76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... (703-235- 0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245...

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling.

PubMed

Croll, Peter R

2011-02-01

To ensure that patient confidentiality is securely maintained, health ICT applications that contain sensitive personal information demand comprehensive privacy policies. Determining the adequacy of these policies to meet legal conformity together with clinical users and patient expectation is demanding in practice. Organisations and agencies looking to analyse their Privacy and Security policies can benefit from guidance provided by outside entities such as the Privacy Office of their State or Government together with law firms and ICT specialists. The advice given is not uniform and often open to different interpretations. Of greater concern is the possibility of overlooking any important aspects that later result in a data breach. Based on three case studies, this paper considers whether a more formal approach to privacy analysis could be taken that would help identify the full coverage of a Privacy Impact Analysis and determine the deficiencies with an organisation's current policies and approach. A diagrammatic model showing the relationships between Confidentiality, Privacy, Trust, Security and Safety is introduced. First the validity of this model is determined by mapping it against the real-world case studies taken from three healthcare services that depend on ICT. Then, by using software engineering methods, a formal mapping of the relationships is undertaken to identify a full set of policies needed to satisfy the model. How effective this approach may prove as a generic method for deriving a comprehensive set of policies in health ICT applications is finally discussed. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.

Measuring and Modeling Security and Privacy Laws

ERIC Educational Resources Information Center

Romanosky, Sasha

2012-01-01

This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

Survey of cyber security issues in smart grids

NASA Astrophysics Data System (ADS)

Chen, Thomas M.

2010-04-01

The future smart grid will enable cost savings and lower energy use by means of smart appliances and smart meters which support dynamic load management and real-time monitoring of energy use and distribution. The introduction of two-way communications and control into power grid introduces security and privacy concerns. This talk will survey the security and privacy issues in smart grids using the NIST reference model, and relate these issues to cyber security in the Internet.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Public attitudes toward health information exchange: perceived benefits and concerns.

PubMed

Dimitropoulos, Linda; Patel, Vaishali; Scheffler, Scott A; Posnack, Steve

2011-12-01

To characterize consumers' attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits. A cross-sectional study. A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE. A majority of the 1847 respondents reported they were either "very" or "somewhat" concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data. Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.

77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

...; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343-1717), Acting... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

PubMed

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation

PubMed Central

Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack). PMID:27326763

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation.

PubMed

Ren, Wei; Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack).

78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-07

...-AA03 Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules AGENCY: Office for... corrections address certain inadvertent errors and omissions in the HIPAA Privacy, Security, and Enforcement... (HHS or ``the Department'') published a final rule to implement changes to the HIPAA Privacy, Security...

76 FR 3098 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-19

...: National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800..., Privacy Act and Mandatory Declassification Review Records. System Location: National Security Agency... Information Act; 5 U.S.C. 552a, The Privacy Act of 1974 (as amended); E.O. 13526, Classified National Security...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the following...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

Effective Management of Information Security and Privacy

ERIC Educational Resources Information Center

Anderson, Alicia

2006-01-01

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

78 FR 25282 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-008...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... Assistance Files System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of...

42 CFR 401.713 - Ensuring the privacy and security of data.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 2 2014-10-01 2014-10-01 false Ensuring the privacy and security of data. 401.713... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity must... require the qualified entity to maintain privacy and security protocols throughout the duration of the...

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

76 FR 58786 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-22

... National Security Agency/Central Security System systems of records notices subject to the Privacy Act of... inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; Systems of Records AGENCY: National Security Agency/Central Security Service, Department of Defense (DoD...

78 FR 45913 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-30

... National Security Agency/Central Security Service systems of records subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to alter...

Users Do the Darndest Things: True Stories from the CyLab Usable Privacy and Security Laboratory

NASA Astrophysics Data System (ADS)

Cranor, Lorrie Faith

How can we make security and privacy software more usable? The first step is to study our users. Ideally, we would watch them interacting with security or privacy software in situations where they face actual risk. But everyday computer users don't sit around fiddling with security software, and subjecting users to actual security attacks raises ethical and legal concerns. Thus, it can be difficult to observe users interacting with security and privacy software in their natural habitat. At the CyLab Usable Privacy and Security Laboratory, we've conducted a wide variety of studies aimed at understanding how users think about security and privacy and how they interact with security and privacy software. In this talk I'll give a behind the scenes tour of some of the techniques we've used to study users both in the laboratory and in the wild. I'll discuss the trials and tribulations of designing and carrying out security and privacy user studies, and highlight some of our surprising observations. Find out what privacy-sensitive items you can actually get study participants to purchase, how you can observe users' responses to a man-in-the-middle attack without actually conducting such an attack, why it's hard to get people to use high tech cell phones even when you give them away, and what's actually in that box behind the couch in my office.

75 FR 67697 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-03

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a...

75 FR 43494 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to...

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

6 CFR 1002.4 - Responses to Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Responses to Privacy Act requests. 1002.4 Section 1002.4 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.4 Responses to Privacy Act requests. (a) Acknowledgement. The Privacy Act Officer...

Constructing RBAC Based Security Model in u-Healthcare Service Platform

PubMed Central

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

Constructing RBAC based security model in u-healthcare service platform.

PubMed

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

75 FR 25904 - Privacy Act of 1974; as Amended; Proposed Alteration to an Existing Privacy Act System of Records...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-10

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974; as Amended; Proposed Alteration to an Existing Privacy Act System of Records, Housekeeping Changes, and New Routine Uses AGENCY: Social Security..., Social Security number (SSN), date of birth, address, and other relevant information about persons who...

78 FR 69861 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2013-0073] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency, Federal Government--001 National Defense Executive Reserve System of Records AGENCY: Department of Homeland Security, Privacy Office...

Cyber security challenges in Smart Cities: Safety, security and privacy.

PubMed

Elmaghraby, Adel S; Losavio, Michael M

2014-07-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... The agenda is expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from...

75 FR 28051 - Public Workshop: Pieces of Privacy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-19

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Pieces of Privacy AGENCY: Privacy Office, DHS. ACTION: Notice announcing public workshop. SUMMARY: The Department of Homeland Security Privacy Office will host a public workshop, ``Pieces of Privacy.'' DATES: The workshop will be...

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy

PubMed Central

Goryczka, Slawomir; Xiong, Li

2016-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir’s secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy. PMID:28919841

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy.

PubMed

Goryczka, Slawomir; Xiong, Li

2017-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir's secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy.

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... NIST Computer Security Division. Note that agenda items may change without notice because of possible... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... Prevention Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of... to establish a new system of records titled, ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention Program System of Records.'' This system will...

Backward Channel Protection Based on Randomized Tree-Walking Algorithm and Its Analysis for Securing RFID Tag Information and Privacy

NASA Astrophysics Data System (ADS)

Choi, Wonjoon; Yoon, Myungchul; Roh, Byeong-Hee

Eavesdropping on backward channels in RFID environments may cause severe privacy problems because it means the exposure of personal information related to tags that each person has. However, most existing RFID tag security schemes are focused on the forward channel protections. In this paper, we propose a simple but effective method to solve the backward channel eavesdropping problem based on Randomized-tree walking algorithm for securing tag ID information and privacy in RFID-based applications. In order to show the efficiency of the proposed scheme, we derive two performance models for the cases when CRC is used and not used. It is shown that the proposed method can lower the probability of eavesdropping on backward channels near to ‘0.’

77 FR 44642 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-30

... 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP-009 Electronic System for Travel Authorization (ESTA) System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of...

Aligning the Effective Use of Student Data with Student Privacy and Security Laws

ERIC Educational Resources Information Center

Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

2011-01-01

This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

PubMed

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

Transportation Secure Data Center: Real-World Data for Planning, Modeling, and Analysis (Fact Sheet)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2014-01-01

This fact sheet describes the Transportation Secure Data Center (TSDC) - an NREL-operated resource that provides secure access to detailed GPS travel data for valuable research purposes in a way that protects original participant privacy.

Privacy-Preserving Evaluation of Generalization Error and Its Application to Model and Attribute Selection

NASA Astrophysics Data System (ADS)

Sakuma, Jun; Wright, Rebecca N.

Privacy-preserving classification is the task of learning or training a classifier on the union of privately distributed datasets without sharing the datasets. The emphasis of existing studies in privacy-preserving classification has primarily been put on the design of privacy-preserving versions of particular data mining algorithms, However, in classification problems, preprocessing and postprocessing— such as model selection or attribute selection—play a prominent role in achieving higher classification accuracy. In this paper, we show generalization error of classifiers in privacy-preserving classification can be securely evaluated without sharing prediction results. Our main technical contribution is a new generalized Hamming distance protocol that is universally applicable to preprocessing and postprocessing of various privacy-preserving classification problems, such as model selection in support vector machine and attribute selection in naive Bayes classification.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

PubMed Central

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients’ frequency of accessing health records, patients’ positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. PMID:29643052

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-13

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule. Except...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule. Except...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

PubMed

Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

2008-11-06

As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

Security and privacy in electronic health records: a systematic literature review.

PubMed

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright © 2013 Elsevier Inc. All rights reserved.

UK National Data Guardian for Health and Care's Review of Data Security: Trust, better security and opt-outs.

PubMed

Chan, Tom; Di Iorio, Concetta Tania; De Lusignan, Simon; Lo Russo, Daniel; Kuziemsky, Craig; Liaw, Siaw-Teng

2016-12-20

Sharing health and social care data is essential to the delivery of high quality health care as well as disease surveillance, public health, and for conducting research. However, these societal benefits may be constrained by privacy and data protection principles. Hence, societies are striving to find a balance between the two competing public interests. Whilst the spread of IT advancements in recent decades has increased the demand for an increased privacy and data protection in many ways health is a special case. UK are adopting guidelines, codes of conduct and regulatory instruments aimed to implement privacy principles into practical settings and enhance public trust. Accordingly, in 2015, the UK National Data Guardian (NDG) requested to conduct a further review of data protection, referred to as Caldicott 3.  The scope of this review is to strengthen data security standards and confidentiality. It also proposes a consent system based on an "opt-out" model rather than on "opt-in.Across Europe as well as internationally the privacy-health data sharing balance is not fixed.  In Europe enactment of the new EU Data Protection Regulation in 2016 constitute a major breakthrough, which is likely to have a profound effect on European countries and beyond.  In Australia and across North America different ways are being sought to balance out these twin requirements of a modern society - to preserve privacy alongside affording high quality health care for an ageing population.  Whilst in the UK privacy legal framework remains complex and fragmented into different layers of legislation, which may negatively impact on both the rights to privacy and health the UK is at the forefront in the uptake of international and EU privacy and data protection principles. And, if the privacy regime were reorganised in a more comprehensive manner, it could be used as a sound implementation model for other countries.

