Genetics Home Reference: fish-eye disease

MedlinePlus

... levels of HDL cholesterol and atherosclerosis, a variable relationship--a review of LCAT deficiency. Vasc Health Risk ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: X-linked juvenile retinoschisis

MedlinePlus

... juvenile retinoschisis (XLRS): a review of genotype-phenotype relationships. Semin Ophthalmol. 2013 Sep-Nov;28(5-6): ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

What Are the Types of Genetic Tests?

MedlinePlus

... or implicate a crime suspect, or establish biological relationships between people (for example, paternity). For more information ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: Y chromosome infertility

MedlinePlus

... deletions" of the human Y chromosome and their relationship with male infertility. J Genet Genomics. 2008 Apr; ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: Fukuyama congenital muscular dystrophy

MedlinePlus

... Fujii T, Aiba H, Toda T. Seizure-genotype relationship in Fukuyama-type congenital muscular dystrophy. Brain Dev. ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: glutaric acidemia type II

MedlinePlus

... E, Bross P, Skovby F, Gregersen N. Clear relationship between ETF/ETFDH genotype and phenotype in patients ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: complete LCAT deficiency

MedlinePlus

... levels of HDL cholesterol and atherosclerosis, a variable relationship--a review of LCAT deficiency. Vasc Health Risk ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: neurohypophyseal diabetes insipidus

MedlinePlus

... G, Colao A. Central diabetes insipidus and autoimmunity: relationship between the occurrence of antibodies to arginine vasopressin- ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Vestibular Schwannoma (Acoustic Neuroma) and Neurofibromatosis

MedlinePlus

... other brain tumors. In addition, scientists are developing robotic technology to assist physicians with acoustic neuroma surgery. ... Privacy Accessibility Freedom of Information Act Site Map Website Policies Free Publications Content Syndication U.S. Department of ...

Genetics Home Reference: tarsal-carpal coalition syndrome

MedlinePlus

... Belmonte JC, Choe S. Structural basis of BMP signalling inhibition by the cystine knot protein Noggin. Nature. 2002 ... Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & Players ...

Genetics Home Reference: bare lymphocyte syndrome type I

MedlinePlus

... R. ABC proteins in antigen translocation and viral inhibition. Nat Chem Biol. 2010 Aug;6(8):572- ... Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & Players ...

Genetics Home Reference: familial adenomatous polyposis

MedlinePlus

... Järvinen HJ, Peltomäki P. The complex genotype-phenotype relationship in familial adenomatous polyposis. Eur J Gastroenterol Hepatol. ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: CDKL5 deficiency disorder

MedlinePlus

... Recurrent mutations in the CDKL5 gene: genotype-phenotype relationships. Am J Med Genet A. 2012 Jul;158A( ... for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & ...

Genetics Home Reference: Pallister-Killian mosaic syndrome

MedlinePlus

... qualified healthcare professional . About Selection Criteria for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & Players U.S. Department of Health & Human Services National Institutes of Health National Library of ...

Genetics Home Reference: dilated cardiomyopathy with ataxia syndrome

MedlinePlus

... qualified healthcare professional . About Selection Criteria for Links Data Files & API Site Map Subscribe Customer Support USA.gov Copyright Privacy Accessibility FOIA Viewers & Players U.S. Department of Health & Human Services National Institutes of Health National Library of ...

Animals & Livestock | National Agricultural Library

Science.gov Websites

Skip to main content Home National Agricultural Library United States Department of Agriculture Ag (maps, tables, graphs), Agricultural Products html National Animal Nutrition Program (NANP) Feed | Agricultural Research Service | Plain Language | FOIA | Accessibility Statement | Information Quality | Privacy

A privacy-preserving parallel and homomorphic encryption scheme

NASA Astrophysics Data System (ADS)

Min, Zhaoe; Yang, Geng; Shi, Jingqi

2017-04-01

In order to protect data privacy whilst allowing efficient access to data in multi-nodes cloud environments, a parallel homomorphic encryption (PHE) scheme is proposed based on the additive homomorphism of the Paillier encryption algorithm. In this paper we propose a PHE algorithm, in which plaintext is divided into several blocks and blocks are encrypted with a parallel mode. Experiment results demonstrate that the encryption algorithm can reach a speed-up ratio at about 7.1 in the MapReduce environment with 16 cores and 4 nodes.

Space Partitioning for Privacy Enabled 3D City Models

NASA Astrophysics Data System (ADS)

Filippovska, Y.; Wichmann, A.; Kada, M.

2016-10-01

Due to recent technological progress, data capturing and processing of highly detailed (3D) data has become extensive. And despite all prospects of potential uses, data that includes personal living spaces and public buildings can also be considered as a serious intrusion into people's privacy and a threat to security. It becomes especially critical if data is visible by the general public. Thus, a compromise is needed between open access to data and privacy requirements which can be very different for each application. As privacy is a complex and versatile topic, the focus of this work particularly lies on the visualization of 3D urban data sets. For the purpose of privacy enabled visualizations of 3D city models, we propose to partition the (living) spaces into privacy regions, each featuring its own level of anonymity. Within each region, the depicted 2D and 3D geometry and imagery is anonymized with cartographic generalization techniques. The underlying spatial partitioning is realized as a 2D map generated as a straight skeleton of the open space between buildings. The resulting privacy cells are then merged according to the privacy requirements associated with each building to form larger regions, their borderlines smoothed, and transition zones established between privacy regions to have a harmonious visual appearance. It is exemplarily demonstrated how the proposed method generates privacy enabled 3D city models.

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's access may be denied if...

13 CFR 102.24 - Requests for access to records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102... guardian of a minor or as the guardian of someone determined by a court to be incompetent, for access to...

13 CFR 102.24 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102... guardian of a minor or as the guardian of someone determined by a court to be incompetent, for access to...

32 CFR 324.13 - Access to medical and psychological records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DFAS PRIVACY ACT PROGRAM Individual Access to Records § 324.13 Access... be provided, even if the individual is a minor, unless it is determined that access could have an... physician in accordance with guidance in Department of Defense 5400.11-R, ‘Department of Defense Privacy...

20 CFR 401.55 - Access to medical records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... of or access to medical records to an individual on a minor's behalf. (i) To protect the privacy of a....55 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.55 Access to medical records. (a) General. You have a right to access your...

32 CFR 324.13 - Access to medical and psychological records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DFAS PRIVACY ACT PROGRAM Individual Access to Records § 324.13 Access... be provided, even if the individual is a minor, unless it is determined that access could have an... physician in accordance with guidance in Department of Defense 5400.11-R, ‘Department of Defense Privacy...

20 CFR 401.55 - Access to medical records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of or access to medical records to an individual on a minor's behalf. (i) To protect the privacy of a....55 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.55 Access to medical records. (a) General. You have a right to access your...

32 CFR 317.4 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-07-01

...'s written Privacy Act request for access to or amendment of documents filed in Privacy Act systems... Privacy Act request for access to or amendment of documents filed in Privacy Act systems of records. This... decisions of respective initial denial authorities. (b) The Chief, Administrative Management Division under...

Privacy aware access controls for medical data disclosure on European healthgrids.

PubMed

Rahmouni, Hanene Boussi; Solomonides, Tony; Mont, Marco Casassa; Shiu, Simon

2010-01-01

To be processed within a healthgrid environment, medical data goes through a complete lifecycle and several stages until it is finally used for the primary reason it has been collected for. This stage is not always the final occurrence of when the data would have been manipulated. The data could rather continue to be needed for secondary purposes of legitimate or non legitimate nature. Although other privacy issues are related to the processing of patient data while it is residing on a healthgrid environment, the control of data disclosure is our primary interest. When sharing medical data between different Healthcare and biomedical research organizations in Europe, it is important that the different parties involved in the sharing handle the data in the same way indicated by the legislation of the member state where the data was originally collected as the requirements might differ from one state to another. Privacy requirements, such as patient consent, may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks within a single member state. These circumstances have made the compliance management process in European healthgrid very challenging. In this paper we are presenting an approach to tackle these issues by relying on several technologies contained in the semantic web stack. Our work suggests a direct mapping from high level legislation on privacy and data protection to operational level privacy aware controls. Additionally we suggest an architecture for the enforcement of these controls on access control models adopted by healthgrids security infrastructures.

The Health Insurance Portability and Accountability Act Privacy Rule: a practical guide for researchers.

PubMed

Gunn, Patrick P; Fremont, Allen M; Bottrell, Melissa; Shugarman, Lisa R; Galegher, Jolene; Bikson, Tora

2004-04-01

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, intended to address potential threats to patient privacy posed by the computerization and standardization of medical records, provides a new floor level of federal protection for health information in all 50 states. In most cases, compliance with the Privacy Rule was required as of April 2003. Yet considerable confusion and concern remain about the Privacy Rule and the specific changes it requires in the way healthcare providers, health plans, and others use, maintain, and disclose health information. Researchers worry that the Privacy Rule could hinder their access to health information needed to conduct their research. In this article, we explain how the final version of the Privacy Rule governs disclosure of health information, assess implications of the Privacy Rule for research, and offer practical suggestions for researchers who require access to health information. The Privacy Rule is fundamentally changing the way that healthcare providers, health plans, and others use, maintain, and disclose health information and the steps that researchers must take to obtain health data. The Privacy Rule requires researchers who seek access to identifiable health information to obtain written authorization from subjects, or, alternatively, to demonstrate that their research protocols meet certain Privacy Rule requirements that permit access without written authorization. To ensure continued access to data, researchers will need to work more closely than before with healthcare providers, health plans, and other institutions that generate and maintain health information.

A Privacy Access Control Framework for Web Services Collaboration with Role Mechanisms

NASA Astrophysics Data System (ADS)

Liu, Linyuan; Huang, Zhiqiu; Zhu, Haibin

With the popularity of Internet technology, web services are becoming the most promising paradigm for distributed computing. This increased use of web services has meant that more and more personal information of consumers is being shared with web service providers, leading to the need to guarantee the privacy of consumers. This paper proposes a role-based privacy access control framework for Web services collaboration, it utilizes roles to specify the privacy privileges of services, and considers the impact on the reputation degree of the historic experience of services in playing roles. Comparing to the traditional privacy access control approaches, this framework can make the fine-grained authorization decision, thus efficiently protecting consumers' privacy.

The Human Genome Project: Information access, management, and regulation. Final report

DOE Office of Scientific and Technical Information (OSTI.GOV)

McInerney, J.D.; Micikas, L.B.

The Human Genome Project is a large, internationally coordinated effort in biological research directed at creating a detailed map of human DNA. This report describes the access of information, management, and regulation of the project. The project led to the development of an instructional module titled The Human Genome Project: Biology, Computers, and Privacy, designed for use in high school biology classes. The module consists of print materials and both Macintosh and Windows versions of related computer software-Appendix A contains a copy of the print materials and discs containing the two versions of the software.

28 CFR 700.11 - Request for access to records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... OR INFORMATION OF THE OFFICE OF INDEPENDENT COUNSEL Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 700.11 Request for access to records. (a) Procedure for making..., DC 20004. Both the envelope and the request itself should be marked: “Privacy Act Request.” (b...

24 CFR 16.4 - Requests for access; requirements.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Urban Development IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 16.4 Requests for access; requirements. (a... responsible Privacy Act Officer identified in Appendix A to this part. Although oral requests may be honored... the letter itself should both clearly indicate that the subject is a PRIVACY ACT REQUEST FOR ACCESS TO...

24 CFR 16.4 - Requests for access; requirements.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Urban Development IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 16.4 Requests for access; requirements. (a... responsible Privacy Act Officer identified in Appendix A to this part. Although oral requests may be honored... the letter itself should both clearly indicate that the subject is a PRIVACY ACT REQUEST FOR ACCESS TO...

28 CFR 700.11 - Request for access to records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... OR INFORMATION OF THE OFFICE OF INDEPENDENT COUNSEL Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 700.11 Request for access to records. (a) Procedure for making..., DC 20004. Both the envelope and the request itself should be marked: “Privacy Act Request.” (b...

21 CFR 21.40 - Procedures for submitting requests for notification and access.

Code of Federal Regulations, 2010 CFR

2010-04-01

... AND HUMAN SERVICES GENERAL PROTECTION OF PRIVACY Procedures for Notification of and Access to Records in Privacy Act Record Systems § 21.40 Procedures for submitting requests for notification and access. (a) An individual may request that the Food and Drug Administration notify him whether a Privacy Act...

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... is contained in records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's...

32 CFR 1701.7 - Requests for notification of and access to records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... THE DIRECTOR OF NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.7 Requests for... the specific Privacy Act System of Records Notice. To ensure proper routing and tracking, requesters...

Protecting the privacy of individual general practice patient electronic records for geospatial epidemiology research.

PubMed

Mazumdar, Soumya; Konings, Paul; Hewett, Michael; Bagheri, Nasser; McRae, Ian; Del Fante, Peter

2014-12-01

General practitioner (GP) practices in Australia are increasingly storing patient information in electronic databases. These practice databases can be accessed by clinical audit software to generate reports that inform clinical or population health decision making and public health surveillance. Many audit software applications also have the capacity to generate de-identified patient unit record data. However, the de-identified nature of the extracted data means that these records often lack geographic information. Without spatial references, it is impossible to build maps reflecting the spatial distribution of patients with particular conditions and needs. Links to socioeconomic, demographic, environmental or other geographically based information are also not possible. In some cases, relatively coarse geographies such as postcode are available, but these are of limited use and researchers cannot undertake precision spatial analyses such as calculating travel times. We describe a method that allows researchers to implement meaningful mapping and spatial epidemiological analyses of practice level patient data while preserving privacy. This solution has been piloted in a diabetes risk research project in the patient population of a practice in Adelaide. The method offers researchers a powerful means of analysing geographic clinic data in a privacy-protected manner. © 2014 Public Health Association of Australia.

75 FR 62514 - Notice of Availability of Report on Data Access and Privacy Issues Related to Smart Grid...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... DEPARTMENT OF ENERGY Notice of Availability of Report on Data Access and Privacy Issues Related to... report entitled, ``Data Access and Privacy Issues Related to Smart Grid Technologies.'' In this report... meeting conducted during the preparation of the report. This report responds to recommendations for DOE...

Using routinely collected health data for surveillance, quality improvement and research: Framework and key questions to assess ethics, privacy and data access.

PubMed

De Lusignan, Simon; Liyanage, Harshana; Di Iorio, Concetta Tania; Chan, Tom; Liaw, Siaw-Teng

2016-01-19

The use of health data for public health, surveillance, quality improvement and research is crucial to improve health systems and health care. However, bodies responsible for privacy and ethics often limit access to routinely collected health data. Ethical approvals, issues around protecting privacy and data access are often dealt with by different layers of regulations, making approval processes appear disjointed. To create a comprehensive framework for defining the ethical and privacy status of a project and for providing guidance on data access. The framework comprises principles and related questions. The core of the framework will be built using standard terminology definitions such as ethics-related controlled vocabularies and regional directives. It is built in this way to reduce ambiguity between different definitions. The framework is extensible: principles can be retired or added to, as can their related questions. Responses to these questions should allow data processors to define ethical issues, privacy risk and other unintended consequences. The framework contains three steps: (1) identifying possible ethical and privacy principles relevant to the project; (2) providing ethics and privacy guidance questions that inform the type of approval needed; and (3) assessing case-specific ethics and privacy issues. The outputs from this process should inform whether the balance between public interests and privacy breach and any ethical considerations are tipped in favour of societal benefits. If they are then this should be the basis on which data access is permitted. Tightly linking ethical principles to governance and data access may help maintain public trust.

Building a Privacy, Ethics, and Data Access Framework for Real World Computerised Medical Record System Data: A Delphi Study. Contribution of the Primary Health Care Informatics Working Group.

PubMed

Liyanage, H; Liaw, S-T; Di Iorio, C T; Kuziemsky, C; Schreiber, R; Terry, A L; de Lusignan, S

2016-11-10

Privacy, ethics, and data access issues pose significant challenges to the timely delivery of health research. Whilst the fundamental drivers to ensure that data access is ethical and satisfies privacy requirements are similar, they are often dealt with in varying ways by different approval processes. To achieve a consensus across an international panel of health care and informatics professionals on an integrated set of privacy and ethics principles that could accelerate health data access in data-driven health research projects. A three-round consensus development process was used. In round one, we developed a baseline framework for privacy, ethics, and data access based on a review of existing literature in the health, informatics, and policy domains. This was further developed using a two-round Delphi consensus building process involving 20 experts who were members of the International Medical Informatics Association (IMIA) and European Federation of Medical Informatics (EFMI) Primary Health Care Informatics Working Groups. To achieve consensus we required an extended Delphi process. The first round involved feedback on and development of the baseline framework. This consisted of four components: (1) ethical principles, (2) ethical guidance questions, (3) privacy and data access principles, and (4) privacy and data access guidance questions. Round two developed consensus in key areas of the revised framework, allowing the building of a newly, more detailed and descriptive framework. In the final round panel experts expressed their opinions, either as agreements or disagreements, on the ethics and privacy statements of the framework finding some of the previous round disagreements to be surprising in view of established ethical principles. This study develops a framework for an integrated approach to ethics and privacy. Privacy breech risk should not be considered in isolation but instead balanced by potential ethical benefit.

Online access to doctors' notes: patient concerns about privacy.

PubMed

Vodicka, Elisabeth; Mejilla, Roanne; Leveille, Suzanne G; Ralston, James D; Darer, Jonathan D; Delbanco, Tom; Walker, Jan; Elmore, Joann G

2013-09-26

Offering patients online access to medical records, including doctors' visit notes, holds considerable potential to improve care. However, patients may worry about loss of privacy when accessing personal health information through Internet-based patient portals. The OpenNotes study provided patients at three US health care institutions with online access to their primary care doctors' notes and then collected survey data about their experiences, including their concerns about privacy before and after participation in the intervention. To identify patients' attitudes toward privacy when given electronic access to their medical records, including visit notes. The design used a nested cohort study of patients surveyed at baseline and after a 1-year period during which they were invited to read their visit notes through secure patient portals. Participants consisted of 3874 primary care patients from Beth Israel Deaconess Medical Center (Boston, MA), Geisinger Health System (Danville, PA), and Harborview Medical Center (Seattle, WA) who completed surveys before and after the OpenNotes intervention. The measures were patient-reported levels of concern regarding privacy associated with online access to visit notes. 32.91% of patients (1275/3874 respondents) reported concerns about privacy at baseline versus 36.63% (1419/3874 respondents) post-intervention. Baseline concerns were associated with non-white race/ethnicity and lower confidence in communicating with doctors, but were not associated with choosing to read notes or desire for continued online access post-intervention (nearly all patients with notes available chose to read them and wanted continued access). While the level of concern among most participants did not change during the intervention, 15.54% (602/3874 respondents, excluding participants who responded "don't know") reported more concern post-intervention, and 12.73% (493/3874 respondents, excluding participants who responded "don't know") reported less concern. When considering online access to visit notes, approximately one-third of patients had concerns about privacy at baseline and post-intervention. These perceptions did not deter participants from accessing their notes, suggesting that the benefits of online access to medical records may outweigh patients' perceived risks to privacy.

Online Access to Doctors' Notes: Patient Concerns About Privacy

PubMed Central

Mejilla, Roanne; Leveille, Suzanne G; Ralston, James D; Darer, Jonathan D; Delbanco, Tom; Walker, Jan; Elmore, Joann G

2013-01-01

Background Offering patients online access to medical records, including doctors’ visit notes, holds considerable potential to improve care. However, patients may worry about loss of privacy when accessing personal health information through Internet-based patient portals. The OpenNotes study provided patients at three US health care institutions with online access to their primary care doctors’ notes and then collected survey data about their experiences, including their concerns about privacy before and after participation in the intervention. Objective To identify patients’ attitudes toward privacy when given electronic access to their medical records, including visit notes. Methods The design used a nested cohort study of patients surveyed at baseline and after a 1-year period during which they were invited to read their visit notes through secure patient portals. Participants consisted of 3874 primary care patients from Beth Israel Deaconess Medical Center (Boston, MA), Geisinger Health System (Danville, PA), and Harborview Medical Center (Seattle, WA) who completed surveys before and after the OpenNotes intervention. The measures were patient-reported levels of concern regarding privacy associated with online access to visit notes. Results 32.91% of patients (1275/3874 respondents) reported concerns about privacy at baseline versus 36.63% (1419/3874 respondents) post-intervention. Baseline concerns were associated with non-white race/ethnicity and lower confidence in communicating with doctors, but were not associated with choosing to read notes or desire for continued online access post-intervention (nearly all patients with notes available chose to read them and wanted continued access). While the level of concern among most participants did not change during the intervention, 15.54% (602/3874 respondents, excluding participants who responded “don’t know”) reported more concern post-intervention, and 12.73% (493/3874 respondents, excluding participants who responded “don’t know”) reported less concern. Conclusions When considering online access to visit notes, approximately one-third of patients had concerns about privacy at baseline and post-intervention. These perceptions did not deter participants from accessing their notes, suggesting that the benefits of online access to medical records may outweigh patients’ perceived risks to privacy. PMID:24072335

Crowdsourcing-based evaluation of privacy in HDR images

NASA Astrophysics Data System (ADS)

Korshunov, Pavel; Nemoto, Hiromi; Skodras, Athanassios; Ebrahimi, Touradj

2014-05-01

The ability of High Dynamic Range imaging (HDRi) to capture details in high-contrast environments, making both dark and bright regions clearly visible, has a strong implication on privacy. However, the extent to which HDRi affects privacy when it is used instead of typical Standard Dynamic Range imaging (SDRi) is not yet clear. In this paper, we investigate the effect of HDRi on privacy via crowdsourcing evaluation using the Microworkers platform. Due to the lack of HDRi standard privacy evaluation dataset, we have created such dataset containing people of varying gender, race, and age, shot indoor and outdoor and under large range of lighting conditions. We evaluate the tone-mapped versions of these images, obtained by several representative tone-mapping algorithms, using subjective privacy evaluation methodology. Evaluation was performed using crowdsourcing-based framework, because it is a popular and effective alternative to traditional lab-based assessment. The results of the experiments demonstrate a significant loss of privacy when even tone-mapped versions of HDR images are used compared to typical SDR images shot with a standard exposure.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

29 CFR 71.2 - Requests for access to records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY... envelope and the request itself should be marked: “Privacy Act Request.” (b) Description of records sought...) Verification of guardianship. The parent, guardian, or representative of a minor or the guardian or...

29 CFR 71.2 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY... envelope and the request itself should be marked: “Privacy Act Request.” (b) Description of records sought...) Verification of guardianship. The parent, guardian, or representative of a minor or the guardian or...

10 CFR 9.65 - Access determinations; appeals.

Code of Federal Regulations, 2010 CFR

2010-01-01

... NUCLEAR REGULATORY COMMISSION PUBLIC RECORDS Privacy Act Regulations Determinations and Appeals § 9.65... access to the record is available under the Privacy Act. For all other agency records, the Freedom of Information Act and Privacy Act Officer with the advice of the system manager having control of the record to...

21 CFR 21.45 - Fees.

Code of Federal Regulations, 2010 CFR

2010-04-01

... DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL PROTECTION OF PRIVACY Procedures for Notification of and Access to Records in Privacy Act Record Systems § 21.45 Fees. (a) Where... which he is granted access. No fee may be charged for making a search of a Privacy Act Record System...

Cloud-assisted mobile-access of health data with privacy and auditability.

PubMed

Tong, Yue; Sun, Jinyuan; Chow, Sherman S M; Li, Pan

2014-03-01

Motivated by the privacy issues, curbing the adoption of electronic healthcare systems and the wild success of cloud service models, we propose to build privacy into mobile healthcare systems with the help of the private cloud. Our system offers salient features including efficient key management, privacy-preserving data storage, and retrieval, especially for retrieval at emergencies, and auditability for misusing health data. Specifically, we propose to integrate key management from pseudorandom number generator for unlinkability, a secure indexing method for privacy-preserving keyword search which hides both search and access patterns based on redundancy, and integrate the concept of attribute-based encryption with threshold signing for providing role-based access control with auditability to prevent potential misbehavior, in both normal and emergency cases.

Data Basin: Expanding Access to Conservation Data, Tools, and People

NASA Astrophysics Data System (ADS)

Comendant, T.; Strittholt, J.; Frost, P.; Ward, B. C.; Bachelet, D. M.; Osborne-Gowey, J.

2009-12-01

Mapping and spatial analysis are a fundamental part of problem solving in conservation science, yet spatial data are widely scattered, difficult to locate, and often unavailable. Valuable time and resources are wasted locating and gaining access to important biological, cultural, and economic datasets, scientific analysis, and experts. As conservation problems become more serious and the demand to solve them grows more urgent, a new way to connect science and practice is needed. To meet this need, an open-access, web tool called Data Basin (www.databasin.org) has been created by the Conservation Biology Institute in partnership with ESRI and the Wilburforce Foundation. Users of Data Basin can gain quick access to datasets, experts, groups, and tools to help solve real-world problems. Individuals and organizations can perform essential tasks such as exploring and downloading from a vast library of conservation datasets, uploading existing datasets, connecting to other external data sources, create groups, and produce customized maps that can be easily shared. Data Basin encourages sharing and publishing, but also provides privacy and security for sensitive information when needed. Users can publish projects within Data Basin to tell more complete and rich stories of discovery and solutions. Projects are an ideal way to publish collections of datasets, maps and other information on the internet to reach wider audiences. Data Basin also houses individual centers that provide direct access to data, maps, and experts focused on specific geographic areas or conservation topics. Current centers being developed include the Boreal Information Centre, the Data Basin Climate Center, and proposed Aquatic and Forest Conservation Centers.

