hang Fred; Ma, Xiongfeng; Chau, H. F.; Cai, Qing-Yu

    2012-03-01

    Privacy amplification (PA) is an essential postprocessing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD with a two-way quantum channel, and also it is useful in QKD networks with trusted relays. To illustrate the power of the delayed PA idea, we use it to prove the security of a qubit-based two-way deterministic QKD protocol which uses four states and four encoding operations.

  19. Using hidden cameras to monitor suspected parental abuse: a security requirement or an invasion of privacy?

    PubMed

    2000-09-01

    Covert surveillance of patients suspected of having Munchausen syndrome by proxy at Children's Healthcare of Atlanta at Scottish Rite (formerly Scottish Rite Children's Medical Center), Atlanta, GA, resulted in considerable media scrutiny when researchers published their findings in the June issue of the journal Pediatrics. The researchers hid surveillance cameras in the rooms of 41 patients over a four-year period and, more than half the time, the videotapes confirmed doctors' fears that mothers were intentionally injuring their babies. Some of the most serious abuse involved mothers injecting their children with urine and feces, switching their medication, and even suffocating them to make them sick. This report presents details of the research, the involvement of security officers, and the reactions of local authorities and health officials.

  20. THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

    NASA Astrophysics Data System (ADS)

    Karabat, Cagatay; Kiraz, Mehmet Sabir; Erdogan, Hakan; Savas, Erkay

    2015-12-01

    In this paper, we introduce a new biometric verification and template protection system which we call THRIVE. The system includes novel enrollment and authentication protocols based on threshold homomorphic encryption where a private key is shared between a user and a verifier. In the THRIVE system, only encrypted binary biometric templates are stored in a database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during authentication. Due to the underlying threshold homomorphic encryption scheme, a malicious database owner cannot perform full decryption on encrypted templates of the users in the database. In addition, security of the THRIVE system is enhanced using a two-factor authentication scheme involving user's private key and biometric data. Using simulation-based techniques, the proposed system is proven secure in the malicious model. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form, but needs to prove her identity by using biometrics. The system can be used with any biometric modality where a feature extraction method yields a fixed size binary template and a query template is verified when its Hamming distance to the database template is less than a threshold. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biometric templates on a desktop PC running with quad core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real-life applications.

  1. Technology in Counselor Education: HIPAA and HITECH as Best Practice

    ERIC Educational Resources Information Center

    Wilkinson, Tyler; Reinhardt, Rob

    2015-01-01

    The use of technology in counseling is expanding. Ethical use of technology in counseling practice is now a stand-alone section in the 2014 American Counseling Association "Code of Ethics." The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act…

  2. Protecting Privacy.

    ERIC Educational Resources Information Center

    Coyle, Karen

    2001-01-01

    Discusses privacy issues related to use of the Internet. Topics include data gathering functions that are built into applications of the World Wide Web; cookies that identify Web site visitors; personal identity information; libraries and privacy, including the need for privacy policies; protecting your privacy; and developing privacy literacy.…

  3. HIPAA Compliance with Mobile Devices Among ACGME Programs.

    PubMed

    McKnight, Randall; Franko, Orrin

    2016-05-01

    To analyze self-reported HIPAA compliance with mobile technologies among residents, fellows, and attendings at ACGME training programs. A digital survey was sent to 678 academic institutions over a 1-month period. 2427 responses were analyzed using Chi-squared tests for independence. Post-hoc Bonferroni correction was applied for all comparisons between training levels, clinical setting, and specialty. 58 % of all residents self-report violating HIPAA by sharing protected health information (PHI) via text messaging with 27 % reporting they do it "often" or "routinely" compared to 15-19 % of attendings. For all specialties, 35 % of residents use text messaging photo or video sharing with PHI. Overall, 5 % of respondents "often" or "routinely" used HIPAA compliant (HCApps) with no significant differences related to training level. 20 % of residents admitted to using non-encrypted email at some point. 53 % of attendings and 41 % of residents utilized encrypted email routinely. Physicians from surgical specialties compared to non-surgical specialties demonstrated higher rates of HIPAA violations with SMS use (35 % vs. 17.7 %), standard photo/video messages (16.3 % vs. 4.7 %), HCApps (10.9 % vs. 4.9 %), and non-HCApps (5.6 % vs 1.5 %). The most significant barriers to complying with HIPAA were inconvenience (58 %), lack of knowledge (37 %), unfamiliarity (34 %), inaccessible (29 %) and habit (24 %). Medical professionals must acknowledge that despite laws to protect patient confidentiality in the era of mobile technology, over 50 % of current medical trainees knowingly violate these rules regularly despite the threat of severe consequences. The medical community must further examine the reason for these inconsistencies and work towards possible solutions. PMID:27079578

  4. Federal Privacy Laws That Apply to Children and Education. Safeguarding Data

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2014

    2014-01-01

    This table identifies and briefly describes the following federal policies that safeguard and protect the confidentiality of personal information: (1) Family Educational Rights and Privacy Act (FERPA); (2) Protection of Pupil Rights Amendment (PPRA); (3) Health Insurance Portability and Accountability Act (HIPAA); (4) Children's Online Privacy…

  5. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  6. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Model privacy form and... Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of... content requirements of §§ 160.6 and 160.7 of this part, although use of the model privacy form is...

  7. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in...

  8. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

  9. 17 CFR 160.2 - Model privacy form and examples.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in...

  10. Location Privacy in RFID Applications

    NASA Astrophysics Data System (ADS)

    Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

    RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

  11. 75 FR 404 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-009...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ... branches of the U.S. Government. The Privacy Act exemptions for this system go unchanged and the Final Rule... provided. Docket: For access to the docket to read background documents or comments received go to...

  12. 76 FR 31350 - Public Workshop; Privacy Compliance Basics and 2011 Developments

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-31

    ... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop; Privacy Compliance Basics and 2011 Developments AGENCY... Security Privacy Office will host a public workshop, ``Privacy Compliance Basics and 2011...

  13. Update on patient privacy legislation.

    PubMed

    Maddox, P J

    1998-01-01

    The administrative simplification provisions of HIPAA will establish the first national standards for the electronic transmission of health care transactions with which all federal programs (DOD, Medicare, and Medicaid) and all private health plans must comply. Individuals and organizations should prepare themselves, their systems, and their processes to meet these new administrative and financial data standards and requirements. The benefits of standardized electronic transactions on achieving a single paper-free claims submission to be used by all providers and payers is of obvious benefit. Not so obvious are consequences associated with limiting the access and use of existing data repositories on a variety of clinical, administrative, and research functions. It is critically important in this age of increased accountability for fiscal restraint and improving the outcomes of entire patient populations that clinicians, managers, organizations, and researchers to use data for a variety of clinical, quality improvement/evaluation, and research purposes. Administrative simplification and protecting individual privacy should not be achieved by overly bureaucratic and restrictive responses that impede epidemiologic and health services research, quality improvement activities, and optimization strategies for improving the health of populations. While the health system understands the need for some increased regulation to ensure the privacy of individual patient privacy in the "wired" world solutions must be found and overly restrictive consequences associated with prohibiting access to data must be resolved. More than ever, the entire system requires data to inform every level and type of decision made. Legislation and bureaucratic processes that do not understand and support responsible data-driven decision-making will serve to roll-back, not advance health system improvement. As we prepare ourselves for HIPAA compliance and the expectations of the benefits it will

  14. 17 CFR 160.8 - Revised privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule....

  15. 75 FR 25870 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-10

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ] ACTION: Notice of Federal Advisory Committee meeting. SUMMARY: The DHS Data Privacy and.... Instructions: All submissions must include the words ``Department of Homeland Security Data Privacy...

  16. A tracking and verification system implemented in a clinical environment for partial HIPAA compliance

    NASA Astrophysics Data System (ADS)

    Guo, Bing; Documet, Jorge; Liu, Brent; King, Nelson; Shrestha, Rasu; Wang, Kevin; Huang, H. K.; Grant, Edward G.