Cyber security challenges in Smart Cities: Safety, security and privacy

PubMed Central

Elmaghraby, Adel S.; Losavio, Michael M.

2014-01-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

6 CFR 1002.3 - Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Privacy Act requests. 1002.3 Section 1002.3 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.3 Privacy Act requests. (a) Requests to determine if you are the subject of a record. You may...

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

Will you accept the government's friend request? Social networks and privacy concerns.

PubMed

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

PubMed Central

Siegel, David A.

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

High Assurance Models for Secure Systems

ERIC Educational Resources Information Center

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... Officer, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane..., DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane SW... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2012-0029] DHS Data...

76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-10

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0062] Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027 Recruiting Files System of... accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue an...

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... future to disclose, but to whom you do not currently disclose, nonpublic personal information. (f) Model... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING... that you make disclosures to other nonaffiliated companies: (1) For your everyday business purposes...

75 FR 55335 - Privacy Act of 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

... in a system of records in the possession or under the control of DHS by complying with DHS Privacy... 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting Initiative System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

Privacy and Access Control for IHE-Based Systems

NASA Astrophysics Data System (ADS)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

75 FR 79065 - Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-17

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures AGENCY: Social Security Administration (SSA). ACTION: Proposed system of records... of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, 3-A-6...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 42 Public Health 2 2012-10-01 2012-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 2 2014-10-01 2014-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 42 Public Health 2 2013-10-01 2013-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 42 Public Health 2 2011-10-01 2011-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

The Challenges of Seeking Security While Respecting Privacy

NASA Astrophysics Data System (ADS)

Kantor, Paul B.; Lesk, Michael E.

Security is a concern for persons, organizations, and nations. For the individual members of organizations and nations, personal privacy is also a concern. The technologies for monitoring electronic communication are at the same time tools to protect security and threats to personal privacy. Participants in this workshop address the interrelation of personal privacy and national or societal security, from social, technical and legal perspectives. The participants represented industry, the academy and the United States Government. The issues addressed have become, if anything, even more pressing today than they were when the conference was held.

Privacy and data security in E-health: requirements from the user's perspective.

PubMed

Wilkowska, Wiktoria; Ziefle, Martina

2012-09-01

In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

PubMed

Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

2014-08-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

PubMed Central

Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

2014-01-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

Privacy and Security: A Bibliography.

ERIC Educational Resources Information Center

Computer and Business Equipment Manufacturers Association, Washington, DC.

Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out...

20 CFR 401.5 - Purpose of the regulations.

Code of Federal Regulations, 2010 CFR

2010-04-01

... the Privacy Act of 1974, 5 U.S.C. 552a and section 1106 of the Social Security Act concerning....5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND... with other applicable statutes. (b) Privacy. This part implements the Privacy Act by establishing...

Risk-Based Models for Managing Data Privacy in Healthcare

ERIC Educational Resources Information Center

AL Faresi, Ahmed

2011-01-01

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

Simple Peer-to-Peer SIP Privacy

NASA Astrophysics Data System (ADS)

Koskela, Joakim; Tarkoma, Sasu

In this paper, we introduce a model for enhancing privacy in peer-to-peer communication systems. The model is based on data obfuscation, preventing intermediate nodes from tracking calls, while still utilizing the shared resources of the peer network. This increases security when moving between untrusted, limited and ad-hoc networks, when the user is forced to rely on peer-to-peer schemes. The model is evaluated using a Host Identity Protocol-based prototype on mobile devices, and is found to provide good privacy, especially when combined with a source address hiding scheme. The contribution of this paper is to present the model and results obtained from its use, including usability considerations.

78 FR 25414 - Privacy Act of 1974, System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-01

..., Chief Information Security Officer--Chief Privacy Officer. USAID-008 System name: Personnel Security and... inquires in writing to the USAID Chief Privacy Officer, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202... alterations. ADDRESSES: You may submit comments: Paper Comments Fax: (703) 666-1466. Mail: Chief Privacy...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.8...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.8...

Recognizing and reducing risks: HIPAA privacy and security enforcement.

PubMed

Wachler, Andrew B; Fehn, Amy K

2003-01-01

With the passing of the Health Insurance Portability and Accountability Act (HIPAA) privacy rule deadline and the security rule deadline looming, many covered entities are left wondering if they are doing enough to prevent privacy and security breaches and what type of exposure their organization could face in the event of a breach.

42 CFR 600.350 - Privacy and security of information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information. 600.350 Section 600.350 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State must...

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

75 FR 56079 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-15

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency/Central Security Service is proposing to...

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

75 FR 44804 - Privacy Act of 1974; Notice of a New Privacy Act System of Records (SORN), Ginnie Mae Mortgage...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

...The Department proposes to establish a new Privacy Act SORN subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled Ginnie Mae Mortgage-Backed Security Unclaimed Funds System. The new record system will be used to track unclaimed security holder payments. Such unclaimed payments are owed to certificate holders of Ginnie Mae-guaranteed mortgage-backed securities who cannot be located by the Ginnie Mae servicer. Ginnie Mae tracks this information to ensure that security holders are paid properly.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

PubMed

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients' frequency of accessing health records, patients' positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. ©Victoria Kisekka, Justin Scott Giboney. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.04.2018.

Conclusions

NASA Astrophysics Data System (ADS)

Ahonen, Pasi; Alahuhta, Petteri; Daskala, Barbara; Delaitre, Sabine; Hert, Paul De; Lindner, Ralf; Maghiros, Ioannis; Moscibroda, Anna; Schreurs, Wim; Verlinden, Michiel

Some say that an increase in security does not necessarily mean a further encroachment on privacy - indeed, security is necessary to protect personal data and our privacy. Networks must be secure, our personal devices, reliable, dependable and trustworthy. But security is a multifaceted term, with many dimensions. We are of the view that an increase in security most likely will encroach upon our privacy in an ambient intelligence world. Surveillance cameras will continue to proliferate. We assume that, whatever the law is, whatever privacy protections government and business say they honour, our telecommunications, e-mails and Internet usage will be monitored to an increasing degree. The same will be true of our interfaces with the world of ambient intelligence.

77 FR 56628 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service proposes to add a new...

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

Matching study to registry data: maintaining data privacy in a study on family based colorectal cancer.

PubMed

Nasseh, Daniel; Engel, Jutta; Mansmann, Ulrich; Tretter, Werner; Stausberg, Jürgen

2014-01-01

Confidentiality of patient data in the field of medical informatics is an important task. Leaked sensitive information within this data can be adverse to and being abused against a patient. Therefore, when working with medical data, appropriate and secure models which serve as guidelines for different applications are needed. Consequently, this work presents a model for performing a privacy preserving record linkage between study and registry data. The model takes into account seven requirements related to data privacy. Furthermore, this model is exemplified with a study on family based colorectal cancer in Germany. The model is very strict and excludes possible violations towards data privacy protection to a reasonable degree. It should be applicable to similar use cases which are in need of a mapping between medical data of a study and a registry database.

6 CFR 5.34 - Standards of conduct for administration of the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Standards of conduct for administration of the Privacy Act. 5.34 Section 5.34 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.34 Standards of conduct for administration of the...

DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

ERIC Educational Resources Information Center

Data Quality Campaign, 2010

2010-01-01

The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

75 FR 69693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... system will be included in the Department of Homeland Security's inventory of record systems. DATES... FURTHER INFORMATION CONTACT: For general questions please contact: Emily Andrew (703-235-2182), Privacy.... Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security...

76 FR 30048 - Privacy Act of 1974: Implementation and Amendment of Exemptions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 200 [Release No. PA-45; File No. S7-19-11] Privacy.... ACTION: Proposed rule. SUMMARY: Pursuant to the Privacy Act of 1974, as amended, the Securities and... from provisions of the Privacy Act to the extent that the records contain investigatory materials...

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

PubMed

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Security and Privacy Preservation in Human-Involved Networks

NASA Astrophysics Data System (ADS)

Asher, Craig; Aumasson, Jean-Philippe; Phan, Raphael C.-W.

This paper discusses security within human-involved networks, with a focus on social networking services (SNS). We argue that more secure networks could be designed using semi-formal security models inspired from cryptography, as well as notions like that of ceremony, which exploits human-specific abilities and psychology to assist creating more secure protocols. We illustrate some of our ideas with the example of the SNS Facebook.

Privacy preserving index for encrypted electronic medical records.

PubMed

Chen, Yu-Chi; Horng, Gwoboa; Lin, Yi-Jheng; Chen, Kuo-Chang

2013-12-01

With the development of electronic systems, privacy has become an important security issue in real-life. In medical systems, privacy of patients' electronic medical records (EMRs) must be fully protected. However, to combine the efficiency and privacy, privacy preserving index is introduced to preserve the privacy, where the EMR can be efficiently accessed by this patient or specific doctor. In the literature, Goh first proposed a secure index scheme with keyword search over encrypted data based on a well-known primitive, Bloom filter. In this paper, we propose a new privacy preserving index scheme, called position index (P-index), with keyword search over the encrypted data. The proposed index scheme is semantically secure against the adaptive chosen keyword attack, and it also provides flexible space, lower false positive rate, and search privacy. Moreover, it does not rely on pairing, a complicate computation, and thus can search over encrypted electronic medical records from the cloud server efficiently.

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

Homomorphic encryption-based secure SIFT for privacy-preserving feature extraction

NASA Astrophysics Data System (ADS)

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2011-02-01

Privacy has received much attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario, where the server is resource-abundant and is capable of finishing the designated tasks, it is envisioned that secure media retrieval and search with privacy-preserving will be seriously treated. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to address the problem of secure SIFT feature extraction and representation in the encrypted domain. Since all the operations in SIFT must be moved to the encrypted domain, we propose a homomorphic encryption-based secure SIFT method for privacy-preserving feature extraction and representation based on Paillier cryptosystem. In particular, homomorphic comparison is a must for SIFT feature detection but is still a challenging issue for homomorphic encryption methods. To conquer this problem, we investigate a quantization-like secure comparison strategy in this paper. Experimental results demonstrate that the proposed homomorphic encryption-based SIFT performs comparably to original SIFT on image benchmarks, while preserving privacy additionally. We believe that this work is an important step toward privacy-preserving multimedia retrieval in an environment, where privacy is a major concern.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

A security and privacy preserving e-prescription system based on smart cards.

PubMed

Hsu, Chien-Lung; Lu, Chung-Fu

2012-12-01

In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... Policy, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Mary...;Prices of new books are listed in the first FEDERAL REGISTER issue of each #0;week. #0; #0; #0; #0;#0...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--027 The History of...