Mining Roles and Access Control for Relational Data under Privacy and Accuracy Constraints

ERIC Educational Resources Information Center

Pervaiz, Zahid

2013-01-01

Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and…

21 CFR 21.44 - Verification of identity.

Code of Federal Regulations, 2011 CFR

2011-04-01

... PRIVACY Procedures for Notification of and Access to Records in Privacy Act Record Systems § 21.44 Verification of identity. (a) An individual seeking access to records in a Privacy Act Record System may be... requests under § 21.75, a parent of a minor child or legal guardian of an incompetent individual may be...

Genome privacy: challenges, technical approaches to mitigate risk, and ethical considerations in the United States

PubMed Central

Wang, Shuang; Jiang, Xiaoqian; Singh, Siddharth; Marmor, Rebecca; Bonomi, Luca; Fox, Dov; Dow, Michelle; Ohno-Machado, Lucila

2016-01-01

Accessing and integrating human genomic data with phenotypes is important for biomedical research. Making genomic data accessible for research purposes, however, must be handled carefully to avoid leakage of sensitive individual information to unauthorized parties and improper use of data. In this article, we focus on data sharing within the scope of data accessibility for research. Current common practices to gain biomedical data access are strictly rule based, without a clear and quantitative measurement of the risk of privacy breaches. In addition, several types of studies require privacy-preserving linkage of genotype and phenotype information across different locations (e.g., genotypes stored in a sequencing facility and phenotypes stored in an electronic health record) to accelerate discoveries. The computer science community has developed a spectrum of techniques for data privacy and confidentiality protection, many of which have yet to be tested on real-world problems. In this article, we discuss clinical, technical, and ethical aspects of genome data privacy and confidentiality in the United States, as well as potential solutions for privacy-preserving genotype–phenotype linkage in biomedical research. PMID:27681358

32 CFR 1701.4 - Privacy Act responsibilities/policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Privacy Act responsibilities/policy. 1701.4... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.4 Privacy Act responsibilities/policy...

32 CFR 1701.4 - Privacy Act responsibilities/policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy Act responsibilities/policy. 1701.4... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.4 Privacy Act responsibilities/policy...

32 CFR 1701.4 - Privacy Act responsibilities/policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Privacy Act responsibilities/policy. 1701.4... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.4 Privacy Act responsibilities/policy...

32 CFR 1701.4 - Privacy Act responsibilities/policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Privacy Act responsibilities/policy. 1701.4... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.4 Privacy Act responsibilities/policy...

32 CFR 1701.4 - Privacy Act responsibilities/policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Privacy Act responsibilities/policy. 1701.4... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.4 Privacy Act responsibilities/policy...

32 CFR 324.8 - Right of access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Right of access. 324.8 Section 324.8 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DFAS PRIVACY ACT PROGRAM Individual Access to Records § 324.8 Right of access. The provisions of DoD...

12 CFR 404.14 - Requirements of request for access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Records Under the Privacy Act of 1974 § 404.14 Requirements of request for access. (a) Form. Requests for... Freedom of Information and Privacy Office at the address in § 404.12(e) and should contain both the return... working days of such notification, then the Freedom of Information and Privacy Office shall notify the...

45 CFR 2106.2 - Requests for access.

Code of Federal Regulations, 2011 CFR

2011-10-01

... WITH 5 U.S.C. 552a, THE PRIVACY ACT OF 1974 § 2106.2 Requests for access. (a) Requirement for written.... The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of... system of records, the request will be presumed to be made under the Privacy Act of 1974. The requester...

45 CFR 2106.2 - Requests for access.

Code of Federal Regulations, 2010 CFR

2010-10-01

... WITH 5 U.S.C. 552a, THE PRIVACY ACT OF 1974 § 2106.2 Requests for access. (a) Requirement for written.... The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of... system of records, the request will be presumed to be made under the Privacy Act of 1974. The requester...

12 CFR 404.14 - Requirements of request for access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Records Under the Privacy Act of 1974 § 404.14 Requirements of request for access. (a) Form. Requests for... Freedom of Information and Privacy Office at the address in § 404.12(e) and should contain both the return... working days of such notification, then the Freedom of Information and Privacy Office shall notify the...

13 CFR 102.39 - SBA's exempt Privacy Act systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false SBA's exempt Privacy Act systems... DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.39 SBA's exempt Privacy Act systems of records. (a) Systems of records subject to investigatory...

13 CFR 102.36 - Privacy Act standards of conduct.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 13 Business Credit and Assistance 1 2011-01-01 2011-01-01 false Privacy Act standards of conduct... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.36 Privacy Act standards of conduct. Each Program/Support Office Head or designee shall inform its...

13 CFR 102.36 - Privacy Act standards of conduct.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 13 Business Credit and Assistance 1 2012-01-01 2012-01-01 false Privacy Act standards of conduct... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.36 Privacy Act standards of conduct. Each Program/Support Office Head or designee shall inform its...

13 CFR 102.36 - Privacy Act standards of conduct.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 13 Business Credit and Assistance 1 2014-01-01 2014-01-01 false Privacy Act standards of conduct... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.36 Privacy Act standards of conduct. Each Program/Support Office Head or designee shall inform its...

13 CFR 102.36 - Privacy Act standards of conduct.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 13 Business Credit and Assistance 1 2013-01-01 2013-01-01 false Privacy Act standards of conduct... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.36 Privacy Act standards of conduct. Each Program/Support Office Head or designee shall inform its...

13 CFR 102.36 - Privacy Act standards of conduct.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Privacy Act standards of conduct... AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.36 Privacy Act standards of conduct. Each Program/Support Office Head or designee shall inform its...

Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

PubMed

Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

2015-01-01

When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios.

CIDR

Science.gov Websites

Completed Projects Publications Contact Information NIH Contacts CIDR Contacts ___________________ -Contact Us -Privacy Policy -Site Map Search You are here: CIDR>Contact Information> CIDR Contacts CIDR 1812 Ashland Ave Suite 200 Baltimore, MD 21205 Contact Us | Privacy Policy | Site Map | Get Adobe

77 FR 46653 - Defense Logistics Agency Privacy Program

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-06

...) Reasons: (i) From 5 U.S.C. 552a(c)(3) and (d), when access to accounting disclosures and access to or... subsection (c)(3), as to grant access to an accounting of disclosures as required by the Privacy Act... (k)(5). (4) Reasons: (i) From subsection (c)(3), as to grant access to an accounting of disclosures...

45 CFR 5b.6 - Special procedures for notification of or access to medical records.

Code of Federal Regulations, 2010 CFR

2010-10-01

... medical records to an individual on a minor's behalf. (i) In order to protect the privacy of a minor, a... invasion of the minor's privacy, that fact will be brought to the attention of the physician or health... ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.6 Special procedures for notification of or access to medical records...

45 CFR 5b.6 - Special procedures for notification of or access to medical records.

Code of Federal Regulations, 2011 CFR

2011-10-01

... medical records to an individual on a minor's behalf. (i) In order to protect the privacy of a minor, a... invasion of the minor's privacy, that fact will be brought to the attention of the physician or health... ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.6 Special procedures for notification of or access to medical records...

20 CFR 401.70 - Appeals of refusals to correct records or refusals to allow access to records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.70 Appeals of... to appeal decisions made by SSA under the Privacy Act concerning your request for correction of or access to your records, those of your minor child, or those of a person for whom you are the legal...

Genome privacy: challenges, technical approaches to mitigate risk, and ethical considerations in the United States.

PubMed

Wang, Shuang; Jiang, Xiaoqian; Singh, Siddharth; Marmor, Rebecca; Bonomi, Luca; Fox, Dov; Dow, Michelle; Ohno-Machado, Lucila

2017-01-01

Accessing and integrating human genomic data with phenotypes are important for biomedical research. Making genomic data accessible for research purposes, however, must be handled carefully to avoid leakage of sensitive individual information to unauthorized parties and improper use of data. In this article, we focus on data sharing within the scope of data accessibility for research. Current common practices to gain biomedical data access are strictly rule based, without a clear and quantitative measurement of the risk of privacy breaches. In addition, several types of studies require privacy-preserving linkage of genotype and phenotype information across different locations (e.g., genotypes stored in a sequencing facility and phenotypes stored in an electronic health record) to accelerate discoveries. The computer science community has developed a spectrum of techniques for data privacy and confidentiality protection, many of which have yet to be tested on real-world problems. In this article, we discuss clinical, technical, and ethical aspects of genome data privacy and confidentiality in the United States, as well as potential solutions for privacy-preserving genotype-phenotype linkage in biomedical research. © 2016 New York Academy of Sciences.

Disentangling privacy from property: toward a deeper understanding of genetic privacy.

PubMed

Suter, Sonia M

2004-04-01

With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by connoting commodification, disaggregation, and arms-length dealings, can negatively affect the self and harm these relationships. This Article concludes that a deeper understanding of genetic privacy calls for remedies for privacy violations that address dignitary harm and breach of trust, as opposed to market harms, as the property model suggests.

4 CFR 200.5 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 4 Accounts 1 2010-01-01 2010-01-01 false Requests for access to records. 200.5 Section 200.5 Accounts RECOVERY ACCOUNTABILITY AND TRANSPARENCY BOARD PRIVACY ACT OF 1974 § 200.5 Requests for access to...: Privacy Act Officer, Recovery Accountability and Transparency Board, 1717 Pennsylvania Avenue, NW., Suite...

32 CFR 321.5 - Access by subject individuals.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Access by subject individuals. 321.5 Section 321.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.5 Access by subject individuals. (a...

32 CFR 321.5 - Access by subject individuals.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Access by subject individuals. 321.5 Section 321.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.5 Access by subject individuals. (a...

32 CFR 321.5 - Access by subject individuals.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Access by subject individuals. 321.5 Section 321.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.5 Access by subject individuals. (a...

32 CFR 321.5 - Access by subject individuals.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Access by subject individuals. 321.5 Section 321.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.5 Access by subject individuals. (a...

32 CFR 321.5 - Access by subject individuals.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Access by subject individuals. 321.5 Section 321.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.5 Access by subject individuals. (a...

28 CFR 16.43 - Responses to requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Responses to requests for access to records. 16.43 Section 16.43 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of...

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

Privacy by Design at Population Data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest.

PubMed

Pencarrick Hertzman, Caitlin; Meagher, Nancy; McGrail, Kimberlyn M

2013-01-01

Population Data BC (PopData) is an innovative leader in facilitating access to linked data for population health research. Researchers from academic institutions across Canada work with PopData to submit data access requests for projects involving linked administrative data, with or without their own researcher-collected data. PopData and its predecessor-the British Columbia Linked Health Database-have facilitated over 350 research projects analyzing a broad spectrum of population health issues. PopData embeds privacy in every aspect of its operations. This case study focuses on how implementing the Privacy by Design model protects privacy while supporting access to individual-level data for research in the public interest. It explores challenges presented by legislation, stewardship, and public perception and demonstrates how PopData achieves both operational efficiencies and due diligence.

Privacy by Design at Population Data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest

PubMed Central

Pencarrick Hertzman, Caitlin; Meagher, Nancy; McGrail, Kimberlyn M

2013-01-01

Population Data BC (PopData) is an innovative leader in facilitating access to linked data for population health research. Researchers from academic institutions across Canada work with PopData to submit data access requests for projects involving linked administrative data, with or without their own researcher-collected data. PopData and its predecessor—the British Columbia Linked Health Database—have facilitated over 350 research projects analyzing a broad spectrum of population health issues. PopData embeds privacy in every aspect of its operations. This case study focuses on how implementing the Privacy by Design model protects privacy while supporting access to individual-level data for research in the public interest. It explores challenges presented by legislation, stewardship, and public perception and demonstrates how PopData achieves both operational efficiencies and due diligence. PMID:22935136

The differing privacy concerns regarding exchanging electronic medical records of internet users in Taiwan.

PubMed

Hwang, Hsin-Ginn; Han, Hwai-En; Kuo, Kuang-Ming; Liu, Chung-Feng

2012-12-01

This study explores whether Internet users have different privacy concerns regarding the information contained in electronic medical records (EMRs) according to gender, age, occupation, education, and EMR awareness. Based on the Concern for Information Privacy (CFIP) scale developed by Smith and colleagues in 1996, we conducted an online survey using 15 items in four dimensions, namely, collection, unauthorized access, secondary use, and errors, to investigate Internet users' concerns regarding the privacy of EMRs under health information exchanges (HIE). We retrieved 213 valid questionnaires. The results indicate that the respondents had substantial privacy concerns regarding EMRs and their educational level and EMR awareness significantly influenced their privacy concerns regarding unauthorized access and secondary use of EMRs. This study recommends that the Taiwanese government organizes a comprehensive EMR awareness campaign, emphasizing unauthorized access and secondary use of EMRs. Additionally, to cultivate the public's understanding of EMRs, the government should employ various media, especially Internet channels, to promote EMR awareness, thereby enabling the public to accept the concept and use of EMRs. People who are highly educated and have superior EMR awareness should be given a comprehensive explanation of how hospitals protect patients' EMRs from unauthorized access and secondary use to address their concerns. Thus, the public can comprehend, trust, and accept the use of EMRs, reducing their privacy concerns, which should facilitate the future implementation of HIE.

Documenting death: public access to government death records and attendant privacy concerns.

PubMed

Boles, Jeffrey R

2012-01-01

This Article examines the contentious relationship between public rights to access government-held death records and privacy rights concerning the deceased, whose personal information is contained in those same records. This right of access dispute implicates core democratic principles and public policy interests. Open access to death records, such as death certificates and autopsy reports, serves the public interest by shedding light on government agency performance, uncovering potential government wrongdoing, providing data on public health trends, and aiding those investigating family history, for instance. Families of the deceased have challenged the release of these records on privacy grounds, as the records may contain sensitive and embarrassing information about the deceased. Legislatures and the courts addressing this dispute have collectively struggled to reconcile the competing open access and privacy principles. The Article demonstrates how a substantial portion of the resulting law in this area is haphazardly formed, significantly overbroad, and loaded with unintended consequences. The Article offers legal reforms to bring consistency and coherence to this currently disordered area of jurisprudence.

10 CFR 1304.105 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.105 Requests for access to records... request access to his or her own records in writing by addressing a letter to: Privacy Act Officer; U.S... via the internet. Internet requests should be transmitted through the Board's Web site at www.nwtrb...

28 CFR 513.50 - Privacy Act requests by inmates.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 28 Judicial Administration 2 2012-07-01 2012-07-01 false Privacy Act requests by inmates. 513.50... ADMINISTRATION ACCESS TO RECORDS Release of Information Privacy Act Requests for Information § 513.50 Privacy Act requests by inmates. Because inmate records are exempt from disclosure under the Privacy Act (see 28 CFR 16...

28 CFR 513.50 - Privacy Act requests by inmates.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 28 Judicial Administration 2 2013-07-01 2013-07-01 false Privacy Act requests by inmates. 513.50... ADMINISTRATION ACCESS TO RECORDS Release of Information Privacy Act Requests for Information § 513.50 Privacy Act requests by inmates. Because inmate records are exempt from disclosure under the Privacy Act (see 28 CFR 16...

28 CFR 513.50 - Privacy Act requests by inmates.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 28 Judicial Administration 2 2014-07-01 2014-07-01 false Privacy Act requests by inmates. 513.50... ADMINISTRATION ACCESS TO RECORDS Release of Information Privacy Act Requests for Information § 513.50 Privacy Act requests by inmates. Because inmate records are exempt from disclosure under the Privacy Act (see 28 CFR 16...

28 CFR 513.50 - Privacy Act requests by inmates.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 28 Judicial Administration 2 2011-07-01 2011-07-01 false Privacy Act requests by inmates. 513.50... ADMINISTRATION ACCESS TO RECORDS Release of Information Privacy Act Requests for Information § 513.50 Privacy Act requests by inmates. Because inmate records are exempt from disclosure under the Privacy Act (see 28 CFR 16...

28 CFR 513.50 - Privacy Act requests by inmates.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Privacy Act requests by inmates. 513.50... ADMINISTRATION ACCESS TO RECORDS Release of Information Privacy Act Requests for Information § 513.50 Privacy Act requests by inmates. Because inmate records are exempt from disclosure under the Privacy Act (see 28 CFR 16...

CIDR

Science.gov Websites

Completed Projects Publications Contact Information NIH Contacts CIDR Contacts ___________________ -Contact Us -Privacy Policy -Site Map Search You are here: CIDR>Contact Us Contact Us The CIDR facility is Contact Us | Privacy Policy | Site Map | Get Adobe Reader Subscribe to CIDR News photo of 1812 Ashland

Trajectory data privacy protection based on differential privacy mechanism

NASA Astrophysics Data System (ADS)

Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong

2018-05-01

In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

The digital divide in public e-health: barriers to accessibility and privacy in state health department websites.

PubMed

West, Darrell M; Miller, Edward Alan

2006-08-01

State health departments have placed a tremendous amount of information, data, and services online in recent years. With the significant increase in online resources at official health sites, though, have come questions concerning equity of access and the confidentiality of electronic medical materials. This paper reports on an examination of public health department websites maintained by the 50 state governments. Using a content analysis of health department sites undertaken each year from 2000 to 2005, we investigate several dimensions of accessibility and privacy: readability levels, disability access, non-English accessibility, and the presence of privacy and security statements. We argue that although progress has been made at improving the accessibility and confidentiality of health department electronic resources, there remains much work to be done to ensure quality access for all Americans in the area of public e-health.

5 CFR 2606.204 - Request for review of an initial denial of access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... ORGANIZATION AND PROCEDURES PRIVACY ACT RULES Access to Records and Accounting of Disclosures § 2606.204 Request for review of an initial denial of access. (a)(1) A data subject may submit a written appeal of... (including the Federal Election Commission) other than OGE, the appeal must be submitted to the Privacy Act...

5 CFR 2606.204 - Request for review of an initial denial of access.

Code of Federal Regulations, 2014 CFR

2014-01-01

... ORGANIZATION AND PROCEDURES PRIVACY ACT RULES Access to Records and Accounting of Disclosures § 2606.204 Request for review of an initial denial of access. (a)(1) A data subject may submit a written appeal of... (including the Federal Election Commission) other than OGE, the appeal must be submitted to the Privacy Act...

EPA's Public Access Website Children’s Privacy and Copyright Issues

EPA Pesticide Factsheets

This document establishes the policy for protecting the privacy of children on EPA’s Public Access Web site. It concerns the collection, both online and off, of information from ages 13 and under, and the display of Personally Identifying Information (PII)

32 CFR 326.8 - Procedures for requesting access.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) PRIVACY PROGRAM NATIONAL RECONNAISSANCE OFFICE PRIVACY ACT PROGRAM § 326.8 Procedures for requesting... available under the Privacy Act, shall address the request in writing to the Privacy Act Coordinator... Number and the date that status was acquired. (ii) The parent or guardian of a minor or of a person...

5 CFR 1302.2 - Requests for access.

Code of Federal Regulations, 2011 CFR

2011-01-01

....2 Administrative Personnel OFFICE OF MANAGEMENT AND BUDGET ADMINISTRATIVE PROCEDURES PRIVACY ACT... the Privacy Act of 1974. In the absence of specifying solely the Privacy Act of 1974 and, if the request may be processed under both the Freedom of Information Act and the Privacy Act and the request...

32 CFR 326.8 - Procedures for requesting access.

Code of Federal Regulations, 2010 CFR

2010-07-01

...) PRIVACY PROGRAM NATIONAL RECONNAISSANCE OFFICE PRIVACY ACT PROGRAM § 326.8 Procedures for requesting... available under the Privacy Act, shall address the request in writing to the Privacy Act Coordinator... Number and the date that status was acquired. (ii) The parent or guardian of a minor or of a person...

37 CFR 251.23 - FOIA and Privacy Act.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 37 Patents, Trademarks, and Copyrights 1 2011-07-01 2011-07-01 false FOIA and Privacy Act. 251.23 Section 251.23 Patents, Trademarks, and Copyrights COPYRIGHT OFFICE, LIBRARY OF CONGRESS COPYRIGHT... Access to and Inspection of Records § 251.23 FOIA and Privacy Act. Freedom of Information Act and Privacy...

37 CFR 251.23 - FOIA and Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 37 Patents, Trademarks, and Copyrights 1 2010-07-01 2010-07-01 false FOIA and Privacy Act. 251.23 Section 251.23 Patents, Trademarks, and Copyrights COPYRIGHT OFFICE, LIBRARY OF CONGRESS COPYRIGHT... Access to and Inspection of Records § 251.23 FOIA and Privacy Act. Freedom of Information Act and Privacy...

21 CFR 21.41 - Processing of requests.

Code of Federal Regulations, 2010 CFR

2010-04-01

... PRIVACY Procedures for Notification of and Access to Records in Privacy Act Record Systems § 21.41... consult with the individual concerning the appropriate treatment of the request. (c) The FDA Privacy Act Coordinator (HFI-30) in the Freedom of Information Staff shall be responsibile for the handling of Privacy Act...

32 CFR 1701.17 - Standards of conduct.

Code of Federal Regulations, 2010 CFR

2010-07-01

... INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.17 Standards of conduct. (a) General. ODNI will ensure that staff are aware of the provisions of the Privacy Act and of their responsibilities for...

32 CFR 1701.6 - Disclosure of records/policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.6 Disclosure of records/policy... Privacy Act Systems of Records Notices (available at http://www.dni.gov); (d) Release to the Bureau of the...

HIPAA Privacy 101: essentials for case management practice.

PubMed

DiBenedetto, Deborah V

2003-01-01

The Health Insurance Portability and Accountability Act (HIPAA) has significant impact on the delivery of healthcare in the United States. The Administrative Simplification (AS) requirements of HIPAA are aimed at reducing administrative costs and burdens in the healthcare industry. The core components of HIPAA's AS requirements address healthcare transactions, code sets, security, unique identifiers, and privacy of health information. HIPAA's privacy standard limits the nonconsensual use and release of private health information, gives patients new rights to access their medical records and to know who else has accessed them, restricts most disclosure of health information to the minimum needed for the intended purpose, establishes new criminal and civil sanctions for improper use or disclosure, and establishes new requirements for access to records by researchers and others. This article focuses on HIPAA's privacy requirements as related to case management of workers compensation populations, the treatment of protected health information, and how case managers can ensure they provide appropriate services while navigating the requirements of HIPAA's privacy standard.

Are Data Sharing and Privacy Protection Mutually Exclusive?

PubMed

Joly, Yann; Dyke, Stephanie O M; Knoppers, Bartha M; Pastinen, Tomi

2016-11-17

We review emerging strategies to protect the privacy of research participants in international epigenome research: open consent, genome donation, registered access, automated procedures, and privacy-enhancing technologies. Copyright © 2016 Elsevier Inc. All rights reserved.

29 CFR 71.50 - General exemptions pursuant to subsection (j) of the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (Investigative Case Tracking Systems/Audit Information Reporting Systems, USDOL/OIG), a system of records... ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 Exemption of Records Systems Under the Privacy Act § 71.50 General exemptions pursuant to subsection (j) of the Privacy Act. (a) The following systems of...

10 CFR 1008.6 - Procedures for Privacy Act requests.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Procedures for Privacy Act requests. 1008.6 Section 1008.6 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access or Amendment § 1008.6 Procedures for Privacy Act requests. (a) Any individual may— (1) Ask...

10 CFR 1008.6 - Procedures for Privacy Act requests.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Procedures for Privacy Act requests. 1008.6 Section 1008.6 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access or Amendment § 1008.6 Procedures for Privacy Act requests. (a) Any individual may— (1) Ask...

10 CFR 1008.6 - Procedures for Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Procedures for Privacy Act requests. 1008.6 Section 1008.6 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access or Amendment § 1008.6 Procedures for Privacy Act requests. (a) Any individual may— (1) Ask...

10 CFR 1008.6 - Procedures for Privacy Act requests.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Procedures for Privacy Act requests. 1008.6 Section 1008.6 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access or Amendment § 1008.6 Procedures for Privacy Act requests. (a) Any individual may— (1) Ask...

10 CFR 1008.6 - Procedures for Privacy Act requests.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Procedures for Privacy Act requests. 1008.6 Section 1008.6 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access or Amendment § 1008.6 Procedures for Privacy Act requests. (a) Any individual may— (1) Ask...

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-01-01

... requests under the Privacy Act made by individuals concerning records about themselves: (a) To determine if... the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

32 CFR 1701.2 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records... have the meanings indicated: Access means making a record available to a subject individual. Act means...). Disclosure means making a record about an individual available to or releasing it to another party. FOIA...

32 CFR 1701.2 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records... have the meanings indicated: Access means making a record available to a subject individual. Act means...). Disclosure means making a record about an individual available to or releasing it to another party. FOIA...

28 CFR 700.14 - Classified information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... INFORMATION OF THE OFFICE OF INDEPENDENT COUNSEL Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 700.14 Classified information. In processing a request for access to a... Executive order concerning the classification of records, the Office shall review the information to...