    2006-03-01

    The paper describes the methodology for the clinical design and implementation of a Location Tracking and Verification System (LTVS) that has distinct benefits for the Imaging Department at the Healthcare Consultation Center II (HCCII), an outpatient imaging facility located on the USC Health Science Campus. A novel system for tracking and verification of patients and staff in a clinical environment using wireless and facial biometric technology to monitor and automatically identify patients and staff was developed in order to streamline patient workflow, protect against erroneous examinations and create a security zone to prevent and audit unauthorized access to patient healthcare data under the HIPAA mandate. This paper describes the system design and integration methodology based on initial clinical workflow studies within a clinical environment. An outpatient center was chosen as an initial first step for the development and implementation of this system.

  17. Speech privacy: Beyond architectural solutions

    NASA Astrophysics Data System (ADS)

    Mazer, Susan

    2005-09-01

    HIPAA regulations have brought unparalleled pressures on healthcare organizations to protect private and confidential information from reaching third parties. Yet, as this paper explains, often in the middle of noisy corridors and waiting rooms, this same information needs to be quickly transferred from physician to nurse to family member to others for the care of patients. Research and examples are presented that show that when families, patients, staff are participating together, although independently, in the same or adjacent spaces, the ``caf effect'' produces rising noise levels as each person competes to be heard. This threatens the very confidentiality demanded by HIPAA. Solutions to this problem are not easy or completely resolved by engineering or design specifications. This paper makes the case that it is ultimately the culture of a healthcare organization that determines the ``sound'' of a hospital, and any other organization that battles openness with privacy. It presents and discusses proven solutions to address culture in tandem with architectural and acoustic design interventions.

  18. The proposed changes to the final privacy rule suggest a disturbing reduction in an individual's ability to exercise a right to healthcare privacy.

    PubMed

    Kidera, Geralyn A

    2002-01-01

    The author contends that, in eliminating HIPAA's mandatory consent requirement, which is the initial step in the patient's Patient Consent exercise of the right to health information privacy, DHHS has turned its back on privacy protection. She posits that the proposed change is the result of a disturbing focus on an elimination of the industry's administrative burdens, rather than on the protection of patient healthcare information. The article concludes that elimination of the consent requirement is a step backwards in the arena of personal privacy.

  19. Instrumentation for measuring speech privacy in rooms

    NASA Astrophysics Data System (ADS)

    Horrall, Thomas; Pirn, Rein; Markham, Ben

    2003-10-01

    Federal legislation pertaining to oral privacy in healthcare and financial services industries has increased the need for a convenient and economical way to document speech privacy conditions in offices, medical examination rooms, and certain other workspaces. This legislation is embodied in the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA). Both laws require that reasonable measures be put in place to safeguard the oral privacy of patients and clients. While techniques for privacy documentation are known within the acoustical consulting community, it is unlikely that community alone has the capacity to provide the surveys needed to evaluate acoustical conditions and demonstrate compliance with the legislation. A portable computer with integrated soundboard and a suitable amplified loudspeaker and test microphone are all that are needed to perform in situ measurements of articulation index or other accepted indices of speech privacy. Along with modest training, such instrumentation allows technicians to survey a large number of sites economically. Cost-effective components are shown that can meet the requirements for testing in most common environments where oral privacy is likely to be required. Example cases are presented to demonstrate the feasibility of such instrumentation.

  20. 78 FR 69983 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-11-22

    ... Protection--001 Alien File, Index, and National File Tracking System of Records AGENCY: Privacy Office, DHS... Protection--001 Alien File, Index, and National File Tracking System of Records'' from certain provisions of...) published a notice of proposed rulemaking in the Federal Register, 76 FR 34177 (June 13, 2011), proposing...

  1. 78 FR 4347 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security; U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-01-22

    ... Property Rights e-Recordation and Search Systems, System of Records AGENCY: Privacy Office, DHS. ACTION...- Recordation and Search Systems (IPRRSS), System of Records'' and this proposed rulemaking. In this proposed... titled, ``DHS/CBP-004-Intellectual Property Rights e-Recordation and Search Systems System of...

  2. 78 FR 7798 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-010...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    .... In the Privacy Act, an individual is defined to encompass United States citizens and lawful permanent... witnesses, in the course of immigration, civil, or criminal proceedings and when DHS determines that use of... published in the Federal Register on August 31, 2009 (74 FR 45083). In the context of this......

  3. 76 FR 58525 - Privacy Act of 1974; Department of Homeland Security, U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-21

    ... described in previous SORNs, most recently in the VIS SORN (73 FR 75445, December 11, 2008). SAVE Usage... for the E-Verify and SAVE Programs as part of the underlying technology, VIS (73 FR 75445, December 11... the E-Verify SORN (76 FR 26738, May 9, 2011), the VIS SORN will be retired. II. Privacy Act...

  4. 75 FR 412 - Privacy Act of 1974; Department of Homeland Security U.S. Immigration and Customs Enforcement-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-05

    ...) titled DHS/ICE-001, Student and Exchange Visitor Information System, (70 FR 14477, Mar. 22, 2005), and a... Privacy Act (73 FR 63057, Oct. 23, 2008), portions or all of these records may be exempt from disclosure... and Naturalization Service, the predecessor to U.S. Immigration and Customs Enforcement...

  5. 78 FR 58254 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-23

    ... intelligence agencies pursuant to the above routine uses. The Privacy Act requires DHS maintain an accounting... intelligence agency has sought particular records may affect ongoing law enforcement or intelligence activity..., and intelligence activities. These exemptions are needed to protect information relating to...

  6. 78 FR 31958 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-007...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-28

    ... published in the Federal Register on July 25, 2008 (73 FR 43457). A Final Rule exempting portions of this system from certain provisions of the Privacy Act was published on February 3, 2010 (75 FR 5491). As part... of entry. The exemptions for the existing system of records notice (July 25, 2008, 73 FR 43457)...

  7. 76 FR 49500 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-020 Substance...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-10

    ... authorities to report, under State law, incidents of suspected child abuse or neglect to the extent described... Guard--020 Substance Abuse Prevention and Treatment Program System of Records AGENCY: Privacy Office...--020 Substance Abuse Prevention and Treatment Program System of Records.'' This system of...

  8. 75 FR 5609 - Privacy Act of 1974; Department of Homeland Security/ALL-024 Facility and Perimeter Access...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... DHS/ALL--024 Facility and Perimeter Access Control and Visitor Management System of Records (74 FR... Perimeter Access Control and Visitor Management System of Records AGENCY: Privacy Office; DHS. ACTION... Facility and Perimeter Access Control and Visitor Management System of Records to include record...

  9. 76 FR 21768 - Privacy Act of 1974; Department of Homeland Security/Office of Health Affairs-001 Contractor...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-18

    ... 19, 2006, 71 FR 35360). Categories of records in the system: Categories of records in this system... Affairs--001 Contractor Occupational Health and Immunization Records System of Records AGENCY: Privacy... Contractor Occupational Health and Immunization Records System of Records.'' This system...

  10. 77 FR 33683 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security, U.S. Customs...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-07

    ... Intelligence (AFI) System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking... Border Protection--017 Analytical Framework for Intelligence (AFI) System of Records'' and this proposed... Border Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records.''...

  11. Biobanking Research and Privacy Laws in the United States.

    PubMed

    Harrell, Heather L; Rothstein, Mark A

    2016-03-01

    Privacy is protected in biobank-based research in the US primarily by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the Federal Policy for Protection of Human Subjects (Common Rule). Neither rule, however, was created to function in the unique context of biobank research, and therefore neither applies to all biobank-based research. Not only is it challenging to determine when the HIPAA Privacy Rule or the Common Rule apply, but these laws apply different standards to protect privacy. In addition, many other federal and state laws may be applicable to a particular biobank, researcher, or project. US law also does not directly address international sharing of data or specimens outside of the EU-US Safe Harbor Agreement, which only applies to receipt of data by certain US entities from EU countries, and is in the process of revision. Although new rules would help clarify privacy protections in biobanking, any implemented changes should be studied to determine the sufficiency of the protections as well as its ability to facilitate or hinder international collaborations. PMID:27256128

  12. 75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ...: The History of the Department of Homeland Security System of Records (69 FR 56781, September 22, 2004... of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records... Act of 1974 for the Department of Homeland Security/ALL-027 The History of the Department of......