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks

PubMed Central

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-01-01

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users’ medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs’ applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs’ deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models. PMID:28475110

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks.

PubMed

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-05-05

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users' medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs' applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs' deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models.

77 FR 26259 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-03

.... SUPPLEMENTARY INFORMATION: The National Security Agency systems of records notice subject to the Privacy Act of... of Records AGENCY: National Security Agency/Central Security Service. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security Service is deleting a system of...

A standardised graphic method for describing data privacy frameworks in primary care research using a flexible zone model.

PubMed

Kuchinke, Wolfgang; Ohmann, Christian; Verheij, Robert A; van Veen, Evert-Ben; Arvanitis, Theodoros N; Taweel, Adel; Delaney, Brendan C

2014-12-01

To develop a model describing core concepts and principles of data flow, data privacy and confidentiality, in a simple and flexible way, using concise process descriptions and a diagrammatic notation applied to research workflow processes. The model should help to generate robust data privacy frameworks for research done with patient data. Based on an exploration of EU legal requirements for data protection and privacy, data access policies, and existing privacy frameworks of research projects, basic concepts and common processes were extracted, described and incorporated into a model with a formal graphical representation and a standardised notation. The Unified Modelling Language (UML) notation was enriched by workflow and own symbols to enable the representation of extended data flow requirements, data privacy and data security requirements, privacy enhancing techniques (PET) and to allow privacy threat analysis for research scenarios. Our model is built upon the concept of three privacy zones (Care Zone, Non-care Zone and Research Zone) containing databases, data transformation operators, such as data linkers and privacy filters. Using these model components, a risk gradient for moving data from a zone of high risk for patient identification to a zone of low risk can be described. The model was applied to the analysis of data flows in several general clinical research use cases and two research scenarios from the TRANSFoRm project (e.g., finding patients for clinical research and linkage of databases). The model was validated by representing research done with the NIVEL Primary Care Database in the Netherlands. The model allows analysis of data privacy and confidentiality issues for research with patient data in a structured way and provides a framework to specify a privacy compliant data flow, to communicate privacy requirements and to identify weak points for an adequate implementation of data privacy. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

MDA-based EHR application security services.

PubMed

Blobel, Bernd; Pharow, Peter

2004-01-01

Component-oriented, distributed, virtual EHR systems have to meet enhanced security and privacy requirements. In the context of advanced architectural paradigms such as component-orientation, model-driven, and knowledge-based, standardised security services needed have to be specified and implemented in an integrated way following the same paradigm. This concerns the deployment of formal models, meta-languages, reference models such as the ISO RM-ODP, and development as well as implementation tools. International projects' results presented proceed on that streamline.

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... subject to the Privacy Act be maintained with appropriate administrative, technical and physical...) Records security. Whether maintained in physical or electronic form, records subject to the Privacy Act... the system of records. The Privacy Act Officer will periodically review these security measures to...

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services.

PubMed

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider.

Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services

PubMed Central

Pervez, Zeeshan; Ahmad, Mahmood; Khattak, Asad Masood; Lee, Sungyoung; Chung, Tae Choong

2016-01-01

Privacy-aware search of outsourced data ensures relevant data access in the untrusted domain of a public cloud service provider. Subscriber of a public cloud storage service can determine the presence or absence of a particular keyword by submitting search query in the form of a trapdoor. However, these trapdoor-based search queries are limited in functionality and cannot be used to identify secure outsourced data which contains semantically equivalent information. In addition, trapdoor-based methodologies are confined to pre-defined trapdoors and prevent subscribers from searching outsourced data with arbitrarily defined search criteria. To solve the problem of relevant data access, we have proposed an index-based privacy-aware search methodology that ensures semantic retrieval of data from an untrusted domain. This method ensures oblivious execution of a search query and leverages authorized subscribers to model conjunctive search queries without relying on predefined trapdoors. A security analysis of our proposed methodology shows that, in a conspired attack, unauthorized subscribers and untrusted cloud service providers cannot deduce any information that can lead to the potential loss of data privacy. A computational time analysis on commodity hardware demonstrates that our proposed methodology requires moderate computational resources to model a privacy-aware search query and for its oblivious evaluation on a cloud service provider. PMID:27571421

75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-14

.... The Act also provides for the development of guidance, reports, and studies in a number of areas... Privacy and Security enforcement (section 13424(a)); a study and report on the application of privacy and... (section 13424(c)); and a study on the Privacy Rule's definition of ``psychotherapy notes'' at 45 CFR 164...

Image feature extraction in encrypted domain with privacy-preserving SIFT.

PubMed

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2012-11-01

Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resource-abundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacy-preserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacy-preserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryption-based privacy-preserving SIFT performs comparably to the original SIFT and that our method is useful in SIFT-based privacy-preserving applications.

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

PubMed

Britton, Katherine E; Britton-Colonnese, Jennifer D

2017-03-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors

PubMed Central

Britton, Katherine E.; Britton-Colonnese, Jennifer D.

2017-01-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients’ expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients’ physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them. PMID:28264188

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

Privacy-preserving backpropagation neural network learning.

PubMed

Chen, Tingting; Zhong, Sheng

2009-10-01

With the development of distributed computing environment , many learning problems now have to deal with distributed input data. To enhance cooperations in learning, it is important to address the privacy concern of each data holder by extending the privacy preservation notion to original learning algorithms. In this paper, we focus on preserving the privacy in an important learning model, multilayer neural networks. We present a privacy-preserving two-party distributed algorithm of backpropagation which allows a neural network to be trained without requiring either party to reveal her data to the other. We provide complete correctness and security analysis of our algorithms. The effectiveness of our algorithms is verified by experiments on various real world data sets.

Security, privacy, and confidentiality issues on the Internet

PubMed Central

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Security, privacy, and confidentiality issues on the Internet.

PubMed

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

Incentivizing Verifiable Privacy-Protection Mechanisms for Offline Crowdsensing Applications

PubMed Central

Sun, Jiajun; Liu, Ningzhong

2017-01-01

Incentive mechanisms of crowdsensing have recently been intensively explored. Most of these mechanisms mainly focus on the standard economical goals like truthfulness and utility maximization. However, enormous privacy and security challenges need to be faced directly in real-life environments, such as cost privacies. In this paper, we investigate offline verifiable privacy-protection crowdsensing issues. We firstly present a general verifiable privacy-protection incentive mechanism for the offline homogeneous and heterogeneous sensing job model. In addition, we also propose a more complex verifiable privacy-protection incentive mechanism for the offline submodular sensing job model. The two mechanisms not only explore the private protection issues of users and platform, but also ensure the verifiable correctness of payments between platform and users. Finally, we demonstrate that the two mechanisms satisfy privacy-protection, verifiable correctness of payments and the same revenue as the generic one without privacy protection. Our experiments also validate that the two mechanisms are both scalable and efficient, and applicable for mobile devices in crowdsensing applications based on auctions, where the main incentive for the user is the remuneration. PMID:28869574

Incentivizing Verifiable Privacy-Protection Mechanisms for Offline Crowdsensing Applications.

PubMed

Sun, Jiajun; Liu, Ningzhong

2017-09-04

Incentive mechanisms of crowdsensing have recently been intensively explored. Most of these mechanisms mainly focus on the standard economical goals like truthfulness and utility maximization. However, enormous privacy and security challenges need to be faced directly in real-life environments, such as cost privacies. In this paper, we investigate offline verifiable privacy-protection crowdsensing issues. We firstly present a general verifiable privacy-protection incentive mechanism for the offline homogeneous and heterogeneous sensing job model. In addition, we also propose a more complex verifiable privacy-protection incentive mechanism for the offline submodular sensing job model. The two mechanisms not only explore the private protection issues of users and platform, but also ensure the verifiable correctness of payments between platform and users. Finally, we demonstrate that the two mechanisms satisfy privacy-protection, verifiable correctness of payments and the same revenue as the generic one without privacy protection. Our experiments also validate that the two mechanisms are both scalable and efficient, and applicable for mobile devices in crowdsensing applications based on auctions, where the main incentive for the user is the remuneration.

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

ERIC Educational Resources Information Center

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2014-07-01 2014-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2013 CFR

2013-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2013-07-01 2013-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2012 CFR

2012-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2012-07-01 2012-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 701.101 - Privacy program terms and definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... or online collection that directly identifies an individual (e.g., name, address, social security... her (e.g., Social Security Number (SSN), age, military rank, civilian grade, marital status, race... from a project on privacy issues, identifying and resolving the privacy risks, and approval by a...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2011-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2014-04-01 2014-04-01 false Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2013-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2012-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

PubMed

Meganathan, Navamani Thandava; Palanichamy, Yogesh

2015-01-01

Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols.

Third-year medical students' knowledge of privacy and security issues concerning mobile devices.

PubMed

Whipple, Elizabeth C; Allgood, Kacy L; Larue, Elizabeth M

2012-01-01

The use of mobile devices are ubiquitous in medical-care professional settings, but information on privacy and security concerns of mobile devices for medical students is scarce. To gain baseline information about third-year medical students' mobile device use and knowledge of privacy and security issues concerning mobile devices. We surveyed 67 third-year medical students at a Midwestern university on their use of mobile devices and knowledge of how to protect information available through mobile devices. Students were also presented with clinical scenarios to rate their level of concern in regards to privacy and security of information. The most used features of mobile devices were: voice-to-voice (100%), text messaging (SMS) (94%), Internet (76.9%), and email (69.3%). For locking of one's personal mobile phone, 54.1% never physically lock their phone, and 58% never electronically lock their personal PDA. Scenarios considering definitely privacy concerns include emailing patient information intact (66.7%), and posting de-identified information on YouTube (45.2%) or Facebook (42.2%). As the ease of sharing data increases with the use of mobile devices, students need more education and training on possible privacy and security risks posed with mobile devices.

77 FR 15596 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-16

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2012-OS-0032] 32 CFR Part 322 Privacy... levels of government. List of Subjects in 32 CFR Part 322 Privacy. Accordingly, 32 CFR part 322 is amended as follows: PART 322--NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE 0 1. The authority...

75 FR 54662 - Privacy Act of 1974: Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-08

..., Chief Privacy Officer, Office of Information Technology, 202-551-7209. In the Federal Register of August... SECURITIES AND EXCHANGE COMMISSION [Release No. PA-44A; File No. S7-17-10] Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of...

4 CFR 200.14 - Responsibility for maintaining adequate safeguards.

Code of Federal Regulations, 2010 CFR

2010-01-01

... identifiable personal data and automated systems shall be adequately trained in the security and privacy of... the security and privacy of such records. (5) The disposal and destruction of identifiable personal....14 Section 200.14 Accounts RECOVERY ACCOUNTABILITY AND TRANSPARENCY BOARD PRIVACY ACT OF 1974 § 200...