45 CFR 613.2 - Requesting access to records.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Public Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION PRIVACY ACT... access to NSF records about yourself by appearing in person at the National Science Foundation or by... should be sent to the NSF Privacy Act Officer, National Science Foundation, 4201 Wilson Boulevard, Suite...

45 CFR 613.2 - Requesting access to records.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Public Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION PRIVACY ACT... access to NSF records about yourself by appearing in person at the National Science Foundation or by... should be sent to the NSF Privacy Act Officer, National Science Foundation, 4201 Wilson Boulevard, Suite...

45 CFR 613.2 - Requesting access to records.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Public Welfare Regulations Relating to Public Welfare (Continued) NATIONAL SCIENCE FOUNDATION PRIVACY ACT... access to NSF records about yourself by appearing in person at the National Science Foundation or by... should be sent to the NSF Privacy Act Officer, National Science Foundation, 4201 Wilson Boulevard, Suite...

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

PubMed Central

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-01-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

PubMed

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

A proposed legal framework for addressing privacy for patient controlled health records in pediatrics.

PubMed

Bourgeois, Fabienne; Taylor, Patrick; Mandl, Kenneth

2006-01-01

Patient controlled health records(PCHRs) provide widespread and flexible access to integrated medical information. Unique legal challenges arise where the patient is a minor. Variations in laws and statutes concerning minor's rights to privacy and confidentiality, and institutions' local interpretations of them, need to be integrated in the principles governing PCHRs. We propose a legal framework to guide the development of access policies for PCHRs to ensure appropriate privacy and confidentiality protection surrounding minors.

28 CFR 700.14 - Classified information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 28 Judicial Administration 2 2013-07-01 2013-07-01 false Classified information. 700.14 Section... INFORMATION OF THE OFFICE OF INDEPENDENT COUNSEL Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 700.14 Classified information. In processing a request for access to a...

22 CFR 171.32 - Request for access to records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... RECORDS TO THE PUBLIC Privacy Act Provisions § 171.32 Request for access to records. (a) Description of... individuals requesting records under the Privacy Act to ensure that records are disclosed only to the proper.... Upon presentation of documentation of the parental relationship, a parent of a minor (an unmarried...

22 CFR 171.32 - Request for access to records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... RECORDS TO THE PUBLIC Privacy Act Provisions § 171.32 Request for access to records. (a) Description of... individuals requesting records under the Privacy Act to ensure that records are disclosed only to the proper.... Upon presentation of documentation of the parental relationship, a parent of a minor (an unmarried...

49 CFR 802.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... RULES IMPLEMENTING THE PRIVACY ACT OF 1974 Applicability and Policy § 802.1 Purpose and scope. The.... NTSB policy encompasses the safeguarding of individual privacy from any misuse of Federal records and the provision of access to individuals to NTSB records concerning them, except where such access is in...

Balancing access to health data and privacy: a review of the issues and approaches for the future.

PubMed

Lane, Julia; Schur, Claudia

2010-10-01

There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the "maximum acceptable risk" level and rendering some data unreleasable. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. One particularly compelling approach is to establish a remote access "data enclave," where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection. © Health Research and Educational Trust.

Access control and privacy in large distributed systems

NASA Technical Reports Server (NTRS)

Leiner, B. M.; Bishop, M.

1986-01-01

Large scale distributed systems consists of workstations, mainframe computers, supercomputers and other types of servers, all connected by a computer network. These systems are being used in a variety of applications including the support of collaborative scientific research. In such an environment, issues of access control and privacy arise. Access control is required for several reasons, including the protection of sensitive resources and cost control. Privacy is also required for similar reasons, including the protection of a researcher's proprietary results. A possible architecture for integrating available computer and communications security technologies into a system that meet these requirements is described. This architecture is meant as a starting point for discussion, rather that the final answer.

Variability in adolescent portal privacy features: how the unique privacy needs of the adolescent patient create a complex decision-making process.

PubMed

Sharko, Marianne; Wilcox, Lauren; Hong, Matthew K; Ancker, Jessica S

2018-05-17

Medical privacy policies, which are clear-cut for adults and young children, become ambiguous during adolescence. Yet medical organizations must establish unambiguous rules about patient and parental access to electronic patient portals. We conducted a national interview study to characterize the diversity in adolescent portal policies across a range of institutions and determine the factors influencing decisions about these policies. Within a sampling framework that ensured diversity of geography and medical organization type, we used purposive and snowball sampling to identify key informants. Semi-structured interviews were conducted and analyzed with inductive thematic analysis, followed by a member check. We interviewed informants from 25 medical organizations. Policies established different degrees of adolescent access (from none to partial to complete), access ages (from 10 to 18 years), degrees of parental access, and types of information considered sensitive. Federal and state law did not dominate policy decisions. Other factors in the decision process were: technology capabilities; differing patient population needs; resources; community expectations; balance between information access and privacy; balance between promoting autonomy and promoting family shared decision-making; and tension between teen privacy and parental preferences. Some informants believed that clearer standards would simplify policy-making; others worried that standards could restrict high-quality polices. In the absence of universally accepted standards, medical organizations typically undergo an arduous decision-making process to develop teen portal policies, weighing legal, economic, social, clinical, and technological factors. As a result, portal access policies are highly inconsistent across the United States and within individual states.

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

32 CFR 323.5 - Access to systems of records information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.5 Access to systems of records... Logistics Agency, ATTN: DGA, 8725 John J. Kingman Road, Suite 1644, Fort Belvoir, VA 22060-6221. Any written... General Counsel, Defense Logistics Agency, ATTN: DGA, Suite 1644, 8725 John J. Kingman Road, Fort Belvoir...

32 CFR 323.5 - Access to systems of records information.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.5 Access to systems of records... Logistics Agency, ATTN: DGA, 8725 John J. Kingman Road, Suite 1644, Fort Belvoir, VA 22060-6221. Any written... General Counsel, Defense Logistics Agency, ATTN: DGA, Suite 1644, 8725 John J. Kingman Road, Fort Belvoir...

77 FR 48199 - Privacy Act; System of Records: State-35, Information Access Programs Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-13

..., the Privacy Act, the Ethics in Government Act, the access provisions of Executive Order 13526 or a...; requester's name and requester's mailing and email address; Social Security number (if provided by the...: Hard copy and electronic media. RETRIEVABILITY: Individual name, case number. SAFEGUARDS: All users are...

32 CFR 1901.22 - Action and determination(s) by originator(s) or any interested party.

Code of Federal Regulations, 2012 CFR

2012-07-01

... for access. CIA components tasked pursuant to a Privacy Act access request shall search all relevant... any). (b) Initial action for amendment. CIA components tasked pursuant to a Privacy Act amendment... amendment request. If the CIA component records manager declines to make the requested amendment or declines...

32 CFR 1901.22 - Action and determination(s) by originator(s) or any interested party.

Code of Federal Regulations, 2014 CFR

2014-07-01

... for access. CIA components tasked pursuant to a Privacy Act access request shall search all relevant... any). (b) Initial action for amendment. CIA components tasked pursuant to a Privacy Act amendment... amendment request. If the CIA component records manager declines to make the requested amendment or declines...

32 CFR 1901.22 - Action and determination(s) by originator(s) or any interested party.

Code of Federal Regulations, 2010 CFR

2010-07-01

... for access. CIA components tasked pursuant to a Privacy Act access request shall search all relevant... any). (b) Initial action for amendment. CIA components tasked pursuant to a Privacy Act amendment... amendment request. If the CIA component records manager declines to make the requested amendment or declines...

Web GIS in practice V: 3-D interactive and real-time mapping in Second Life

PubMed Central

Boulos, Maged N Kamel; Burden, David

2007-01-01

This paper describes technologies from Daden Limited for geographically mapping and accessing live news stories/feeds, as well as other real-time, real-world data feeds (e.g., Google Earth KML feeds and GeoRSS feeds) in the 3-D virtual world of Second Life, by plotting and updating the corresponding Earth location points on a globe or some other suitable form (in-world), and further linking those points to relevant information and resources. This approach enables users to visualise, interact with, and even walk or fly through, the plotted data in 3-D. Users can also do the reverse: put pins on a map in the virtual world, and then view the data points on the Web in Google Maps or Google Earth. The technologies presented thus serve as a bridge between mirror worlds like Google Earth and virtual worlds like Second Life. We explore the geo-data display potential of virtual worlds and their likely convergence with mirror worlds in the context of the future 3-D Internet or Metaverse, and reflect on the potential of such technologies and their future possibilities, e.g. their use to develop emergency/public health virtual situation rooms to effectively manage emergencies and disasters in real time. The paper also covers some of the issues associated with these technologies, namely user interface accessibility and individual privacy. PMID:18042275

Footprints near the Surf: Individual Privacy Decisions in Online Contexts

ERIC Educational Resources Information Center

McDonald, Aleecia M.

2010-01-01

As more people seek the benefits of going online, more people are exposed to privacy risks from their time online. With a largely unregulated Internet, self-determination about privacy risks must be feasible for people from all walks of life. Yet in many cases decisions are either not obvious or not accessible. As one example, privacy policies are…

10 CFR 727.4 - Is there any expectation of privacy applicable to a DOE computer?

Code of Federal Regulations, 2012 CFR

2012-01-01

... Communications Privacy Act of 1986), no user of a DOE computer shall have any expectation of privacy in the use... computer? 727.4 Section 727.4 Energy DEPARTMENT OF ENERGY CONSENT FOR ACCESS TO INFORMATION ON DEPARTMENT OF ENERGY COMPUTERS § 727.4 Is there any expectation of privacy applicable to a DOE computer...

10 CFR 727.4 - Is there any expectation of privacy applicable to a DOE computer?

Code of Federal Regulations, 2014 CFR

2014-01-01

... Communications Privacy Act of 1986), no user of a DOE computer shall have any expectation of privacy in the use... computer? 727.4 Section 727.4 Energy DEPARTMENT OF ENERGY CONSENT FOR ACCESS TO INFORMATION ON DEPARTMENT OF ENERGY COMPUTERS § 727.4 Is there any expectation of privacy applicable to a DOE computer...

10 CFR 727.4 - Is there any expectation of privacy applicable to a DOE computer?

Code of Federal Regulations, 2013 CFR

2013-01-01

... Communications Privacy Act of 1986), no user of a DOE computer shall have any expectation of privacy in the use... computer? 727.4 Section 727.4 Energy DEPARTMENT OF ENERGY CONSENT FOR ACCESS TO INFORMATION ON DEPARTMENT OF ENERGY COMPUTERS § 727.4 Is there any expectation of privacy applicable to a DOE computer...

10 CFR 727.4 - Is there any expectation of privacy applicable to a DOE computer?

Code of Federal Regulations, 2010 CFR

2010-01-01

... Communications Privacy Act of 1986), no user of a DOE computer shall have any expectation of privacy in the use... computer? 727.4 Section 727.4 Energy DEPARTMENT OF ENERGY CONSENT FOR ACCESS TO INFORMATION ON DEPARTMENT OF ENERGY COMPUTERS § 727.4 Is there any expectation of privacy applicable to a DOE computer...

10 CFR 727.4 - Is there any expectation of privacy applicable to a DOE computer?

Code of Federal Regulations, 2011 CFR

2011-01-01

... Communications Privacy Act of 1986), no user of a DOE computer shall have any expectation of privacy in the use... computer? 727.4 Section 727.4 Energy DEPARTMENT OF ENERGY CONSENT FOR ACCESS TO INFORMATION ON DEPARTMENT OF ENERGY COMPUTERS § 727.4 Is there any expectation of privacy applicable to a DOE computer...

32 CFR 324.14 - Relationship between the Privacy Act and the Freedom of Information Act.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Relationship between the Privacy Act and the Freedom of Information Act. 324.14 Section 324.14 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DFAS PRIVACY ACT PROGRAM Individual Access to Records § 324.14 Relationship between the...

[A computerized system for the management of letters of authorization for access to sensitive data in a research and teaching hospital].

PubMed

Bodina, Annalisa; Brizzolara, Antonella; Vadruccio, Gianluca; Castaldi, Silvana

2012-01-01

This paper describes the experience of a hospital which has introduced a system of computerized management of letters of authorization for healthcare workers to access sensitive health data, through the use of open source software. A new corporate intranet portal was created with access given only to the privacy contacts of each operational unit of the hospital. Once the privacy contact has entered the relevant user authorization, these must be approved first by the Directors of the respective operational units and finally by the privacy officer. The introduction of this system has allowed a systematic approach to the management of authorization for access to health data by hospital staff, regular updating and monitoring of the authorization and the start of a process of digitalization of documents.

32 CFR 1701.2 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... information; benefit data or claims information; the Social Security number, employer identification number... ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.2 Definitions. For purposes of this subpart, the following terms...

32 CFR 310.48 - Criminal penalties.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Privacy Act Violations § 310.48 Criminal penalties. (a) The Act also provides... requests or obtains access to any record concerning another individual under false pretenses may be found...

10 CFR 1008.7 - Processing of requests.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Manager or Managers concerned shall transmit to the Privacy Act Officer the requested material. The... DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access....6 shall be promptly acknowledged by the Privacy Act Officer. (b) Each request shall be acted upon...

Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy.

PubMed

Mulligan, Deirdre K; Koopman, Colin; Doty, Nick

2016-12-28

The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy's disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy's essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy's multiple uses across multiple contexts.This article is part of the themed issue 'The ethical impact of data science'. © 2016 The Author(s).

10 CFR 1008.7 - Processing of requests.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF ENERGY (GENERAL PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) Requests for Access....6 shall be promptly acknowledged by the Privacy Act Officer. (b) Each request shall be acted upon... Manager or designee. If a response cannot be made within ten working days, the appropriate Privacy Act...

12 CFR 216.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... sending any information regarding the customer relationship, and your current privacy notice remains.... You may reasonably expect that a customer will receive actual notice of your annual privacy notice if: (1) The customer uses your web site to access financial products and services electronically and...

12 CFR 332.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... sending any information regarding the customer relationship, and your current privacy notice remains.... You may reasonably expect that a customer will receive actual notice of your annual privacy notice if: (1) The customer uses your web site to access financial products and services electronically and...

Driving toward guiding principles: a goal for privacy, confidentiality, and security of health information.

PubMed

Buckovich, S A; Rippen, H E; Rozen, M J

1999-01-01

As health care moves from paper to electronic data collection, providing easier access and dissemination of health information, the development of guiding privacy, confidentiality, and security principles is necessary to help balance the protection of patients' privacy interests against appropriate information access. A comparative review and analysis was done, based on a compilation of privacy, confidentiality, and security principles from many sources. Principles derived from ten identified sources were compared with each of the compiled principles to assess support level, uniformity, and inconsistencies. Of 28 compiled principles, 23 were supported by at least 50 percent of the sources. Technology could address at least 12 of the principles. Notable consistencies among the principles could provide a basis for consensus for further legislative and organizational work. It is imperative that all participants in our health care system work actively toward a viable resolution of this information privacy debate.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

PubMed Central

Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

2015-01-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

An examination of electronic health information privacy in older adults.

PubMed

Le, Thai; Thompson, Hilaire; Demiris, George

2013-01-01

Older adults are the quickest growing demographic group and are key consumers of health services. As the United States health system transitions to electronic health records, it is important to understand older adult perceptions of privacy and security. We performed a secondary analysis of the Health Information National Trends Survey (2012, Cycle 1), to examine differences in perceptions of electronic health information privacy between older adults and the general population. We found differences in the level of importance placed on access to electronic health information (older adults placed greater emphasis on provider as opposed to personal access) and tendency to withhold information out of concerns for privacy and security (older adults were less likely to withhold information). We provide recommendations to alleviate some of these privacy concerns. This may facilitate greater use of electronic health communication between patient and provider, while promoting shared decision making.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

PubMed

Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

2015-07-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

45 CFR 5b.5 - Notification of or access to records.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 5b.5 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT... privacy if disclosed to someone other than the subject individual; or, (ii) He makes a request for access... minor or legal incompetent as authorized under § 5b.10 of this part shall verify his relationship to the...

45 CFR 5b.5 - Notification of or access to records.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 5b.5 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT... privacy if disclosed to someone other than the subject individual; or, (ii) He makes a request for access... minor or legal incompetent as authorized under § 5b.10 of this part shall verify his relationship to the...

10 CFR 1705.04 - Requests by persons for access to their own records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Requests by persons for access to their own records. 1705.04 Section 1705.04 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.04 Requests by... her own records in writing by addressing a letter to: Privacy Act Officer, Defense Nuclear Facilities...

36 CFR 1256.28 - Does NARA make any exceptions for access to records containing privacy-restricted information?

Code of Federal Regulations, 2012 CFR

2012-07-01

... research to qualified persons doing biomedical or social science research under the conditions outlined in... researchers in accordance with § 1256.24. (3) NARA will not grant access to restricted census and survey... research must submit a written request to the NARA FOIA/Privacy Act Officer (NGC), National Archives and...

36 CFR 1256.28 - Does NARA make any exceptions for access to records containing privacy-restricted information?

Code of Federal Regulations, 2014 CFR

2014-07-01

... research to qualified persons doing biomedical or social science research under the conditions outlined in... researchers in accordance with § 1256.24. (3) NARA will not grant access to restricted census and survey... research must submit a written request to the NARA FOIA/Privacy Act Officer (NGC), National Archives and...

36 CFR 1256.28 - Does NARA make any exceptions for access to records containing privacy-restricted information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... research to qualified persons doing biomedical or social science research under the conditions outlined in... researchers in accordance with § 1256.24. (3) NARA will not grant access to restricted census and survey... research must submit a written request to the NARA FOIA/Privacy Act Officer (NGC), National Archives and...

10 CFR 1705.04 - Requests by persons for access to their own records.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Requests by persons for access to their own records. 1705.04 Section 1705.04 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.04 Requests by... her own records in writing by addressing a letter to: Privacy Act Officer, Defense Nuclear Facilities...

10 CFR 1705.04 - Requests by persons for access to their own records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Requests by persons for access to their own records. 1705.04 Section 1705.04 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.04 Requests by... her own records in writing by addressing a letter to: Privacy Act Officer, Defense Nuclear Facilities...

10 CFR 1705.04 - Requests by persons for access to their own records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Requests by persons for access to their own records. 1705.04 Section 1705.04 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.04 Requests by... her own records in writing by addressing a letter to: Privacy Act Officer, Defense Nuclear Facilities...

10 CFR 1705.04 - Requests by persons for access to their own records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Requests by persons for access to their own records. 1705.04 Section 1705.04 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.04 Requests by... her own records in writing by addressing a letter to: Privacy Act Officer, Defense Nuclear Facilities...

Archiving data from new survey technologies: Enabling research with high-precision data while preserving participant privacy

DOE PAGES

Gonder, Jeffrey; Burton, Evan; Murakami, Elaine

2015-12-29

Despite the significant effort and expense to collect high-resolution Global Positioning System (GPS) data in travel surveys, privacy concerns often lead to its underutilization. This paper describes development of the Transportation Secure Data Center (TSDC) to address this dilemma of providing data access while preserving privacy. Furthermore, the TSDC operating structure was developed in consultation with an advisory committee and includes: a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using amore » variety of tools and reference information.« less

13 CFR 102.30 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Preservation of records. 102.30 Section 102.30 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION RECORD DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.30 Preservation of...

13 CFR 102.37 - Training requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Training requirements. 102.37... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.37 Training requirements. All employees should attend privacy training within one year of employment with SBA. All...

32 CFR 1665.2 - Requests for access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense SELECTIVE SERVICE SYSTEM PRIVACY ACT... description of such system of records. The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of specifying solely the Privacy Act of 1974 and, if the request may be...

32 CFR 1665.2 - Requests for access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense SELECTIVE SERVICE SYSTEM PRIVACY ACT... description of such system of records. The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of specifying solely the Privacy Act of 1974 and, if the request may be...

16 CFR 313.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... refrain from sending any information regarding the customer relationship, and your current privacy notice...) Annual notices only. You may reasonably expect that a customer will receive actual notice of your annual privacy notice if: (1) The customer uses your web site to access financial products and services...

17 CFR 248.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... regarding the customer relationship, and your current privacy notice remains available to the customer upon... reasonably expect that a customer will receive actual notice of your annual privacy notice if: (i) The customer uses your web site to access financial products and services electronically and agrees to receive...

Data Privacy Laws Follow Lead of Oklahoma and California

ERIC Educational Resources Information Center

Vance, Amelia

2016-01-01

Oklahoma's Student Data Accessibility, Transparency, and Accountability Act (known as the Student DATA Act) arose just as privacy concerns about student data were beginning to surface. According to Linnette Attai, founder of education technology compliance consultancy PlayWell LLC, "When this climate of data privacy first emerged in its…

28 CFR 0.24 - General functions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... agencies and the Department; (e) Responding to initial requests made under the FOIA and the Privacy Act for... such component under the FOIA and the Privacy Act. (f) Acting on behalf of the Attorney General on FOIA and Privacy Act access administrative appeals for all components of the Department, except that a...

14 CFR 1212.100 - Scope and purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

....100 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy § 1212.100 Scope and purpose. This part 1212 implements the Privacy Act of 1974, as amended (5 U.S.C. 552a). It establishes procedures for individuals to access their Privacy Act records and to...

13 CFR 102.21 - Agency employees responsible for the Privacy Act of 1974.

Code of Federal Regulations, 2011 CFR

2011-01-01

... systems of records in that office. (c) Senior Agency Official for Privacy is SBA's Chief Information Officer (CIO) who has overall responsibility and accountability for ensuring the SBA's implementation of...) Chief, Freedom of Information/Privacy Acts (FOI/PA) Office oversees and implements the record access...

13 CFR 102.21 - Agency employees responsible for the Privacy Act of 1974.

Code of Federal Regulations, 2014 CFR

2014-01-01

... systems of records in that office. (c) Senior Agency Official for Privacy is SBA's Chief Information Officer (CIO) who has overall responsibility and accountability for ensuring the SBA's implementation of...) Chief, Freedom of Information/Privacy Acts (FOI/PA) Office oversees and implements the record access...

13 CFR 102.21 - Agency employees responsible for the Privacy Act of 1974.

Code of Federal Regulations, 2013 CFR

2013-01-01

... systems of records in that office. (c) Senior Agency Official for Privacy is SBA's Chief Information Officer (CIO) who has overall responsibility and accountability for ensuring the SBA's implementation of...) Chief, Freedom of Information/Privacy Acts (FOI/PA) Office oversees and implements the record access...

13 CFR 102.21 - Agency employees responsible for the Privacy Act of 1974.

Code of Federal Regulations, 2012 CFR

2012-01-01

... systems of records in that office. (c) Senior Agency Official for Privacy is SBA's Chief Information Officer (CIO) who has overall responsibility and accountability for ensuring the SBA's implementation of...) Chief, Freedom of Information/Privacy Acts (FOI/PA) Office oversees and implements the record access...

Technology, Privacy, and Electronic Freedom of Speech.

ERIC Educational Resources Information Center

McDonald, Frances M.

1986-01-01

Explores five issues related to technology's impact on privacy and access to information--regulation and licensing of the press, electronic surveillance, invasion of privacy, copyright, and policy-making and regulation. The importance of First Amendment rights and civil liberties in forming a coherent national information policy is stressed.…

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

PubMed

Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

2014-08-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

PubMed Central

Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

2014-01-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

36 CFR § 1256.28 - Does NARA make any exceptions for access to records containing privacy-restricted information?

Code of Federal Regulations, 2013 CFR

2013-07-01

... research to qualified persons doing biomedical or social science research under the conditions outlined in... researchers in accordance with § 1256.24. (3) NARA will not grant access to restricted census and survey... research must submit a written request to the NARA FOIA/Privacy Act Officer (NGC), National Archives and...

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

PubMed Central

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients’ frequency of accessing health records, patients’ positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. PMID:29643052

On genomics, kin, and privacy

PubMed Central

Telenti, Amalio; Ayday, Erman; Hubaux, Jean Pierre

2014-01-01

The storage of greater numbers of exomes or genomes raises the question of loss of privacy for the individual and for families if genomic data are not properly protected. Access to genome data may result from a personal decision to disclose, or from gaps in protection. In either case, revealing genome data has consequences beyond the individual, as it compromises the privacy of family members. Increasing availability of genome data linked or linkable to metadata through online social networks and services adds one additional layer of complexity to the protection of genome privacy.  The field of computer science and information technology offers solutions to secure genomic data so that individuals, medical personnel or researchers can access only the subset of genomic information required for healthcare or dedicated studies. PMID:25254097

Striking the balance: Privacy and spatial pattern preservation in masked GPS data

NASA Astrophysics Data System (ADS)

Seidl, Dara E.

Volunteered location and trajectory data are increasingly collected and applied in analysis for a variety of academic fields and recreational pursuits. As access to personal location data increases, issues of privacy arise as individuals become identifiable and linked to other repositories of information. While the quality and precision of data are essential to accurate analysis, there is a tradeoff between privacy and access to data. Obfuscation of point data is a solution that aims to protect privacy and maximize preservation of spatial pattern. This study explores two methods of location obfuscation for volunteered GPS data: grid masking and random perturbation. These methods are applied to travel survey GPS data in the greater metropolitan regions of Chicago and Atlanta in the first large-scale GPS masking study of its kind.