  13. Privacy Issues and New Technologies.

    ERIC Educational Resources Information Center

    Colman, Sue

    1997-01-01

    Issues of privacy, anonymity, and computer security emerging with advancing information technology are outlined, and implications for universities are discussed. Emphasis is on the Australian context and on Australian government and international initiatives concerning privacy. Sensitive information categories are identified, and measures…

  14. RBAC-Matrix-based EMR right management system to improve HIPAA compliance.

    PubMed

    Lee, Hung-Chang; Chang, Shih-Hsin

    2012-10-01

    Security control of Electronic Medical Record (EMR) is a mechanism used to manage electronic medical records files and protect sensitive medical records document from information leakage. Researches proposed the Role-Based Access Control(RBAC). However, with the increasing scale of medical institutions, the access control behavior is difficult to have a detailed declaration among roles in RBAC. Furthermore, with the stringent specifications such as the U.S. HIPAA and Canada PIPEDA etc., patients are encouraged to have the right in regulating the access control of his EMR. In response to these problems, we propose an EMR digital rights management system, which is a RBAC-based extension to a matrix organization of medical institutions, known as RBAC-Matrix. With the aim of authorizing the EMR among roles in the organization, RBAC-Matrix also allow patients to be involved in defining access rights of his records. RBAC-Matrix authorizes access control declaration among matrix organizations of medical institutions by using XrML file in association with each EMR. It processes XrML rights declaration file-based authorization of behavior in the two-stage design, called master & servant stage, thus makes the associated EMR to be better protected. RBAC-Matrix will also make medical record file and its associated XrML declaration to two different EMRA(EMR Authorization)roles, namely, the medical records Document Creator (DC) and the medical records Document Right Setting (DRS). Access right setting, determined by the DRS, is cosigned by the patient, thus make the declaration of rights and the use of EMR to comply with HIPAA specifications.

  15. HIPAA update: standards for health care electronic transactions finalized.

    PubMed

    McMahon, E B

    2000-10-01

    The Department for Health and Human Services (HHS) has issued the final rule that will govern electronic exchanges of financial and administrative information in the health care industry. About 400 different formats currently exist for electronic health care claims. Once compliance with this rule is required (October 2002 for most health care entities to which the rule applies), a physician will be able to submit an electronic claim in the standard transaction format to virtually any health plan in the United States and the health plan will have to accept it. Under the rule, an electronic transaction involves information exchanges between two parties to carry out financial or administrative activities related to health care. Thus, health plans will be able to pay physicians, authorize services, certify referrals, and coordinate benefits using a standard electronic format for each transaction. Conflicting state laws will be superseded by the standards, although HHS is developing an exception process pursuant to HIPAA. HIPAA required HHS to adopt data and format standards, if possible, that were developed by private sector standards development organizations accredited by the American National Standards Institute (ANSI). When conducting a transaction covered by the rule, physicians are required to use applicable medical data code sets as specified in the implementation specification that is valid at the time the health care is furnished. Local and proprietary codes currently used by health plans can no longer be used in electronic transactions governed by the rule after the compliance date (October 16, 2002, except for small health plans, which have until October 16, 2003). This summary of the Standards for Electronic Transactions should not be construed as legal advice or an opinion on specific situations. Please consult an attorney concerning your compliance with HIPAA and the regulations promulgated thereunder. PMID:16906180

  16. 75 FR 36642 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-06-28

    ... of the Secretary Privacy Act of 1974; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency... National Security Agency/Central Security Service notices for systems of records subject to the Privacy...

  17. 17 CFR 248.8 - Revised privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as...

  18. Privacy Issues of a National Research and Education Network.

    ERIC Educational Resources Information Center

    Katz, James E.; Graveman, Richard F.

    1991-01-01

    Discussion of the right to privacy of communications focuses on privacy expectations within a National Research and Education Network (NREN). Highlights include privacy needs in scientific and education communications; academic and research networks; network security and privacy concerns; protection strategies; and consequences of privacy…

  19. State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

    ERIC Educational Resources Information Center

    Data Quality Campaign, 2011

    2011-01-01

    Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

  20. Privacy-enhanced electronic mail

    NASA Astrophysics Data System (ADS)

    Bishop, Matt

    1990-06-01

    The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

  1. 76 FR 39408 - Privacy Act of 1974; Department of Homeland Security/ALL-030 Use of the Terrorist Screening...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    .../FBI-019 Terrorist Screening Records System of Records (August 22, 2007, 72 FR 47073) Exemptions... System of Records (August 22, 2007, 72 FR 47073) in order to automate and simplify the current method for... (May 19, 2010, 75 FR 28046); (2) TSA, Secure Flight Program: DHS/TSA-019 Secure Flight Records...

  2. 76 FR 39406 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... Homeland Security Advisory Committees System of Records Notice (October 3, 2008, 73 FR 63181). Effects of... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  3. 77 FR 37685 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-22

    ... Department of Homeland Security Advisory Committees System of Records Notice (October 3, 2008, 73 FR 63181... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  4. 78 FR 51197 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-20

    ... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data.... Instructions: All submissions must include the words ``Department of Homeland Security Data Privacy...

  5. Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections

    PubMed Central

    Gilliland, Anne T

    2011-01-01

    Objective: The investigation provides recommendations for establishing institutional collection guidelines and policies that protect the integrity of the historical record, while upholding the privacy and confidentiality of those who are protected by Health Insurance Portability and Accountability Act (HIPAA) or professional ethical standards. Methods: The authors completed a systematic historical investigation of the concepts of collection integrity, privacy, and confidentiality in the formal and informal legal and professional ethics literature and applied these standards to create best practices for institutional policies in these areas. Results: Through an in-depth examination of the historical concepts of privacy and confidentiality in the legal and professional ethics literature, the authors were able to create recommendations that would allow institutions to provide access to important, yet sensitive, materials, while complying with the standards set by HIPAA regulations and professional ethical expectations. Conclusion: With thoughtful planning, it is possible to balance the integrity of and access to the historical record of sensitive documents, while supporting the privacy protections of HIPAA and professional ethical standards. Although it is theorized that collection development polices of institutions have changed due to HIPAA legislation, additional research is suggested to see how various legal interpretations have affected the integrity of the historical record in actuality. PMID:21243051

  6. 17 CFR 160.5 - Annual privacy notice to customers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during...

  7. 17 CFR 160.9 - Delivering privacy and opt out notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any privacy notices and opt out...

  8. 17 CFR 160.6 - Information to be included in privacy notices.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial, annual, and revised privacy notices that...

  9. 17 CFR 160.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual...

  10. 77 FR 47415 - Privacy Act of 1974; Department of Homeland Security U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-08

    ..., ``Department of Homeland Security/United States Citizenship and Immigration Services--004-- Systematic Alien Verification for Entitlements Program System of Records.'' The United States Citizenship and Immigration... provisions of the Immigration and Nationality Act of the United States, including individuals......

  11. 78 FR 28867 - Privacy Act of 1974; Department of Homeland Security/U.S. Immigration and Customs Enforcement-014...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ... support the conduct of national intelligence and security investigations or to assist in anti-terrorism... total of 16 years. Exception: All war crimes and capital cases shall be held indefinitely onsite at...

  12. 77 FR 31371 - Public Workshop: Privacy Compliance Workshop

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-25

    ... compliance fundamentals, privacy and data security, and the privacy compliance life cycle. A learning lunch..., with both the training rooms and restrooms situated on the ground floor. Mary Ellen Callahan,...

  13. Development of a HIPAA-compliant environment for translational research data and analytics.

    PubMed

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58.

  14. Development of a HIPAA-compliant environment for translational research data and analytics

    PubMed Central

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58. PMID:23911553

  15. Development of a HIPAA-compliant environment for translational research data and analytics.

    PubMed

    Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

    2014-01-01

    High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58. PMID:23911553

  16. 75 FR 23214 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-05-03

    ... interests of individuals with respect to learning of such disclosures, the administrative burden on covered... HITECH Act, which requires that we take into account both the interests of individuals in learning the... interested in hearing from individuals, consumer advocates and groups, and, regarding technical...

  17. 76 FR 31425 - HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-31

    ... involving reports of child abuse or neglect), for judicial and administrative proceedings, for law... child abuse or neglect to a public health authority or other appropriate government authority authorized... guardian for its reporting to authorities of suspected child abuse or neglect. While the current...