10 CFR 1304.114 - Responsibility for maintaining adequate safeguards.

Code of Federal Regulations, 2010 CFR

2010-01-01

... the security and privacy of personal data. (4) The disposal and disposition of identifiable personal... contained in a system of records are adequately trained to protect the security and privacy of such records....114 Section 1304.114 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.114...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2014-07-01 2014-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2011-07-01 2011-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2013-07-01 2013-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2014-07-01 2014-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2013-07-01 2013-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2011-07-01 2011-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2012-07-01 2012-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2012-07-01 2012-07-01 false Information and procedures for requesting...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2010-07-01 2010-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2010-07-01 2010-07-01 false Request for correction or amendment. 321.7...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

The Regulatory Framework for Privacy and Security

NASA Astrophysics Data System (ADS)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

Space Partitioning for Privacy Enabled 3D City Models

NASA Astrophysics Data System (ADS)

Filippovska, Y.; Wichmann, A.; Kada, M.

2016-10-01

Due to recent technological progress, data capturing and processing of highly detailed (3D) data has become extensive. And despite all prospects of potential uses, data that includes personal living spaces and public buildings can also be considered as a serious intrusion into people's privacy and a threat to security. It becomes especially critical if data is visible by the general public. Thus, a compromise is needed between open access to data and privacy requirements which can be very different for each application. As privacy is a complex and versatile topic, the focus of this work particularly lies on the visualization of 3D urban data sets. For the purpose of privacy enabled visualizations of 3D city models, we propose to partition the (living) spaces into privacy regions, each featuring its own level of anonymity. Within each region, the depicted 2D and 3D geometry and imagery is anonymized with cartographic generalization techniques. The underlying spatial partitioning is realized as a 2D map generated as a straight skeleton of the open space between buildings. The resulting privacy cells are then merged according to the privacy requirements associated with each building to form larger regions, their borderlines smoothed, and transition zones established between privacy regions to have a harmonious visual appearance. It is exemplarily demonstrated how the proposed method generates privacy enabled 3D city models.

12 CFR 1204.9 - Does FHFA collect and use Social Security numbers?

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 7 2011-01-01 2011-01-01 false Does FHFA collect and use Social Security... OPERATIONS PRIVACY ACT IMPLEMENTATION § 1204.9 Does FHFA collect and use Social Security numbers? FHFA collects Social Security numbers only when it is necessary and authorized. At least annually, the Privacy...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... from its inventory of record systems. TSA will rely upon DHS/ALL-017 General Legal Records (November 23, 2011, 76 FR 72428) to cover its legal activities. Eliminating the system of records notice DHS/TSA-009... Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

12 CFR 1204.9 - Does FHFA collect and use Social Security numbers?

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Does FHFA collect and use Social Security... OPERATIONS PRIVACY ACT IMPLEMENTATION § 1204.9 Does FHFA collect and use Social Security numbers? FHFA collects Social Security numbers only when it is necessary and authorized. At least annually, the Privacy...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

75 FR 23274 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

... is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0031] Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and Enforcement--011...

75 FR 5487 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

...The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a Department of Homeland Security/U.S. Customs and Border Protection system of records entitled the, ``Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting System of Records'' from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

NASA Astrophysics Data System (ADS)

Jeng, Albert; Chang, Li-Chung; Chen, Sheng-Hui

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e. g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e. g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

Cloud-assisted mobile-access of health data with privacy and auditability.

PubMed

Tong, Yue; Sun, Jinyuan; Chow, Sherman S M; Li, Pan

2014-03-01

Motivated by the privacy issues, curbing the adoption of electronic healthcare systems and the wild success of cloud service models, we propose to build privacy into mobile healthcare systems with the help of the private cloud. Our system offers salient features including efficient key management, privacy-preserving data storage, and retrieval, especially for retrieval at emergencies, and auditability for misusing health data. Specifically, we propose to integrate key management from pseudorandom number generator for unlinkability, a secure indexing method for privacy-preserving keyword search which hides both search and access patterns based on redundancy, and integrate the concept of attribute-based encryption with threshold signing for providing role-based access control with auditability to prevent potential misbehavior, in both normal and emergency cases.

77 FR 47767 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-10

... Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records AGENCY: Privacy Office... Homeland Security/U.S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence... Analytical Framework for Intelligence (AFI) System of Records'' from one or more provisions of the Privacy...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2012-07-01 2012-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2010-07-01 2010-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2011-07-01 2011-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2013-07-01 2013-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2014-07-01 2014-07-01 false DSS review of request for amendment. 321.8...

75 FR 69603 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security National...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... FURTHER INFORMATION CONTACT: For general questions please contact: Emily Andrew (703-235-2182), Privacy...: Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security... Nation's 18 critical infrastructures and key resources (CIKR) sectors during normal operations and...

77 FR 38274 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-27

.... SUPPLEMENTARY INFORMATION: The Defense Security Service systems of records notices subject to the Privacy Act of... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0077] Privacy Act of 1974; System of Records AGENCY: Defense Security Service, DoD. ACTION: Notice to Delete Four Systems of Records...

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

77 FR 38880 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-29

... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0002] Privacy Act of 1974, as Amended...

77 FR 27108 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0010] Privacy Act of 1974, as Amended...

78 FR 51264 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... 1016 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0022] Privacy Act of 1974, as Amended...

77 FR 24756 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0084] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988...

77 FR 6620 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/the States); Match 6000 and 6003

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0102] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ the States); Match 6000 and 6003 AGENCY: Social Security Administration..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

77 FR 24757 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0083] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1015 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 62623 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match Number 1016 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 59780 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-28

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0040] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security...: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L.) 100-503), amended the...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

PubMed

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

PubMed Central

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

PubMed Central

Richardson, Joshua E.; Ancker, Jessica S.

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

PubMed

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

PubMed Central

Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

2013-01-01

Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

PubMed Central

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-01-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

PubMed

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2012 CFR

2012-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2011 CFR

2011-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2014 CFR

2014-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

ERIC Educational Resources Information Center

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Privacy-enhanced electronic mail

NASA Astrophysics Data System (ADS)

Bishop, Matt

1990-06-01

The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

PubMed Central

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

2015-01-01

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements. PMID:25599627

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

PubMed

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan; Sunyaev, Ali

2015-01-19

Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. We assessed apps available in English and offered in the categories "Medical" and "Health & Fitness" in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

Secure Data Aggregation Protocol for M2M Communications

DTIC Science & Technology

2015-03-24

networking and collaboration among various devices has experienced tremendous growth. To adapt to the trend, the concept of Internet of Things ( IoT ... IoTs ): Models, Algorithms, and Implementations, accepted Title: “Privacy-Preserving Time-Series Data Aggregation for Internet of Things ” Date...public release; distribution is unlimited. (5) Privacy-Preserving Time-Series Data Aggregation for Internet of Things Abstract In recent years, the

Security from Within: Independent Review of the Washington Navy Yard Shooting

DTIC Science & Technology

2013-11-01

2012 report, the Defense Science Board (DSB) Task Force reviewing the Fort Hood shooting recommended “a threat management approach employing...mental health research findings into clinical practice. 103 The field of implementation science offers several models for establishing and supporting...December 29, 2008, http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2008-01.pdf. 47 Defense Science Board. “Task Force Report

Privacy enhancing techniques - the key to secure communication and management of clinical and genomic data.

PubMed

De Moor, G J E; Claerhout, B; De Meyer, F

2003-01-01

To introduce some of the privacy protection problems related to genomics based medicine and to highlight the relevance of Trusted Third Parties (TTPs) and of Privacy Enhancing Techniques (PETs) in the restricted context of clinical research and statistics. Practical approaches based on two different pseudonymisation models, both for batch and interactive data collection and exchange, are described and analysed. The growing need of managing both clinical and genetic data raises important legal and ethical challenges. Protecting human rights in the realm of privacy, while optimising research potential and other statistical activities is a challenge that can easily be overcome with the assistance of a trust service provider offering advanced privacy enabling/enhancing solutions. As such, the use of pseudonymisation and other innovative Privacy Enhancing Techniques can unlock valuable data sources.

78 FR 40542 - Privacy Act of 1974, As Amended: Proposed New Routine Use

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0032] Privacy Act of 1974, As Amended: Proposed New Routine Use AGENCY: Social Security Administration. ACTION: New Proposed Routine Use...: Master Files of Social Security Number (SSN) Holders and SSN Applications, (60-0058) (the Enumeration...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

A Hypertext-Based Computer Architecture for Management of the Joint Command, Control and Communications Curriculum

DTIC Science & Technology

1992-06-01

Boards) Security, Privacy, and Freedom of Speech Issues 4.1.2 Understand the relationships between information processing and collection and...to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) Security, Privacy, and Freedom of Speech Issues 69 4.1.3 Understand the...Communication one-to-one (e-mail) °o° one-to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) oo Security, Privacy, and Freedom of Speech Issues

Secure quantum private information retrieval using phase-encoded queries

NASA Astrophysics Data System (ADS)

Olejnik, Lukasz

2011-08-01

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

Secure quantum private information retrieval using phase-encoded queries

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olejnik, Lukasz

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offersmore » substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.« less

Analysis of Vehicle-Based Security Operations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carter, Jason M; Paul, Nate R

Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications mustmore » be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be applicable to a VBSS, and suggest some additional research directions in order to find a practical solution that appropriately addresses security and privacy.« less

Security issues in healthcare applications using wireless medical sensor networks: a survey.

PubMed

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

PubMed Central

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs. PMID:22368458

6 CFR 5.29 - Fees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Fees. 5.29 Section 5.29 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.29 Fees. (a) Components shall charge fees for duplication of records under the Privacy Act in the...

78 FR 15407 - Privacy Act of 1974, as Amended

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-11

... alteration of the system of records entitled Treasury/IRS 34.037, Audit Trail and Security Records. DATES... the Privacy Act system of records entitled Treasury/IRS34.037, Audit Trail and Security Records, to.... TREASURY/IRS 34.037 System name: Audit Trail and Security Records--Treasury/IRS 34.037...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2012 CFR

2012-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2014-01-01 2014-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

76 FR 44332 - Privacy Act of 1974; Notice of Updated Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-25

... are safeguarded in accordance with the requirements of the Privacy Act, the Computer Security Act, and... Security Numbers, birth dates and credit card numbers or other banking information, and (2) contract... bidders and buyers, including, but not limited to, names, phone numbers, addresses, Social Security...

75 FR 82121 - Privacy Act of 1974, as Amended; Proposed Routine Use

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-29

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Proposed Routine Use AGENCY: Social Security Administration (SSA). ACTION: Proposed routine use. SUMMARY: In accordance with the... routine use to our system of records entitled Master Files of Social Security Number (SSN) Holders and SSN...