36 CFR 902.56 - Protection of personal privacy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 36 Parks, Forests, and Public Property 3 2012-07-01 2012-07-01 false Protection of personal privacy. 902.56 Section 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION FREEDOM OF INFORMATION ACT Exemptions From Public Access to Corporation Records § 902.56 Protection of personal privacy. (a) Any of the followin...

36 CFR 902.56 - Protection of personal privacy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false Protection of personal privacy. 902.56 Section 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION FREEDOM OF INFORMATION ACT Exemptions From Public Access to Corporation Records § 902.56 Protection of personal privacy. (a) Any of the followin...

36 CFR 902.56 - Protection of personal privacy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 36 Parks, Forests, and Public Property 3 2011-07-01 2011-07-01 false Protection of personal privacy. 902.56 Section 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION FREEDOM OF INFORMATION ACT Exemptions From Public Access to Corporation Records § 902.56 Protection of personal privacy. (a) Any of the followin...

36 CFR 902.56 - Protection of personal privacy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 36 Parks, Forests, and Public Property 3 2014-07-01 2014-07-01 false Protection of personal privacy. 902.56 Section 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION FREEDOM OF INFORMATION ACT Exemptions From Public Access to Corporation Records § 902.56 Protection of personal privacy. (a) Any of the followin...

28 CFR 16.93 - Exemption of Tax Division Systems-limited access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16.93 Exemption of Tax... necessary to protect the privacy and physical safety of witnesses and informants. (9)(e)(5). In the... information. Such exemption is further necessary to protect the privacy and physical safety of witnesses and...

13 CFR 102.41 - Other provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Other provisions. 102.41 Section 102.41 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION RECORD DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.41 Other provisions. (a) Personnel records. All SBA personnel...

12 CFR 716.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... receive actual notice of your annual privacy notice if: (1) The member uses your web site to access financial products and services electronically and agrees to receive notices at your web site and you post your current privacy notice continuously in a clear and conspicuous manner on your web site; or (2) The...

24 CFR 16.7 - Administrative review of initial denial of access.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Housing and Urban Development IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 16.7 Administrative review of... Privacy Appeals Officer identified in the initial denial, which official is authorized to make final... that the subject is a PRIVACY ACT REQUEST FOR REVIEW. (c) When a request for review is misdirected by...

13 CFR 102.40 - Computer matching.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.40 Computer...) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C... 13 Business Credit and Assistance 1 2013-01-01 2013-01-01 false Computer matching. 102.40 Section...

13 CFR 102.40 - Computer matching.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.40 Computer...) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C... 13 Business Credit and Assistance 1 2014-01-01 2014-01-01 false Computer matching. 102.40 Section...

13 CFR 102.40 - Computer matching.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.40 Computer...) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Computer matching. 102.40 Section...

13 CFR 102.40 - Computer matching.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.40 Computer...) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C... 13 Business Credit and Assistance 1 2011-01-01 2011-01-01 false Computer matching. 102.40 Section...

13 CFR 102.40 - Computer matching.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.40 Computer...) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C... 13 Business Credit and Assistance 1 2012-01-01 2012-01-01 false Computer matching. 102.40 Section...

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Determining existence of records subject to the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

78 FR 26623 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-07

...: Mr. Leroy Jones, Department of the Army, Privacy Office, U.S. Army Records Management and... disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, these records..., accessing, retaining, and disposing of records in the system: Storage: Paper records and electronic storage...

12 CFR 716.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2011 CFR

2011-01-01

... receive actual notice of your annual privacy notice if: (1) The member uses your web site to access financial products and services electronically and agrees to receive notices at your web site and you post your current privacy notice continuously in a clear and conspicuous manner on your web site; or (2) The...

Display methods of electronic patient record screens: patient privacy concerns.

PubMed

Niimi, Yukari; Ota, Katsumasa

2013-01-01

To provide adequate care, medical professionals have to collect not only medical information but also information that may be related to private aspects of the patient's life. With patients' increasing awareness of information privacy, healthcare providers have to pay attention to the patients' right of privacy. This study aimed to clarify the requirements of the display method of electronic patient record (EPR) screens in consideration of both patients' information privacy concerns and health professionals' information needs. For this purpose, semi-structured group interviews were conducted of 78 medical professionals. They pointed out that partial concealment of information to meet patients' requests for privacy could result in challenges in (1) safety in healthcare, (2) information sharing, (3) collaboration, (4) hospital management, and (5) communication. They believed that EPRs should (1) meet the requirements of the therapeutic process, (2) have restricted access, (3) provide convenient access to necessary information, and (4) facilitate interprofessional collaboration. This study provides direction for the development of display methods that balance the sharing of vital information and protection of patient privacy.

Balancing digital information-sharing and patient privacy when engaging families in the intensive care unit.

PubMed

Brown, Samuel M; Aboumatar, Hanan J; Francis, Leslie; Halamka, John; Rozenblum, Ronen; Rubin, Eileen; Sarnoff Lee, Barbara; Sugarman, Jeremy; Turner, Kathleen; Vorwaller, Micah; Frosch, Dominick L

2016-09-01

Patients in intensive care units (ICUs) may lack decisional capacity and may depend on proxy decision makers (PDMs) to make medical decisions on their behalf. High-quality information-sharing with PDMs, including through such means as health information technology, could improve communication and decision making and could potentially minimize the psychological consequences of an ICU stay for both patients and their family members. However, alongside these anticipated benefits of information-sharing are risks of unwanted disclosure of sensitive information. Approaches to identifying the optimal balance between access to digital health information to facilitate engagement and protecting patient privacy are urgently needed. We identified eight themes that should be considered in balancing health information access and patient privacy: 1) potential benefits to patients from PDM data access; 2) potential harms to patients from such access; 3) the moral status of families within the patient-clinician relationship; 4) the scope of relevant information provided to PDMs; 5) issues around defining PDMs' authority; 6) methods for eliciting and documenting patient preferences about their family's information access; 7) the relevance of methods for ascertaining the identity of PDMs; and 8) the obligations of hospitals to prevent privacy breaches by PDMs. We conclude that PDMs should typically have access to health information from the current episode of care when the patient is decisionally impaired, unless the patient has previously expressed a clear preference that PDMs not have such access. © The Author 2016. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

5 CFR 297.203 - Access by the parent of a minor or by the legal guardian of an individual declared to be...

Code of Federal Regulations, 2011 CFR

2011-01-01

... Office. (c) Minors are not precluded from exercising personally those rights provided them by the Privacy... 5 Administrative Personnel 1 2011-01-01 2011-01-01 false Access by the parent of a minor or by the... Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY PROCEDURES FOR PERSONNEL RECORDS...

5 CFR 297.203 - Access by the parent of a minor or by the legal guardian of an individual declared to be...

Code of Federal Regulations, 2010 CFR

2010-01-01

... Office. (c) Minors are not precluded from exercising personally those rights provided them by the Privacy... 5 Administrative Personnel 1 2010-01-01 2010-01-01 false Access by the parent of a minor or by the... Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY PROCEDURES FOR PERSONNEL RECORDS...

Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems.

PubMed

Lou, Der-Chyuan; Lee, Tian-Fu; Lin, Tsung-Hung

2015-05-01

Authenticated key agreements for telecare medicine information systems provide patients, doctors, nurses and health visitors with accessing medical information systems and getting remote services efficiently and conveniently through an open network. In order to have higher security, many authenticated key agreement schemes appended biometric keys to realize identification except for using passwords and smartcards. Due to too many transmissions and computational costs, these authenticated key agreement schemes are inefficient in communication and computation. This investigation develops two secure and efficient authenticated key agreement schemes for telecare medicine information systems by using biometric key and extended chaotic maps. One scheme is synchronization-based, while the other nonce-based. Compared to related approaches, the proposed schemes not only retain the same security properties with previous schemes, but also provide users with privacy protection and have fewer transmissions and lower computational cost.

An unsupervised classification method for inferring original case locations from low-resolution disease maps.

PubMed

Brownstein, John S; Cassa, Christopher A; Kohane, Isaac S; Mandl, Kenneth D

2006-12-08

Widespread availability of geographic information systems software has facilitated the use of disease mapping in academia, government and private sector. Maps that display the address of affected patients are often exchanged in public forums, and published in peer-reviewed journal articles. As previously reported, a search of figure legends in five major medical journals found 19 articles from 1994-2004 that identify over 19,000 patient addresses. In this report, a method is presented to evaluate whether patient privacy is being breached in the publication of low-resolution disease maps. To demonstrate the effect, a hypothetical low-resolution map of geocoded patient addresses was created and the accuracy with which patient addresses can be resolved is described. Through georeferencing and unsupervised classification of the original image, the method precisely re-identified 26% (144/550) of the patient addresses from a presentation quality map and 79% (432/550) from a publication quality map. For the presentation quality map, 99.8% of the addresses were within 70 meters (approximately one city block length) of the predicted patient location, 51.6% of addresses were identified within five buildings, 70.7% within ten buildings and 93% within twenty buildings. For the publication quality map, all addresses were within 14 meters and 11 buildings of the predicted patient location. This study demonstrates that lowering the resolution of a map displaying geocoded patient addresses does not sufficiently protect patient addresses from re-identification. Guidelines to protect patient privacy, including those of medical journals, should reflect policies that ensure privacy protection when spatial data are displayed or published.

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services.

PubMed

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider.

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services

PubMed Central

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider. PMID:27571421

32 CFR 806b.51 - Privacy and the Web.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post personal information on publicly accessible DoD web sites unless clearly authorized by law and implementing regulation...

32 CFR 806b.51 - Privacy and the Web.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post personal information on publicly accessible DoD web sites unless clearly authorized by law and implementing regulation...

13 CFR 102.23 - Publication in the Federal Register-Notices of systems of records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... ADMINISTRATION RECORD DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.23 Publication in the Federal Register—Notices of systems of records. (a... 20416 or faxed to 202-205-7059; and (ix) The categories of sources of records in the system. (2) Minor...

13 CFR 102.23 - Publication in the Federal Register-Notices of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... ADMINISTRATION RECORD DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.23 Publication in the Federal Register—Notices of systems of records. (a... 20416 or faxed to 202-205-7059; and (ix) The categories of sources of records in the system. (2) Minor...

31 CFR Appendix A to Subpart C of... - Departmental Offices

Code of Federal Regulations, 2011 CFR

2011-07-01

... RECORDS Privacy Act Pt. 1, Subpt. C, App. A Appendix A to Subpart C of Part 1—Departmental Offices 1. In... Federal Register in “Privacy Act Issuances”. 2. Requests for notification and access to records and... of such official. This information is contained in the appropriate system notice in the “Privacy Act...

28 CFR 16.99 - Exemption of the Immigration and Naturalization Service Systems-limited access.

Code of Federal Regulations, 2014 CFR

2014-07-01

... PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16... Privacy Act of 1974. (8) From subsection (e)(5) because in the collection of information for law... could not be granted to the record subject under the Privacy Act without violating E.O. 12356. (g) The...

28 CFR 16.99 - Exemption of the Immigration and Naturalization Service Systems-limited access.

Code of Federal Regulations, 2013 CFR

2013-07-01

... PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16... Privacy Act of 1974. (8) From subsection (e)(5) because in the collection of information for law... could not be granted to the record subject under the Privacy Act without violating E.O. 12356. (g) The...

28 CFR 16.99 - Exemption of the Immigration and Naturalization Service Systems-limited access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16... Privacy Act of 1974. (8) From subsection (e)(5) because in the collection of information for law... could not be granted to the record subject under the Privacy Act without violating E.O. 12356. (g) The...

28 CFR 16.99 - Exemption of the Immigration and Naturalization Service Systems-limited access.

Code of Federal Regulations, 2012 CFR

2012-07-01

... PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Exemption of Records Systems Under the Privacy Act § 16... Privacy Act of 1974. (8) From subsection (e)(5) because in the collection of information for law... could not be granted to the record subject under the Privacy Act without violating E.O. 12356. (g) The...

76 FR 2309 - Consumer Information Regulations; Fees for Use of Traction Skid Pads

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-13

....regulations.gov , including any personal information provided. Privacy Act: Anyone is able to search the....). You may review DOT's complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477-78) or you may visit http://www.dot.gov/privacy.html . Docket: For access to the...

12 CFR 261a.1 - Authority, purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SYSTEM RULES REGARDING ACCESS TO PERSONAL INFORMATION UNDER THE PRIVACY ACT OF 1974 General Provisions... the Federal Reserve System (the Board) pursuant to the Privacy Act of 1974 (5 U.S.C. 552a). (b) Purpose. The purpose of this part is to implement the provisions of the Privacy Act of 1974 (5 U.S.C. 552a...

Joint replacement recipients' views about health information privacy.

PubMed

Terry, Amanda L; Chesworth, Bert M; Bourne, Robert B; Stolee, Paul; Speechley, Mark

2015-10-01

Researchers are concerned about the possibility of restricted access to data as a result of specific consent requirements in privacy legislation, potentially resulting in smaller samples and a lack of representativeness which could bias results. In addition, there is uncertainty about what influences individuals to give consent for the use of their personal health information. To measure joint replacement recipients' health information privacy views and to assess potential predictors of these views. Cross-sectional survey. Potential joint replacement recipients from two teaching hospitals in London, Ontario, Canada. Age, gender, education, employment status, anticipated joint replacement, and expectations for surgery. Privacy concerns as measured by the Concern Scale. The response rate was 182/253 or 72%. The mean Concern score was 143.9/235.0 for the total sample (range = 82-216). Women had higher levels of privacy concerns than men on slightly over half of the individual questionnaire items. In women, surgical joint, age and employment explained 15% of the variance in concerns about personal health information privacy (P = 0.001). The model explained 6% of the variance in concerns in men (P = 0.138) and was not statistically significant. This study indicates that demographic characteristics and health-care experiences play a role in the variability of health information privacy concerns. A greater understanding of patients' privacy views about health information could lead to a greater harmonization among privacy rules, research and data access, and the preferences of health-care consumers. © 2013 John Wiley & Sons Ltd.

A patient privacy protection scheme for medical information system.

PubMed

Lu, Chenglang; Wu, Zongda; Liu, Mingyong; Chen, Wei; Guo, Junfang

2013-12-01

In medical information systems, there are a lot of confidential information about patient privacy. It is therefore an important problem how to prevent patient's personal privacy information from being disclosed. Although traditional security protection strategies (such as identity authentication and authorization access control) can well ensure data integrity, they cannot prevent system's internal staff (such as administrators) from accessing and disclosing patient privacy information. In this paper, we present an effective scheme to protect patients' personal privacy for a medical information system. In the scheme, privacy data before being stored in the database of the server of a medical information system would be encrypted using traditional encryption algorithms, so that the data even if being disclosed are also difficult to be decrypted and understood. However, to execute various kinds of query operations over the encrypted data efficiently, we would also augment the encrypted data with additional index, so as to process as much of the query as possible at the server side, without the need to decrypt the data. Thus, in this paper, we mainly explore how the index of privacy data is constructed, and how a query operation over privacy data is translated into a new query over the corresponding index so that it can be executed at the server side immediately. Finally, both theoretical analysis and experimental evaluation validate the practicality and effectiveness of our proposed scheme.

Access and privacy rights using web security standards to increase patient empowerment.

PubMed

Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

2008-01-01

Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

Regulatory changes raise troubling questions for genomic testing.

PubMed

Evans, Barbara J; Dorschner, Michael O; Burke, Wylie; Jarvik, Gail P

2014-11-01

By 6 October 2014, many laboratories in the United States must begin honoring new individual data access rights created by recent changes to federal privacy and laboratory regulations. These access rights are more expansive than has been widely understood and pose complex challenges for genomic testing laboratories. This article analyzes regulatory texts and guidances to explore which laboratories are affected. It offers the first published analysis of which parts of the vast trove of data generated during next-generation sequencing will be accessible to patients and research subjects. Persons tested at affected laboratories seemingly will have access, upon request, to uninterpreted gene variant information contained in their stored variant call format, binary alignment/map, and FASTQ files. A defect in the regulations will subject some non-CLIA-regulated research laboratories to these new access requirements unless the Department of Health and Human Services takes swift action to avert this apparently unintended consequence. More broadly, all affected laboratories face a long list of daunting operational, business, compliance, and bioethical issues as they adapt to this change and to the Food and Drug Administration's recently announced plan to publish draft guidance outlining a new oversight framework for lab-developed tests.

Young adult females' views regarding online privacy protection at two time points.

PubMed

Moreno, Megan A; Kelleher, Erin; Ameenuddin, Nusheen; Rastogi, Sarah

2014-09-01

Risks associated with adolescent Internet use include exposure to inappropriate information and privacy violations. Privacy expectations and policies have changed over time. Recent Facebook security setting changes heighten these risks. The purpose of this study was to investigate views and experiences with Internet safety and privacy protection among older adolescent females at two time points, in 2009 and 2012. Two waves of focus groups were conducted, one in 2009 and the other in 2012. During these focus groups, female university students discussed Internet safety risks and strategies and privacy protection. All focus groups were audio recorded and manually transcribed. Qualitative analysis was conducted at the end of each wave and then reviewed and combined in a separate analysis using the constant comparative method. A total of 48 females participated across the two waves. The themes included (1) abundant urban myths, such as the ability for companies to access private information; (2) the importance of filtering one's displayed information; and (3) maintaining age limits on social media access to avoid younger teens' presence on Facebook. The findings present a complex picture of how adolescents view privacy protection and online safety. Older adolescents may be valuable partners in promoting safe and age-appropriate Internet use for younger teens in the changing landscape of privacy. Copyright © 2014. Published by Elsevier Inc.

Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy

PubMed Central

Koopman, Colin; Doty, Nick

2016-01-01

The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy’s disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy’s essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy’s multiple uses across multiple contexts. This article is part of the themed issue ‘The ethical impact of data science’. PMID:28336797

Security in Distributed Collaborative Environments: Limitations and Solutions

NASA Astrophysics Data System (ADS)

Saadi, Rachid; Pierson, Jean-Marc; Brunie, Lionel

The main goal of establishing collaboration between heterogeneous environment is to create such as Pervasive context which provide nomadic users with ubiquitous access to digital information and surrounding resources. However, the constraints of mobility and heterogeneity arise a number of crucial issues related to security, especially authentication access control and privacy. First of all, in this chapter we explore the trust paradigm, specially the transitive capability to enable a trust peer to peer collaboration. In this manner, when each organization sets its own security policy to recognize (authenticate) users members of a trusted community and provide them a local access (access control), the trust transitivity between peers will allows users to gain a broad, larger and controlled access inside the pervasive environment. Next, we study the problem of user's privacy. In fact in pervasive and ubiquitous environments, nomadic users gather and exchange certificates or credential which providing them rights to access by transitivity unknown and trusted environments. These signed documents embeds increasing number of attribute that require to be filtered according to such contextual situation. In this chapter, we propose a new morph signature enabling each certificate owner to preserve his privacy by discloses or blinds some sensitive attributes according to faced situation.

Staff acceptance of video monitoring for coordination: a video system to support perioperative situation awareness.

PubMed

Kim, Young Ju; Xiao, Yan; Hu, Peter; Dutton, Richard

2009-08-01

To understand staff acceptance of a remote video monitoring system for operating room (OR) coordination. Improved real-time remote visual access to OR may enhance situational awareness but also raises privacy concerns for patients and staff. Survey. A system was implemented in a six-room surgical suite to display OR monitoring video at an access restricted control desk area. Image quality was manipulated to improve staff acceptance. Two months after installation, interviews and a survey were conducted on staff acceptance of video monitoring. About half of all OR personnel responded (n = 63). Overall levels of concerns were low, with 53% rated no concerns and 42% little concern. Top two reported uses of the video were to see if cases are finished and to see if a room is ready. Viewing the video monitoring system as useful did not reduce levels of concern. Staff in supervisory positions perceived less concern about the system's impact on privacy than did those supervised (p < 0.03). Concerns for patient privacy correlated with concerns for staff privacy and performance monitoring. Technical means such as manipulating image quality helped staff acceptance. Manipulation of image quality resulted overall acceptance of monitoring video, with residual levels of concerns. OR nurses may express staff privacy concern in the form of concerns over patient privacy. This study provided suggestions for technological and implementation strategies of video monitoring for coordination use in OR. Deployment of communication technology and integration of clinical information will likely raise concerns over staff privacy and performance monitoring. The potential gain of increased information access may be offset by negative impact of a sense of loss of autonomy.

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

From Data Privacy to Location Privacy

NASA Astrophysics Data System (ADS)

Wang, Ting; Liu, Ling

Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.

36 CFR § 902.56 - Protection of personal privacy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 36 Parks, Forests, and Public Property 3 2013-07-01 2012-07-01 true Protection of personal privacy. § 902.56 Section § 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION FREEDOM OF INFORMATION ACT Exemptions From Public Access to Corporation Records § 902.56 Protection of personal privacy. (a) Any of the...

5 CFR 1001.102 - What are the Privacy Act rules of conduct?

Code of Federal Regulations, 2014 CFR

2014-01-01

... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false What are the Privacy Act rules of conduct... CONDUCT § 1001.102 What are the Privacy Act rules of conduct? (a) An employee shall avoid any action that results in the appearance of using public office to collect or gain access to personal data about...

78 FR 26104 - Hours of Service of Drivers: Application for Exemption; Timberdoodle Company

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... provided. Please see the Privacy Act heading below. Docket: For access to the docket to read background...'' enter FMCSA-2013-0069 and click on the tab labeled ``SEARCH.'' Privacy Act: Anyone is able to search the....). You may review a Privacy Act notice regarding our public dockets in the January 17, 2008, issue of the...

31 CFR Appendix F to Subpart C of... - Bureau of Engraving and Printing

Code of Federal Regulations, 2011 CFR

2011-07-01

... DISCLOSURE OF RECORDS Privacy Act Pt. 1, Subpt. C, App. F Appendix F to Subpart C of Part 1—Bureau of... “Privacy Act Issuances.” 2. Requests for notification and access to records and accountings of disclosures... Office of the Federal Register in “Privacy Act Issuances.” Requests for information and specific guidance...

10 CFR 1008.4 - Procedures for identifying the individual making a request for access to or amendment of records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) General Provisions § 1008.4 Procedures for... address and date of birth; or (3) Providing such other proof of identity as the Privacy Act Officer deems satisfactory in the circumstances of a particular request. (c) If the Privacy Act Officer or the appropriate...

10 CFR 1008.4 - Procedures for identifying the individual making a request for access to or amendment of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... PROVISIONS) RECORDS MAINTAINED ON INDIVIDUALS (PRIVACY ACT) General Provisions § 1008.4 Procedures for... address and date of birth; or (3) Providing such other proof of identity as the Privacy Act Officer deems satisfactory in the circumstances of a particular request. (c) If the Privacy Act Officer or the appropriate...

31 CFR Appendix F to Subpart C of... - Bureau of Engraving and Printing

Code of Federal Regulations, 2010 CFR

2010-07-01

... DISCLOSURE OF RECORDS Privacy Act Pt. 1, Subpt. C, App. F Appendix F to Subpart C of Part 1—Bureau of... “Privacy Act Issuances.” 2. Requests for notification and access to records and accountings of disclosures... Office of the Federal Register in “Privacy Act Issuances.” Requests for information and specific guidance...

31 CFR Appendix L to Subpart C of... - Office of Thrift Supervision

Code of Federal Regulations, 2011 CFR

2011-07-01

... DISCLOSURE OF RECORDS Privacy Act Pt. 1, Subpt. C, App. L Appendix L to Subpart C of Part 1—Office of Thrift... “Privacy Act Issuances.” 2. Requests for notification and access to records and accounting of disclosures... information is contained in the appropriate system notice in the “Privacy Act Issuances,” published biennially...

10 CFR 1008.11 - Appeals of denials of requests pursuant to § 1008.6.

Code of Federal Regulations, 2010 CFR

2010-01-01

... (PRIVACY ACT) Requests for Access or Amendment § 1008.11 Appeals of denials of requests pursuant to § 1008... appeal shall be in writing and must be signed by the individual. The words “PRIVACY ACT APPEAL” should... to be corrected or amended, will be supplied to the appropriate appeal authority by the Privacy Act...

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

A Double Chaotic Layer Encryption Algorithm for Clinical Signals in Telemedicine.

PubMed

Murillo-Escobar, M A; Cardoza-Avendaño, L; López-Gutiérrez, R M; Cruz-Hernández, C

2017-04-01

Recently, telemedicine offers medical services remotely via telecommunications systems and physiological monitoring devices. This scheme provides healthcare delivery services between physicians and patients conveniently, since some patients can not attend the hospital due to any reason. However, transmission of information over an insecure channel such as internet or private data storing generates a security problem. Therefore, authentication, confidentiality, and privacy are important challenges in telemedicine, where only authorized users should have access to medical or clinical records. On the other hand, chaotic systems have been implemented efficiently in cryptographic systems to provide confidential and privacy. In this work, we propose a novel symmetric encryption algorithm based on logistic map with double chaotic layer encryption (DCLE) in diffusion process and just one round of confusion-diffusion for the confidentiality and privacy of clinical information such as electrocardiograms (ECG), electroencephalograms (EEG), and blood pressure (BP) for applications in telemedicine. The clinical signals are acquired from PhysioBank data base for encryption proposes and analysis. In contrast with recent schemes in literature, we present a secure cryptographic algorithm based on chaos validated with the most complete security analysis until this time. In addition, the cryptograms are validated with the most complete pseudorandomness tests based on National Institute of Standards and Technology (NIST) 800-22 suite. All results are at MATLAB simulations and all them show the effectiveness, security, robustness, and the potential use of the proposed scheme in telemedicine.