  18. 78 FR 23872 - HIPAA Privacy Rule and the National Instant Criminal Background Check System (NICS)

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-23

    ... mental health prohibitor, demographic information such as dates of birth, and codes identifying the... or others or being incapable of managing their own affairs (referred to below as the ``mental health... individuals subject to the mental health prohibitor ] to the NICS. The Department of Health and Human...

  19. 8 CFR 103.42 - Rules relating to the Freedom of Information Act (FOIA) and the Privacy Act.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... Privacy Act. Immigration-related regulations relating to FOIA and the Privacy Act are located in 6 CFR... HOMELAND SECURITY IMMIGRATION REGULATIONS IMMIGRATION BENEFITS; BIOMETRIC REQUIREMENTS; AVAILABILITY...

  20. 8 CFR 103.42 - Rules relating to the Freedom of Information Act (FOIA) and the Privacy Act.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Privacy Act. Immigration-related regulations relating to FOIA and the Privacy Act are located in 6 CFR... HOMELAND SECURITY IMMIGRATION REGULATIONS IMMIGRATION BENEFITS; BIOMETRIC REQUIREMENTS; AVAILABILITY...

  1. 8 CFR 103.42 - Rules relating to the Freedom of Information Act (FOIA) and the Privacy Act.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... Privacy Act. Immigration-related regulations relating to FOIA and the Privacy Act are located in 6 CFR... HOMELAND SECURITY IMMIGRATION REGULATIONS IMMIGRATION BENEFITS; BIOMETRIC REQUIREMENTS; AVAILABILITY...

  2. 76 FR 39315 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-06

    ... with no direct user interface. DHS and its components are authorized to access TSDB records via the WLS... FR 31080); and In addition, two DHS components will receive TSDB data via the WLS in the form of a... of Homeland Security/ALL--030 Use of the Terrorist Screening Database System of Records...

  3. 78 FR 28761 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-16

    ... States and around the world to research methods of document production and authenticate questionable... document. Social Security Numbers are not directly entered into IDEAL, instead the serial number on the... research methods of document production and authenticate questioned documents through comparative...

  4. 75 FR 5614 - Privacy Act of 1974; Department of Homeland Security/ALL-025 Law Enforcement Authority in Support...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... Records (74 FR 3088, January 16, 2008) for the collection and maintenance of records that pertain to the... Homeland Security/U.S. Secret Service--004 Protection Information System of Records (73 FR 77733, December..., offenders, and suspects; Records of possible espionage, foreign intelligence service elicitation...

  5. 78 FR 52553 - Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity Index Prototype System...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-23

    ... 30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement (ICE)'s Student and Exchange... System SORN (January 5, 2010, 75 FR 412); and (3) U.S. Transportation Security Administration (TSA)'s... Assessment System SORN (May 19, 2010, 75 FR 28046). These three data sets were identified for the...

  6. 76 FR 28795 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-024 Auxiliary...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-18

    ... titled, ``Department of Homeland Security/United States Coast Guard-024 Auxiliary Database (AUXDATA... Coast Guard to track and report contact, activity, performance, and achievement information about the members of its volunteer workforce element, the United States Coast Guard Auxiliary. As a result of...

  7. 76 FR 70638 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-15

    ..., 76 FR 59926, September 28, 2011, proposing to exempt portions of the system of records from one or... system of records notice was published concurrently in the Federal Register, 76 FR 60070, September 28... of Homeland Security/U.S. Citizenship and Immigration Services-015 Electronic Immigration...

  8. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... Transportation Security Directorate of Emergency Preparedness and Response Directorate of Information Analysis.... Metropolitan Medical Response System, b. National Disaster Medical System, and c. Office of Emergency Preparedness d. Strategic National Stockpile 2. Centers for Disease Control and Agency for Toxic Substances...

  9. 6 CFR Appendix A to Part 5 - FOIA/Privacy Act Offices of the Department of Homeland Security

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... Transportation Security Directorate of Emergency Preparedness and Response Directorate of Information Analysis.... Metropolitan Medical Response System, b. National Disaster Medical System, and c. Office of Emergency Preparedness d. Strategic National Stockpile 2. Centers for Disease Control and Agency for Toxic Substances...

  10. 78 FR 20680 - Privacy Act of 1974; Department of Homeland Security/U.S. Citizenship and Immigration Services...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-05

    ... FR 70739). USCIS is the component of DHS that oversees immigration benefit requests from foreign... Immigration Services-014 Electronic Immigration System- 1 Temporary Accounts and Draft Benefit Requests System..., ``Department of Homeland Security/U.S. Citizenship and Immigration Services-014 Electronic Immigration...

  11. 75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-10

    ... Exemptions; Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity... Sharing Environment Suspicious Activity Reporting Initiative System of Records'' and this proposed... establish a new DHS system of records titled, ``DHS/ALL-031 Information Sharing Environment (ISE)...

  12. 75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-18

    ... the Federal Register, (74 FR 55484, October 28, 2009) proposing to exempt portions of the system of... records notice was published concurrently in the Federal Register, (74 FR 55572, October 28, 2009) and...; investigations, inquiries, and proceedings there under; national security and intelligence activities; ]...

  13. 78 FR 60888 - Privacy Act of 1974; Department of Homeland Security/ALL-036 Board for Correction of Military...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-10-02

    ... Transportation (OST) 004 Board for Correction of Military Records (BCMR) System of Records, 65 FR 19551--(April... the Coast Guard, 65 FR 19557 (April 11, 2000) as a new Department of Homeland Security system of... attached documentary evidence or affidavits; Transcripts of any hearing held by the Board;...

  14. 76 FR 34732 - Privacy Act of 1974; Department of Homeland Security/National Protection and Programs Directorate...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-14

    ... (TSC). For more information on the TSDB, see DOJ/FBI--019 Terrorist Screening Records System, 72 FR...-002--Transportation Security Threat Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP... of Records, 71 FR 20708 (April 21, 2006). DHS/NPPD will also retain records to conduct inspections...

  15. National Committee on Vital and Health Statistics: publication of recommendations relating to HIPAA health data standards--HHS. Notice.

    PubMed

    1997-10-01

    Section 1172 (f), Subtitle F of Pub. L. 104-191, the Health Insurance Portability and Accountability Act of 1996, requires the Secretary of Health and Human Services to publish in the Federal Register any recommendation of the National Committee on Vital and Health Statistics (NCVHS) regarding the adoption of a data standard under that law. On September 9, the NCVHS submitted recommendations to the Secretary relating to the unique identifier for payers, the unique identifier for individuals, and security standards. Accordingly, the full text of the NCVHS recommendations relating to HIPAA data standards is reproduced below. The text of the recommendations is also available on the NCVHS website: http@aspe.os.dhhs.gov/ncvhs/. PMID:10175512

  16. A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

    NASA Technical Reports Server (NTRS)

    Bishop, Matt

    1991-01-01

    The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

  17. Biometrics, e-identity, and the balance between security and privacy: case study of the passenger name record (PNR) system.

    PubMed

    Nouskalis, G

    2011-01-01

    The implementation of biometrics entails either the establishment of an identity or tracing a person's identity. Biometric passport data (e.g., irises, fingers, faces) can be used in order to verify a passenger's identity. The proposed Passenger Name Record (PNR) system contains all the information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in the flight schedule, seat preferences, and other information. In the aftermath of the September 11 attacks, a new emergency political-law status of society was established: the continuous state of "war" against the so-called unlawful combatants of the "enemy". Officially, the enemy is the terrorists, but the victims of the privacy invasions caused by the above new form of data processing are the civilians. The data processing based on biometrics is covered both by Directive 95/46 EC and Article 8 of the Convention on the Protection of Human Rights and Fundamental Freedoms (now the European Convention on Human Rights, "ECHR"). According to Article 2, Paragraph a of the above Directive, personal data shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity. PMID:21380482

  18. Biometrics, e-identity, and the balance between security and privacy: case study of the passenger name record (PNR) system.

