A review of privacy and usability issues in mobile health systems: Role of external factors.

PubMed

Katusiime, Jane; Pinkwart, Niels

2017-10-01

The increased penetration of mobile devices has created opportunities in the health sector and led to emerging of mobile health systems. As much as the mobile health systems have registered tremendous progress, they have been faced with privacy and usability issues. Due to the sensitivity of health information, there is an ethical need to equip mobile health systems with adequate privacy measures. However, these systems should also be useable by the intended users. Even though many researchers are working on solutions, the issues still persist. External factors such as cultural differences have also contributed to the issues, yet they have been under researched. In this article, we conduct a systematic literature review of 22 articles, categorize and present privacy and usability issues and possible solutions. We then discuss the relevance and implications of external factors to the findings on privacy and usability. We end with recommendations to address these external factors.

Information accountability and usability: are there any connections?

PubMed

Sahama, Tony; Kushniruk, Andre; Kuwata, Shigeki

2013-01-01

Availability of health information is rapidly increasing and the expansion and proliferation of health information is inevitable. The Electronic Healthcare Record, Electronic Medical Record and Personal Health Record are at the core of this trend and are required for appropriate and practicable exchange and sharing of health information. However, it is becoming increasingly recognized that it is essential to preserve patient privacy and information security when utilising sensitive information for clinical, management and administrative processes. Furthermore, the usability of emerging healthcare applications is also becoming a growing concern. This paper proposes a novel approach for integrating consideration of information accountability with a perspective from usability engineering that can be applied when developing healthcare information technology applications. A social networking user case in the healthcare information exchange will be presented in the context of our approach.

Facilitating Secure Sharing of Personal Health Data in the Cloud

PubMed Central

Nepal, Surya; Glozier, Nick

2016-01-01

Background Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. PMID:27234691

Archiving Data from New Survey Technologies: Lessons Learned on Enabling Research with High-Precision Data While Preserving Participant Privacy: Preprint

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gonder, J.; Burton, E.; Murakami, E.

2014-11-01

During the past 15 years, increasing numbers of organizations and planning agencies have begun collecting high-resolution Global Positioning System (GPS) travel data. Despite the significant effort and expense to collect it, privacy concerns often lead to underutilization of the data. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory, with support from the U.S. Department of Transportation and U.S. Department of Energy, established the Transportation Secure Data Center (TSDC). Lessons drawn from best-practice examples from other data centers have helped shape the structure and operating procedures for the TSDC, which functions under themore » philosophy of first and foremost preserving privacy, but doing so in a way that balances security with accessibility and usability of the data for legitimate research. This paper provides details about the TSDC approach toward achieving these goals, which has included creating a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using a variety of tools and reference information. This paper also describes lessons learned from operating the TSDC with respect to improvements in GPS data handling, processing, and user support, along with plans for continual enhancements to better support the needs of both data providers and users and to thus advance the research value derived from such valuable data.« less

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

PubMed Central

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-01-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

PubMed

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

Emerging Security Mechanisms for Medical Cyber Physical Systems.

PubMed

Kocabas, Ovunc; Soyata, Tolga; Aktas, Mehmet K

2016-01-01

The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication.

PubMed

Spanakis, Emmanouil G; Spanakis, Marios; Karantanas, Apostolos; Marias, Kostas

2016-08-01

The most commonly used method for user authentication in ICT services or systems is the application of identification tools such as passwords or personal identification numbers (PINs). The rapid development in ICT technology regarding smart devices (laptops, tablets and smartphones) has allowed also the advance of hardware components that capture several biometric traits such as fingerprints and voice. These components are aiming among others to overcome weaknesses and flaws of password usage under the prism of improved user authentication with higher level of security, privacy and usability. To this respect, the potential application of biometrics for secure user authentication regarding access in systems with sensitive data (i.e. patient's data from electronic health records) shows great potentials. SpeechXRays aims to provide a user recognition platform based on biometrics of voice acoustics analysis and audio-visual identity verification. Among others, the platform aims to be applied as an authentication tool for medical personnel in order to gain specific access to patient's electronic health records. In this work a short description of SpeechXrays implementation tool regarding eHealth is provided and analyzed. This study explores security and privacy issues, and offers a comprehensive overview of biometrics technology applications in addressing the e-Health security challenges. We present and describe the necessary requirement for an eHealth platform concerning biometric security.

77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... privacy issues, please contact: Jonathan Cantor, (202-343-1717), Acting Chief Privacy Officer, Privacy... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... (703-235- 0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245...

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Access and privacy rights using web security standards to increase patient empowerment.

PubMed

Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

2008-01-01

Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Usability Issues in the User Interfaces of Privacy-Enhancing Technologies

ERIC Educational Resources Information Center

LaTouche, Lerone W.