A multimethod approach to examining usability of Web privacy polices and user agents for specifying privacy preferences.

PubMed

Proctor, Robert W; Vu, Kim-Phuong L

2007-05-01

Because all research methods have strengths and weaknesses, a multimethod approach often provides the best way to understand human behavior in applied settings. We describe how a multimethod approach was employed in a series of studies designed to examine usability issues associated with two aspects of online privacy: comprehension of privacy policies and configuration of privacy preferences for an online user agent. Archival research, user surveys, data mining, quantitative observations, and controlled experiments each yielded unique findings that, together, contributed to increased understanding of online-privacy issues for users. These findings were used to evaluate the accessibility of Web privacy policies to computer-literate users, determine whether people can configure user agents to achieve specific privacy goals, and discover ways in which the usability of those agents can be improved.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

PubMed

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients' frequency of accessing health records, patients' positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. ©Victoria Kisekka, Justin Scott Giboney. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.04.2018.

32 CFR 1901.21 - Processing requests for access to or amendment of records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... CENTRAL INTELLIGENCE AGENCY PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action on Privacy Act Requests... Executive Order 12958 or revealing of intelligence sources and methods protected pursuant to section 103(c...

32 CFR 1901.21 - Processing requests for access to or amendment of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... CENTRAL INTELLIGENCE AGENCY PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action on Privacy Act Requests... Executive Order 12958 or revealing of intelligence sources and methods protected pursuant to section 103(c...

Privacy and Security in Mobile Health: A Research Agenda

PubMed Central

Kotz, David; Gunter, Carl A.; Kumar, Santosh; Weiner, Jonathan P.

2017-01-01

Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges. PMID:28344359

Driving Toward Guiding Principles

PubMed Central

Buckovich, Suzy A.; Rippen, Helga E.; Rozen, Michael J.

1999-01-01

As health care moves from paper to electronic data collection, providing easier access and dissemination of health information, the development of guiding privacy, confidentiality, and security principles is necessary to help balance the protection of patients' privacy interests against appropriate information access. A comparative review and analysis was done, based on a compilation of privacy, confidentiality, and security principles from many sources. Principles derived from ten identified sources were compared with each of the compiled principles to assess support level, uniformity, and inconsistencies. Of 28 compiled principles, 23 were supported by at least 50 percent of the sources. Technology could address at least 12 of the principles. Notable consistencies among the principles could provide a basis for consensus for further legislative and organizational work. It is imperative that all participants in our health care system work actively toward a viable resolution of this information privacy debate. PMID:10094065

A privacy protection for an mHealth messaging system

NASA Astrophysics Data System (ADS)

Aaleswara, Lakshmipathi; Akopian, David; Chronopoulos, Anthony T.

2015-03-01

In this paper, we propose a new software system that employs features that help the organization to comply with USA HIPAA regulations. The system uses SMS as the primary way of communication to transfer information. Lack of knowledge about some diseases is still a major reason for some harmful diseases spreading. The developed system includes different features that may help to communicate amongst low income people who don't even have access to the internet. Since the software system deals with Personal Health Information (PHI) it is equipped with an access control authentication system mechanism to protect privacy. The system is analyzed for performance to identify how much overhead the privacy rules impose.

Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling.

PubMed

Croll, Peter R

2011-02-01

To ensure that patient confidentiality is securely maintained, health ICT applications that contain sensitive personal information demand comprehensive privacy policies. Determining the adequacy of these policies to meet legal conformity together with clinical users and patient expectation is demanding in practice. Organisations and agencies looking to analyse their Privacy and Security policies can benefit from guidance provided by outside entities such as the Privacy Office of their State or Government together with law firms and ICT specialists. The advice given is not uniform and often open to different interpretations. Of greater concern is the possibility of overlooking any important aspects that later result in a data breach. Based on three case studies, this paper considers whether a more formal approach to privacy analysis could be taken that would help identify the full coverage of a Privacy Impact Analysis and determine the deficiencies with an organisation's current policies and approach. A diagrammatic model showing the relationships between Confidentiality, Privacy, Trust, Security and Safety is introduced. First the validity of this model is determined by mapping it against the real-world case studies taken from three healthcare services that depend on ICT. Then, by using software engineering methods, a formal mapping of the relationships is undertaken to identify a full set of policies needed to satisfy the model. How effective this approach may prove as a generic method for deriving a comprehensive set of policies in health ICT applications is finally discussed. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.

Privacy-Aware Image Encryption Based on Logistic Map and Data Hiding

NASA Astrophysics Data System (ADS)

Sun, Jianglin; Liao, Xiaofeng; Chen, Xin; Guo, Shangwei

The increasing need for image communication and storage has created a great necessity for securely transforming and storing images over a network. Whereas traditional image encryption algorithms usually consider the security of the whole plain image, region of interest (ROI) encryption schemes, which are of great importance in practical applications, protect the privacy regions of plain images. Existing ROI encryption schemes usually adopt approximate techniques to detect the privacy region and measure the quality of encrypted images; however, their performance is usually inconsistent with a human visual system (HVS) and is sensitive to statistical attacks. In this paper, we propose a novel privacy-aware ROI image encryption (PRIE) scheme based on logistical mapping and data hiding. The proposed scheme utilizes salient object detection to automatically, adaptively and accurately detect the privacy region of a given plain image. After private pixels have been encrypted using chaotic cryptography, the significant bits are embedded into the nonprivacy region of the plain image using data hiding. Extensive experiments are conducted to illustrate the consistency between our automatic ROI detection and HVS. Our experimental results also demonstrate that the proposed scheme exhibits satisfactory security performance.

Suicide Awareness

MedlinePlus

... Resources Resource Request System Contact Us Legal and Security Accessibility Accessibility Tools Disclaimer Privacy Act Statement & Security No Fear Act FOIA Inspector General Audits & Investigative ...

A software platform to analyse the ethical issues of electronic patient privacy policy: the S3P example.

PubMed

Mizani, M A; Baykal, N

2007-12-01

Paper-based privacy policies fail to resolve the new changes posed by electronic healthcare. Protecting patient privacy through electronic systems has become a serious concern and is the subject of several recent studies. The shift towards an electronic privacy policy introduces new ethical challenges that cannot be solved merely by technical measures. Structured Patient Privacy Policy (S3P) is a software tool assuming an automated electronic privacy policy in an electronic healthcare setting. It is designed to simulate different access levels and rights of various professionals involved in healthcare in order to assess the emerging ethical problems. The authors discuss ethical issues concerning electronic patient privacy policies that have become apparent during the development and application of S3P.

Key Spatial Factors Influencing the Perceived Privacy in Nursing Units: An Exploration Study With Eight Nursing Units in Hong Kong.

PubMed

Lu, Yi; Cai, Hui; Bosch, Sheila J

2017-07-01

This study examined how the spatial characteristics of patient beds, which are influenced by patient room design and nursing unit configuration, affect patients' perceptions about privacy. In the hospital setting, most patients expect a certain degree of privacy but also understand that their caregivers need appropriate access to them in order to provide high-quality care. Even veteran healthcare designers may struggle to create just the right balance between privacy and accessibility. A paper-based survey was conducted with 159 participants in Hong Kong-72 (45.3%) participants had been hospitalized and 87 (54.7%) participants had not-to document their selection of high-privacy beds, given simplified plans of eight nursing units. Two types of information, comprised of six variables, were examined for each bed. These include (1) room-level variables, specifically the number of beds per room and area per bed and (2) relational variables, including walking distance, directional change, integration, and control. The results demonstrate that when asked to identify high-privacy beds, participants selected beds in patient rooms with fewer beds per room, a larger area per bed, and a longer walking distance to the care team workstation. Interestingly, the participants having been hospitalized also chose beds with a visual connection to the care team workstation as being high in privacy. The participants with hospitalization experience may be willing to accept a bed with reduced visual privacy, perhaps out of a concern for safety.

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

49 CFR 10.31 - Requests for records.

Code of Federal Regulations, 2013 CFR

2013-10-01

... requests are accepted. A description of DOT Privacy Act systems notices is available through the Internet free of charge at http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml?desc015.html. See § 10.13(b...

49 CFR 10.31 - Requests for records.

Code of Federal Regulations, 2014 CFR

2014-10-01

... requests are accepted. A description of DOT Privacy Act systems notices is available through the Internet free of charge at http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml?desc015.html. See § 10.13(b...

49 CFR 10.31 - Requests for records.

Code of Federal Regulations, 2011 CFR

2011-10-01

... requests are accepted. A description of DOT Privacy Act systems notices is available through the Internet free of charge at http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml?desc015.html. See § 10.13(b...

49 CFR 10.31 - Requests for records.

Code of Federal Regulations, 2012 CFR

2012-10-01

... requests are accepted. A description of DOT Privacy Act systems notices is available through the Internet free of charge at http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml?desc015.html. See § 10.13(b...

49 CFR 10.31 - Requests for records.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requests are accepted. A description of DOT Privacy Act systems notices is available through the Internet free of charge at http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml?desc015.html. See § 10.13(b...

32 CFR 1901.22 - Action and determination(s) by originator(s) or any interested party.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense CENTRAL INTELLIGENCE AGENCY PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action on Privacy Act... be construed to allow access to systems of records exempted by the Director of Central Intelligence...

32 CFR 1901.22 - Action and determination(s) by originator(s) or any interested party.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense CENTRAL INTELLIGENCE AGENCY PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action on Privacy Act... be construed to allow access to systems of records exempted by the Director of Central Intelligence...

Safeguarding patient privacy in electronic healthcare in the USA: the legal view.

PubMed

Walsh, Diana; Passerini, Katia; Varshney, Upkar; Fjermestad, Jerry

2008-01-01

The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. While we gradually need higher electronic access to medical information, issues relating to patient privacy and reducing vulnerability to security breaches surmount. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.

Patient Perspectives on Gender Identity Data Collection in Electronic Health Records: An Analysis of Disclosure, Privacy, and Access to Care

PubMed Central

Thompson, Hale M.

2016-01-01

Abstract Purpose: In 2015, the Centers for Medicare and Medicaid Services ruled that health organizations comply with additional requirements for electronic health records (EHRs), known as “Meaningful Use,” and develop the capacity to collect gender identity data. Research has established effectiveness of a two-step gender identity question to collect these data. This study examines transgender patient perspectives on the use of a two-step question and experiences with privacy and sensitive disclosures in EHRs and healthcare settings. Methods: Four focus groups (N=30) were conducted in Chicago, Illinois in 2014–2015. Participants were asked to compare two intake forms—one with a two-step question and one with a single question—and discuss experiences with gender identity disclosure, privacy, and access to care. Narratives were transcribed verbatim to identify patterns and themes; the extended case method was used and grounded the data analysis process in the concept of intersectionality. Results: Participants expressed appreciation for improved reliability and competencies that the two-part question may afford. Narratives reveal concerns related to patient privacy, safety, and access because of the contexts in which these data are collected and transmitted. Virtually all participants described situations whereby sensitive gender identity information had been involuntarily disclosed, misinterpreted, or abused, and safety and care were compromised. Conclusion: Participants recognized the potential of the two-part question as a measurement and competency tool, but anticipated new privacy violations and involuntary disclosures. Narratives indicate that effects of sensitive disclosures may vary intersectionally, whereby white participants experienced lesser harms than their immigrant, HIV-positive, and black trans feminine counterparts. Discrimination and privacy violations may occur regardless of a two-part or one-part gender identity question, but increasing these sensitive disclosures within expanding EHR infrastructures may require a range of mechanisms that have flexibility across contexts to safeguard sensitive information and access to care. PMID:28861535

Patient Perspectives on Gender Identity Data Collection in Electronic Health Records: An Analysis of Disclosure, Privacy, and Access to Care.

PubMed

Thompson, Hale M

2016-01-01

Purpose: In 2015, the Centers for Medicare and Medicaid Services ruled that health organizations comply with additional requirements for electronic health records (EHRs), known as "Meaningful Use," and develop the capacity to collect gender identity data. Research has established effectiveness of a two-step gender identity question to collect these data. This study examines transgender patient perspectives on the use of a two-step question and experiences with privacy and sensitive disclosures in EHRs and healthcare settings. Methods: Four focus groups ( N =30) were conducted in Chicago, Illinois in 2014-2015. Participants were asked to compare two intake forms-one with a two-step question and one with a single question-and discuss experiences with gender identity disclosure, privacy, and access to care. Narratives were transcribed verbatim to identify patterns and themes; the extended case method was used and grounded the data analysis process in the concept of intersectionality. Results: Participants expressed appreciation for improved reliability and competencies that the two-part question may afford. Narratives reveal concerns related to patient privacy, safety, and access because of the contexts in which these data are collected and transmitted. Virtually all participants described situations whereby sensitive gender identity information had been involuntarily disclosed, misinterpreted, or abused, and safety and care were compromised. Conclusion: Participants recognized the potential of the two-part question as a measurement and competency tool, but anticipated new privacy violations and involuntary disclosures. Narratives indicate that effects of sensitive disclosures may vary intersectionally, whereby white participants experienced lesser harms than their immigrant, HIV-positive, and black trans feminine counterparts. Discrimination and privacy violations may occur regardless of a two-part or one-part gender identity question, but increasing these sensitive disclosures within expanding EHR infrastructures may require a range of mechanisms that have flexibility across contexts to safeguard sensitive information and access to care.

Security and privacy in electronic health records: a systematic literature review.

PubMed

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright © 2013 Elsevier Inc. All rights reserved.

Preventing Abuse and Neglect

MedlinePlus

... Resources Resource Request System Contact Us Legal and Security Accessibility Accessibility Tools Disclaimer Privacy Act Statement & Security No Fear Act FOIA Inspector General Audits & Investigative ...

Privacy preserving index for encrypted electronic medical records.

PubMed

Chen, Yu-Chi; Horng, Gwoboa; Lin, Yi-Jheng; Chen, Kuo-Chang

2013-12-01

With the development of electronic systems, privacy has become an important security issue in real-life. In medical systems, privacy of patients' electronic medical records (EMRs) must be fully protected. However, to combine the efficiency and privacy, privacy preserving index is introduced to preserve the privacy, where the EMR can be efficiently accessed by this patient or specific doctor. In the literature, Goh first proposed a secure index scheme with keyword search over encrypted data based on a well-known primitive, Bloom filter. In this paper, we propose a new privacy preserving index scheme, called position index (P-index), with keyword search over the encrypted data. The proposed index scheme is semantically secure against the adaptive chosen keyword attack, and it also provides flexible space, lower false positive rate, and search privacy. Moreover, it does not rely on pairing, a complicate computation, and thus can search over encrypted electronic medical records from the cloud server efficiently.

Blood rights: the body and information privacy.

PubMed

Alston, Bruce

2005-05-01

Genetic and other medical technology makes blood, human tissue and other bodily samples an immediate and accessible source of comprehensive personal and health information about individuals. Yet, unlike medical records, bodily samples are not subject to effective privacy protection or other regulation to ensure that individuals have rights to control the collection, use and transfer of such samples. This article examines the existing coverage of privacy legislation, arguments in favour of baseline protection for bodily samples as sources of information and possible approaches to new regulation protecting individual privacy rights in bodily samples.

77 FR 18247 - Request for Comments on Issues of Privacy and Access With Regard to Human Genome Sequence Data

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-27

... regards genomic information and evolving notions of privacy, as evidenced and influenced by social media.... Undertaking these duties, the Commission seeks to identify and examine specific bioethical, legal, and social...

43 CFR Appendix C to Part 2 - Fee Schedule

Code of Federal Regulations, 2010 CFR

2010-10-01

... to requests made under the Privacy Act. Fees will not be charged under either the FOIA or the Privacy... are posted on DOI's FOIA home page (see Appendix B). If you do not have access to the Internet, please...

32 CFR 1802.2 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Privacy Coordinator; Authorized holders means any member of any United States executive department... access to records; Coordinator means the NACIC Information and Privacy Coordinator acting in the capacity... physical interest in the documents or information at issue; Originator means the NACIC officer who...

Privacy information management for video surveillance

NASA Astrophysics Data System (ADS)

Luo, Ying; Cheung, Sen-ching S.

2013-05-01

The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

Fair Trade Metaphor as a Control Privacy Method for Pervasive Environments: Concepts and Evaluation

PubMed Central

Esquivel, Abraham; Haya, Pablo; Alamán, Xavier

2015-01-01

This paper presents a proof of concept from which the metaphor of “fair trade” is validated as an alternative to manage the private information of users. Our privacy solution deals with user's privacy as a tradable good for obtaining environmental services. Thus, users gain access to more valuable services as they share more personal information. This strategy, combined with optimistic access control and transaction registry mechanisms, enhances users' confidence in the system while encouraging them to share their information, with the consequent benefit for the community. The study results are promising considering the user responses regarding the usefulness, ease of use, information classification and perception of control with the mechanisms proposed by the metaphor. PMID:26087373

Fair Trade Metaphor as a Control Privacy Method for Pervasive Environments: Concepts and Evaluation.

PubMed

Esquivel, Abraham; Haya, Pablo; Alamán, Xavier

2015-06-16

This paper presents a proof of concept from which the metaphor of "fair trade" is validated as an alternative to manage the private information of users. Our privacy solution deals with user's privacy as a tradable good for obtaining environmental services. Thus, users gain access to more valuable services as they share more personal information. This strategy, combined with optimistic access control and transaction registry mechanisms, enhances users' confidence in the system while encouraging them to share their information, with the consequent benefit for the community. The study results are promising considering the user responses regarding the usefulness, ease of use, information classification and perception of control with the mechanisms proposed by the metaphor.

Evaluation of privacy in high dynamic range video sequences

NASA Astrophysics Data System (ADS)

Řeřábek, Martin; Yuan, Lin; Krasula, Lukáš; Korshunov, Pavel; Fliegel, Karel; Ebrahimi, Touradj

2014-09-01

The ability of high dynamic range (HDR) to capture details in environments with high contrast has a significant impact on privacy in video surveillance. However, the extent to which HDR imaging affects privacy, when compared to a typical low dynamic range (LDR) imaging, is neither well studied nor well understood. To achieve such an objective, a suitable dataset of images and video sequences is needed. Therefore, we have created a publicly available dataset of HDR video for privacy evaluation PEViD-HDR, which is an HDR extension of an existing Privacy Evaluation Video Dataset (PEViD). PEViD-HDR video dataset can help in the evaluations of privacy protection tools, as well as for showing the importance of HDR imaging in video surveillance applications and its influence on the privacy-intelligibility trade-off. We conducted a preliminary subjective experiment demonstrating the usability of the created dataset for evaluation of privacy issues in video. The results confirm that a tone-mapped HDR video contains more privacy sensitive information and details compared to a typical LDR video.

Genetic privacy and confidentiality: why they are so hard to protect.

PubMed

Rothstein, M A

1998-01-01

Author notes that widespread concerns have been raised about protecting genetic privacy and confidentiality in insurance and employment. He argues that effective protections are difficult because complicated issues, such as the right of access to health care, are invariably implicated.

International Policies on Sharing Genomic Research Results with Relatives: Approaches to Balancing Privacy with Access

PubMed Central

Branum, Rebecca; Wolf, Susan M.

2015-01-01

Returning genetic research results to raises complex issues. In order to inform the U.S. debate, this paper analyzes international law and policies governing the sharing of genetic research results with relatives and identifies key themes and lessons. The laws and policies from other countries demonstrate a range of approaches to balancing individual privacy and autonomy with family access for health benefit, offering important lessons for further development of approaches in the United States. PMID:26479568

Privacy and Access Control for IHE-Based Systems

NASA Astrophysics Data System (ADS)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

Mobile Recommender Apps with Privacy Management for Accessible and Usable Technologies.

PubMed

Hersh, Marion; Leporini, Barbara

2017-01-01

The paper presents the preliminary results of an ongoing survey of the use of computers and mobile devices, interest in recommender apps and knowledge and concerns about privacy issues amongst English and Italian speaking disabled people. Participants were found to be regular users of computers and mobile devices for a range of applications. They were interested in recommender apps for household items, computer software and apps that met their accessibility and other requirements. They showed greater concerns about controlling access to personal data of different types than this data being retained by the computer or mobile device. They were also willing to make tradeoffs to improve device performance.

Mapping Health Data: Improved Privacy Protection With Donut Method Geomasking

PubMed Central

Hampton, Kristen H.; Fitch, Molly K.; Allshouse, William B.; Doherty, Irene A.; Gesink, Dionne C.; Leone, Peter A.; Serre, Marc L.; Miller, William C.

2010-01-01

A major challenge in mapping health data is protecting patient privacy while maintaining the spatial resolution necessary for spatial surveillance and outbreak identification. A new adaptive geomasking technique, referred to as the donut method, extends current methods of random displacement by ensuring a user-defined minimum level of geoprivacy. In donut method geomasking, each geocoded address is relocated in a random direction by at least a minimum distance, but less than a maximum distance. The authors compared the donut method with current methods of random perturbation and aggregation regarding measures of privacy protection and cluster detection performance by masking multiple disease field simulations under a range of parameters. Both the donut method and random perturbation performed better than aggregation in cluster detection measures. The performance of the donut method in geoprivacy measures was at least 42.7% higher and in cluster detection measures was less than 4.8% lower than that of random perturbation. Results show that the donut method provides a consistently higher level of privacy protection with a minimal decrease in cluster detection performance, especially in areas where the risk to individual geoprivacy is greatest. PMID:20817785

Mapping health data: improved privacy protection with donut method geomasking.

PubMed

Hampton, Kristen H; Fitch, Molly K; Allshouse, William B; Doherty, Irene A; Gesink, Dionne C; Leone, Peter A; Serre, Marc L; Miller, William C

2010-11-01

A major challenge in mapping health data is protecting patient privacy while maintaining the spatial resolution necessary for spatial surveillance and outbreak identification. A new adaptive geomasking technique, referred to as the donut method, extends current methods of random displacement by ensuring a user-defined minimum level of geoprivacy. In donut method geomasking, each geocoded address is relocated in a random direction by at least a minimum distance, but less than a maximum distance. The authors compared the donut method with current methods of random perturbation and aggregation regarding measures of privacy protection and cluster detection performance by masking multiple disease field simulations under a range of parameters. Both the donut method and random perturbation performed better than aggregation in cluster detection measures. The performance of the donut method in geoprivacy measures was at least 42.7% higher and in cluster detection measures was less than 4.8% lower than that of random perturbation. Results show that the donut method provides a consistently higher level of privacy protection with a minimal decrease in cluster detection performance, especially in areas where the risk to individual geoprivacy is greatest.

How do patients respond to violation of their information privacy?

PubMed

Kuo, Kuang-Ming; Ma, Chen-Chung; Alexander, Judith W

The introduction of electronic medical records (EMRs) can expose patients to the risk of infringement of their privacy. The purpose of this study was to explore the relationship between patients' concerns about information privacy and their protective responses. A questionnaire survey conducted in a Taiwanese hospital revealed that, regarding information privacy, patients' concerns about the collection of information about themselves, the secondary use of this information and the possibility of errors in the recorded information were associated with their information privacy-protective responses, while concern for unauthorised access to their information by other staff in the medical facility was not. Medical facilities should devote every effort to alleviate patients' concerns about the invasion of their information privacy to avoid eroding the reputation of medical facilities and impeding the promotion of EMRs.

5 CFR 1205.11 - Access to Board records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 1205.11 Administrative Personnel MERIT SYSTEMS PROTECTION BOARD ORGANIZATION AND PROCEDURES PRIVACY ACT... authenticated copy of: (i) The birth certificate of the minor child, and (ii) The court document appointing the... is a “PRIVACY ACT REQUEST”. (c) Identification. Each submission must follow the identification...

5 CFR 1205.11 - Access to Board records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 1205.11 Administrative Personnel MERIT SYSTEMS PROTECTION BOARD ORGANIZATION AND PROCEDURES PRIVACY ACT... authenticated copy of: (i) The birth certificate of the minor child, and (ii) The court document appointing the... is a “PRIVACY ACT REQUEST”. (c) Identification. Each submission must follow the identification...

78 FR 39186 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-01

... an accounting of disclosures is needed during the pendency of a research misconduct proceeding. Release of an accounting of disclosures to an individual who is the subject of a pending research.... 552a) from notification, access, accounting, and amendment provisions of the Privacy Act. This system...

22 CFR 505.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Relations BROADCASTING BOARD OF GOVERNORS PRIVACY ACT REGULATION § 505.1 Purpose and scope. The Broadcasting Board of Governors (BBG) will protect individuals' privacy from misuses of their records, and grant individuals access to records concerning them which are maintained by the Agency's domestic and overseas...