    PubMed

    Nouskalis, G

    2011-03-01

    The implementation of biometrics entails either the establishment of an identity or tracing a person's identity. Biometric passport data (e.g., irises, fingers, faces) can be used in order to verify a passenger's identity. The proposed Passenger Name Record (PNR) system contains all the information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in the flight schedule, seat preferences, and other information. In the aftermath of the September 11 attacks, a new emergency political-law status of society was established: the continuous state of "war" against the so-called unlawful combatants of the "enemy". Officially, the enemy is the terrorists, but the victims of the privacy invasions caused by the above new form of data processing are the civilians. The data processing based on biometrics is covered both by Directive 95/46 EC and Article 8 of the Convention on the Protection of Human Rights and Fundamental Freedoms (now the European Convention on Human Rights, "ECHR"). According to Article 2, Paragraph a of the above Directive, personal data shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity.

  19. Comprehensive quantitative analysis on privacy leak behavior.

    PubMed

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects. PMID:24066046

  20. Comprehensive Quantitative Analysis on Privacy Leak Behavior

    PubMed Central

    Fan, Lejun; Wang, Yuanzhuo; Jin, Xiaolong; Li, Jingyuan; Cheng, Xueqi; Jin, Shuyuan

    2013-01-01

    Privacy information is prone to be leaked by illegal software providers with various motivations. Privacy leak behavior has thus become an important research issue of cyber security. However, existing approaches can only qualitatively analyze privacy leak behavior of software applications. No quantitative approach, to the best of our knowledge, has been developed in the open literature. To fill this gap, in this paper we propose for the first time four quantitative metrics, namely, possibility, severity, crypticity, and manipulability, for privacy leak behavior analysis based on Privacy Petri Net (PPN). In order to compare the privacy leak behavior among different software, we further propose a comprehensive metric, namely, overall leak degree, based on these four metrics. Finally, we validate the effectiveness of the proposed approach using real-world software applications. The experimental results demonstrate that our approach can quantitatively analyze the privacy leak behaviors of various software types and reveal their characteristics from different aspects. PMID:24066046

  1. What was privacy?

    PubMed

    McCreary, Lew

    2008-10-01

    Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line.

  2. 76 FR 22807 - Privacy Act of 1974; Implementation

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-25

    ... of the Secretary 32 CFR Part 321 Privacy Act of 1974; Implementation AGENCY: Defense Security Service, DoD. ACTION: Direct final rule with request for comments. SUMMARY: The Defense Security Service is... makes nonsubstantive changes to the Defense ] Security Service Privacy Program rules. These changes...

  3. The role of privacy protection in healthcare information systems adoption.

    PubMed

    Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

    2013-10-01

    Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

  4. Reconsidering the Right to Privacy in Canada

    ERIC Educational Resources Information Center

    Shade, Leslie Regan

    2008-01-01

    This article argues that post-September 11 political debates and legislation around security necessitates a reconsideration of a right to privacy in Canada. It looks at the proposal for a Canadian Charter of Privacy Rights promoted by Senator Sheila Finestone in the late 1990s and the current challenges of emergent material technologies…

  5. 75 FR 54162 - Privacy Act of 1974

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-03

    ... should address comments to: Walter Stone, CMS Privacy Officer, Division of Information Security & Privacy... extended CHAMPVA benefit to age 65 for any beneficiary eligible for Medicare Part A on the basis of... Law 107-14 provided for extending benefit coverage for beneficiaries over the age of 65 years if...

  6. 77 FR 60131 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-02

    ... will be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  7. 76 FR 58524 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-21

    ... be open to the public. DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  8. 47 CFR 0.506 - FOIA and Privacy Act requests.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 47 Telecommunication 1 2010-10-01 2010-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the...

  9. 76 FR 37823 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-28

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... assessments were approved and published on the Privacy Office's Web site between March 31, 2011 and May 31, 2011. DATES: The PIAs will be available on the DHS Web site until August 29, 2011, after which they...

  10. 77 FR 46100 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-08-02

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... Privacy Office's Web site between March 1, 2012 and May 31, 2012. DATES: The PIAs will be available on the DHS Web site until October 1, 2012, after which they may be obtained by contacting the DHS...

  11. 76 FR 78934 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-12-20

    ... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office... approved and published on the Privacy Office's web site between September 1, 2011 and November 30, 2011. DATES: The PIAs will be available on the DHS Web site until February 21, 2012, after which they may...

  12. 75 FR 53262 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-31

    ... certain provisions of the Privacy Act in order to avoid interference with the national security and... of Privacy and Civil Liberties, National Place Building, 1331 Pennsylvania Ave., NW., Suite 940... Privacy Act in order to avoid interference with the law enforcement, intelligence and...

  13. 75 FR 8087 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-23

    ... FR 71659). DHS Authority to Collect This Information: DHS requests that you voluntarily submit this... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and...

  14. 78 FR 55088 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-09

    ... 3, 2008, 73 FR 63181). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Request for Applicants for Appointment to the DHS Data Privacy...

  15. 75 FR 52769 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-27

    ... Lists System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing Information... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Notice of Federal Advisory Committee meeting. SUMMARY: The DHS Data Privacy and...

  16. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    PubMed

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

  17. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    PubMed

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities. PMID:25634674

  18. Privacy preserving index for encrypted electronic medical records.

    PubMed

    Chen, Yu-Chi; Horng, Gwoboa; Lin, Yi-Jheng; Chen, Kuo-Chang

    2013-12-01

    With the development of electronic systems, privacy has become an important security issue in real-life. In medical systems, privacy of patients' electronic medical records (EMRs) must be fully protected. However, to combine the efficiency and privacy, privacy preserving index is introduced to preserve the privacy, where the EMR can be efficiently accessed by this patient or specific doctor. In the literature, Goh first proposed a secure index scheme with keyword search over encrypted data based on a well-known primitive, Bloom filter. In this paper, we propose a new privacy preserving index scheme, called position index (P-index), with keyword search over the encrypted data. The proposed index scheme is semantically secure against the adaptive chosen keyword attack, and it also provides flexible space, lower false positive rate, and search privacy. Moreover, it does not rely on pairing, a complicate computation, and thus can search over encrypted electronic medical records from the cloud server efficiently.

  19. A privacy protection for an mHealth messaging system

    NASA Astrophysics Data System (ADS)

    Aaleswara, Lakshmipathi; Akopian, David; Chronopoulos, Anthony T.

    2015-03-01

    In this paper, we propose a new software system that employs features that help the organization to comply with USA HIPAA regulations. The system uses SMS as the primary way of communication to transfer information. Lack of knowledge about some diseases is still a major reason for some harmful diseases spreading. The developed system includes different features that may help to communicate amongst low income people who don't even have access to the internet. Since the software system deals with Personal Health Information (PHI) it is equipped with an access control authentication system mechanism to protect privacy. The system is analyzed for performance to identify how much overhead the privacy rules impose.

  20. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  1. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  2. 17 CFR 248.2 - Model privacy form: rule of construction.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the...

  3. 17 CFR 248.4 - Initial privacy notice to consumers required.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Initial privacy notice to... COMMISSION (CONTINUED) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.4 Initial privacy notice to...

  4. 76 FR 60510 - DHS Data Privacy and Integrity Advisory Committee; Meeting

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... in the Federal Register at 76 FR 58524 that the Data Privacy and ] Integrity Advisory Committee would... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee; Meeting AGENCY: Privacy.... DATES: The DHS Data Privacy and Integrity Advisory Committee will meet on Wednesday, October 5,...

  5. Privacy information management for video surveillance

    NASA Astrophysics Data System (ADS)

    Luo, Ying; Cheung, Sen-ching S.

    2013-05-01

    The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

  6. Secure PVM

    SciTech Connect

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  7. 78 FR 23204 - Privacy Act of 1974, System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-18

    ... facilities that are secured at all times by ] security systems and video surveillance cameras. The security..., FL 33131. Dated: March 15, 2013. William Morgan, Chief Information Security Officer--Chief Privacy Officer. USAID-09 System Name: Criminal Law Enforcement Records System Security Classification:...

  8. Ethics Committees in the Rural Midwest: Exploring the Impact of HIPAA

    ERIC Educational Resources Information Center

    Having, Karen M.; Hale, Dena; Lautar, Charla J.