36 CFR § 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2013 CFR

2013-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? § 1202.90 Section Â... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

36 CFR § 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Privacy Act shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures...

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial, annual, and revised privacy notices that you...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

Medico legal issues.

PubMed

Mackenzie, Geraldine; Carter, Hugh

2010-01-01

This chapter gives an educational overview of: * An awareness of the legal issues involved in health informatics * The need for the privacy and security of the patient record * The legal consequences of a breach of the security of the patient record * The concept of privacy law and what precautions ought to be taken to minimize legal liability for a breach of privacy and/or confidentiality.

75 FR 67909 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of the...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-04

... facsimile (202) 254-4299. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief...;Prices of new books are listed in the first FEDERAL REGISTER issue of each #0;week. #0; #0; #0; #0;#0...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of the Inspector...

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation

PubMed Central

Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-01-01

Background Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. PMID:29506966

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation.

PubMed

Sadat, Md Nazmus; Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-03-05

Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. ©Md Nazmus Sadat, Xiaoqian Jiang, Md Momin Al Aziz, Shuang Wang, Noman Mohammed. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 05.03.2018.

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

Safety and privacy outcomes from a moderated online social therapy for young people with first-episode psychosis.

PubMed

Gleeson, John F; Lederman, Reeva; Wadley, Greg; Bendall, Sarah; McGorry, Patrick D; Alvarez-Jimenez, Mario

2014-04-01

Internet-based treatments for early psychosis offer considerable promise, but safety and security need to be established. This study pilot tested Horyzons, a novel online treatment application that integrates purpose-built moderated social networking with psychoeducation for recovery from early psychosis. Safety, privacy, and security were evaluated during a one-month single-group trial with 20 young consumers recovering from early psychosis who were recruited in Melbourne, Australia. Known clinical risk factors informed the safety protocol. Safety, privacy, and security were evaluated with respect to relapse and self-harm, users' perceptions of safety and privacy, and activity using Horyzons. No clinical or security problems with use of Horyzons were noted. Participants described feeling safe and trusting Horyzons. Private moderated online social networking combined with psychoeducation was a safe and secure therapeutic environment for consumers recovering from a first episode of psychosis. Testing the intervention in a randomized controlled trial is warranted.

6 CFR 5.35 - Sanctions and penalties.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Sanctions and penalties. 5.35 Section 5.35 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.35 Sanctions and penalties. Under the provisions of the Privacy Act, 5 U.S.C. 552a...

75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

...; Department of Homeland Security Transportation Security Administration-023 Workplace Violence Prevention... Administration-023 Workplace Violence Prevention Program System of Records and this proposed rulemaking. In this... Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace Violence Prevention Program System of Records...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2014 CFR

2014-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2014-01-01 2014-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2012 CFR

2012-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2013 CFR

2013-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

Social Security Number Protection Laws: State-by-State Summary Table

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

As state policymakers implement statewide longitudinal data systems that collect, store, link and share student-level data, it is critical that they understand applicable privacy and data security standards and laws designed to ensure the privacy, security, and confidentiality of that data. To help state policymakers navigate this complex legal…

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

76 FR 67621 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Customs and Border Protection-003 Credit/Debit Care Data System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

Privacy Issues of a National Research and Education Network.

ERIC Educational Resources Information Center

Katz, James E.; Graveman, Richard F.

1991-01-01

Discussion of the right to privacy of communications focuses on privacy expectations within a National Research and Education Network (NREN). Highlights include privacy needs in scientific and education communications; academic and research networks; network security and privacy concerns; protection strategies; and consequences of privacy…

Secure and scalable deduplication of horizontally partitioned health data for privacy-preserving distributed statistical computation.

PubMed

Yigzaw, Kassaye Yitbarek; Michalas, Antonis; Bellika, Johan Gustav

2017-01-03

Techniques have been developed to compute statistics on distributed datasets without revealing private information except the statistical results. However, duplicate records in a distributed dataset may lead to incorrect statistical results. Therefore, to increase the accuracy of the statistical analysis of a distributed dataset, secure deduplication is an important preprocessing step. We designed a secure protocol for the deduplication of horizontally partitioned datasets with deterministic record linkage algorithms. We provided a formal security analysis of the protocol in the presence of semi-honest adversaries. The protocol was implemented and deployed across three microbiology laboratories located in Norway, and we ran experiments on the datasets in which the number of records for each laboratory varied. Experiments were also performed on simulated microbiology datasets and data custodians connected through a local area network. The security analysis demonstrated that the protocol protects the privacy of individuals and data custodians under a semi-honest adversarial model. More precisely, the protocol remains secure with the collusion of up to N - 2 corrupt data custodians. The total runtime for the protocol scales linearly with the addition of data custodians and records. One million simulated records distributed across 20 data custodians were deduplicated within 45 s. The experimental results showed that the protocol is more efficient and scalable than previous protocols for the same problem. The proposed deduplication protocol is efficient and scalable for practical uses while protecting the privacy of patients and data custodians.

Reconciliation of the cloud computing model with US federal electronic health record regulations

PubMed Central

2011-01-01

Cloud computing refers to subscription-based, fee-for-service utilization of computer hardware and software over the Internet. The model is gaining acceptance for business information technology (IT) applications because it allows capacity and functionality to increase on the fly without major investment in infrastructure, personnel or licensing fees. Large IT investments can be converted to a series of smaller operating expenses. Cloud architectures could potentially be superior to traditional electronic health record (EHR) designs in terms of economy, efficiency and utility. A central issue for EHR developers in the US is that these systems are constrained by federal regulatory legislation and oversight. These laws focus on security and privacy, which are well-recognized challenges for cloud computing systems in general. EHRs built with the cloud computing model can achieve acceptable privacy and security through business associate contracts with cloud providers that specify compliance requirements, performance metrics and liability sharing. PMID:21727204

Reconciliation of the cloud computing model with US federal electronic health record regulations.

PubMed

Schweitzer, Eugene J

2012-01-01

Cloud computing refers to subscription-based, fee-for-service utilization of computer hardware and software over the Internet. The model is gaining acceptance for business information technology (IT) applications because it allows capacity and functionality to increase on the fly without major investment in infrastructure, personnel or licensing fees. Large IT investments can be converted to a series of smaller operating expenses. Cloud architectures could potentially be superior to traditional electronic health record (EHR) designs in terms of economy, efficiency and utility. A central issue for EHR developers in the US is that these systems are constrained by federal regulatory legislation and oversight. These laws focus on security and privacy, which are well-recognized challenges for cloud computing systems in general. EHRs built with the cloud computing model can achieve acceptable privacy and security through business associate contracts with cloud providers that specify compliance requirements, performance metrics and liability sharing.

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any privacy notices and opt out notices...

Privacy and Security in Mobile Health: A Research Agenda

PubMed Central

Kotz, David; Gunter, Carl A.; Kumar, Santosh; Weiner, Jonathan P.

2017-01-01

Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges. PMID:28344359

78 FR 40541 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA)-Match Number 1014

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0019] Privacy Act of 1974, as Amended; Computer Matching Program (SSA)--Match Number 1014 AGENCY: Social Security Administration (SSA). [[Page 40542

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

Driving toward guiding principles: a goal for privacy, confidentiality, and security of health information.

PubMed

Buckovich, S A; Rippen, H E; Rozen, M J

1999-01-01

As health care moves from paper to electronic data collection, providing easier access and dissemination of health information, the development of guiding privacy, confidentiality, and security principles is necessary to help balance the protection of patients' privacy interests against appropriate information access. A comparative review and analysis was done, based on a compilation of privacy, confidentiality, and security principles from many sources. Principles derived from ten identified sources were compared with each of the compiled principles to assess support level, uniformity, and inconsistencies. Of 28 compiled principles, 23 were supported by at least 50 percent of the sources. Technology could address at least 12 of the principles. Notable consistencies among the principles could provide a basis for consensus for further legislative and organizational work. It is imperative that all participants in our health care system work actively toward a viable resolution of this information privacy debate.

Assessing the privacy policies in mobile personal health records.

PubMed

Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

2014-01-01

The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs.

A linkable identity privacy algorithm for HealthGrid.

PubMed

Zhang, Ning; Rector, Alan; Buchan, Iain; Shi, Qi; Kalra, Dipak; Rogers, Jeremy; Goble, Carole; Walker, Steve; Ingram, David; Singleton, Peter

2005-01-01

The issues of confidentiality and privacy have become increasingly important as Grid technology is being adopted in public sectors such as healthcare. This paper discusses the importance of protecting the confidentiality and privacy of patient health/medical records, and the challenges exhibited in enforcing this protection in a Grid environment. It proposes a novel algorithm to allow traceable/linkable identity privacy in dealing with de-identified medical records. Using the algorithm, de-identified health records associated to the same patient but generated by different healthcare providers are given different pseudonyms. However, these pseudonymised records of the same patient can still be linked by a trusted entity such as the NHS trust or HealthGrid manager. The paper has also recommended a security architecture that integrates the proposed algorithm with other data security measures needed to achieve the desired security and privacy in the HealthGrid context.

A cryptographic key management solution for HIPAA privacy/security regulations.

PubMed

Lee, W-B; Lee, C-D

2008-01-01

The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

Application of portable CDA for secure clinical-document exchange.

PubMed

Huang, Kuo-Hsuan; Hsieh, Sung-Huai; Chang, Yuan-Jen; Lai, Feipei; Hsieh, Sheau-Ling; Lee, Hsiu-Hui

2010-08-01

Health Level Seven (HL7) organization published the Clinical Document Architecture (CDA) for exchanging documents among heterogeneous systems and improving medical quality based on the design method in CDA. In practice, although the HL7 organization tried to make medical messages exchangeable, it is still hard to exchange medical messages. There are many issues when two hospitals want to exchange clinical documents, such as patient privacy, network security, budget, and the strategies of the hospital. In this article, we propose a method for the exchange and sharing of clinical documents in an offline model based on the CDA-the Portable CDA. This allows the physician to retrieve the patient's medical record stored in a portal device, but not through the Internet in real time. The security and privacy of CDA data will also be considered.

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

Secure authentication protocol for Internet applications over CATV network

NASA Astrophysics Data System (ADS)

Chin, Le-Pond

1998-02-01

An authentication protocol is proposed in this paper to implement secure functions which include two way authentication and key management between end users and head-end. The protocol can protect transmission from frauds, attacks such as reply and wiretap. Location privacy is also achieved. A rest protocol is designed to restore the system once when systems fail. The security is verified by taking several security and privacy requirements into consideration.