2013-01-01

Privacy on the Internet has become one of the leading concerns for Internet users. These users are not wrong in their concerns if personally identifiable information is not protected and under their control. To minimize the collection of Internet users' personal information and help solve the problem of online privacy, a number of…

77 FR 70796 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

...; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343-1717), Acting... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

Utilizing User Generated Content in the Creation of Land Ownership Boundaries for the Crofters of Scotland

NASA Astrophysics Data System (ADS)

Mackaness, William; Duchateau, Rica; Cross, Jamie

2018-05-01

Land registration is important in land tenure security and often resolves land-related issues. Volunteered geographic information is a cheap and quick alternative to formal and traditional approaches to land registration. This research investigates the extent to which this tool is meaningful for land registration, with the Scottish crofting com- munity as a case study. CroftCappture was developed to record points along boundaries and save geotagged photo- graphs and descriptions. The project raised interesting questions over usability, functionality and accuracy, as well issues of privacy, crofting practices, digital competency, and highlighted the fractal nature of the digital divide.

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

PubMed

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

PubMed

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

78 FR 34264 - Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-07

...-AA03 Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules AGENCY: Office for... corrections address certain inadvertent errors and omissions in the HIPAA Privacy, Security, and Enforcement... (HHS or ``the Department'') published a final rule to implement changes to the HIPAA Privacy, Security...

76 FR 3098 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-19

...: National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800..., Privacy Act and Mandatory Declassification Review Records. System Location: National Security Agency... Information Act; 5 U.S.C. 552a, The Privacy Act of 1974 (as amended); E.O. 13526, Classified National Security...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the following...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

48 CFR 52.239-1 - Privacy or Security Safeguards.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy or Security....239-1 Privacy or Security Safeguards. As prescribed in 39.107, insert a clause substantially the same as the following: Privacy or Security Safeguards (AUG 1996) (a) The Contractor shall not publish or...

Towards a privacy preserving cohort discovery framework for clinical research networks.

PubMed

Yuan, Jiawei; Malin, Bradley; Modave, François; Guo, Yi; Hogan, William R; Shenkman, Elizabeth; Bian, Jiang

2017-02-01

The last few years have witnessed an increasing number of clinical research networks (CRNs) focused on building large collections of data from electronic health records (EHRs), claims, and patient-reported outcomes (PROs). Many of these CRNs provide a service for the discovery of research cohorts with various health conditions, which is especially useful for rare diseases. Supporting patient privacy can enhance the scalability and efficiency of such processes; however, current practice mainly relies on policy, such as guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA), which are insufficient for CRNs (e.g., HIPAA does not require encryption of data - which can mitigate insider threats). By combining policy with privacy enhancing technologies we can enhance the trustworthiness of CRNs. The goal of this research is to determine if searchable encryption can instill privacy in CRNs without sacrificing their usability. We developed a technique, implemented in working software to enable privacy-preserving cohort discovery (PPCD) services in large distributed CRNs based on elliptic curve cryptography (ECC). This technique also incorporates a block indexing strategy to improve the performance (in terms of computational running time) of PPCD. We evaluated the PPCD service with three real cohort definitions: (1) elderly cervical cancer patients who underwent radical hysterectomy, (2) oropharyngeal and tongue cancer patients who underwent robotic transoral surgery, and (3) female breast cancer patients who underwent mastectomy) with varied query complexity. These definitions were tested in an encrypted database of 7.1 million records derived from the publically available Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS). We assessed the performance of the PPCD service in terms of (1) accuracy in cohort discovery, (2) computational running time, and (3) privacy afforded to the underlying records during PPCD. The empirical results indicate that the proposed PPCD can execute cohort discovery queries in a reasonable amount of time, with query runtime in the range of 165-262s for the 3 use cases, with zero compromise in accuracy. We further show that the search performance is practical because it supports a highly parallelized design for secure evaluation over encrypted records. Additionally, our security analysis shows that the proposed construction is resilient to standard adversaries. PPCD services can be designed for clinical research networks. The security construction presented in this work specifically achieves high privacy guarantees by preventing both threats originating from within and beyond the network. Copyright © 2016 Elsevier Inc. All rights reserved.

A transmission security framework for email-based telemedicine.

PubMed

Caffery, Liam J; Smith, Anthony C

2010-01-01

Encryption is used to convert an email message to an unreadable format thereby securing patient privacy during the transmission of the message across the Internet. Two available means of encryption are: public key infrastructure (PKI) used in conjunction with ordinary email and secure hypertext transfer protocol (HTTPS) used by secure web-mail applications. Both of these approaches have advantages and disadvantages in terms of viability, cost, usability and compliance. The aim of this study was develop an instrument to identify the most appropriate means of encrypting email communication for telemedicine. A multi-method approach was used to construct the instrument. Technical assessment and existing bodies of knowledge regarding the utility of PKI were analyzed, along with survey results from users of Queensland Health's Child and Youth Mental Health Service secure web-mail service. The resultant decision support model identified that the following conditions affect the choice of encryption technology: correspondent's risk perception, correspondent's identification to the security afforded by encryption, email-client used by correspondents, the tolerance to human error and the availability of technical resources. A decision support model is presented as a flow chart to identify the most appropriate encryption for a specific email-based telemedicine service.