Foveation: an alternative method to simultaneously preserve privacy and information in face images

NASA Astrophysics Data System (ADS)

Alonso, Víctor E.; Enríquez-Caldera, Rogerio; Sucar, Luis Enrique

2017-03-01

This paper presents a real-time foveation technique proposed as an alternative method for image obfuscation while simultaneously preserving privacy in face deidentification. Relevance of the proposed technique is discussed through a comparative study of the most common distortions methods in face images and an assessment on performance and effectiveness of privacy protection. All the different techniques presented here are evaluated when they go through a face recognition software. Evaluating the data utility preservation was carried out under gender and facial expression classification. Results on quantifying the tradeoff between privacy protection and image information preservation at different obfuscation levels are presented. Comparative results using the facial expression subset of the FERET database show that the technique achieves a good tradeoff between privacy and awareness with 30% of recognition rate and a classification accuracy as high as 88% obtained from the common figures of merit using the privacy-awareness map.

VeryVote: A Voter Verifiable Code Voting System

NASA Astrophysics Data System (ADS)

Joaquim, Rui; Ribeiro, Carlos; Ferreira, Paulo

Code voting is a technique used to address the secure platform problem of remote voting. A code voting system consists in secretly sending, e.g. by mail, code sheets to voters that map their choices to entry codes in their ballot. While voting, the voter uses the code sheet to know what code to enter in order to vote for a particular candidate. In effect, the voter does the vote encryption and, since no malicious software on the PC has access to the code sheet it is not able to change the voter’s intention. However, without compromising the voter’s privacy, the vote codes are not enough to prove that the vote is recorded and counted as cast by the election server.

Privacy authentication using key attribute-based encryption in mobile cloud computing

NASA Astrophysics Data System (ADS)

Mohan Kumar, M.; Vijayan, R.

2017-11-01

Mobile Cloud Computing is becoming more popular in nowadays were users of smartphones are getting increased. So, the security level of cloud computing as to be increased. Privacy Authentication using key-attribute based encryption helps the users for business development were the data sharing with the organization using the cloud in a secured manner. In Privacy Authentication the sender of data will have permission to add their receivers to whom the data access provided for others the access denied. In sender application, the user can choose the file which is to be sent to receivers and then that data will be encrypted using Key-attribute based encryption using AES algorithm. In which cipher created, and that stored in Amazon Cloud along with key value and the receiver list.

Walking the Tightrope.

ERIC Educational Resources Information Center

Weingarten, Fred W.

1994-01-01

Discusses issues relating to the public interest regarding the National Information Infrastructure. Topics addressed include access, including access to the physical infrastructure and resources and access as a service provider; information rights, including privacy, intellectual property, freedom of speech, and government information; public…

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. (1...

75 FR 35028 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-21

... 20552 and 1625 Eye Street, NW., Washington, DC 20006. categories of individuals covered by the system... are protected by restricted access procedures, including user identifications and passwords. Only FHFA... regular mail address is: Privacy Act Officer, Federal Housing Finance Agency, 1625 Eye Street, NW...

5 CFR 297.102 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Administrative Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY PROCEDURES FOR... Privacy Act, 5 U.S.C. 552a. In addition: Access means providing a copy of a record to, or allowing review of the original record by, the data subject or the data subject's authorized representative, parent...

5 CFR 297.102 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Administrative Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY PROCEDURES FOR... Privacy Act, 5 U.S.C. 552a. In addition: Access means providing a copy of a record to, or allowing review of the original record by, the data subject or the data subject's authorized representative, parent...

5 CFR 297.102 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Administrative Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY PROCEDURES FOR... Privacy Act, 5 U.S.C. 552a. In addition: Access means providing a copy of a record to, or allowing review of the original record by, the data subject or the data subject's authorized representative, parent...

75 FR 53262 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-31

... a new Privacy Act system of records, JUSTICE/FBI- 021, the Data Integration and Visualization System... Act system of records, the Data Integration and Visualization System (DIVS), Justice/FBI-021. The... investigative mission by enabling access, search, integration, and analytics across multiple existing databases...

6 CFR 5.20 - General provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... correction of those records, and request an accounting of disclosures of those by the Department. In addition, the Department processes all Privacy Act requests for access to records under the Freedom of... for an accounting means a request made under Privacy Act subsection (c)(3). (5) Requester means an...

32 CFR 320.5 - Disclosure of requested information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA) PRIVACY § 320.5 Disclosure of... nonexempt NGA system of records. However, nothing in this section shall allow an individual access to any information compiled by NGA in reasonable anticipation of a civil or criminal action or proceeding. (b...

32 CFR 320.5 - Disclosure of requested information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA) PRIVACY § 320.5 Disclosure of... nonexempt NGA system of records. However, nothing in this section shall allow an individual access to any information compiled by NGA in reasonable anticipation of a civil or criminal action or proceeding. (b...

28 CFR 16.49 - Fees.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Fees. 16.49 Section 16.49 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 16.49 Fees. Components shall charge...

28 CFR 16.44 - Classified information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Classified information. 16.44 Section 16.44 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 16.44 Classified...

Privacy by design in personal health monitoring.

PubMed

Nordgren, Anders

2015-06-01

The concept of privacy by design is becoming increasingly popular among regulators of information and communications technologies. This paper aims at analysing and discussing the ethical implications of this concept for personal health monitoring. I assume a privacy theory of restricted access and limited control. On the basis of this theory, I suggest a version of the concept of privacy by design that constitutes a middle road between what I call broad privacy by design and narrow privacy by design. The key feature of this approach is that it attempts to balance automated privacy protection and autonomously chosen privacy protection in a way that is context-sensitive. In personal health monitoring, this approach implies that in some contexts like medication assistance and monitoring of specific health parameters one single automatic option is legitimate, while in some other contexts, for example monitoring in which relatives are receivers of health-relevant information rather than health care professionals, a multi-choice approach stressing autonomy is warranted.

41 CFR 105-64.201 - How do I get access to my records?

Code of Federal Regulations, 2011 CFR

2011-01-01

... Administration 64-GSA PRIVACY ACT RULES 64.2-Access to Records § 105-64.201 How do I get access to my records... guardians may obtain access to records of minors or when a court has determined that the individual of...

41 CFR 105-64.201 - How do I get access to my records?

Code of Federal Regulations, 2010 CFR

2010-07-01

... Administration 64-GSA PRIVACY ACT RULES 64.2-Access to Records § 105-64.201 How do I get access to my records... guardians may obtain access to records of minors or when a court has determined that the individual of...

5 CFR 2606.201 - Requests for access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Requests for access. 2606.201 Section 2606.201 Administrative Personnel OFFICE OF GOVERNMENT ETHICS ORGANIZATION AND PROCEDURES PRIVACY ACT RULES Access to Records and Accounting of Disclosures § 2606.201 Requests for access. (a) Records in an...

5 CFR 2504.11 - Access to the accounting of disclosures from records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Access to the accounting of disclosures... OFFICE OF THE PRESIDENT PRIVACY ACT REGULATIONS § 2504.11 Access to the accounting of disclosures from records. Rules governing access to the accounting of disclosures are the same as those granting access to...

40 CFR 1602.8 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 32 2010-07-01 2010-07-01 false Preservation of records. 1602.8 Section 1602.8 Protection of Environment CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD PROTECTION OF PRIVACY AND ACCESS TO INDIVIDUAL RECORDS UNDER THE PRIVACY ACT OF 1974 § 1602.8 Preservation of records...

76 FR 61761 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-05

... retained up to 3 years after the customer relationship ends. * * * * * 6. Records related to inquiries and.... These modifications reflect the changes that have been made in providing alternate access to customers... products and services when and where its customers want them. II. Rationale for Changes to USPS Privacy Act...

77 FR 21973 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-12

... location: Delete entry and replace with ``Amazon Web Services, LLC 13461 Sunrise Valley Drive, Herndon, VA.../JS Privacy Office, Freedom of Information Directorate, Washington Headquarters Services, 1155 Defense..., protocols and/or in briefings of the consequences of improper access or use of the data. The web-based files...

12 CFR 261a.2 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... REGARDING ACCESS TO PERSONAL INFORMATION UNDER THE PRIVACY ACT 1974 General Provisions § 261a.2 Definitions... Saturday, Sunday or a legal Federal holiday. (b) Guardian means the parent of a minor, or the legal... particular assigned to the individual. (h) You means an individual making a request under the Privacy Act. (i...

29 CFR 71.15 - Training.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 29 Labor 1 2011-07-01 2011-07-01 false Training. 71.15 Section 71.15 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.15 Training. All DOL systems managers, disclosure officers, and employees with responsibilities...

29 CFR 71.15 - Training.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 29 Labor 1 2014-07-01 2013-07-01 true Training. 71.15 Section 71.15 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.15 Training. All DOL systems managers, disclosure officers, and employees with responsibilities...

29 CFR 71.15 - Training.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 29 Labor 1 2012-07-01 2012-07-01 false Training. 71.15 Section 71.15 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.15 Training. All DOL systems managers, disclosure officers, and employees with responsibilities...

29 CFR 71.15 - Training.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 29 Labor 1 2013-07-01 2013-07-01 false Training. 71.15 Section 71.15 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.15 Training. All DOL systems managers, disclosure officers, and employees with responsibilities...

78 FR 14283 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-05

... Defense. S500.55 System name: Information Technology Access and Control Records (December 2, 2008, 73 FR... without change, including any personal identifiers or contact information. FOR FURTHER INFORMATION CONTACT.... SUPPLEMENTARY INFORMATION: The Defense Logistics Agency's system of record subject to the Privacy Act of 1974 (5...

77 FR 60620 - Update of Existing Privacy Act-NASA Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-04

... be accessed on the Agency's open Government Web site at http://www.nasa.gov/open/ . DATES: This rule... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Part 1212 [Document No. NASA--NASA-2012-0005] RIN 2700-AD86 Update of Existing Privacy Act--NASA Regulations AGENCY: National Aeronautics and Space...

28 CFR 16.54 - Employee standards of conduct.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Employee standards of conduct. 16.54 Section 16.54 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 16.54...

28 CFR 16.55 - Other rights and services.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Other rights and services. 16.55 Section 16.55 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 16.55 Other...

28 CFR 16.50 - Notice of court-ordered and emergency disclosures.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Notice of court-ordered and emergency disclosures. 16.50 Section 16.50 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of...

28 CFR 16.46 - Requests for amendment or correction of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Requests for amendment or correction of records. 16.46 Section 16.46 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION Protection of Privacy and Access to Individual Records Under the Privacy Act of...

An overview of human genetic privacy

PubMed Central

Shi, Xinghua; Wu, Xintao

2016-01-01

The study of human genomics is becoming a Big Data science, owing to recent biotechnological advances leading to availability of millions of personal genome sequences, which can be combined with biometric measurements from mobile apps and fitness trackers, and of human behavior data monitored from mobile devices and social media. With increasing research opportunities for integrative genomic studies through data sharing, genetic privacy emerges as a legitimate yet challenging concern that needs to be carefully addressed, not only for individuals but also for their families. In this paper, we present potential genetic privacy risks and relevant ethics and regulations for sharing and protecting human genomics data. We also describe the techniques for protecting human genetic privacy from three broad perspectives: controlled access, differential privacy, and cryptographic solutions. PMID:27626905

Workshop--E-leaks: the privacy of health information in the age of electronic information.

PubMed

Vonn, Michael; Lang, Renée; Perras, Maude

2011-10-01

This workshop examined some of the new challenges to health-related privacy emerging as a result of the proliferation of electronic communications and data storage, including through social media, electronic health records and ready access to personal information on the internet. The right to privacy is a human right. As such, protecting privacy and enforcing the duty of confidentiality regarding health information are fundamental to treating people with autonomy, dignity and respect. For people living with HIV, unauthorized disclosure of their status can lead to discrimination and breaches of other human rights. While this is not new, in this information age a new breed of privacy violation is emerging and our legal protections are not necessarily keeping pace.

FOIA Home

Science.gov Websites

Information Access Policy & Compliance BranchInformation Access Policy & Compliance Branch Join the Air Force Home Offices By Command By Base Library Handbook Annual Reports Resources Privacy Act Search Information Access Policy & Compliance Branch

Accessing Your Health Information: How can I access my health information and medical records?

MedlinePlus

... Privacy & Security How can I access my health information/medical record? Know your rights. It is your ... to see and get copies of your health information, or share it with a third party, such ...

77 FR 40864 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-11

... standard reporting, ad-hoc reporting and tracking capability of procurement, funding, contractor and user..., guards, and is accessible only to authorized personnel. Access to records is limited to person(s... cleared for need-to-know. Access to computerized data is restricted by Common Access Card (CAC) and/or...

75 FR 63161 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

... access. Records are accessible only to authorized persons with a valid need-to-know, who are... need-to-know are allowed access to JPAS. Additionally, access to JPAS is based on a user's specific...). (Signature).' Attorneys or other persons acting on behalf of an individual must provide written authorization...

14 CFR 1212.205 - Exceptions to individual's rights of access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Exceptions to individual's rights of access. 1212.205 Section 1212.205 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.205 Exceptions to individual's rights of access. (a) The...

14 CFR 1212.205 - Exceptions to individual's rights of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Exceptions to individual's rights of access. 1212.205 Section 1212.205 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.205 Exceptions to individual's rights of access. (a) The...

International Policies on Sharing Genomic Research Results with Relatives: Approaches to Balancing Privacy with Access.

PubMed

Branum, Rebecca; Wolf, Susan M

2015-01-01

Returning genetic research results to relatives raises complex issues. In order to inform the U.S. debate, this paper analyzes international law and policies governing the sharing of genetic research results with relatives and identifies key themes and lessons. The laws and policies from other countries demonstrate a range of approaches to balancing individual privacy and autonomy with family access for health benefit, offering important lessons for further development of approaches in the United States. © 2015 American Society of Law, Medicine & Ethics, Inc.

Assessing subject privacy and data confidentiality in an emerging region for clinical trials: United Arab Emirates.

PubMed

Nair, Satish Chandrasekhar; Ibrahim, Halah

2015-01-01

Pharmaceutical sponsored clinical trials, formerly conducted predominantly in the United States and Europe, have expanded to emerging regions, including the Middle East. Our study explores factors influencing clinical trial privacy and confidentiality in the United Arab Emirates. Factors including concept familiarity, informed consent compliance, data access, and preservation, were analyzed to assess current practices in the Arab world. As the UAE is an emerging region for clinical trials, there is a growing need for regulations related to data confidentiality and subject privacy. Informational and decisional privacy should be viewed within the realms of Arab culture and religious background.

32 CFR 1665.3 - Access to the accounting of disclosures from records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Access to the accounting of disclosures from... SERVICE SYSTEM PRIVACY ACT PROCEDURES § 1665.3 Access to the accounting of disclosures from records. Rules governing the granting of access to the accounting of disclosure are the same as those for granting accesses...

5 CFR 1630.9 - Access to the history (accounting) of disclosures from records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... BOARD PRIVACY ACT REGULATIONS § 1630.9 Access to the history (accounting) of disclosures from records. Rules governing access to the accounting of disclosures are the same as those for granting access to the... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Access to the history (accounting) of...

Context-Aware Generative Adversarial Privacy

NASA Astrophysics Data System (ADS)

Huang, Chong; Kairouz, Peter; Chen, Xiao; Sankar, Lalitha; Rajagopal, Ram

2017-12-01

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.

Genomics and privacy: implications of the new reality of closed data for the field.

PubMed

Greenbaum, Dov; Sboner, Andrea; Mu, Xinmeng Jasmine; Gerstein, Mark

2011-12-01

Open source and open data have been driving forces in bioinformatics in the past. However, privacy concerns may soon change the landscape, limiting future access to important data sets, including personal genomics data. Here we survey this situation in some detail, describing, in particular, how the large scale of the data from personal genomic sequencing makes it especially hard to share data, exacerbating the privacy problem. We also go over various aspects of genomic privacy: first, there is basic identifiability of subjects having their genome sequenced. However, even for individuals who have consented to be identified, there is the prospect of very detailed future characterization of their genotype, which, unanticipated at the time of their consent, may be more personal and invasive than the release of their medical records. We go over various computational strategies for dealing with the issue of genomic privacy. One can "slice" and reformat datasets to allow them to be partially shared while securing the most private variants. This is particularly applicable to functional genomics information, which can be largely processed without variant information. For handling the most private data there are a number of legal and technological approaches-for example, modifying the informed consent procedure to acknowledge that privacy cannot be guaranteed, and/or employing a secure cloud computing environment. Cloud computing in particular may allow access to the data in a more controlled fashion than the current practice of downloading and computing on large datasets. Furthermore, it may be particularly advantageous for small labs, given that the burden of many privacy issues falls disproportionately on them in comparison to large corporations and genome centers. Finally, we discuss how education of future genetics researchers will be important, with curriculums emphasizing privacy and data security. However, teaching personal genomics with identifiable subjects in the university setting will, in turn, create additional privacy issues and social conundrums. © 2011 Greenbaum et al.

A privacy-strengthened scheme for E-Healthcare monitoring system.

PubMed

Huang, Chanying; Lee, Hwaseong; Lee, Dong Hoon

2012-10-01

Recent Advances in Wireless Body Area Networks (WBANs) offer unprecedented opportunities and challenges to the development of pervasive electronic healthcare (E-Healthcare) monitoring system. In E-Healthcare system, the processed data are patients' sensitive health data that are directly related to individuals' privacy. For this reason, privacy concern is of great importance for E-Healthcare system. Current existing systems for E-Healthcare services, however, have not yet provided sufficient privacy protection for patients. In order to offer adequate security and privacy, in this paper, we propose a privacy-enhanced scheme for patients' physical condition monitoring, which achieves dual effects: (1) providing unlinkability of health records and individual identity, and (2) supporting anonymous authentication and authorized data access. We also conduct a simulation experiment to evaluate the performance of the proposed scheme. The experimental results demonstrate that the proposed scheme achieves better performance in terms of computational complexity, communication overheads and querying efficiency compared with previous results.

Archiving Data from New Survey Technologies: Lessons Learned on Enabling Research with High-Precision Data While Preserving Participant Privacy: Preprint

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gonder, J.; Burton, E.; Murakami, E.

2014-11-01

During the past 15 years, increasing numbers of organizations and planning agencies have begun collecting high-resolution Global Positioning System (GPS) travel data. Despite the significant effort and expense to collect it, privacy concerns often lead to underutilization of the data. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory, with support from the U.S. Department of Transportation and U.S. Department of Energy, established the Transportation Secure Data Center (TSDC). Lessons drawn from best-practice examples from other data centers have helped shape the structure and operating procedures for the TSDC, which functions under themore » philosophy of first and foremost preserving privacy, but doing so in a way that balances security with accessibility and usability of the data for legitimate research. This paper provides details about the TSDC approach toward achieving these goals, which has included creating a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using a variety of tools and reference information. This paper also describes lessons learned from operating the TSDC with respect to improvements in GPS data handling, processing, and user support, along with plans for continual enhancements to better support the needs of both data providers and users and to thus advance the research value derived from such valuable data.« less

Honoring Dental Patients' Privacy Rule Right of Access in the Context of Electronic Health Records.

PubMed

Ramoni, Rachel B; Asher, Sheetal R; White, Joel M; Vaderhobli, Ram; Ogunbodede, Eyitope O; Walji, Muhammad F; Riedy, Christine; Kalenderian, Elsbeth

2016-06-01

A person's right to access his or her protected health information is a core feature of the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. If the information is stored electronically, covered entities must be able to provide patients with some type of machine-readable, electronic copy of their data. The aim of this study was to understand how academic dental institutions execute the Privacy Rule's right of access in the context of electronic health records (EHRs). A validated electronic survey was distributed to the clinical deans of 62 U.S. dental schools during a two-month period in 2014. The response rate to the survey was 53.2% (N=33). However, three surveys were partially completed, and of the 30 completed surveys, the 24 respondents who reported using axiUm as the EHR at their dental school clinic were the ones on which the results were based (38.7% of total schools at the time). Of the responses analyzed, 86% agreed that clinical modules should be considered part of a patient's dental record, and all agreed that student teaching-related modules should not. Great variability existed among these clinical deans as to whether administrative and financial modules should be considered part of a patient record. When patients request their records, close to 50% of responding schools provide the information exclusively on paper. This study found variation among dental schools in their implementation of the Privacy Rule right of access, and although all the respondents had adopted EHRs, a large number return records in paper format.

Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections.

PubMed

Wiener, Judith A; Gilliland, Anne T

2011-01-01

The investigation provides recommendations for establishing institutional collection guidelines and policies that protect the integrity of the historical record, while upholding the privacy and confidentiality of those who are protected by Health Insurance Portability and Accountability Act (HIPAA) or professional ethical standards. The authors completed a systematic historical investigation of the concepts of collection integrity, privacy, and confidentiality in the formal and informal legal and professional ethics literature and applied these standards to create best practices for institutional policies in these areas. Through an in-depth examination of the historical concepts of privacy and confidentiality in the legal and professional ethics literature, the authors were able to create recommendations that would allow institutions to provide access to important, yet sensitive, materials, while complying with the standards set by HIPAA regulations and professional ethical expectations. With thoughtful planning, it is possible to balance the integrity of and access to the historical record of sensitive documents, while supporting the privacy protections of HIPAA and professional ethical standards. Although it is theorized that collection development policies of institutions have changed due to HIPAA legislation, additional research is suggested to see how various legal interpretations have affected the integrity of the historical record in actuality.

Sexual and reproductive health care for adolescents: legal rights and policy challenges.

PubMed

English, Abigail

2007-12-01

Laws developed over the past half century have significantly improved adolescents' access to essential sexual and reproductive health care. These laws allow many adolescent minors to give their own consent, protect confidentiality, and provide financial support for the care. The consent requirements for adolescents to receive health care are contained primarily in state court decisions and in statutes known as "state minor consent laws," which are based on either the minor's status or the services sought. Confidentiality protections for adolescents' health information are contained in these minor consent laws, in the federal medical privacy regulations known as the "HIPAA Privacy Rule," and in state medical privacy laws. Other significant laws include statutes providing for the emancipation of minors, court decisions delineating the mature minor doctrine, regulations protecting adolescents' access to confidential family planning services in publicly funded programs, and court decisions interpreting the constitutional right of privacy. Special considerations apply to consent and confidentiality questions pertaining to family planning, contraception, and pregnancy-related care for minors. In addition to the explicit provisions of state minor consent laws, many of the most important considerations are articulated in court decisions based on the constitutional right of privacy and the confidentiality requirements that are part of the federal Title X Family Planning Program and Medicaid.

29 CFR 71.8 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 29 Labor 1 2010-07-01 2010-07-01 true Preservation of records. 71.8 Section 71.8 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.8 Preservation of records. Each component shall preserve all correspondence relating...

32 CFR 293.6 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

... database, and initiates the record search. If a final response cannot be made to the FOIA requester within... FOIA and the Privacy Act. Not all requesters will be knowledgeable of the appropriate act to cite when requesting records or access to records. In some instances, either the FOIA or the Privacy Act may be cited...

32 CFR 293.6 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... database, and initiates the record search. If a final response cannot be made to the FOIA requester within... FOIA and the Privacy Act. Not all requesters will be knowledgeable of the appropriate act to cite when requesting records or access to records. In some instances, either the FOIA or the Privacy Act may be cited...

32 CFR 293.6 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... database, and initiates the record search. If a final response cannot be made to the FOIA requester within... FOIA and the Privacy Act. Not all requesters will be knowledgeable of the appropriate act to cite when requesting records or access to records. In some instances, either the FOIA or the Privacy Act may be cited...

A Pretty Good Paper about Pretty Good Privacy.

ERIC Educational Resources Information Center

McCollum, Roy

With today's growth in the use of electronic information systems for e-mail, data development and research, and the relative ease of access to such resources, protecting one's data and correspondence has become a great concern. "Pretty Good Privacy" (PGP), an encryption program developed by Phil Zimmermann, may be the software tool that…

12 CFR 792.56 - Notice of existence of records, access decisions and disclosure of requested information; time...

Code of Federal Regulations, 2011 CFR

2011-01-01

... NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.56 Notice of existence of records...

12 CFR 792.56 - Notice of existence of records, access decisions and disclosure of requested information; time...

Code of Federal Regulations, 2014 CFR

2014-01-01

... NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.56 Notice of existence of records...

12 CFR 792.56 - Notice of existence of records, access decisions and disclosure of requested information; time...

Code of Federal Regulations, 2012 CFR

2012-01-01

... NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.56 Notice of existence of records...

78 FR 69393 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... records in its inventory of record systems subject to the Privacy Act of 1974, as amended. The National....O. 12968, as amended, Access to classified information; 5 CFR part 732, National security positions...); 5 U.S.C. 7532, Suspension and Removal; E.O. 12958, Classified National Security Information; DoD...

12 CFR 792.56 - Notice of existence of records, access decisions and disclosure of requested information; time...

Code of Federal Regulations, 2013 CFR

2013-01-01

... NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.56 Notice of existence of records...

12 CFR 792.56 - Notice of existence of records, access decisions and disclosure of requested information; time...

Code of Federal Regulations, 2010 CFR

2010-01-01

... NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.56 Notice of existence of records...

15 CFR 4.26 - Special procedures: Medical records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 15 Commerce and Foreign Trade 1 2014-01-01 2014-01-01 false Special procedures: Medical records. 4... GOVERNMENT INFORMATION Privacy Act § 4.26 Special procedures: Medical records. (a) No response to any request for access to medical records from an individual will be issued by the Privacy Officer for a period of...