76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-23

... 1974; Department of Homeland Security/ALL--017 General Legal Records System of Records AGENCY: Privacy... of records notice titled, ``Department of Homeland Security/ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in providing legal advice to the Department of Homeland...

17 CFR 200.310 - Fees.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records... Information and Privacy Act Operations, SEC, Operations Center, 6432 General Green Way, Alexandria, VA 22312...

17 CFR 200.310 - Fees.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records... Information and Privacy Act Operations, SEC, Operations Center, 6432 General Green Way, Alexandria, VA 22312...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2010 CFR

2010-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2011 CFR

2011-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.520 - Notice of privacy practices for protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a) Standard... 45 Public Welfare 1 2014-10-01 2014-10-01 false Notice of privacy practices for protected health...

A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations.

PubMed

Lee, Chien-Ding; Ho, Kevin I-J; Lee, Wei-Bin

2011-07-01

Digitizing medical records facilitates the healthcare process. However, it can also cause serious security and privacy problems, which are the major concern in the Health Insurance Portability and Accountability Act (HIPAA). While various conventional encryption mechanisms can solve some aspects of these problems, they cannot address the illegal distribution of decrypted medical images, which violates the regulations defined in the HIPAA. To protect decrypted medical images from being illegally distributed by an authorized staff member, the model proposed in this paper provides a way to integrate several cryptographic mechanisms. In this model, the malicious staff member can be tracked by a watermarked clue. By combining several well-designed cryptographic mechanisms and developing a key management scheme to facilitate the interoperation among these mechanisms, the risk of illegal distribution can be reduced.

Acquisition of a High Performance Computing Instrument for Big Data Research and Education

DTIC Science & Technology

2015-12-03

Security and Privacy , University of Texas at Dallas, TX, September 16-17, 2014. • Chopade, P., Zhan, J., Community Detection in Large Scale Big Data...Security and Privacy in Communication Networks, Beijing, China, September 24-26, 2014. • Pravin Chopade, Kenneth Flurchick, Justin Zhan and Marwan...Balkirat Kaur, Malcolm Blow, and Justin Zhan, Digital Image Authentication in Social Media, The Sixth ASE International Conference on Privacy

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

A Progress Report on Information Privacy and Data Security.

ERIC Educational Resources Information Center

Salton, Gerard

1980-01-01

Describes the role of information privacy in modern society, examines recent legal cases to illustrate how privacy cases are adjudicated and to identify the limits of available privacy protection, and raises issues regarding techniques for insuring data confidentiality. (FM)

76 FR 66933 - Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG-014 Military Pay...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-28

... purpose of health and life insurance requests and eligibility and to the Department of Defense (DoD) for... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0072] Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG--014 Military Pay and Personnel System...

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

78 FR 57402 - Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection-019 Air...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-18

... forth in this system of records notice. AMOSS also has users from the Department of Defense (DOD... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0021] Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection--019 Air and Marine Operations...

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

32 CFR 806b.51 - Privacy and the Web.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy and the Web. 806b.51 Section 806b.51 National Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE ADMINISTRATION PRIVACY ACT... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Annual privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You must...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Initial privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P, S-AM, AND S-ID Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You must...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

Privacy and security compliance in the E-healthcare marketplace.

PubMed

Lutes, M

2000-03-01

Complying with security and privacy regulations proposed by HHS in response to the Health Insurance Portability and Accountability Act (HIPAA) will require healthcare managers to address both internal and external business interactions and initiatives. The proposed regulations mandate certain procedures regarding administration, physical safeguards, technical security for data integrity and confidentiality, and technical security against unauthorized access. In particular, the proposed regulations require organizations to contractually ensure that vendors adhere to the regulations. Healthcare organizations also must implement training procedures for staff members who have contact with protected health information and designate a privacy officer to guard against improper disclosure of such information. Documented policies for organizational decision making are vital to an organization's efforts to implement procedures for compliance with the regulations.

Inter-organizational future proof EHR systems. A review of the security and privacy related issues.

PubMed

van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan

2009-03-01

Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in literature. Ensuring secure health information exchange across organizations requires a standardization of security measures that goes beyond organizational boundaries, such as global definitions of professional roles, global standards for patient consent and semantic interoperable audit logs. As to be able to fully address the privacy and security issues in interoperable EHRs and the long-life virtual EHR it is necessary to realize a paradigm shift from storing all incoming information in a local system to retrieving information from external systems whenever that information is deemed necessary for the care of the patient.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks.

PubMed

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-12-08

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie-Hellman problem.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

PubMed Central

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-01-01

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem. PMID:29292792

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

Minutiae Matching with Privacy Protection Based on the Combination of Garbled Circuit and Homomorphic Encryption

PubMed Central

Li, Mengxing; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks. PMID:24711729

Minutiae matching with privacy protection based on the combination of garbled circuit and homomorphic encryption.

PubMed

Li, Mengxing; Feng, Quan; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the mission of improving the quality and quantity of the contents of the biobank. This motivated us to request users to share the results of their research as feedback to the biobank. The TMM data sharing policy has tackled every security problem originating with the missions. We believe our current implementation to be the best way to protect privacy in data sharing.

Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control.

PubMed

Yue, Xiao; Wang, Huiju; Jin, Dawei; Li, Mingqiang; Jiang, Wei

2016-10-01

Healthcare data are a valuable source of healthcare intelligence. Sharing of healthcare data is one essential step to make healthcare system smarter and improve the quality of healthcare service. Healthcare data, one personal asset of patient, should be owned and controlled by patient, instead of being scattered in different healthcare systems, which prevents data sharing and puts patient privacy at risks. Blockchain is demonstrated in the financial field that trusted, auditable computing is possible using a decentralized network of peers accompanied by a public ledger. In this paper, we proposed an App (called Healthcare Data Gateway (HGD)) architecture based on blockchain to enable patient to own, control and share their own data easily and securely without violating privacy, which provides a new potential way to improve the intelligence of healthcare systems while keeping patient data private. Our proposed purpose-centric access model ensures patient own and control their healthcare data; simple unified Indicator-Centric Schema (ICS) makes it possible to organize all kinds of personal healthcare data practically and easily. We also point out that MPC (Secure Multi-Party Computing) is one promising solution to enable untrusted third-party to conduct computation over patient data without violating privacy.

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any...

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any...

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Delivering privacy and opt out... (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must...

Privacy preservation and information security protection for patients' portable electronic health records.

PubMed

Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

2009-09-01

As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

78 FR 65155 - Special Conditions: Learjet Model 45 Series Airplanes; Isolation or Security Protection of the...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-31

... an association, business, labor union, etc.). DOT's complete Privacy Act Statement can be found in... supplemental type certificate (STC) change in the digital systems architecture in the Learjet Model 45 series... plus two crew members. The proposed Learjet Model 45 architecture is new and novel for commercial...

Data Protection-Aware Design for Cloud Services

NASA Astrophysics Data System (ADS)

Creese, Sadie; Hopkins, Paul; Pearson, Siani; Shen, Yun

The Cloud is a relatively new concept and so it is unsurprising that the information assurance, data protection, network security and privacy concerns have yet to be fully addressed. This paper seeks to begin the process of designing data protection controls into clouds from the outset so as to avoid the costs associated with bolting on security as an afterthought. Our approach is firstly to consider cloud maturity from an enterprise level perspective, describing a novel capability maturity model. We use this model to explore privacy controls within an enterprise cloud deployment, and explore where there may be opportunities to design in data protection controls as exploitation of the Cloud matures. We demonstrate how we might enable such controls via the use of design patterns. Finally, we consider how Service Level Agreements (SLAs) might be used to ensure that third party suppliers act in support of such controls.

Toward protocols for quantum-ensured privacy and secure voting

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario

2011-08-15

We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by amore » different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.« less

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. (1...

Privacy Management and Networked PPD Systems - Challenges Solutions.

PubMed

Ruotsalainen, Pekka; Pharow, Peter; Petersen, Francoise

2015-01-01

Modern personal portable health devices (PPDs) become increasingly part of a larger, inhomogeneous information system. Information collected by sensors are stored and processed in global clouds. Services are often free of charge, but at the same time service providers' business model is based on the disclosure of users' intimate health information. Health data processed in PPD networks is not regulated by health care specific legislation. In PPD networks, there is no guarantee that stakeholders share same ethical principles with the user. Often service providers have own security and privacy policies and they rarely offer to the user possibilities to define own, or adapt existing privacy policies. This all raises huge ethical and privacy concerns. In this paper, the authors have analyzed privacy challenges in PPD networks from users' viewpoint using system modeling method and propose the principle "Personal Health Data under Personal Control" must generally be accepted at global level. Among possible implementation of this principle, the authors propose encryption, computer understandable privacy policies, and privacy labels or trust based privacy management methods. The latter can be realized using infrastructural trust calculation and monitoring service. A first step is to require the protection of personal health information and the principle proposed being internationally mandatory. This requires both regulatory and standardization activities, and the availability of open and certified software application which all service providers can implement. One of those applications should be the independent Trust verifier.

Privacy-Preserving and Secure Sharing of PHR in the Cloud.

PubMed

Zhang, Leyou; Wu, Qing; Mu, Yi; Zhang, Jingxia

2016-12-01

As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

Online Ethics: What's a Teacher to Do?

ERIC Educational Resources Information Center

Carpenter, Cal

1996-01-01

Considers ethics issues involved with using online resources like the Internet in elementary and secondary education and suggests that educators initiate and model a standardized role of ethical behavior for Internet users. Topics include hackers; privacy, piracy, and security; screening electronic sites; ethics education; and an ethics model.…

Naked on the Information Highway: The 6th Ian P. Sharp Lecture.

ERIC Educational Resources Information Center

Phillips, Bruce

1995-01-01

This lecture by the Privacy Commissioner of Canada addresses issues related to information technology and privacy, including privacy law, government role, surveillance techniques, and security measures to protect the privacy of electronic communications. The text of the question and answer period following the lecture is included. (MES)

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 9 2012-10-01 2012-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 9 2013-10-01 2013-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

76 FR 11435 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-02

... Security Administration. SUMMARY: Pursuant to the Computer Matching and Privacy Protection Act of 1988, Public Law 100-503, the Computer Matching and Privacy Protections Amendments of 1990, Pub. L. 101-508... Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988...

76 FR 22615 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-22

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2011-OS-0003] 32 CFR Part 322... Part 322 Privacy. Accordingly, 32 CFR part 322 is amended as follows: PART 322--NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE PROGRAM 0 1. The authority citation for 32 CFR part 322.7 continues to...

Information Security and Privacy in Network Environments.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

77 FR 40863 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-11

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2012-OS-0085] Privacy Act of 1974... Register Liaison Officer, Department of Defense. QNRO-31 System name: Software Security Risk Evaluations... the Department of Defense; DoDD 5240.2, DoD Counterintelligence (CI); DoDI 5240.8, Security...