    2008-01-01

    Context: Confidentiality of personal health information is an ethical principle and a legislated mandate; however, the impact of the Health Insurance Portability and Accountability Act (HIPAA) on ethics committees ethics committees is limited. Purpose: This study investigates the prevalence, activity, and composition of ethics committees located…

  9. Governance Through Privacy, Fairness, and Respect for Individuals

    PubMed Central

    Baker, Dixie B.; Kaye, Jane; Terry, Sharon F.

    2016-01-01

    Introduction: Individuals have a moral claim to be involved in the governance of their personal data. Individuals’ rights include privacy, autonomy, and the ability to choose for themselves how they want to manage risk, consistent with their own personal values and life situations. The Fair Information Practices principles (FIPPs) offer a framework for governance. Privacy-enhancing technology that complies with applicable law and FIPPs offers a dynamic governance tool for enabling the fair and open use of individual’s personal data. Perceptions of Risk: Any governance model must protect against the risks posed by data misuse. Individual perceptions of risks are a subjective function involving individuals’ values toward self, family, and society, their perceptions of trust, and their cognitive decision-making skills. The HIPAA Privacy Rule Puts Some Governance in the Hands of Individuals: Individual privacy protections and individuals’ right to choose are codified in the HIPAA Privacy Rule, which attempts to strike a balance between the dual goals of information flow and privacy protection. The choices most commonly given individuals regarding the use of their health information are binary (“yes” or “no”) and immutable. Recent federal recommendations and law recognize the need for granular, dynamic choices. Building a Governance Framework Based in Trust: Avoiding Surprises: Individuals expect that they will govern the use of their own health and genomic data. Failure to build and maintain individuals’ trust increases the likelihood that they will refuse to grant permission to access or use their data. The “no surprises principle” asserts that an individual’s personal information should never be collected, used, transmitted, or disclosed in a way that would surprise the individual were she to learn about it. Fair Information Practices Principles: The FIPPs provide a powerful framework for enabling data sharing and use, while maintaining trust

  10. From Data Privacy to Location Privacy

    NASA Astrophysics Data System (ADS)

    Wang, Ting; Liu, Ling

    Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.

  11. Extending SQL to Support Privacy Policies

    NASA Astrophysics Data System (ADS)

    Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken

    Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.

  12. The development of specifications and discussion of business models for ensuring speech privacy in the healthcare industry

    NASA Astrophysics Data System (ADS)

    Lavallee, Timothy; Good, Kenneth; Sykes, David

    2005-09-01

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed, among other reasons, to hold healthcare providers accountable for the privacy of patient's personal and medical information. It includes language addressing the need for ``reasonable safeguards'' for speech privacy and oral communication in a healthcare setting. After 50 years of development, speech privacy science and mechanisms are well understood. However, current specifications cannot be directly applied and are not specifically written to address the application of the current acoustical knowledgebase to the health care industry's need for compliance. This is a discussion of the state of existing privacy technology and specifications; the ability and availability of mechanisms currently in the health care industry as a possible route for implementation of the regulation; the state of development of specification to address specifically the industry's needs; and a potential business model for implementation.

  13. Protecting privacy in a clinical data warehouse.

    PubMed

    Kong, Guilan; Xiao, Zhichun

    2015-06-01

    Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world.

  14. Protecting privacy in a clinical data warehouse.

    PubMed

    Kong, Guilan; Xiao, Zhichun

    2015-06-01

    Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world. PMID:25301198

  15. E-Mail Privacy.

    ERIC Educational Resources Information Center

    Shieh, Jackie; Ballard, Rhea A-L

    1994-01-01

    Examines the relationship between electronic mail (E-mail) and employee privacy rights. Two current course cases involving the privacy issue are summarized; the Electronic Communications Privacy Act of 1986 is explained; proposed legislation is discussed; and suggestions for employee E-mail privacy that can help avoid possible litigation are…

  16. Widening Privacy Concerns.

    ERIC Educational Resources Information Center

    Amidon, Paige

    1992-01-01

    Discusses privacy concerns relating to electronic information media. European privacy initiatives from the European Community are described, including personal data protection, impact on the online industry, and telecommunications privacy; and activities in the United States are examined, including telephone caller privacy, electronic mail…

  17. 75 FR 9968 - Privacy Act of 1974: Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-03-04

    ... environment. Buildings where records are stored have security cameras and 24 hour security guard service. The... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION:...

  18. 75 FR 67697 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-03

    ... of the Secretary Privacy Act of 1974; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service (NSA/ CSS) proposes to add a system of records notice in its inventory of...

  19. 6 CFR 5.34 - Standards of conduct for administration of the Privacy Act.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Standards of conduct for administration of the Privacy Act. 5.34 Section 5.34 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.34 Standards of conduct for administration of...

  20. 78 FR 11648 - Privacy Act of 1974; Notice of New System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-19

    ... requirements of the Privacy Act, the Computer Security Act, and the SAM System Security Plan. System roles are... their Social Security Number (SSN) as their TIN if they do not have a separate Employer Identification... individual, only if permitted under the Privacy Act of 1974 and, if appropriate, the Computer Matching...

  1. How private is your consultation? Acoustic and audiological measures of speech privacy in the otolaryngology clinic.

    PubMed

    Clamp, Philip J; Grant, David G; Zapala, David A; Hawkins, David B

    2011-01-01

    The right to confidentiality is a central tenet of the doctor-patient relationship. In the United Kingdom this right to confidentiality is recognised in published GMC guidance. In USA the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) strengthened the legal requirement to protect patient information in all forms and failure to do so now constitutes a federal offence. The aims of this study are to assess the acoustic privacy of an otolaryngology outpatient consultation room. Acoustic privacy was measured using the articulation index (AI) and Bamford-Kowal-Bench (BKB) speech discrimination tests. BKB speech tests were calibrated to normal conversational volume (50 dB SPL). Both AI and BKB were calculated in four positions around the ENT clinic: within the consultation room, outside the consulting room door, in the nearest waiting area chair and in the farthest waiting area chair. Tests were undertaken with the clinic room door closed and open to assess the effect on privacy. With the clinic room door closed, mean BKB scores in nearest and farthest waiting area chairs were 51 and 41% respectively. AI scores in the waiting area chairs were 0.03 and 0.02. With the clinic room door open, privacy was lost in both AI and BKB testing, with almost 100% of word discernable at normal talking levels. The results of this study highlight the poor level of speech privacy within a standard ENT outpatient department. AI is a poor predictor or privacy.

  2. 78 FR 12337 - Published Privacy Impact Assessments on the Web

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-22

    ... of Records Notice, 77 FR 30297 (May 22, 2012). System: DHS/CBP/PIA-010 Analytical Framework for... SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web AGENCY: Privacy Office...'s Web ] site between June 1, 2012, and November 30, 2012. DATES: The PIA will be available on...

  3. 78 FR 15734 - Privacy Act of 1974; Computer Matching Program

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-12

    ... Privacy Protection Act of 1988, 54 FR 25818 (June 19, 1989); and OMB Circular A-130, Appendix I, 65 FR..., 76 FR 58525 (September 21, 2011). ] MA-DUA will provide the following to DHS/USCIS: MA-DUA records... SECURITY Office of the Secretary Privacy Act of 1974; Computer Matching Program AGENCY: Department...

  4. 78 FR 75930 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-12-13

    ... (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may choose not to provide the... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  5. 76 FR 35459 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-17

    ... System of Records Notice (November 25, 2008, 73 FR 71659). Effects of Not Providing Information: You may... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The DHS...

  6. 76 FR 25361 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-05-04

    ..., 2008, 73 FR 71659). Effects of Not Providing Information: You may choose not to provide the requested... SECURITY Office of the Secretary DHS Data Privacy and Integrity Advisory Committee AGENCY: Privacy Office, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting SUMMARY: The DHS...

  7. 76 FR 67755 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection DHS/CBP...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-02

    ... automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this..., including all applicable DHS automated systems security and access policies. Strict controls have...

  8. 45 CFR 164.522 - Rights to request privacy protection for protected health information.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 45 Public Welfare 1 2010-10-01 2010-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522...