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

Effective Management of Information Security and Privacy

ERIC Educational Resources Information Center

Anderson, Alicia

2006-01-01

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

78 FR 25282 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-008...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... Assistance Files System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of...

42 CFR 401.713 - Ensuring the privacy and security of data.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 2 2014-10-01 2014-10-01 false Ensuring the privacy and security of data. 401.713... Performance Measurement § 401.713 Ensuring the privacy and security of data. (a) A qualified entity must... require the qualified entity to maintain privacy and security protocols throughout the duration of the...

Using Distributed Data over HBase in Big Data Analytics Platform for Clinical Services

PubMed Central

Zamani, Hamid

2017-01-01

Big data analytics (BDA) is important to reduce healthcare costs. However, there are many challenges of data aggregation, maintenance, integration, translation, analysis, and security/privacy. The study objective to establish an interactive BDA platform with simulated patient data using open-source software technologies was achieved by construction of a platform framework with Hadoop Distributed File System (HDFS) using HBase (key-value NoSQL database). Distributed data structures were generated from benchmarked hospital-specific metadata of nine billion patient records. At optimized iteration, HDFS ingestion of HFiles to HBase store files revealed sustained availability over hundreds of iterations; however, to complete MapReduce to HBase required a week (for 10 TB) and a month for three billion (30 TB) indexed patient records, respectively. Found inconsistencies of MapReduce limited the capacity to generate and replicate data efficiently. Apache Spark and Drill showed high performance with high usability for technical support but poor usability for clinical services. Hospital system based on patient-centric data was challenging in using HBase, whereby not all data profiles were fully integrated with the complex patient-to-hospital relationships. However, we recommend using HBase to achieve secured patient data while querying entire hospital volumes in a simplified clinical event model across clinical services. PMID:29375652

Using Distributed Data over HBase in Big Data Analytics Platform for Clinical Services.

PubMed

Chrimes, Dillon; Zamani, Hamid

2017-01-01

Big data analytics (BDA) is important to reduce healthcare costs. However, there are many challenges of data aggregation, maintenance, integration, translation, analysis, and security/privacy. The study objective to establish an interactive BDA platform with simulated patient data using open-source software technologies was achieved by construction of a platform framework with Hadoop Distributed File System (HDFS) using HBase (key-value NoSQL database). Distributed data structures were generated from benchmarked hospital-specific metadata of nine billion patient records. At optimized iteration, HDFS ingestion of HFiles to HBase store files revealed sustained availability over hundreds of iterations; however, to complete MapReduce to HBase required a week (for 10 TB) and a month for three billion (30 TB) indexed patient records, respectively. Found inconsistencies of MapReduce limited the capacity to generate and replicate data efficiently. Apache Spark and Drill showed high performance with high usability for technical support but poor usability for clinical services. Hospital system based on patient-centric data was challenging in using HBase, whereby not all data profiles were fully integrated with the complex patient-to-hospital relationships. However, we recommend using HBase to achieve secured patient data while querying entire hospital volumes in a simplified clinical event model across clinical services.

76 FR 58786 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-22

... National Security Agency/Central Security System systems of records notices subject to the Privacy Act of... inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; Systems of Records AGENCY: National Security Agency/Central Security Service, Department of Defense (DoD...

78 FR 45913 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-30

... National Security Agency/Central Security Service systems of records subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to alter...

Secure Publish-Subscribe Protocols for Heterogeneous Medical Wireless Body Area Networks

PubMed Central

Picazo-Sanchez, Pablo; Tapiador, Juan E.; Peris-Lopez, Pedro; Suarez-Tangil, Guillermo

2014-01-01

Security and privacy issues in medical wireless body area networks (WBANs) constitute a major unsolved concern because of the challenges posed by the scarcity of resources in WBAN devices and the usability restrictions imposed by the healthcare domain. In this paper, we describe a WBAN architecture based on the well-known publish-subscribe paradigm. We present two protocols for publishing data and sending commands to a sensor that guarantee confidentiality and fine-grained access control. Both protocols are based on a recently proposed ciphertext policy attribute-based encryption (CP-ABE) scheme that is lightweight enough to be embedded into wearable sensors. We show how sensors can implement lattice-based access control (LBAC) policies using this scheme, which are highly appropriate for the eHealth domain. We report experimental results with a prototype implementation demonstrating the suitability of our proposed solution. PMID:25460814

The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

PubMed Central

Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-01-01

Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals’ perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Conclusions Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a “meaningful choice” in how their data are shared, and enable individuals to access information they need to manage their care. PMID:25843686

The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results.

PubMed

Patel, Vaishali; Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-04-02

Providers' adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals' perceptions regarding the privacy and security of their medical information. The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Using a nationally representative 2011-2012 survey, we reported on adults' perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults' confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals' perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a "meaningful choice" in how their data are shared, and enable individuals to access information they need to manage their care.

75 FR 67697 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-03

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a...