76 FR 34616 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... questions please contact: Emily Andrew (703-235-2182), Privacy Officer, National Protection and Programs... U.S.C. 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate... Screening Database (TSDB). The TSDB is the Federal government's consolidated and integrated terrorist...

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 69926 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0059] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0022] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

[A security protocol for the exchange of personal medical data via Internet: monitoring treatment and drug effects].

PubMed

Viviani, R; Fischer, J; Spitzer, M; Freudenmann, R W

2004-04-01

We present a security protocol for the exchange of medical data via the Internet, based on the type/domain model. We discuss two applications of the protocol: in a system for the exchange of data for quality assurance, and in an on-line database of adverse reactions to drug use. We state that a type/domain security protocol can successfully comply with the complex requirements for data privacy and accessibility typical of such applications.

A Lightweight Encryption Scheme Combined with Trust Management for Privacy-Preserving in Body Sensor Networks.

PubMed

Guo, Ping; Wang, Jin; Ji, Sai; Geng, Xue Hua; Xiong, Neal N

2015-12-01

With the pervasiveness of smart phones and the advance of wireless body sensor network (BSN), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving framework combining with multilevel trust management. In our scheme, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive PHI (personal health information) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient lightweight encryption for those users whose trust level is low, which is based on mix cipher algorithms and pair of plain text and cipher texts, and allow a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis and simulations show that the proposed framework can efficiently achieve user-centric privacy protection in m-Healthcare system.

Telerehabilitation store and forward applications: a review of applications and privacy considerations in physical and occupational therapy practice.

PubMed

Peterson, Christopher; Watzlaf, Valerie

2014-01-01

An overview of store and forward applications commonly used in physical and occupational therapy practice is reviewed with respect to regulation, privacy, security, and clinical applications. A privacy and security checklist provides a clear reference of pertinent regulatory issues regarding these software applications. A case study format is used to highlight clinical applications of store and forward software features. Important considerations of successful implementation of store and forward applications are also identified and discussed.

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Testing the Electronic Personal Health Record Acceptance Model by Nurses for Managing Their Own Health: A Cross-sectional Survey.

PubMed

Gartrell, K; Trinkoff, A M; Storr, C L; Wilson, M L; Gurses, A P

2015-01-01

To our knowledge, no evidence is available on health care professionals' use of electronic personal health records (ePHRs) for their health management. We therefore focused on nurses' personal use of ePHRs using a modified technology acceptance model. To examine (1) the psychometric properties of the ePHR acceptance model, (2) the associations of perceived usefulness, ease of use, data privacy and security protection, and perception of self as health-promoting role models to nurses' own ePHR use, and (3) the moderating influences of age, chronic illness and medication use, and providers' use of electronic health record (EHRs) on the associations between the ePHR acceptance constructs and ePHR use. A convenience sample of registered nurses, those working in one of 12 hospitals in the Maryland and Washington, DC areas and members of the nursing informatics community (AMIA and HIMSS), were invited to respond to an anonymous online survey; 847 responded. Multiple logistic regression identified associations between the model constructs and ePHR use, and the moderating effect. Overall, ePHRs were used by 47%. Sufficient reliability for all scales was found. Three constructs were significantly related to nurses' own ePHR use after adjusting for covariates: usefulness, data privacy and security protection, and health-promoting role model. Nurses with providers that used EHRs who perceived a higher level of data privacy and security protection had greater odds of ePHR use than those whose providers did not use EHRs. Older nurses with a higher self-perception as health-promoting role models had greater odds of ePHR use than younger nurses. Nurses who use ePHRs for their personal health might promote adoption by the general public by serving as health-promoting role models. They can contribute to improvements in patient education and ePHR design, and serve as crucial resources when working with their individual patients.

Testing the Electronic Personal Health Record Acceptance Model by Nurses for Managing Their Own Health

PubMed Central

Trinkoff, A.M.; Storr, C.L.; Wilson, M.L.; Gurses, A.P.

2015-01-01

Summary Background To our knowledge, no evidence is available on health care professionals’ use of electronic personal health records (ePHRs) for their health management. We therefore focused on nurses’ personal use of ePHRs using a modified technology acceptance model. Objectives To examine (1) the psychometric properties of the ePHR acceptance model, (2) the associations of perceived usefulness, ease of use, data privacy and security protection, and perception of self as health-promoting role models to nurses’ own ePHR use, and (3) the moderating influences of age, chronic illness and medication use, and providers’ use of electronic health record (EHRs) on the associations between the ePHR acceptance constructs and ePHR use. Methods A convenience sample of registered nurses, those working in one of 12 hospitals in the Maryland and Washington, DC areas and members of the nursing informatics community (AMIA and HIMSS), were invited to respond to an anonymous online survey; 847 responded. Multiple logistic regression identified associations between the model constructs and ePHR use, and the moderating effect. Results Overall, ePHRs were used by 47%. Sufficient reliability for all scales was found. Three constructs were significantly related to nurses’ own ePHR use after adjusting for covariates: usefulness, data privacy and security protection, and health-promoting role model. Nurses with providers that used EHRs who perceived a higher level of data privacy and security protection had greater odds of ePHR use than those whose providers did not use EHRs. Older nurses with a higher self-perception as health-promoting role models had greater odds of ePHR use than younger nurses. Conclusions Nurses who use ePHRs for their personal health might promote adoption by the general public by serving as health-promoting role models. They can contribute to improvements in patient education and ePHR design, and serve as crucial resources when working with their individual patients. PMID:26171072

Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

NASA Astrophysics Data System (ADS)

Zhang, Yuanfei; Pei, Qianwen; Dai, Feifei; Zhang, Lei

2017-10-01

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.

Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

PubMed

Rosenbaum, Benjamin P

2014-03-01

Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

Big data privacy protection model based on multi-level trusted system

NASA Astrophysics Data System (ADS)

Zhang, Nan; Liu, Zehua; Han, Hongfeng

2018-05-01

This paper introduces and inherit the multi-level trusted system model that solves the Trojan virus by encrypting the privacy of user data, and achieve the principle: "not to read the high priority hierarchy, not to write the hierarchy with low priority". Thus ensuring that the low-priority data privacy leak does not affect the disclosure of high-priority data privacy. This paper inherits the multi-level trustworthy system model of Trojan horse and divides seven different risk levels. The priority level 1˜7 represent the low to high value of user data privacy, and realize seven kinds of encryption with different execution efficiency Algorithm, the higher the priority, the greater the value of user data privacy, at the expense of efficiency under the premise of choosing a more encrypted encryption algorithm to ensure data security. For enterprises, the price point is determined by the unit equipment users to decide the length of time. The higher the risk sub-group algorithm, the longer the encryption time. The model assumes that users prefer the lower priority encryption algorithm to ensure efficiency. This paper proposes a privacy cost model for each of the seven risk subgroups. Among them, the higher the privacy cost, the higher the priority of the risk sub-group, the higher the price the user needs to pay to ensure the privacy of the data. Furthermore, by introducing the existing pricing model of economics and the human traffic model proposed by this paper and fluctuating with the market demand, this paper improves the price of unit products when the market demand is low. On the other hand, when the market demand increases, the profit of the enterprise will be guaranteed under the guidance of the government by reducing the price per unit of product. Then, this paper introduces the dynamic factors of consumers' mood and age to optimize. At the same time, seven algorithms are selected from symmetric and asymmetric encryption algorithms to define the enterprise costs at different levels. Therefore, the proposed model solves the continuous influence caused by cascading events and ensures that the disclosure of low-level data privacy of users does not affect the high-level data privacy, thus greatly improving the safety of the private information of user.

Privacy, security, and the public health researcher in the era of electronic health record research

PubMed Central

Sarwate, Anand D.

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools. PMID:28210428

Privacy, security, and the public health researcher in the era of electronic health record research.

PubMed

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

76 FR 19110 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... the Web AGENCY: Privacy Office, Department of Homeland Security (DHS). ACTION: Notice of Publication... the Privacy Office's Web site between May 3, 2010 and January 7, 2011. DATES: The Privacy Impact Assessments are available on the DHS Web site until June 6, 2011, after which they are obtained by contacting...

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... is contained in records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2011 CFR

2011-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2014-10-01 2014-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2013-10-01 2013-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2011-10-01 2011-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2012-10-01 2012-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 1 2010-10-01 2010-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

12 CFR 792.69 - Training and employee standards of conduct with regard to privacy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... regard to privacy. 792.69 Section 792.69 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION... UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.69 Training and employee standards of conduct with regard to...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2014 CFR

2014-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2012 CFR

2012-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2013 CFR

2013-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

PubMed

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

Musings on privacy issues in health research involving disaggregate geographic data about individuals

PubMed Central

Boulos, Maged N Kamel; Curtis, Andrew J; AbdelMalik, Philip

2009-01-01

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case. PMID:19619311

The double-edged sword of electronic health records: implications for patient disclosure.

PubMed

Campos-Castillo, Celeste; Anthony, Denise L

2015-04-01

Electronic health record (EHR) systems are linked to improvements in quality of care, yet also privacy and security risks. Results from research studies are mixed about whether patients withhold personal information from their providers to protect against the perceived EHR privacy and security risks. This study seeks to reconcile the mixed findings by focusing on whether accounting for patients' global ratings of care reveals a relationship between EHR provider-use and patient non-disclosure. A nationally representative sample from the 2012 Health Information National Trends Survey was analyzed using bivariate and multivariable logit regressions to examine whether global ratings of care suppress the relationship between EHR provider-use and patient non-disclosure. 13% of respondents reported having ever withheld information from a provider because of privacy/security concerns. Bivariate analysis showed that withholding information was unrelated to whether respondents' providers used an EHR. Multivariable analysis showed that accounting for respondents' global ratings of care revealed a positive relationship between having a provider who uses an EHR and withholding information. After accounting for global ratings of care, findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks. Despite evidence that EHRs inhibit patient disclosure, their advantages for promoting quality of care may outweigh the drawbacks. Clinicians should leverage the EHR's value in quality of care and discuss patients' privacy concerns during clinic visits, while policy makers should consider how to address the real and perceived privacy and security risks of EHRs. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

45 CFR 164.500 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.500 Applicability. (a... implementation of the privacy standards. (2) When a health care clearinghouse creates or receives protected...

Assessing Factors Affecting Physician's Intention to Adopt Biometric Authentication Technology in Electronic Medical Records

ERIC Educational Resources Information Center

Corazao, Cesar E.