  9. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  10. 75 FR 8363 - Office for Civil Rights; Workshop on the HIPAA Privacy Rule's De-Identification Standard; Notice...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-24

    ... Wicks, Office for Civil Rights, HHS, 200 Independence Ave, SW., Washington, DC 20201, 202-205-2292, Fax... the general public attending the meeting in-person and via Web cast. OCR intends to make...

  11. 76 FR 67561 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-11-01

    ...) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000. Approved: October 4, 2011... vendor personnel. ADP peripheral devices are placed in secure areas (areas that are locked or...

  12. Privacy Perspectives for Online Searchers: Confidentiality with Confidence?

    ERIC Educational Resources Information Center

    Duberman, Josh; Beaudet, Michael

    2000-01-01

    Presents issues and questions involved in online privacy from the information professional's perspective. Topics include consumer concerns; query confidentiality; securing computers from intrusion; electronic mail; search engines; patents and intellectual property searches; government's role; Internet service providers; database mining; user…

  13. Privacy and Library Records

    ERIC Educational Resources Information Center

    Bowers, Stacey L.

    2006-01-01

    This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."

  14. 77 FR 26254 - Privacy Act of 1974; System of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-03

    ..., 1996, 61 FR 6427). Dated: April 18, 2012. Patricia Toppings, OSD Federal Register Liaison Officer... of the Secretary Privacy Act of 1974; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a new system of records. SUMMARY: The National Security...

  15. How the University of Michigan Health System finds opportunity in HIPAA.

    PubMed

    Ebel, Colleen

    2004-01-01

    The University of Michigan Health System has dealt with some difficult challenges as a healthcare entity covered by the HIPAA Transaction and Code Sets regulation. It has processed electronic healthcare transactions for several years and faced major system changes to meet the standards. A capital investment in system upgrades and new purchases was inevitable. The organization invested in a systems infrastructure that provides for real-time application integration, which lays the foundation for real-time eligibility and claims processing where health plan systems can communicate with healthcare provider systems. PMID:15162715

  16. 76 FR 22613 - Privacy Act; Implementation

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-04-22

    ... Management System'' from subsections (c)(3); (d)(1), (2), (3), (4); (e)(1) and (e)(4)(G), (H), (I); and (f... security or foreign policy information. (B) From subsections (d)(1), (2), (3) and (4) (record subject's...), (2), (3), and (4); (e)(1) and (e)(4)(G), (H), and (I); and (f) of the Privacy Act pursuant to 5...

  17. An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

    ERIC Educational Resources Information Center

    Maar, Michael C.

    2013-01-01

    This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

  18. Choose Privacy Week: Educate Your Students (and Yourself) about Privacy

    ERIC Educational Resources Information Center

    Adams, Helen R.

    2016-01-01

    The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…

  19. Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

    PubMed Central

    Siegel, David A.

    2013-01-01

    Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

  20. Will you accept the government's friend request? Social networks and privacy concerns.

    PubMed

    Siegel, David A

    2013-01-01

    Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

  1. Space Partitioning for Privacy Enabled 3D City Models

    NASA Astrophysics Data System (ADS)

    Filippovska, Y.; Wichmann, A.; Kada, M.

    2016-10-01

    Due to recent technological progress, data capturing and processing of highly detailed (3D) data has become extensive. And despite all prospects of potential uses, data that includes personal living spaces and public buildings can also be considered as a serious intrusion into people's privacy and a threat to security. It becomes especially critical if data is visible by the general public. Thus, a compromise is needed between open access to data and privacy requirements which can be very different for each application. As privacy is a complex and versatile topic, the focus of this work particularly lies on the visualization of 3D urban data sets. For the purpose of privacy enabled visualizations of 3D city models, we propose to partition the (living) spaces into privacy regions, each featuring its own level of anonymity. Within each region, the depicted 2D and 3D geometry and imagery is anonymized with cartographic generalization techniques. The underlying spatial partitioning is realized as a 2D map generated as a straight skeleton of the open space between buildings. The resulting privacy cells are then merged according to the privacy requirements associated with each building to form larger regions, their borderlines smoothed, and transition zones established between privacy regions to have a harmonious visual appearance. It is exemplarily demonstrated how the proposed method generates privacy enabled 3D city models.

  2. 78 FR 54875 - Privacy Act of 1974; Computer Matching Program Between the Department of Education (ED) and the...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-09-06

    ... Privacy Act of 1974; Computer Matching Program Between the Department of Education (ED) and the Social Security Administration (SSA) AGENCY: Department of Education. ACTION: Notice. SUMMARY: Pursuant to the Computer Matching and Privacy Protection Act of 1988, the Computer Matching and Privacy...

  3. Privacy policies for health social networking sites

    PubMed Central

    Li, Jingquan

    2013-01-01

    Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data. PMID:23599228

  4. Safety and Privacy in Vehicular Communications

    NASA Astrophysics Data System (ADS)

    Domingo-Ferrer, Josep; Wu, Qianhong

    Vehicular ad hoc networks (VANETs) will improve traffic safety and efficiency provided that car-to-car communication stays trustworthy. Therefore, it is crucial to ensure that the information conveyed by vehicle-generated messages is reliable. A sensible option is to request that the content of a message originated by a certain vehicle be endorsed by nearby peer vehicles. However, neither message generation nor message endorsement should entail any privacy loss on the part of vehicles co-operating in it. This chapter surveys the available solutions to this security-privacy tension and analyzes their limitations. A new privacy-preserving system is sketched which guarantees message authentication through both a priori and a posteriori countermeasures.

  5. Privacy policies for health social networking sites.

    PubMed

    Li, Jingquan

    2013-01-01

    Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data.

  6. Analysis of Existing Privacy-Preserving Protocols in Domain Name System

    NASA Astrophysics Data System (ADS)

    Zhao, Fangming; Hori, Yoshiaki; Sakurai, Kouichi

    In a society preoccupied with gradual erosion of electronic privacy, loss of privacy in the current Domain Name System is an important issue worth considering. In this paper, we first review the DNS and some security & privacy threats to make average users begin to concern about the significance of privacy preservation in DNS protocols. Then, by an careful survey of four noise query generation based existing privacy protection approaches, we analyze some benefits and limitations of these proposals in terms of both related performance evaluation results and theoretic proofs. Finally, we point out some problems that still exist for research community's continuing efforts in the future.

  7. Privacy, confidentiality, and electronic medical records.

    PubMed Central

    Barrows, R C; Clayton, P D

    1996-01-01

    The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

  8. A HIPAA-compliant key management scheme with revocation of authorization.

    PubMed

    Lee, Wei-Bin; Lee, Chien-Ding; Ho, Kevin I-J

    2014-03-01

    Patient control over electronic protected health information (ePHI) is one of the major concerns in the Health Insurance and Accountability Act (HIPAA). In this paper, a new key management scheme is proposed to facilitate control by providing two functionalities. First, a patient can authorize more than one healthcare institute within a designated time period to access his or her ePHIs. Second, a patient can revoke authorization and add new authorized institutes at any time as necessary. In the design, it is not required to re-encrypt ePHIs for adding and revoking authorizations, and the implementation is time- and cost-efficient. Consent exception is also considered by the proposed scheme. PMID:24480372

  9. 42 CFR 37.42 - Approval of roentgenographic facilities.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... health information, including, as applicable, the HIPAA Privacy and Security Rules (45 CFR part 160 and... Roentgenology, Radium Therapy and Nuclear Medicine,” Vol. 117, No. 4, April 1973. (c) Each...

  10. Protecting location privacy for outsourced spatial data in cloud storage.

    PubMed

    Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

    2014-01-01

    As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

  11. Ethics and Privacy.

    ERIC Educational Resources Information Center

    Brewer, Erin; Eastmond, Nick; Geertsen, Reed; Johnson, Doug; Lewandowski, Judith; Yeaman, Andrew R. J.

    2003-01-01

    Contains four articles covering trends and issues on ethics and privacy in instructional technology, including: considerations for assessing ethical issues; what schools must do to develop ethical behaviors in students; a privacy primer for educators; and manufacturing technophopia. Each article contains references. (MES)

  12. Emerging Privacy Issues.

    ERIC Educational Resources Information Center

    Ware, Willis H.