75 FR 43494 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to...

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

PubMed

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 321.9 - Appeal of initial amendment decision.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.9 Appeal of initial amendment... record, the Defense Security Service, Office of FOI and Privacy will assure that such appeal is handled... may be sent to the Defense Security Service, Office of FOI and Privacy, (GCF), 1340 Braddock Place...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

32 CFR 322.1 - Purpose and applicability.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.1 Purpose and... of Defense Privacy Program (32 CFR part 310) within the National Security Agency/Central Security...

6 CFR 1002.4 - Responses to Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Responses to Privacy Act requests. 1002.4 Section 1002.4 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.4 Responses to Privacy Act requests. (a) Acknowledgement. The Privacy Act Officer...

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

75 FR 25904 - Privacy Act of 1974; as Amended; Proposed Alteration to an Existing Privacy Act System of Records...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-10

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974; as Amended; Proposed Alteration to an Existing Privacy Act System of Records, Housekeeping Changes, and New Routine Uses AGENCY: Social Security..., Social Security number (SSN), date of birth, address, and other relevant information about persons who...

78 FR 69861 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2013-0073] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency, Federal Government--001 National Defense Executive Reserve System of Records AGENCY: Department of Homeland Security, Privacy Office...

76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... The agenda is expected to include the following items: --Cloud Security and Privacy Panel discussion on addressing security and privacy for different types of cloud computing, --Presentation from...

User Requirements for Technology to Assist Aging in Place: Qualitative Study of Older People and Their Informal Support Networks.

PubMed

Elers, Phoebe; Hunter, Inga; Whiddett, Dick; Lockhart, Caroline; Guesgen, Hans; Singh, Amardeep

2018-06-06

Informal support is essential for enabling many older people to age in place. However, there is limited research examining the information needs of older adults' informal support networks and how these could be met through home monitoring and information and communication technologies. The purpose of this study was to investigate how technologies that connect older adults to their informal and formal support networks could assist aging in place and enhance older adults' health and well-being. Semistructured interviews were conducted with 10 older adults and a total of 31 members of their self-identified informal support networks. They were asked questions about their information needs and how technology could support the older adults to age in place. The interviews were transcribed and thematically analyzed. The analysis identified three overarching themes: (1) the social enablers theme, which outlined how timing, informal support networks, and safety concerns assist the older adults' uptake of technology, (2) the technology concerns theme, which outlined concerns about cost, usability, information security and privacy, and technology superseding face-to-face contact, and (3) the information desired theme, which outlined what information should be collected and transferred and who should make decisions about this. Older adults and their informal support networks may be receptive to technology that monitors older adults within the home if it enables aging in place for longer. However, cost, privacy, security, and usability barriers would need to be considered and the system should be individualizable to older adults' changing needs. The user requirements identified from this study and described in this paper have informed the development of a technology that is currently being prototyped. ©Phoebe Elers, Inga Hunter, Dick Whiddett, Caroline Lockhart, Hans Guesgen, Amardeep Singh. Originally published in JMIR Mhealth and Uhealth (http://mhealth.jmir.org), 06.06.2018.

75 FR 28051 - Public Workshop: Pieces of Privacy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-19

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Pieces of Privacy AGENCY: Privacy Office, DHS. ACTION: Notice announcing public workshop. SUMMARY: The Department of Homeland Security Privacy Office will host a public workshop, ``Pieces of Privacy.'' DATES: The workshop will be...

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy

PubMed Central

Goryczka, Slawomir; Xiong, Li

2016-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir’s secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy. PMID:28919841

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy.

PubMed

Goryczka, Slawomir; Xiong, Li

2017-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir's secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy.

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... NIST Computer Security Division. Note that agenda items may change without notice because of possible... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... Prevention Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of... to establish a new system of records titled, ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention Program System of Records.'' This system will...

DNA based random key generation and management for OTP encryption.

PubMed

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

77 FR 44642 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-30

... 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP-009 Electronic System for Travel Authorization (ESTA) System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of...

Aligning the Effective Use of Student Data with Student Privacy and Security Laws

ERIC Educational Resources Information Center

Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

2011-01-01

This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

PubMed

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-13

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule. Except...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.8 Revised privacy notices. (a) General rule. Except...

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey

PubMed Central

Pereira, Stacey; Robinson, Jill Oliver; Gutierrez, Amanda M.; Majumder, Mary A.; McGuire, Amy L.; Rothstein, Mark A.

2017-01-01

Background The importance of health privacy protections in the era of the “Facebook Generation” has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents’ views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Methods Using Amazon’s Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. Results 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). Limitations This study is limited by the non-representativeness of our sample. Conclusions Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously. PMID:28926626

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey.

PubMed

Pereira, Stacey; Robinson, Jill Oliver; Peoples, Hayley A; Gutierrez, Amanda M; Majumder, Mary A; McGuire, Amy L; Rothstein, Mark A

2017-01-01

The importance of health privacy protections in the era of the "Facebook Generation" has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents' views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Using Amazon's Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). This study is limited by the non-representativeness of our sample. Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously.