21 CFR 21.33 - Medical records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 21 Food and Drugs 1 2013-04-01 2013-04-01 false Medical records. 21.33 Section 21.33 Food and... PRIVACY Requirements for Specific Categories of Records § 21.33 Medical records. (a) In general, an individual is entitled to have access to any medical records about himself in Privacy Act Record Systems...

21 CFR 21.33 - Medical records.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 21 Food and Drugs 1 2012-04-01 2012-04-01 false Medical records. 21.33 Section 21.33 Food and... PRIVACY Requirements for Specific Categories of Records § 21.33 Medical records. (a) In general, an individual is entitled to have access to any medical records about himself in Privacy Act Record Systems...

15 CFR 4.26 - Special procedures: Medical records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 15 Commerce and Foreign Trade 1 2013-01-01 2013-01-01 false Special procedures: Medical records. 4... GOVERNMENT INFORMATION Privacy Act § 4.26 Special procedures: Medical records. (a) No response to any request for access to medical records from an individual will be issued by the Privacy Officer for a period of...

21 CFR 21.33 - Medical records.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 21 Food and Drugs 1 2014-04-01 2014-04-01 false Medical records. 21.33 Section 21.33 Food and... PRIVACY Requirements for Specific Categories of Records § 21.33 Medical records. (a) In general, an individual is entitled to have access to any medical records about himself in Privacy Act Record Systems...

17 CFR 200.308 - Appeal of initial adverse agency determination as to access or as to amendment or correction.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records Maintained by the... legal holidays) after his request was received by the Office of Information and Privacy Act Operations...

21 CFR 21.33 - Medical records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 21 Food and Drugs 1 2011-04-01 2011-04-01 false Medical records. 21.33 Section 21.33 Food and... PRIVACY Requirements for Specific Categories of Records § 21.33 Medical records. (a) In general, an individual is entitled to have access to any medical records about himself in Privacy Act Record Systems...

40 CFR 1602.1 - General provisions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... request an accounting of disclosures of those records by the CSB. In addition, the CSB processes all... access, a request for amendment or correction, or a request for an accounting under the Privacy Act... subsection (d)(2) of the Privacy Act, 5 U.S.C. 552a. Request for an accounting means a request made as...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary to carry out the functions described in § 155.200 of...: (1) Gain access to personally identifiable information submitted to an Exchange; or (2) Collect, use...

77 FR 46010 - Self Reporting of Out-of-State Convictions

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-02

... Participation and Request for Comments A. Submitting Comments B. Viewing Comments and Documents C. Privacy Act... review. If you do not have access to the Internet, you may view the docket online by visiting the Docket..., except Federal holidays. C. Privacy Act Anyone is able to search the electronic form of all comments...

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

A Deterrence Approach to Regulate Nurses' Compliance with Electronic Medical Records Privacy Policy.

PubMed

Kuo, Kuang-Ming; Talley, Paul C; Hung, Ming-Chien; Chen, Yen-Liang

2017-11-03

Hospitals have become increasingly aware that electronic medical records (EMR) may bring about tangible/intangible benefits to managing institutions, including reduced medical errors, improved quality-of-care, curtailed costs, and allowed access to patient information by healthcare professionals regardless of limitations. However, increased dependence on EMR has led to a corresponding increase in the influence of EMR breaches. Such incursions, which have been significantly facilitated by the introduction of mobile devices for accessing EMR, may induce tangible/intangible damage to both hospitals and concerned individuals. The purpose of this study was to explore factors which may tend to inhibit nurses' intentions to violate privacy policy concerning EMR based upon the deterrence theory perspective. Utilizing survey methodology, 262 responses were analyzed via structural equation modeling. Results revealed that punishment certainty, detection certainty, and subjective norm would most certainly and significantly reduce nurses' intentions to violate established EMR privacy policy. With these findings, recommendations for health administrators in planning and designing effective strategies which may potentially inhibit nurses from violating EMR privacy policy are discussed.

20 CFR 401.55 - Access to medical records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Access to medical records. 401.55 Section 401... INFORMATION The Privacy Act § 401.55 Access to medical records. (a) General. You have a right to access your medical records, including any psychological information that we maintain. (b) Medical records procedures...

5 CFR 1302.3 - Access to the accounting of disclosures from records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Access to the accounting of disclosures... ADMINISTRATIVE PROCEDURES PRIVACY ACT PROCEDURES § 1302.3 Access to the accounting of disclosures from records. Rules governing the granting of access to the accounting of disclosures are the same as those for...

41 CFR 105-64.204 - Can parents and guardians obtain access to records?

Code of Federal Regulations, 2011 CFR

2011-01-01

... Offices-General Services Administration 64-GSA PRIVACY ACT RULES 64.2-Access to Records § 105-64.204 Can parents and guardians obtain access to records? If you are the parent or guardian of a minor, or of a...

41 CFR 105-64.204 - Can parents and guardians obtain access to records?

Code of Federal Regulations, 2010 CFR

2010-07-01

... Offices-General Services Administration 64-GSA PRIVACY ACT RULES 64.2-Access to Records § 105-64.204 Can parents and guardians obtain access to records? If you are the parent or guardian of a minor, or of a...

Web Helpdesk - PHE

Science.gov Websites

You may be trying to access this site from a secured browser on the server. Please enable scripts supports this element, such as Internet Explorer 7.0 or later. Home | Contact Us | Accessibility | Privacy

An overview of human genetic privacy.

PubMed

Shi, Xinghua; Wu, Xintao

2017-01-01

The study of human genomics is becoming a Big Data science, owing to recent biotechnological advances leading to availability of millions of personal genome sequences, which can be combined with biometric measurements from mobile apps and fitness trackers, and of human behavior data monitored from mobile devices and social media. With increasing research opportunities for integrative genomic studies through data sharing, genetic privacy emerges as a legitimate yet challenging concern that needs to be carefully addressed, not only for individuals but also for their families. In this paper, we present potential genetic privacy risks and relevant ethics and regulations for sharing and protecting human genomics data. We also describe the techniques for protecting human genetic privacy from three broad perspectives: controlled access, differential privacy, and cryptographic solutions. © 2016 New York Academy of Sciences.

"I Always Vet Things": Navigating Privacy and the Presentation of Self on Health Discussion Boards Among Individuals with Long-Term Conditions.

PubMed

Brady, Ellen; Segar, Julia; Sanders, Caroline

2016-10-13

The ethics of research into online communities is a long-debated issue, with many researchers arguing that open-access discussion groups are publically accessible data and do not require informed consent from participants for their use for research purposes. However, it has been suggested that there is a discrepancy between the perceived and actual privacy of user-generated online content by community members. There has been very little research regarding how privacy is experienced and enacted online. The objective of this study is to address this gap by qualitatively exploring the expectations of privacy on Internet forums among individuals with long-term conditions. Semistructured interviews were conducted with 20 participants with myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) and 21 participants with type 1 and 2 diabetes mellitus, and were analyzed using thematic analysis. Participants were recruited via online and offline routes, namely forums, email lists, newsletters, and face-to-face support groups. The findings indicate that privacy online is a nebulous concept. Rather than individuals drawing a clear-cut distinction between what they would and would not be comfortable sharing online, it was evident that these situations were contextually dependent and related to a number of unique and individual factors. Interviewees were seen to carefully manage how they presented themselves on forums, filtering and selecting the information that they shared about themselves in order to develop and maintain a particular online persona, while maintaining and preserving an acceptable level of privacy.

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

A community assessment of privacy preserving techniques for human genomes

PubMed Central

2014-01-01

To answer the need for the rigorous protection of biomedical data, we organized the Critical Assessment of Data Privacy and Protection initiative as a community effort to evaluate privacy-preserving dissemination techniques for biomedical data. We focused on the challenge of sharing aggregate human genomic data (e.g., allele frequencies) in a way that preserves the privacy of the data donors, without undermining the utility of genome-wide association studies (GWAS) or impeding their dissemination. Specifically, we designed two problems for disseminating the raw data and the analysis outcome, respectively, based on publicly available data from HapMap and from the Personal Genome Project. A total of six teams participated in the challenges. The final results were presented at a workshop of the iDASH (integrating Data for Analysis, 'anonymization,' and SHaring) National Center for Biomedical Computing. We report the results of the challenge and our findings about the current genome privacy protection techniques. PMID:25521230

A community assessment of privacy preserving techniques for human genomes.

PubMed

Jiang, Xiaoqian; Zhao, Yongan; Wang, Xiaofeng; Malin, Bradley; Wang, Shuang; Ohno-Machado, Lucila; Tang, Haixu

2014-01-01

To answer the need for the rigorous protection of biomedical data, we organized the Critical Assessment of Data Privacy and Protection initiative as a community effort to evaluate privacy-preserving dissemination techniques for biomedical data. We focused on the challenge of sharing aggregate human genomic data (e.g., allele frequencies) in a way that preserves the privacy of the data donors, without undermining the utility of genome-wide association studies (GWAS) or impeding their dissemination. Specifically, we designed two problems for disseminating the raw data and the analysis outcome, respectively, based on publicly available data from HapMap and from the Personal Genome Project. A total of six teams participated in the challenges. The final results were presented at a workshop of the iDASH (integrating Data for Analysis, 'anonymization,' and SHaring) National Center for Biomedical Computing. We report the results of the challenge and our findings about the current genome privacy protection techniques.

5 CFR 297.202 - Methods of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

....202 Administrative Personnel OFFICE OF PERSONNEL MANAGEMENT CIVIL SERVICE REGULATIONS PRIVACY... access to records, when such access has been granted by the Office or agency, are: (1) Inspection in person in the designated office during the hours specified by the Office or agency; or (2) Transfer of...

77 FR 551 - Privacy Act of 1974; Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-05

... Act system of records entitled ``Treasury/BEP .027--Access Control and Alarm Monitoring Systems (ACAMS... .027--Access Control and Alarm Monitoring Systems (ACAMS).'' BEP proposes to amend that system of... records entitled ``BEP .027--Access Control and Alarm Monitoring Systems (ACAMS),'' as follows: Treasury...

The "GeneTrustee": a universal identification system that ensures privacy and confidentiality for human genetic databases.

PubMed

Burnett, Leslie; Barlow-Stewart, Kris; Proos, Anné L; Aizenberg, Harry

2003-05-01

This article describes a generic model for access to samples and information in human genetic databases. The model utilises a "GeneTrustee", a third-party intermediary independent of the subjects and of the investigators or database custodians. The GeneTrustee model has been implemented successfully in various community genetics screening programs and has facilitated research access to genetic databases while protecting the privacy and confidentiality of research subjects. The GeneTrustee model could also be applied to various types of non-conventional genetic databases, including neonatal screening Guthrie card collections, and to forensic DNA samples.

76 FR 22611 - Privacy Act of 1974; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-22

...) Reasons: (A) from subsections (c)(3) and (d) when access to accounting disclosure and access to or amendment of records would cause the identity of a confidential source to be revealed. Disclosure of the...

Integration of LDSE and LTVS logs with HIPAA compliant auditing system (HCAS)

NASA Astrophysics Data System (ADS)

Zhou, Zheng; Liu, Brent J.; Huang, H. K.; Guo, Bing; Documet, Jorge; King, Nelson

2006-03-01

The deadline of HIPAA (Health Insurance Portability and Accountability Act) Security Rules has passed on February 2005; therefore being HIPAA compliant becomes extremely critical to healthcare providers. HIPAA mandates healthcare providers to protect the privacy and integrity of the health data and have the ability to demonstrate examples of mechanisms that can be used to accomplish this task. It is also required that a healthcare institution must be able to provide audit trails on image data access on demand for a specific patient. For these reasons, we have developed a HIPAA compliant auditing system (HCAS) for image data security in a PACS by auditing every image data access. The HCAS was presented in 2005 SPIE. This year, two new components, LDSE (Lossless Digital Signature Embedding) and LTVS (Patient Location Tracking and Verification System) logs, have been added to the HCAS. The LDSE can assure medical image integrity in a PACS, while the LTVS can provide access control for a PACS by creating a security zone in the clinical environment. By integrating the LDSE and LTVS logs with the HCAS, the privacy and integrity of image data can be audited as well. Thus, a PACS with the HCAS installed can become HIPAA compliant in image data privacy and integrity, access control, and audit control.

Availability of driver's license master lists for use in government-sponsored public health research.

PubMed

Walsh, Matthew C; Trentham-Dietz, Amy; Palta, Mari

2011-06-15

Although the percentage of US drivers with valid driver's licenses varies from state to state, it has historically been high enough to constitute a useful sampling frame for many public health purposes. Over the past decade, states have had to restrict access to this information to comply with the Driver's Privacy Protection Act (18 U.S.C. 2721-2725). In 2009 and 2010, the authors conducted a survey of all 50 states on the availability of master lists of licensed drivers to be used to contact citizens of each state for research purposes. A hypothetical situation requiring driver's license data was sent to each state's responsible government agency for review. In addition, the authors collected data on opt-out mechanisms available to drivers, costs to researchers, and additional state privacy policies pertaining to driver's license files. A total of 42 states (84%) responded; 16 (32%) states allowed access to data, 4 (8%) states were unable to respond to the hypothetical situation, and 22 (44%) states denied access to data. A total of 74,697,574 records were available from the 16 states providing driver's license data. Although the Driver's Privacy Protection Act has restricted access to data on licensed drivers, these data are still an available resource in many states.

Availability of Driver's License Master Lists for Use in Government-Sponsored Public Health Research

PubMed Central

Walsh, Matthew C.; Trentham-Dietz, Amy; Palta, Mari

2011-01-01

Although the percentage of US drivers with valid driver's licenses varies from state to state, it has historically been high enough to constitute a useful sampling frame for many public health purposes. Over the past decade, states have had to restrict access to this information to comply with the Driver's Privacy Protection Act (18 U.S.C. 2721–2725). In 2009 and 2010, the authors conducted a survey of all 50 states on the availability of master lists of licensed drivers to be used to contact citizens of each state for research purposes. A hypothetical situation requiring driver's license data was sent to each state's responsible government agency for review. In addition, the authors collected data on opt-out mechanisms available to drivers, costs to researchers, and additional state privacy policies pertaining to driver's license files. A total of 42 states (84%) responded; 16 (32%) states allowed access to data, 4 (8%) states were unable to respond to the hypothetical situation, and 22 (44%) states denied access to data. A total of 74,697,574 records were available from the 16 states providing driver's license data. Although the Driver's Privacy Protection Act has restricted access to data on licensed drivers, these data are still an available resource in many states. PMID:21571870

Confidentiality and Privacy for Smartphone Applications in Child and Adolescent Psychiatry: Unmet Needs and Practical Solutions.

PubMed

Wu, Emily; Torous, John; Hardaway, Rashad; Gutheil, Thomas

2017-01-01

This article summarizes the current literature on clinical knowledge and practical gaps regarding the confidentiality and privacy for smartphone and connected devices in child and adolescent psychiatry and offers practical solutions and consideration for the next steps for the field. Important issues to consider include disclosure of information sharing, access privilege, privacy and trust, risk and benefit analysis, and the need for standardization. Through understanding the privacy and confidentiality concerns regarding digital devices, child and adolescent psychiatrists can guide patients and parents though informed decision-making and also help shape how the field creates the next generation of these tools. Copyright © 2016 Elsevier Inc. All rights reserved.

Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

The Privacy Jungle:On the Market for Data Protection in Social Networks

NASA Astrophysics Data System (ADS)

Bonneau, Joseph; Preibusch, Sören

We have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, nondecisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites' privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites' privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximize sign-up numbers and encourage data sharing from the pragmatic majority of users.

Extending SQL to Support Privacy Policies

NASA Astrophysics Data System (ADS)

Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken

Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.

5 CFR 297.204 - Access by the representative of the data subject.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 5 Administrative Personnel 1 2014-01-01 2014-01-01 false Access by the representative of the data... REGULATIONS PRIVACY PROCEDURES FOR PERSONNEL RECORDS Request for Access § 297.204 Access by the representative of the data subject. A record may be disclosed to a representative of the individual to whom the...

5 CFR 297.204 - Access by the representative of the data subject.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 5 Administrative Personnel 1 2011-01-01 2011-01-01 false Access by the representative of the data... REGULATIONS PRIVACY PROCEDURES FOR PERSONNEL RECORDS Request for Access § 297.204 Access by the representative of the data subject. A record may be disclosed to a representative of the individual to whom the...

5 CFR 297.204 - Access by the representative of the data subject.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 5 Administrative Personnel 1 2010-01-01 2010-01-01 false Access by the representative of the data... REGULATIONS PRIVACY PROCEDURES FOR PERSONNEL RECORDS Request for Access § 297.204 Access by the representative of the data subject. A record may be disclosed to a representative of the individual to whom the...

12 CFR 404.17 - Appeal of denials of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Appeal of denials of access. 404.17 Section 404.17 Banks and Banking EXPORT-IMPORT BANK OF THE UNITED STATES INFORMATION DISCLOSURE Access to Records Under the Privacy Act of 1974 § 404.17 Appeal of denials of access. (a) Appeals to the Assistant General...

28 CFR 513.34 - Protection of individual privacy-disclosure of records to third parties.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 28 Judicial Administration 2 2014-07-01 2014-07-01 false Protection of individual privacy-disclosure of records to third parties. 513.34 Section 513.34 Judicial Administration BUREAU OF PRISONS, DEPARTMENT OF JUSTICE GENERAL MANAGEMENT AND ADMINISTRATION ACCESS TO RECORDS Release of Information General Provisions and Procedures § 513.34...

Protecting Student Records and Facilitating Education Research: A Workshop Summary

ERIC Educational Resources Information Center

Hilton, Margaret

2008-01-01

Designed to protect the privacy of individual student test scores, grades, and other education records, the Family Educational Rights and Privacy Act (FERPA) of 1974 places limits the access of educational researches, and slows research not only in education but also in related fields, such as child welfare and health. Recent trends have converged…

28 CFR 513.34 - Protection of individual privacy-disclosure of records to third parties.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 28 Judicial Administration 2 2012-07-01 2012-07-01 false Protection of individual privacy-disclosure of records to third parties. 513.34 Section 513.34 Judicial Administration BUREAU OF PRISONS, DEPARTMENT OF JUSTICE GENERAL MANAGEMENT AND ADMINISTRATION ACCESS TO RECORDS Release of Information General Provisions and Procedures § 513.34...

Protecting User Privacy in the Age of Digital Libraries

ERIC Educational Resources Information Center

Coombs, Karen A.

2005-01-01

In this article, the author discusses how she and the other librarians at State University of New York (SUNY) Cortland learned to "scrub" their records so that patrons remained protected, but the librarians still had access to useful statistics. The topic of library privacy regulations is complex. There is a host of legislation at both…

28 CFR 513.34 - Protection of individual privacy-disclosure of records to third parties.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Protection of individual privacy-disclosure of records to third parties. 513.34 Section 513.34 Judicial Administration BUREAU OF PRISONS, DEPARTMENT OF JUSTICE GENERAL MANAGEMENT AND ADMINISTRATION ACCESS TO RECORDS Release of Information General Provisions and Procedures § 513.34...

28 CFR 513.34 - Protection of individual privacy-disclosure of records to third parties.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 28 Judicial Administration 2 2013-07-01 2013-07-01 false Protection of individual privacy-disclosure of records to third parties. 513.34 Section 513.34 Judicial Administration BUREAU OF PRISONS, DEPARTMENT OF JUSTICE GENERAL MANAGEMENT AND ADMINISTRATION ACCESS TO RECORDS Release of Information General Provisions and Procedures § 513.34...

28 CFR 513.34 - Protection of individual privacy-disclosure of records to third parties.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 28 Judicial Administration 2 2011-07-01 2011-07-01 false Protection of individual privacy-disclosure of records to third parties. 513.34 Section 513.34 Judicial Administration BUREAU OF PRISONS, DEPARTMENT OF JUSTICE GENERAL MANAGEMENT AND ADMINISTRATION ACCESS TO RECORDS Release of Information General Provisions and Procedures § 513.34...

20 CFR 401.40 - How to get your own records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 401.40 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.40 How to get your own records. (a) Your right to notification... notification of or access to any record about yourself that is in an SSA system of records. If you are a minor...

20 CFR 401.40 - How to get your own records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 401.40 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION The Privacy Act § 401.40 How to get your own records. (a) Your right to notification... notification of or access to any record about yourself that is in an SSA system of records. If you are a minor...

32 CFR 1901.21 - Processing requests for access to or amendment of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... CENTRAL INTELLIGENCE AGENCY PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action on Privacy Act Requests... requester cites one Act in the request, both, or neither. This action is taken in order to ensure the... written response, shall so inform the requester and advise of his or her right to an administrative appeal...

32 CFR 1801.21 - Processing requests for access to or amendment of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... NATIONAL COUNTERINTELLIGENCE CENTER PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974 Action On Privacy Act... whether the requester cites one Act in the request, both, or neither. This action is taken in order to..., in the form of a final written response, shall so inform the requester and advise of his or her right...

Balancing Student Privacy, Campus Security, and Public Safety: Issues for Campus Leaders. Perspectives, Winter 2008

ERIC Educational Resources Information Center

McBain, Lesley

2008-01-01

The complex issues of promoting student mental health, privacy and public safety, and the balance among them, weigh on the minds of institutional leaders, educational policymakers, and local, state and federal officials. American campuses have a proud history of intellectual freedom, openness and public accessibility to their communities. However,…

77 FR 53237 - Submission for Review; Information Collection: Freedom of Information/Privacy Act Record Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-31

... of data elements specific to FOIA and Privacy Act record requests submitted to FIS. Current FOIA and... consistent with the published regulations at 5 CFR 294 and 297, respectively. Often the requests are missing data elements which require contact with the requester via mail, thereby adding time to the access...

12 CFR 1102.107 - Appeal of initial adverse agency determination regarding access or amendment.

Code of Federal Regulations, 2010 CFR

2010-01-01

... issue an order granting the requested amendment in whole or in part and instructing the Privacy Act... EXAMINATION COUNCIL APPRAISER REGULATION Rules Pertaining to the Privacy of Individuals and Systems of Records... with his or her request. (1) The application shall be in writing and shall describe the record in issue...

The Impact of User Privacy Concerns and Ethnic Cultural Values on Attitudes toward the Use of Biometric Technology

ERIC Educational Resources Information Center

Carpenter, Darrell R.

2011-01-01

Biometric technology is rapidly gaining popularity as an access control mechanism in the workplace. In some instances, systems relying on biometric technology have not been well received by employees. One reason for resistance may be perceived privacy issues associated with biometrics. This research draws on previous organizational information…

4 CFR 200.8 - Appealing denials of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 4 Accounts 1 2010-01-01 2010-01-01 false Appealing denials of access. 200.8 Section 200.8 Accounts RECOVERY ACCOUNTABILITY AND TRANSPARENCY BOARD PRIVACY ACT OF 1974 § 200.8 Appealing denials of access. (a... writing. The appeal should be directed to Executive Director, Recovery Accountability and Transparency...

17 CFR 162.3 - Affiliate marketing opt out and exceptions.

Code of Federal Regulations, 2012 CFR

2012-04-01

... places that information into a common database that the covered affiliate may access. (3) Service... maintains or accesses a common database that the covered affiliate may access) receives eligibility... the notice and opt-out provisions under other privacy rules under the FCRA, the GLB Act or the CEA. ...

17 CFR 162.3 - Affiliate marketing opt out and exceptions.

Code of Federal Regulations, 2013 CFR

2013-04-01

... places that information into a common database that the covered affiliate may access. (3) Service... maintains or accesses a common database that the covered affiliate may access) receives eligibility... the notice and opt-out provisions under other privacy rules under the FCRA, the GLB Act or the CEA. ...

17 CFR 162.3 - Affiliate marketing opt out and exceptions.

Code of Federal Regulations, 2014 CFR

2014-04-01

... places that information into a common database that the covered affiliate may access. (3) Service... maintains or accesses a common database that the covered affiliate may access) receives eligibility... the notice and opt-out provisions under other privacy rules under the FCRA, the GLB Act or the CEA. ...

77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... 1974; Department of Homeland Security/ALL-004 General Information Technology Access Account Records..., Department of Homeland Security/ALL-004 General Information Technology Access Account Records System of... access account records. This system consists of information collected in order to provide authorized...

77 FR 15595 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-16

...) and (d) when access to accounting disclosures and access to or amendment of records would cause the identity of a confidential source to be revealed. Disclosure of the source's identity not only will result... provided access to the information except to the extent that disclosure would reveal the identity of a...

32 CFR 311.6 - Procedures.

Code of Federal Regulations, 2011 CFR

2011-07-01

... individual's identity according to 32 CFR 310.17. (ii) Any individual making a request for access to records... need to gain access. (5) No verification of identity shall be required of an individual seeking access... Privacy Act, records shall be disclosed only to the individual they pertain to and under whose individual...

32 CFR 311.6 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... individual's identity according to 32 CFR 310.17. (ii) Any individual making a request for access to records... need to gain access. (5) No verification of identity shall be required of an individual seeking access... Privacy Act, records shall be disclosed only to the individual they pertain to and under whose individual...

32 CFR 311.6 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

... individual's identity according to 32 CFR 310.17. (ii) Any individual making a request for access to records... need to gain access. (5) No verification of identity shall be required of an individual seeking access... Privacy Act, records shall be disclosed only to the individual they pertain to and under whose individual...