    As the issue of information privacy increases in complexity in terms of the number of organizations involved, the intricacy of the information flows, and the difficulty of conceiving appropriate legal safeguards, it is not certain that the practices and laws that have been developed for current privacy protection can work for new situations.…

  13. Toward practicing privacy

    PubMed Central

    Dwork, Cynthia; Pottenger, Rebecca

    2013-01-01

    Private data analysis—the useful analysis of confidential data—requires a rigorous and practicable definition of privacy. Differential privacy, an emerging standard, is the subject of intensive investigation in several diverse research communities. We review the definition, explain its motivation, and discuss some of the challenges to bringing this concept to practice. PMID:23243088

  14. Information Privacy Revealed

    ERIC Educational Resources Information Center

    Lavagnino, Merri Beth

    2013-01-01

    Why is Information Privacy the focus of the January-February 2013 issue of "EDUCAUSE Review" and "EDUCAUSE Review Online"? Results from the 2012 annual survey of the International Association of Privacy Professionals (IAPP) indicate that "meeting regulatory compliance requirements continues to be the top perceived driver…

  15. 75 FR 54662 - Privacy Act of 1974: Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-08

    ... Federal Register of August 23, 2010 in FR Doc. 2010-20999 on page 51854, in the third column, the... COMMISSION Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of records; correction. The Securities and Exchange Commission published...

  16. 76 FR 3098 - Privacy Act of 1974; Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-19

    ... National Security Agency/Central Security Service (NSA/CSS) by other agencies and in some instances... Freedom of Information Act Program; DoD 5400.11- R, Department of Defense Privacy Program; NSA/CSS Policy 1-5; NSA/CSS Freedom of Information Act Program; NSA/CSS Policy 1-34; Implementation of the...

  17. 77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-06-01

    ... Security, 245 Murray Lane SW., Mail Stop 0655, Washington, DC 20528. Instructions: All submissions must... Officer, DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray... Officer and Shannon Ballard, Designated Federal Officer, 245 Murray Lane SW., Mail Stop 0655,...

  18. Taking the next step to privacy compliance for hospitals: implementing the OHA guidelines.

    PubMed

    Beardwood, John

    2003-01-01

    The recently released "Guidelines for Managing Privacy, Data Protection and Security for Ontario Hospitals," prepared by the Ontario Hospital eHealth Council Privacy and Security Working Group (the "Guidelines") are useful in that they provide a comprehensive overview of the types of issues raised for hospitals by existing and pending privacy legislation, and a very high-level framework for addressing same. However, the Guidelines are, as stated high-level guidelines only,--leaving hospital management to grapple with the next big step towards privacy compliance: how to operationalize the Guidelines within their particular hospital. PMID:14674181

  19. Guidelines for Network Security in the Learning Environment.

    ERIC Educational Resources Information Center

    Littman, Marlyn Kemper

    1996-01-01

    Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

  20. Testing Privacy Awareness

    NASA Astrophysics Data System (ADS)

    Bergmann, Mike

    In web-based business processes the disclosure of personal data by the user is an essential part and mandatory for the processes. Privacy policies help to inform the user about his/her rights and to protect the user’s privacy. In this paper we present a test to empirically measure how the user’s privacy awareness changes by presenting specific elements of the privacy policy in close proximity to the required data items. We compare an experimental group using an enhanced interface to a control group using a conventional interface regarding their capability to recall the agreed privacy-related facts. A concrete online survey has been performed. The major results are presented.

  1. An examination of electronic health information privacy in older adults.

    PubMed

    Le, Thai; Thompson, Hilaire; Demiris, George

    2013-01-01

    Older adults are the quickest growing demographic group and are key consumers of health services. As the United States health system transitions to electronic health records, it is important to understand older adult perceptions of privacy and security. We performed a secondary analysis of the Health Information National Trends Survey (2012, Cycle 1), to examine differences in perceptions of electronic health information privacy between older adults and the general population. We found differences in the level of importance placed on access to electronic health information (older adults placed greater emphasis on provider as opposed to personal access) and tendency to withhold information out of concerns for privacy and security (older adults were less likely to withhold information). We provide recommendations to alleviate some of these privacy concerns. This may facilitate greater use of electronic health communication between patient and provider, while promoting shared decision making.

  2. Leveraging Social Links for Trust and Privacy in Networks

    NASA Astrophysics Data System (ADS)

    Cutillo, Leucio Antonio; Molva, Refik; Strufe, Thorsten

    Existing on-line social networks (OSN) such as Facebook suffer from several weaknesses regarding privacy and security due to their inherent handling of personal data. As pointed out in [4], a preliminary analysis of existing OSNs shows that they are subject to a number of vulnerabilities, ranging from cloning legitimate users to sybil attacks through privacy violations. Starting from these OSN vulnerabilities as the first step of a broader research activity, we came up with a new approach that is very promising in re-visiting security and privacy problems in distributed systems and networks. We suggest a solution that both aims at avoiding any centralized control and leverages on the real life trust between users, that is part of the social network application itself. An anonymization technique based on multi-hop routing among trusted nodes guarantees privacy in data access and, generally speaking, in all the OSN operations.

  3. Legal issues concerning electronic health information: privacy, quality, and liability.

    PubMed

    Hodge, J G; Gostin, L O; Jacobson, P D

    1999-10-20

    Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections. PMID:10535438

  4. Legal issues concerning electronic health information: privacy, quality, and liability.

    PubMed

    Hodge, J G; Gostin, L O; Jacobson, P D

    1999-10-20

    Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

  5. 75 FR 57163 - Privacy Act Systems of Records

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-09-20

    ...); (d)(1), (2), (3), (4); (e)(1) and (e)(4)(G), (H), (I); and (f) of the Privacy Act, pursuant to 5 U.S...); (d)(1),(2),(3) and (4); (e)(1); (e)(4)(G),(H),(I); and (f) of the Privacy Act to the extent that... national security or foreign policy information. (2) From subsections (d)(1), (2), (3) and (4)......

  6. 6 CFR Appendix C to Part 5 - DHS Systems of Records Exempt From the Privacy Act

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 6 Domestic Security 1 2013-01-01 2013-01-01 false DHS Systems of Records Exempt From the Privacy Act C Appendix C to Part 5 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Pt. 5, App. C Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act This appendix...

  7. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 6 2012-07-01 2012-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  8. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 32 National Defense 6 2014-07-01 2014-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  9. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 32 National Defense 6 2013-07-01 2013-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  10. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  11. 32 CFR 806b.12 - Requesting the Social Security Number.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 32 National Defense 6 2011-07-01 2011-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy...

  12. The Privacy Jungle:On the Market for Data Protection in Social Networks

    NASA Astrophysics Data System (ADS)

    Bonneau, Joseph; Preibusch, Sören

    We have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, nondecisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites' privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites' privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximize sign-up numbers and encourage data sharing from the pragmatic majority of users.

  13. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. PMID:12975519

  14. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    PubMed

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort.

  15. Health insurance reform; modifications to the Health Insurance Portability and Accountability Act (HIPAA) electronic transaction standards. Final rule.

    PubMed

    2009-01-16

    This final rule adopts updated versions of the standards for electronic transactions originally adopted under the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This final rule also adopts a transaction standard for Medicaid pharmacy subrogation. In addition, this final rule adopts two standards for billing retail pharmacy supplies and professional services, and clarifies who the "senders" and "receivers" are in the descriptions of certain transactions. PMID:19385110

  16. Trust and Privacy Solutions Based on Holistic Service Requirements.

    PubMed

    Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

    2015-01-01

    The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

  17. Trust and Privacy Solutions Based on Holistic Service Requirements

    PubMed Central

    Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

    2015-01-01

    The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

  18. Trust and Privacy Solutions Based on Holistic Service Requirements.

    PubMed

    Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

    2015-12-24

    The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

  19. 13 CFR 102.33 - Security of systems of records.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... administrative and physical controls to prevent unauthorized access to its systems of records, to prevent... 13 Business Credit and Assistance 1 2012-01-01 2012-01-01 false Security of systems of records... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 §...

  20. 13 CFR 102.33 - Security of systems of records.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... administrative and physical controls to prevent unauthorized access to its systems of records, to prevent... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 §...