Are privacy-enhancing technologies for genomic data ready for the clinic? A survey of medical experts of the Swiss HIV Cohort Study.

PubMed

Raisaro, Jean-Louis; McLaren, Paul J; Fellay, Jacques; Cavassini, Matthias; Klersy, Catherine; Hubaux, Jean-Pierre

2018-03-01

Protecting patient privacy is a major obstacle for the implementation of genomic-based medicine. Emerging privacy-enhancing technologies can become key enablers for managing sensitive genetic data. We studied physicians' attitude toward this kind of technology in order to derive insights that might foster their future adoption for clinical care. We conducted a questionnaire-based survey among 55 physicians of the Swiss HIV Cohort Study who tested the first implementation of a privacy-preserving model for delivering genomic test results. We evaluated their feedback on three different aspects of our model: clinical utility, ability to address privacy concerns and system usability. 38/55 (69%) physicians participated in the study. Two thirds of them acknowledged genetic privacy as a key aspect that needs to be protected to help building patient trust and deploy new-generation medical information systems. All of them successfully used the tool for evaluating their patients' pharmacogenomics risk and 90% were happy with the user experience and the efficiency of the tool. Only 8% of physicians were unsatisfied with the level of information and wanted to have access to the patient's actual DNA sequence. This survey, although limited in size, represents the first evaluation of privacy-preserving models for genomic-based medicine. It has allowed us to derive unique insights that will improve the design of these new systems in the future. In particular, we have observed that a clinical information system that uses homomorphic encryption to provide clinicians with risk information based on sensitive genetic test results can offer information that clinicians feel sufficient for their needs and appropriately respectful of patients' privacy. The ability of this kind of systems to ensure strong security and privacy guarantees and to provide some analytics on encrypted data has been assessed as a key enabler for the management of sensitive medical information in the near future. Providing clinically relevant information to physicians while protecting patients' privacy in order to comply with regulations is crucial for the widespread use of these new technologies. Copyright © 2017. Published by Elsevier Inc.

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

PubMed

Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

2008-11-06

As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

6 CFR 1002.3 - Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Privacy Act requests. 1002.3 Section 1002.3 Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 1002.3 Privacy Act requests. (a) Requests to determine if you are the subject of a record. You may...

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

Will you accept the government's friend request? Social networks and privacy concerns.

PubMed

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

PubMed Central

Siegel, David A.

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... Officer, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane..., DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane SW... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2012-0029] DHS Data...

76 FR 49494 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-10

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0062] Privacy Act of 1974; Department of Homeland Security United States Coast Guard DHS/USCG-027 Recruiting Files System of... accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to update and reissue an...

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

75 FR 55335 - Privacy Act of 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

... in a system of records in the possession or under the control of DHS by complying with DHS Privacy... 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting Initiative System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

75 FR 79065 - Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-17

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures AGENCY: Social Security Administration (SSA). ACTION: Proposed system of records... of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, 3-A-6...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 42 Public Health 2 2012-10-01 2012-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 2 2014-10-01 2014-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 42 Public Health 2 2013-10-01 2013-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 42 Public Health 2 2011-10-01 2011-10-01 false HIPAA privacy, security, administrative data standards, and national identifiers. 403.812 Section 403.812 Public Health CENTERS FOR MEDICARE & MEDICAID... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security...

The Challenges of Seeking Security While Respecting Privacy

NASA Astrophysics Data System (ADS)

Kantor, Paul B.; Lesk, Michael E.

Security is a concern for persons, organizations, and nations. For the individual members of organizations and nations, personal privacy is also a concern. The technologies for monitoring electronic communication are at the same time tools to protect security and threats to personal privacy. Participants in this workshop address the interrelation of personal privacy and national or societal security, from social, technical and legal perspectives. The participants represented industry, the academy and the United States Government. The issues addressed have become, if anything, even more pressing today than they were when the conference was held.

Privacy and data security in E-health: requirements from the user's perspective.

PubMed

Wilkowska, Wiktoria; Ziefle, Martina

2012-09-01

In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

The Survey on Near Field Communication.

PubMed

Coskun, Vedat; Ozdenizci, Busra; Ok, Kerem

2015-06-05

Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.

The Survey on Near Field Communication

PubMed Central

Coskun, Vedat; Ozdenizci, Busra; Ok, Kerem

2015-01-01

Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem. PMID:26057043

Privacy and Security: A Bibliography.

ERIC Educational Resources Information Center

Computer and Business Equipment Manufacturers Association, Washington, DC.

Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Privacy Breach Analysis in Social Networks

NASA Astrophysics Data System (ADS)

Nagle, Frank

This chapter addresses various aspects of analyzing privacy breaches in social networks. We first review literature that defines three types of privacy breaches in social networks: interactive, active, and passive. We then survey the various network anonymization schemes that have been constructed to address these privacy breaches. After exploring these breaches and anonymization schemes, we evaluate a measure for determining the level of anonymity inherent in a network graph based on its topological structure. Finally, we close by emphasizing the difficulty of anonymizing social network data while maintaining usability for research purposes and offering areas for future work.