32 CFR 311.6 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... individual's identity according to 32 CFR 310.17. (ii) Any individual making a request for access to records... need to gain access. (5) No verification of identity shall be required of an individual seeking access... Privacy Act, records shall be disclosed only to the individual they pertain to and under whose individual...

The Computer Catalog: A Democratic or Authoritarian Technology?

ERIC Educational Resources Information Center

Adams, Judith A.

1988-01-01

Discussion of consequences of library automation argues that technology should be used to augment access to information. Online public access catalogs are considered in this context, along with several related issues such as system incompatibility, invasion of privacy, barriers to database access and manipulation, and user fees, which contribute…

10 CFR 9.65 - Access determinations; appeals.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 1 2012-01-01 2012-01-01 false Access determinations; appeals. 9.65 Section 9.65 Energy NUCLEAR REGULATORY COMMISSION PUBLIC RECORDS Privacy Act Regulations Determinations and Appeals § 9.65... 30 working days after receipt of the request. (1) Notices granting access shall inform the individual...

10 CFR 9.65 - Access determinations; appeals.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 1 2013-01-01 2013-01-01 false Access determinations; appeals. 9.65 Section 9.65 Energy NUCLEAR REGULATORY COMMISSION PUBLIC RECORDS Privacy Act Regulations Determinations and Appeals § 9.65... 30 working days after receipt of the request. (1) Notices granting access shall inform the individual...

10 CFR 1705.06 - Appeals from access denials.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Appeals from access denials. 1705.06 Section 1705.06 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.06 Appeals from access denials. When.... This appeal should be directed to The Chairman, Defense Nuclear Facilities Safety Board, 625 Indiana...

10 CFR 1705.06 - Appeals from access denials.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Appeals from access denials. 1705.06 Section 1705.06 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.06 Appeals from access denials. When.... This appeal should be directed to The Chairman, Defense Nuclear Facilities Safety Board, 625 Indiana...

10 CFR 1705.06 - Appeals from access denials.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Appeals from access denials. 1705.06 Section 1705.06 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.06 Appeals from access denials. When.... This appeal should be directed to The Chairman, Defense Nuclear Facilities Safety Board, 625 Indiana...

10 CFR 9.65 - Access determinations; appeals.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 1 2014-01-01 2014-01-01 false Access determinations; appeals. 9.65 Section 9.65 Energy NUCLEAR REGULATORY COMMISSION PUBLIC RECORDS Privacy Act Regulations Determinations and Appeals § 9.65... 30 working days after receipt of the request. (1) Notices granting access shall inform the individual...

10 CFR 9.65 - Access determinations; appeals.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access determinations; appeals. 9.65 Section 9.65 Energy NUCLEAR REGULATORY COMMISSION PUBLIC RECORDS Privacy Act Regulations Determinations and Appeals § 9.65... 30 working days after receipt of the request. (1) Notices granting access shall inform the individual...

75 FR 57829 - Airport Improvement Program (AIP): Policy Regarding Access to Airports From Residential Property

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-22

... DEPARTMENT OF TRANSPORTATION Federal Aviation Administration [Docket No. FAA-2010-0831] Airport Improvement Program (AIP): Policy Regarding Access to Airports From Residential Property AGENCY: Federal... inadvertent omission in the Privacy paragraph in the Notice of Proposed Policy Regarding Access to Airports...

10 CFR 1705.06 - Appeals from access denials.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Appeals from access denials. 1705.06 Section 1705.06 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.06 Appeals from access denials. When.... This appeal should be directed to The Chairman, Defense Nuclear Facilities Safety Board, 625 Indiana...

10 CFR 1705.06 - Appeals from access denials.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Appeals from access denials. 1705.06 Section 1705.06 Energy DEFENSE NUCLEAR FACILITIES SAFETY BOARD PRIVACY ACT § 1705.06 Appeals from access denials. When.... This appeal should be directed to The Chairman, Defense Nuclear Facilities Safety Board, 625 Indiana...

Privacy preserving processing of genomic data: A survey.

PubMed

Akgün, Mete; Bayrak, A Osman; Ozer, Bugra; Sağıroğlu, M Şamil

2015-08-01

Recently, the rapid advance in genome sequencing technology has led to production of huge amount of sensitive genomic data. However, a serious privacy challenge is confronted with increasing number of genetic tests as genomic data is the ultimate source of identity for humans. Lately, privacy threats and possible solutions regarding the undesired access to genomic data are discussed, however it is challenging to apply proposed solutions to real life problems due to the complex nature of security definitions. In this review, we have categorized pre-existing problems and corresponding solutions in more understandable and convenient way. Additionally, we have also included open privacy problems coming with each genomic data processing procedure. We believe our classification of genome associated privacy problems will pave the way for linking of real-life problems with previously proposed methods. Copyright © 2015 Elsevier Inc. All rights reserved.

Balancing Health Information Exchange and Privacy Governance from a Patient-Centred Connected Health and Telehealth Perspective.

PubMed

Kuziemsky, Craig E; Gogia, Shashi B; Househ, Mowafa; Petersen, Carolyn; Basu, Arindam

2018-04-22

 Connected healthcare is an essential part of patient-centred care delivery. Technology such as telehealth is a critical part of connected healthcare. However, exchanging health information brings the risk of privacy issues. To better manage privacy risks we first need to understand the different patterns of patient-centred care in order to tailor solutions to address privacy risks.  Drawing upon published literature, we develop a business model to enable patient-centred care via telehealth. The model identifies three patient-centred connected health patterns. We then use the patterns to analyse potential privacy risks and possible solutions from different types of telehealth delivery.  Connected healthcare raises the risk of unwarranted access to health data and related invasion of privacy. However, the risk and extent of privacy issues differ according to the pattern of patient-centred care delivery and the type of particular challenge as they enable the highest degree of connectivity and thus the greatest potential for privacy breaches.  Privacy issues are a major concern in telehealth systems and patients, providers, and administrators need to be aware of these privacy issues and have guidance on how to manage them. This paper integrates patient-centred connected health care, telehealth, and privacy risks to provide an understanding of how risks vary across different patterns of patient-centred connected health and different types of telehealth delivery. Georg Thieme Verlag KG Stuttgart.

76 FR 54190 - Proposed Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-31

... decentralized, with each mission area and agency managing its respective FOIA programs. At the end of each year...-know basis. Role-based access controls are used, and FX is only accessible via the Internet using USDA...

Gaining Access.

ERIC Educational Resources Information Center

Wand, Sean; Thermos, Adam C.

1998-01-01

Explains the issues to consider before a college decides to purchase a card-access system. The benefits of automation, questions involving implementation, the criteria for technology selection, what typical card technology involves, privacy concerns, and the placement of card readers are discussed. (GR)

Open versus Controlled-Access Data | Office of Cancer Genomics

Cancer.gov

OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

Automatic face recognition in HDR imaging

NASA Astrophysics Data System (ADS)

Pereira, Manuela; Moreno, Juan-Carlos; Proença, Hugo; Pinheiro, António M. G.

2014-05-01

The gaining popularity of the new High Dynamic Range (HDR) imaging systems is raising new privacy issues caused by the methods used for visualization. HDR images require tone mapping methods for an appropriate visualization on conventional and non-expensive LDR displays. These visualization methods might result in completely different visualization raising several issues on privacy intrusion. In fact, some visualization methods result in a perceptual recognition of the individuals, while others do not even show any identity. Although perceptual recognition might be possible, a natural question that can rise is how computer based recognition will perform using tone mapping generated images? In this paper, a study where automatic face recognition using sparse representation is tested with images that result from common tone mapping operators applied to HDR images. Its ability for the face identity recognition is described. Furthermore, typical LDR images are used for the face recognition training.

Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections

PubMed Central

Gilliland, Anne T

2011-01-01

Objective: The investigation provides recommendations for establishing institutional collection guidelines and policies that protect the integrity of the historical record, while upholding the privacy and confidentiality of those who are protected by Health Insurance Portability and Accountability Act (HIPAA) or professional ethical standards. Methods: The authors completed a systematic historical investigation of the concepts of collection integrity, privacy, and confidentiality in the formal and informal legal and professional ethics literature and applied these standards to create best practices for institutional policies in these areas. Results: Through an in-depth examination of the historical concepts of privacy and confidentiality in the legal and professional ethics literature, the authors were able to create recommendations that would allow institutions to provide access to important, yet sensitive, materials, while complying with the standards set by HIPAA regulations and professional ethical expectations. Conclusion: With thoughtful planning, it is possible to balance the integrity of and access to the historical record of sensitive documents, while supporting the privacy protections of HIPAA and professional ethical standards. Although it is theorized that collection development polices of institutions have changed due to HIPAA legislation, additional research is suggested to see how various legal interpretations have affected the integrity of the historical record in actuality. PMID:21243051

Advantages and Disadvantages for Receiving Internet-Based HIV/AIDS Interventions at Home or at Community Based Organization

PubMed Central

Green, Shana M.; Lockhart, Elizabeth; Marhefka, Stephanie L.

2015-01-01

Within recent years public health interventions have become technologically based to reflect the digital age we currently live in and appeal to the public in innovative and novel ways. The Internet breaks down boundaries distance imposes and increases our ability to reach and connect with people. Internet-based interventions have the potential to expand access to effective behavioral interventions. The US National HIV/AIDS Strategy states that people living with HIV should have access to effective behavioral interventions like Healthy Relationships (HR) to help them develop safe sex and disclosure skills. However, access to HR is limited across the country, especially for people in remote or rural areas. Internet-based Healthy Relationships Video Groups (HR-VG) delivered at home or community based organizations (CBOs) can possibly expand access. This study assesses the preferences of women living with HIV (WLH) for participation in HR-VG among 21 WLH who participated in a randomized control trial (RCT) testing HR-VG and completed open-ended semi-structured telephone interviews. Transcripts were thematically analyzed to determine advantages, disadvantages and overall preference for home or agency delivery of HR-VG. Themes relating to convenience, technology access, privacy, distractions, HIV serostatus disclosure and social opportunities were identified as advantages or disadvantages to participating in HR-VG at each location. Overall privacy was the most salient concern of accessing HR-VG at home or at a CBO. Considering the concerns expressed by WLH, further studies are needed to assess how an Internet-based intervention delivered at home for WLH can maintain privacy while being cost effective. PMID:26357907

Advantages and disadvantages for receiving Internet-based HIV/AIDS interventions at home or at community-based organizations.

PubMed

Green, Shana M; Lockhart, Elizabeth; Marhefka, Stephanie L

2015-01-01

Within recent years, public health interventions have become technology based to reflect the digital age we currently live in and appeal to the public in innovative and novel ways. The Internet breaks down boundaries distance imposes and increases our ability to reach and connect with people. Internet-based interventions have the potential to expand access to effective behavioral interventions (EBIs). The US National HIV/AIDS Strategy states that people living with HIV should have access to EBIs such as healthy relationships (HR) to help them develop safe sex and disclosure skills. However, access to HR is limited across the country, especially for people in remote or rural areas. Internet-based healthy relationships video groups (HR-VG) delivered at home or community-based organizations (CBOs) can possibly expand access. This study assesses the preferences of women living with HIV (WLH) for participation in HR-VG among 21 WLH who participated in a randomized control trial (RCT) testing HR-VG and completed open-ended semi-structured telephone interviews. Transcripts were thematically analyzed to determine advantages and disadvantages of home or CBO delivery of HR-VG. Themes relating to convenience, technology access, privacy, distractions, HIV serostatus disclosure, and social opportunities were identified as advantages or disadvantages to participating in HR-VG at each location. Overall, privacy was the most salient concern of accessing HR-VG at home or at a CBO. Considering the concerns expressed by WLH, further studies are needed to assess how an Internet-based intervention delivered at home for WLH can maintain privacy while being cost effective.

Comparative Approaches to Biobanks and Privacy.

PubMed

Rothstein, Mark A; Knoppers, Bartha Maria; Harrell, Heather L

2016-03-01

Laws in the 20 jurisdictions studied for this project display many similar approaches to protecting privacy in biobank research. Although few have enacted biobank-specific legislation, many countries address biobanking within other laws. All provide for some oversight mechanisms for biobank research, even though the nature of that oversight varies between jurisdictions. Most have some sort of controlled access system in place for research with biobank specimens. While broad consent models facilitate biobanking, countries without national or federated biobanks have been slow to adopt broad consent. International guidelines have facilitated sharing and generally take a proportional risk approach, but many countries have provisions guiding international sharing and a few even limit international sharing. Although privacy laws may not prohibit international collaborations, the multi-prong approach to privacy unique to each jurisdiction can complicate international sharing. These symposium issues can serve as a resource for explaining the sometimes intricate privacy laws in each studied jurisdiction, outlining the key issues with regards to privacy and biobanking, and serving to describe a framework for the process of harmonization of privacy laws. © 2016 American Society of Law, Medicine & Ethics.

What the publisher can teach the patient: intellectual property and privacy in an era of trusted privication.

PubMed

Zittrain, J

2000-05-01

This article begins with a premise that intellectual property and privacy have something significant and yet understated in common: both are about balancing a creator's desire to control a particular set of data with consumers' desires to access and redistribute that data. Both law and technology influence such balancing, making it more or less palatable to use data for particular purposes--whether one is an individual making a copy of a popular song for a friend, or a hospital selling a list of maternity ward patients to a day care service. In the shadow of the Internet's rapid development and concomitant easing of barriers to data sharing, holders of intellectual property are pairing increased legal protection with the technologies of "trusted systems." I describe how these technologies might allow more thorough mass distribution of data, while allowing publishers to retain unprecedented control over their wares. For instance, an e-Book seller might charge one price for a read-only copy that could not be printed or forwarded and charge an additional fee for each copy or printout made. Taking up the case of medical privacy, I then suggest that those who worry about the confidentiality of medical records, particularly as they are digitized by recent congressional mandate, might seek to augment comparatively paltry legal protections with trusted systems technologies. For instance, a trusted system could allow a patient to specify how and by whom her records could be used; within limits, she could allow full access to her primary care physician, while allowing only time-limited access to emergency care providers, non-personally identifiable access to medical researchers, and no access at all for marketing purposes. These technologies could allow for new kinds of privacy protection, without sacrificing the legitimate interests of the consumers of medical records.

Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

PubMed

Yau, Wei-Chuen; Phan, Raphael C-W

2013-12-01

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

“I Always Vet Things”: Navigating Privacy and the Presentation of Self on Health Discussion Boards Among Individuals with Long-Term Conditions

PubMed Central

Segar, Julia; Sanders, Caroline

2016-01-01

Background The ethics of research into online communities is a long-debated issue, with many researchers arguing that open-access discussion groups are publically accessible data and do not require informed consent from participants for their use for research purposes. However, it has been suggested that there is a discrepancy between the perceived and actual privacy of user-generated online content by community members. Objective There has been very little research regarding how privacy is experienced and enacted online. The objective of this study is to address this gap by qualitatively exploring the expectations of privacy on Internet forums among individuals with long-term conditions. Methods Semistructured interviews were conducted with 20 participants with myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) and 21 participants with type 1 and 2 diabetes mellitus, and were analyzed using thematic analysis. Participants were recruited via online and offline routes, namely forums, email lists, newsletters, and face-to-face support groups. Results The findings indicate that privacy online is a nebulous concept. Rather than individuals drawing a clear-cut distinction between what they would and would not be comfortable sharing online, it was evident that these situations were contextually dependent and related to a number of unique and individual factors. Conclusions Interviewees were seen to carefully manage how they presented themselves on forums, filtering and selecting the information that they shared about themselves in order to develop and maintain a particular online persona, while maintaining and preserving an acceptable level of privacy. PMID:27737819

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Talking with Your Doctor: Make the Most of Your Appointment

MedlinePlus

... health information. Many health care providers now use electronic health records. Ask your doctor how to access your records, ... on Facebook RSS Home Past Issues About Us Privacy Accessibility Freedom of Information Act No Fear Act ...

78 FR 25853 - Defense Logistics Agency Privacy Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... 5 U.S.C. 552a(c)(3) and (d), when access to accounting disclosures and access to or amendment of...: (i) From subsection (c)(3), as to grant access to an accounting of disclosures as required by the... U.S.C. 552a(c)(3), because to grant access to the accounting for each disclosure as required by the...

36 CFR § 1254.32 - What rules apply to public access use of the Internet on NARA-supplied computers?

Code of Federal Regulations, 2013 CFR

2013-07-01

... access use of the Internet on NARA-supplied computers? § 1254.32 Section § 1254.32 Parks, Forests, and... public access use of the Internet on NARA-supplied computers? (a) Public access computers (workstations... equipment. (b) You should not expect privacy while using these workstations. These workstations are operated...

45 CFR 310.15 - What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place...

Code of Federal Regulations, 2014 CFR

2014-10-01

... comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal... ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation? (a..., accuracy, completeness, access to, and use of data in the Computerized Tribal IV-D System and Office...

34 CFR 5b.5 - Notification of or access to records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Education Office of the Secretary, Department of Education PRIVACY ACT REGULATIONS § 5b.5 Notification of or... mere disclosure of the existence of the record would be a clearly unwarranted invasion of privacy if... under the Act subject to a $5,000 fine. (iii) An individual who makes a request on behalf of a minor or...

Privacy and Confidentiality: Using Scenarios to Teach Your Staff about Patron's Rights

ERIC Educational Resources Information Center

Snowman, Ann Mackay

2013-01-01

Every U.S. state and the District of Columbia has a law on the books that protects a library borrower's privacy, both an ethical and legal obligation of the library. In addition, FERPA further restricts access to users' records. Getting the message across to staff can be a challenge, especially if you employ students or volunteers who may not…

17 CFR 200.308 - Appeal of initial adverse agency determination as to access or as to amendment or correction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records Maintained by the... legal holidays) after his request was received by the Office of Information and Privacy Act Operations...) The appeal shall be in writing and shall describe the record in issue and set forth the proposed...

The Genetic Privacy Act and commentary

DOE Office of Scientific and Technical Information (OSTI.GOV)

Annas, G.J.; Glantz, L.H.; Roche, P.A.

1995-02-28

The Genetic Privacy Act is a proposal for federal legislation. The Act is based on the premise that genetic information is different from other types of personal information in ways that require special protection. The DNA molecule holds an extensive amount of currently indecipherable information. The major goal of the Human Genome Project is to decipher this code so that the information it contains is accessible. The privacy question is, accessible to whom? The highly personal nature of the information contained in DNA can be illustrated by thinking of DNA as containing an individual`s {open_quotes}future diary.{close_quotes} A diary is perhapsmore » the most personal and private document a person can create. It contains a person`s innermost thoughts and perceptions, and is usually hidden and locked to assure its secrecy. Diaries describe the past. The information in one`s genetic code can be thought of as a coded probabilistic future diary because it describes an important part of a unique and personal future. This document presents an introduction to the proposal for federal legislation `the Genetic Privacy Act`; a copy of the proposed act; and comment.« less

76 FR 13994 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-15

... received which result in a contrary determination. ADDRESSES: You may submit comments, identified by dock... of Defense. Deletion: K700.03 Manpower and Personnel System (MAPS) (February 22, 1993, 58 FR 10562). Reason: Manpower and Personnel System (MAPS) has been replaced with Open Source Corporate Management...

Ethical considerations in internet use of electronic protected health information.

PubMed

Polito, Jacquelyn M

2012-03-01

Caregivers, patients, and their family members are increasingly reliant on social network websites for storing, communicating, and referencing medical information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule seeks balance by protecting the privacy of patients' health information and assuring that this information is available to those who need it to provide health care. Though federal and state governments have created laws and policies to safeguard patient privacy and confidentiality, the laws are inadequate against the rapid and innovative use of electronic health websites. As Internet use broadens access to information, health professionals must be aware that this information is not always secure. We must identify and reflect on medical ethics issues and be accountable for maintaining privacy for the patient.

Understanding and Changing Older Adults’ Perceptions and Learning of Social Media

PubMed Central

Xie, Bo; Watkins, Ivan; Golbeck, Jen; Huang, Man

2011-01-01

An exploratory study was conducted to answer the following questions: What are older adults’ perceptions of social media? What educational strategies can facilitate their learning of social media? A thematic map was developed to illustrate changing perceptions from the initial unanimous, strong negative to the more positive but cautious and to the eventual willingness to actually contribute content. Privacy was the primary concern and key perceptual barrier to adoption. Effective educational strategies were developed to overcome privacy concerns, including: 1) introducing the concepts before introducing the functions; 2) responding to privacy concerns; and 3) making social media personally relevant. PMID:22639483

77 FR 27756 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-11

... document is the document published in the Federal Register. Free Internet access to the official edition of... free, at 1- 800-877-8339. Individuals with disabilities may obtain this document in an accessible... use PDF you must have Adobe Acrobat Reader, which is available free at the site. You may also access...

5 CFR 2606.201 - Requests for access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... on OGE's Web site at http://www.usoge.gov, or upon request from OGE's Office of General Counsel and... Office of Federal Register at the GPO Access Web site (http://www.access.gpo.gov/su_docs/aces/PrivacyAct... individual's full name (including her maiden name, if pertinent), dates of employment, social security number...

22 CFR 1101.6 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Requests for access to records. 1101.6 Section 1101.6 Foreign Relations INTERNATIONAL BOUNDARY AND WATER COMMISSION, UNITED STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.6 Requests for access to records. (a) Any individual may submit...

6 CFR 5.23 - Responses to requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Responses to requests for access to records. 5.23 Section 5.23 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.23 Responses to requests for access to records. (a...

36 CFR 903.5 - Response to request for access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false Response to request for access. 903.5 Section 903.5 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT CORPORATION PRIVACY ACT § 903.5 Response to request for access. (a) Within 10 days of receipt of a request...

32 CFR 2102.13 - Requirements for access to a record.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Requirements for access to a record. 2102.13 Section 2102.13 National Defense Other Regulations Relating to National Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.13 Requirements for access to a record...

32 CFR 2102.13 - Requirements for access to a record.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Requirements for access to a record. 2102.13 Section 2102.13 National Defense Other Regulations Relating to National Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.13 Requirements for access to a record...

32 CFR 2102.13 - Requirements for access to a record.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Requirements for access to a record. 2102.13 Section 2102.13 National Defense Other Regulations Relating to National Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.13 Requirements for access to a record...

32 CFR 2102.13 - Requirements for access to a record.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Requirements for access to a record. 2102.13 Section 2102.13 National Defense Other Regulations Relating to National Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.13 Requirements for access to a record...

10 CFR 1304.105 - Requests for access to records.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Requests for access to records. 1304.105 Section 1304.105 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.105 Requests for access to records.... Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. (c) Requests...

10 CFR 1304.105 - Requests for access to records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Requests for access to records. 1304.105 Section 1304.105 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.105 Requests for access to records.... Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. (c) Requests...

10 CFR 1304.105 - Requests for access to records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Requests for access to records. 1304.105 Section 1304.105 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.105 Requests for access to records.... Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. (c) Requests...

10 CFR 1304.105 - Requests for access to records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Requests for access to records. 1304.105 Section 1304.105 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.105 Requests for access to records.... Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. (c) Requests...

5 CFR 2606.204 - Request for review of an initial denial of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Request for review of an initial denial of access. 2606.204 Section 2606.204 Administrative Personnel OFFICE OF GOVERNMENT ETHICS ORGANIZATION AND PROCEDURES PRIVACY ACT RULES Access to Records and Accounting of Disclosures § 2606.204...

5 CFR 1630.9 - Access to the history (accounting) of disclosures from records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 5 Administrative Personnel 3 2014-01-01 2014-01-01 false Access to the history (accounting) of disclosures from records. 1630.9 Section 1630.9 Administrative Personnel FEDERAL RETIREMENT THRIFT INVESTMENT BOARD PRIVACY ACT REGULATIONS § 1630.9 Access to the history (accounting) of disclosures from records...

5 CFR 1630.9 - Access to the history (accounting) of disclosures from records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Access to the history (accounting) of disclosures from records. 1630.9 Section 1630.9 Administrative Personnel FEDERAL RETIREMENT THRIFT INVESTMENT BOARD PRIVACY ACT REGULATIONS § 1630.9 Access to the history (accounting) of disclosures from records...

5 CFR 1630.9 - Access to the history (accounting) of disclosures from records.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 5 Administrative Personnel 3 2012-01-01 2012-01-01 false Access to the history (accounting) of disclosures from records. 1630.9 Section 1630.9 Administrative Personnel FEDERAL RETIREMENT THRIFT INVESTMENT BOARD PRIVACY ACT REGULATIONS § 1630.9 Access to the history (accounting) of disclosures from records...

5 CFR 1630.9 - Access to the history (accounting) of disclosures from records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Access to the history (accounting) of disclosures from records. 1630.9 Section 1630.9 Administrative Personnel FEDERAL RETIREMENT THRIFT INVESTMENT BOARD PRIVACY ACT REGULATIONS § 1630.9 Access to the history (accounting) of disclosures from records...

10 CFR 1304.108 - Appealing denials of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... writing. The appeal should be directed to Executive Director; U.S. Technical Review Board; 2300 Clarendon... 10 Energy 4 2010-01-01 2010-01-01 false Appealing denials of access. 1304.108 Section 1304.108 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.108 Appealing denials of access...