2014-01-01

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulated the privacy and security of patient information. Since HIPPA became a law, hospital operators have struggled to comply fully with its security and privacy provisions. The proximity-based biometric authentication (PBBA) technology evolved in last decade to help…

77 FR 33547 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare and Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare and Medicaid Services (CMS))--Match Number 1094 AGENCY: Social Security Administration (SSA). ACTION: Notice of a new computer matching program that will expire...

75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant... System of Records and this proposed rulemaking. In this proposed rulemaking, the Department proposes to...

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

78 FR 69393 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... records in its inventory of record systems subject to the Privacy Act of 1974, as amended. The National....O. 12968, as amended, Access to classified information; 5 CFR part 732, National security positions...); 5 U.S.C. 7532, Suspension and Removal; E.O. 12958, Classified National Security Information; DoD...

77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-13

.... ACTION: Proposed rule. SUMMARY: This document seeks comment on the privacy and data security practices of... Practice and Procedure and Part 0 Rules of Commission Organization, Notice of Proposed Rulemaking, 25 FCC... practices of mobile wireless service providers with respect to customer information stored on their users...

17 CFR 200.308 - Appeal of initial adverse agency determination as to access or as to amendment or correction.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records Maintained by the... legal holidays) after his request was received by the Office of Information and Privacy Act Operations...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary to carry out the functions described in § 155.200 of...: (1) Gain access to personally identifiable information submitted to an Exchange; or (2) Collect, use...

General Framework for Evaluating Password Complexity and Strength

DTIC Science & Technology

2015-11-15

stronger password requirements: User attitudes and behaviors,” in Pro- ceedings of the Sixth Symposium on Usable Privacy and Security, ser. SOUPS ’10. New...Proceedings of the Eighth Symposium on Usable Privacy and Security, ser. SOUPS ’12. New York, NY, USA: ACM, 2012, pp. 1–20. [22] P. Kelley, S. Komanduri

75 FR 53005 - Privacy Act of 1974, as amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as amended; Notice of Computer Matching Program...

78 FR 34678 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

78 FR 37647 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0010] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing computer matching program that will expire on...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

Advances and current state of the security and privacy in electronic health records: survey from a social perspective.

PubMed

Tejero, Antonio; de la Torre, Isabel

2012-10-01

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

Personal control of privacy and data: Estonian experience.

PubMed

Priisalu, Jaan; Ottis, Rain

2017-01-01

The Republic of Estonia leads Europe in the provision of public digital services. The national communications and transactions platform allows for twenty-first century governance by allowing for transparency, e-safety (inter alia privacy), e-security, entrepreneurship and, among other things, rising levels of prosperity, and well-being for all its Citizens. However, a series of Information Infrastructure attacks against the Estonian e-society infrastructure in 2007 became one of best known incidents and experiences that fundamentally changed both Estonian and international discussions about Cyber Security and Privacy. Estonian experience shows that an open and transparent attitude provides a good foundation for trust between the Citizen and the State, and gives more control to the real owner of the data - the Citizen. Another important lesson is that the Citizen needs to be confident in the government's ability to keep their data safe -- in terms of confidentiality, integrity and availability - establishing a strong link between privacy and information security. This paper discusses certain critical choices, context, and events connected to the birth and growth of the Estonian e-society in terms of Privacy.

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices used by Healthcare Providers.

PubMed

Watzlaf, Valerie J M; Zhou, Leming; Dealmeida, Dilhari R; Hartman, Linda M

2017-01-01

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 - 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth. Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen's kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.

A protect solution for data security in mobile cloud storage

NASA Astrophysics Data System (ADS)

Yu, Xiaojun; Wen, Qiaoyan

2013-03-01

It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

78 FR 63847 - Special Conditions: Embraer S.A., Model EMB-550 Airplanes; Airplane Electronic System Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-25

... design feature associated with the architecture and connectivity capabilities of the airplanes' computer... the comment for an association, business, labor union, etc.). DOT's complete Privacy Act Statement can... architecture for the Embraer Model EMB-550 series of airplanes is composed of several connected networks. This...

45 CFR 164.530 - Administrative requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

....530 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.530... privacy official who is responsible for the development and implementation of the policies and procedures...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2013 CFR

2013-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2012 CFR

2012-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2014 CFR

2014-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2011 CFR

2011-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 45 Public Welfare 1 2012-10-01 2012-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-08

... instructions for submitting comments. Fax: 703-483-2999. Mail: Mary Ellen Callahan, Chief Privacy Officer... approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public... obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer...

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's access may be denied if...

76 FR 71417 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Law Enforcement Agencies (LEA...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-17

...; Computer Matching Program (SSA/ Law Enforcement Agencies (LEA)) Match Number 5001 AGENCY: Social Security... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... accordance with the Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of...

Supporting Regularized Logistic Regression Privately and Efficiently.

PubMed

Li, Wenfa; Liu, Hongzhe; Yang, Peng; Xie, Wei

2016-01-01

As one of the most popular statistical and machine learning models, logistic regression with regularization has found wide adoption in biomedicine, social sciences, information technology, and so on. These domains often involve data of human subjects that are contingent upon strict privacy regulations. Concerns over data privacy make it increasingly difficult to coordinate and conduct large-scale collaborative studies, which typically rely on cross-institution data sharing and joint analysis. Our work here focuses on safeguarding regularized logistic regression, a widely-used statistical model while at the same time has not been investigated from a data security and privacy perspective. We consider a common use scenario of multi-institution collaborative studies, such as in the form of research consortia or networks as widely seen in genetics, epidemiology, social sciences, etc. To make our privacy-enhancing solution practical, we demonstrate a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data. Extensive empirical evaluations on several studies validate the privacy guarantee, efficiency and scalability of our proposal. We also discuss the practical implications of our solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc.

Supporting Regularized Logistic Regression Privately and Efficiently

PubMed Central

Li, Wenfa; Liu, Hongzhe; Yang, Peng; Xie, Wei

2016-01-01

As one of the most popular statistical and machine learning models, logistic regression with regularization has found wide adoption in biomedicine, social sciences, information technology, and so on. These domains often involve data of human subjects that are contingent upon strict privacy regulations. Concerns over data privacy make it increasingly difficult to coordinate and conduct large-scale collaborative studies, which typically rely on cross-institution data sharing and joint analysis. Our work here focuses on safeguarding regularized logistic regression, a widely-used statistical model while at the same time has not been investigated from a data security and privacy perspective. We consider a common use scenario of multi-institution collaborative studies, such as in the form of research consortia or networks as widely seen in genetics, epidemiology, social sciences, etc. To make our privacy-enhancing solution practical, we demonstrate a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data. Extensive empirical evaluations on several studies validate the privacy guarantee, efficiency and scalability of our proposal. We also discuss the practical implications of our solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc. PMID:27271738

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Panel: RFID Security and Privacy

NASA Astrophysics Data System (ADS)

Fu, Kevin

The panel on RFID security and privacy included Ross Anderson, Jon Callas, Yvo Desmedt, and Kevin Fu. Topics for discussion included the "chip and PIN" EMV payment systems, e-Passports, "mafia" attacks, and RFID-enabled credit cards. Position papers by the panelists appear in the following pages, and the RFID-enabled credit card work appears separately in these proceedings.

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2012-07-01 2012-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2011-07-01 2011-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2013-07-01 2013-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2010-07-01 2010-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2014-07-01 2014-07-01 false Procedures for determining if an individual is...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary: (i) For the Exchange to carry out the functions described in § 155.200; (ii) For the Exchange to carry out other functions not described in paragraph (a)(1...

32 CFR 806b.27 - When to include a Privacy Act warning statement in publications.

Code of Federal Regulations, 2010 CFR

2010-07-01

... include the Warning Statement when publications direct collection of the Social Security Number, or any part of the Social Security Number, from the individual. The warning statement will cite legal authority and when part of a record system, the Privacy Act system of records number and title. You can use...

What We Can Learn from the Suits

ERIC Educational Resources Information Center

Panettieri, Joseph C.

2006-01-01

This article discusses what colleges and universities can learn from Uncle Sam and corporate America when it comes to designing secure networks and ensuring privacy. After all, schools face many of the same privacy and information security challenges seen in the business and government sectors. The fact of the matter is, in the age of cyber crime…

Archiving data from new survey technologies: Enabling research with high-precision data while preserving participant privacy

DOE PAGES

Gonder, Jeffrey; Burton, Evan; Murakami, Elaine

2015-12-29

Despite the significant effort and expense to collect high-resolution Global Positioning System (GPS) data in travel surveys, privacy concerns often lead to its underutilization. This paper describes development of the Transportation Secure Data Center (TSDC) to address this dilemma of providing data access while preserving privacy. Furthermore, the TSDC operating structure was developed in consultation with an advisory committee and includes: a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using amore » variety of tools and reference information.« less

Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels

DOE Office of Scientific and Technical Information (OSTI.GOV)

Deutsch, D.; Ekert, A.; Jozsa, R.

1996-09-01

Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyze and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an {open_quote}{open_quote}entanglement purification{close_quote}{close_quote} procedure which, because it requires only a few quantum controlled-not and single-qubit operations, could be implemented using technology that is currently being developed. {copyright} {ital 1996 Themore » American Physical Society.}« less

Hacking Facebook Privacy and Security

DTIC Science & Technology

2012-08-28

that their information is somehow protected. However, practically this is not always the case and privacy on social networking sites has received...fraudsters target Facebook and other social networking sites to harvest information about you. Here’s how we recommend you set your Facebook privacy

The study on privacy preserving data mining for information security

NASA Astrophysics Data System (ADS)

Li, Xiaohui

2012-04-01

Privacy preserving data mining have a rapid development in a short year. But it still faces many challenges in the future. Firstly, the level of privacy has different definitions in different filed. Therefore, the measure of privacy preserving data mining technology protecting private information is not the same. So, it's an urgent issue to present a unified privacy definition and measure. Secondly, the most of research in privacy preserving data mining is presently confined to the theory study.

An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future.

PubMed

Malin, Bradley A

2005-01-01

The incorporation of genomic data into personal medical records poses many challenges to patient privacy. In response, various systems for preserving patient privacy in shared genomic data have been developed and deployed. Although these systems de-identify the data by removing explicit identifiers (e.g., name, address, or Social Security number) and incorporate sound security design principles, they suffer from a lack of formal modeling of inferences learnable from shared data. This report evaluates the extent to which current protection systems are capable of withstanding a range of re-identification methods, including genotype-phenotype inferences, location-visit patterns, family structures, and dictionary attacks. For a comparative re-identification analysis, the systems are mapped to a common formalism. Although there is variation in susceptibility, each system is deficient in its protection capacity. The author discovers patterns of protection failure and discusses several of the reasons why these systems are susceptible. The analyses and discussion within provide guideposts for the development of next-generation protection methods amenable to formal proofs.