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out...

20 CFR 401.5 - Purpose of the regulations.

Code of Federal Regulations, 2010 CFR

2010-04-01

... the Privacy Act of 1974, 5 U.S.C. 552a and section 1106 of the Social Security Act concerning....5 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND... with other applicable statutes. (b) Privacy. This part implements the Privacy Act by establishing...

78 FR 25414 - Privacy Act of 1974, System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-01

..., Chief Information Security Officer--Chief Privacy Officer. USAID-008 System name: Personnel Security and... inquires in writing to the USAID Chief Privacy Officer, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202... alterations. ADDRESSES: You may submit comments: Paper Comments Fax: (703) 666-1466. Mail: Chief Privacy...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.8...

17 CFR 160.8 - Revised privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Revised privacy notices. 160.8 Section 160.8 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.8...

Recognizing and reducing risks: HIPAA privacy and security enforcement.

PubMed

Wachler, Andrew B; Fehn, Amy K

2003-01-01

With the passing of the Health Insurance Portability and Accountability Act (HIPAA) privacy rule deadline and the security rule deadline looming, many covered entities are left wondering if they are doing enough to prevent privacy and security breaches and what type of exposure their organization could face in the event of a breach.

42 CFR 600.350 - Privacy and security of information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 42 Public Health 5 2014-10-01 2014-10-01 false Privacy and security of information. 600.350 Section 600.350 Public Health CENTERS FOR MEDICARE & MEDICAID SERVICES, DEPARTMENT OF HEALTH AND HUMAN... (Eff. 1-1-15) Eligibility and Enrollment § 600.350 Privacy and security of information. The State must...

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

75 FR 56079 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-15

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency/Central Security Service is proposing to...

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

75 FR 44804 - Privacy Act of 1974; Notice of a New Privacy Act System of Records (SORN), Ginnie Mae Mortgage...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

...The Department proposes to establish a new Privacy Act SORN subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled Ginnie Mae Mortgage-Backed Security Unclaimed Funds System. The new record system will be used to track unclaimed security holder payments. Such unclaimed payments are owed to certificate holders of Ginnie Mae-guaranteed mortgage-backed securities who cannot be located by the Ginnie Mae servicer. Ginnie Mae tracks this information to ensure that security holders are paid properly.

Conclusions

NASA Astrophysics Data System (ADS)

Ahonen, Pasi; Alahuhta, Petteri; Daskala, Barbara; Delaitre, Sabine; Hert, Paul De; Lindner, Ralf; Maghiros, Ioannis; Moscibroda, Anna; Schreurs, Wim; Verlinden, Michiel

Some say that an increase in security does not necessarily mean a further encroachment on privacy - indeed, security is necessary to protect personal data and our privacy. Networks must be secure, our personal devices, reliable, dependable and trustworthy. But security is a multifaceted term, with many dimensions. We are of the view that an increase in security most likely will encroach upon our privacy in an ambient intelligence world. Surveillance cameras will continue to proliferate. We assume that, whatever the law is, whatever privacy protections government and business say they honour, our telecommunications, e-mails and Internet usage will be monitored to an increasing degree. The same will be true of our interfaces with the world of ambient intelligence.

77 FR 56628 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service proposes to add a new...

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

6 CFR 5.34 - Standards of conduct for administration of the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Standards of conduct for administration of the Privacy Act. 5.34 Section 5.34 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.34 Standards of conduct for administration of the...

DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

ERIC Educational Resources Information Center

Data Quality Campaign, 2010

2010-01-01

The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

75 FR 69693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... system will be included in the Department of Homeland Security's inventory of record systems. DATES... FURTHER INFORMATION CONTACT: For general questions please contact: Emily Andrew (703-235-2182), Privacy.... Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security...

76 FR 30048 - Privacy Act of 1974: Implementation and Amendment of Exemptions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-24

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 200 [Release No. PA-45; File No. S7-19-11] Privacy.... ACTION: Proposed rule. SUMMARY: Pursuant to the Privacy Act of 1974, as amended, the Securities and... from provisions of the Privacy Act to the extent that the records contain investigatory materials...

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Trajectory data privacy protection based on differential privacy mechanism

NASA Astrophysics Data System (ADS)

Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong

2018-05-01

In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.

Privacy preserving index for encrypted electronic medical records.

PubMed

Chen, Yu-Chi; Horng, Gwoboa; Lin, Yi-Jheng; Chen, Kuo-Chang

2013-12-01

With the development of electronic systems, privacy has become an important security issue in real-life. In medical systems, privacy of patients' electronic medical records (EMRs) must be fully protected. However, to combine the efficiency and privacy, privacy preserving index is introduced to preserve the privacy, where the EMR can be efficiently accessed by this patient or specific doctor. In the literature, Goh first proposed a secure index scheme with keyword search over encrypted data based on a well-known primitive, Bloom filter. In this paper, we propose a new privacy preserving index scheme, called position index (P-index), with keyword search over the encrypted data. The proposed index scheme is semantically secure against the adaptive chosen keyword attack, and it also provides flexible space, lower false positive rate, and search privacy. Moreover, it does not rely on pairing, a complicate computation, and thus can search over encrypted electronic medical records from the cloud server efficiently.

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

Homomorphic encryption-based secure SIFT for privacy-preserving feature extraction

NASA Astrophysics Data System (ADS)

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2011-02-01

Privacy has received much attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario, where the server is resource-abundant and is capable of finishing the designated tasks, it is envisioned that secure media retrieval and search with privacy-preserving will be seriously treated. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to address the problem of secure SIFT feature extraction and representation in the encrypted domain. Since all the operations in SIFT must be moved to the encrypted domain, we propose a homomorphic encryption-based secure SIFT method for privacy-preserving feature extraction and representation based on Paillier cryptosystem. In particular, homomorphic comparison is a must for SIFT feature detection but is still a challenging issue for homomorphic encryption methods. To conquer this problem, we investigate a quantization-like secure comparison strategy in this paper. Experimental results demonstrate that the proposed homomorphic encryption-based SIFT performs comparably to original SIFT on image benchmarks, while preserving privacy additionally. We believe that this work is an important step toward privacy-preserving multimedia retrieval in an environment, where privacy is a major concern.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

ERIC Educational Resources Information Center

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... Policy, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Mary...;Prices of new books are listed in the first FEDERAL REGISTER issue of each #0;week. #0; #0; #0; #0;#0...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--027 The History of...

77 FR 26259 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-03

.... SUPPLEMENTARY INFORMATION: The National Security Agency systems of records notice subject to the Privacy Act of... of Records AGENCY: National Security Agency/Central Security Service. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security Service is deleting a system of...

The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

NASA Astrophysics Data System (ADS)

Peikari, Hamid Reza

Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

Uncovering patterns of technology use in consumer health informatics

PubMed Central

Hung, Man; Conrad, Jillian; Hon, Shirley D.; Cheng, Christine; Franklin, Jeremy D.; Tang, Philip

2014-01-01

Internet usage and accessibility has grown at a staggering rate, influencing technology use for healthcare purposes. The amount of health information technology (Health IT) available through the Internet is immeasurable and growing daily. Health IT is now seen as a fundamental aspect of patient care as it stimulates patient engagement and encourages personal health management. It is increasingly important to understand consumer health IT patterns including who is using specific technologies, how technologies are accessed, factors associated with use, and perceived benefits. To fully uncover consumer patterns it is imperative to recognize common barriers and which groups they disproportionately affect. Finally, exploring future demand and predictions will expose significant opportunities for health IT. The most frequently used health information technologies by consumers are gathering information online, mobile health (mHealth) technologies, and personal health records (PHRs). Gathering health information online is the favored pathway for healthcare consumers as it is used by more consumers and more frequently than any other technology. In regard to mHealth technologies, minority Americans, compared with White Americans utilize social media, mobile Internet, and mobile applications more frequently. Consumers believe PHRs are the most beneficial health IT. PHR usage is increasing rapidly due to PHR integration with provider health systems and health insurance plans. Key issues that have to be explicitly addressed in health IT are privacy and security concerns, health literacy, unawareness, and usability. Privacy and security concerns are rated the number one reason for the slow rate of health IT adoption. PMID:24904713

A Systematic Review and Taxonomy of Published Quality Criteria Related to the Evaluation of User-Facing eHealth Programs.

PubMed

Baumel, Amit; Birnbaum, Michael L; Sucala, Madalina

2017-08-01

The purpose of this review was to identify and classify key criteria concepts related to the evaluation of user-facing eHealth programs. In line with the PRISMA statement methodology, computer searches of relevant databases were conducted for studies published between January 1, 2000 and March 1, 2016 that contained explicit quality criteria related to mHealth and eHealth products. Reference lists of included articles, review articles, and grey literature (e.g., books, websites) were searched for additional sources. A team of nine experts led by the first author was gathered to support the classification of these criteria. Identified criteria were extracted, grouped and organized using an inductive thematic analysis. Eighty-four sources - emanating from 26 different courtiers - were included in this review. The team extracted 454 criteria that were grouped into 11 quality domains, 58 criteria concepts and 134 concepts' sub-groups. Quality domains were: Usability, Visual Design, User Engagement, Content, Behavior Change/Persuasive Design, Influence of Social Presence, Therapeutic Alliance, Classification, Credibility/Accountability, and Privacy/Security. Findings suggest that authors around the globe agree on key criteria concepts when evaluating user-facing eHealth products. The high proportion of new published criteria in the second half of this review time-frame (2008-2016), and more specifically, the high proportion of criteria relating to persuasive design, therapeutic alliance and privacy/security within this time-frame, points to the advancements made in recent years within this field.

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... subject to the Privacy Act be maintained with appropriate administrative, technical and physical...) Records security. Whether maintained in physical or electronic form, records subject to the Privacy Act... the system of records. The Privacy Act Officer will periodically review these security measures to...

75 FR 40867 - Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-14

.... The Act also provides for the development of guidance, reports, and studies in a number of areas... Privacy and Security enforcement (section 13424(a)); a study and report on the application of privacy and... (section 13424(c)); and a study on the Privacy Rule's definition of ``psychotherapy notes'' at 45 CFR 164...

Image feature extraction in encrypted domain with privacy-preserving SIFT.

PubMed

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2012-11-01

Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resource-abundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacy-preserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacy-preserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryption-based privacy-preserving SIFT performs comparably to the original SIFT and that our method is useful in SIFT-based privacy-preserving applications.

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

PubMed

Britton, Katherine E; Britton-Colonnese, Jennifer D

2017-03-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors

PubMed Central

Britton, Katherine E.; Britton-Colonnese, Jennifer D.

2017-01-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients’ expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients’ physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them. PMID:28264188

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0007] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and Immigration Services. ACTION: Notice. Overview Information: Privacy Act of 1974; Computer Matching Program...

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration (SSA). ACTION: Notice of renewal of an existing...

Security, privacy, and confidentiality issues on the Internet

PubMed Central

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Security, privacy, and confidentiality issues on the Internet.

PubMed

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

A compressive sensing based secure watermark detection and privacy preserving storage framework.

PubMed

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

ERIC Educational Resources Information Center

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2014-07-01 2014-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2013 CFR

2013-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2013-07-01 2013-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2012 CFR

2012-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2012-07-01 2012-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 701.101 - Privacy program terms and definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... or online collection that directly identifies an individual (e.g., name, address, social security... her (e.g., Social Security Number (SSN), age, military rank, civilian grade, marital status, race... from a project on privacy issues, identifying and resolving the privacy risks, and approval by a...

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-18

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0055] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2011-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2014-04-01 2014-04-01 false Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2013-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2012-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... sessions will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L... Secure Mobile Devices, --Panel Discussion on cyber R&D Strategy, and --Update of NIST Computer Security... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

PubMed

Meganathan, Navamani Thandava; Palanichamy, Yogesh

2015-01-01

Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols.

Third-year medical students' knowledge of privacy and security issues concerning mobile devices.

PubMed

Whipple, Elizabeth C; Allgood, Kacy L; Larue, Elizabeth M

2012-01-01

The use of mobile devices are ubiquitous in medical-care professional settings, but information on privacy and security concerns of mobile devices for medical students is scarce. To gain baseline information about third-year medical students' mobile device use and knowledge of privacy and security issues concerning mobile devices. We surveyed 67 third-year medical students at a Midwestern university on their use of mobile devices and knowledge of how to protect information available through mobile devices. Students were also presented with clinical scenarios to rate their level of concern in regards to privacy and security of information. The most used features of mobile devices were: voice-to-voice (100%), text messaging (SMS) (94%), Internet (76.9%), and email (69.3%). For locking of one's personal mobile phone, 54.1% never physically lock their phone, and 58% never electronically lock their personal PDA. Scenarios considering definitely privacy concerns include emailing patient information intact (66.7%), and posting de-identified information on YouTube (45.2%) or Facebook (42.2%). As the ease of sharing data increases with the use of mobile devices, students need more education and training on possible privacy and security risks posed with mobile devices.

77 FR 15596 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-16

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2012-OS-0032] 32 CFR Part 322 Privacy... levels of government. List of Subjects in 32 CFR Part 322 Privacy. Accordingly, 32 CFR part 322 is amended as follows: PART 322--NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE 0 1. The authority...

75 FR 54662 - Privacy Act of 1974: Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-08

..., Chief Privacy Officer, Office of Information Technology, 202-551-7209. In the Federal Register of August... SECURITIES AND EXCHANGE COMMISSION [Release No. PA-44A; File No. S7-17-10] Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of...

4 CFR 200.14 - Responsibility for maintaining adequate safeguards.

Code of Federal Regulations, 2010 CFR

2010-01-01

... identifiable personal data and automated systems shall be adequately trained in the security and privacy of... the security and privacy of such records. (5) The disposal and destruction of identifiable personal....14 Section 200.14 Accounts RECOVERY ACCOUNTABILITY AND TRANSPARENCY BOARD PRIVACY ACT OF 1974 § 200...

10 CFR 1304.114 - Responsibility for maintaining adequate safeguards.

Code of Federal Regulations, 2010 CFR

2010-01-01

... the security and privacy of personal data. (4) The disposal and disposition of identifiable personal... contained in a system of records are adequately trained to protect the security and privacy of such records....114 Section 1304.114 Energy NUCLEAR WASTE TECHNICAL REVIEW BOARD PRIVACY ACT OF 1974 § 1304.114...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2014-07-01 2014-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2011-07-01 2011-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2013-07-01 2013-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2014-07-01 2014-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2013-07-01 2013-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2011-07-01 2011-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2012-07-01 2012-07-01 false Request for correction or amendment. 321.7...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2012-07-01 2012-07-01 false Information and procedures for requesting...

32 CFR 321.3 - Information and procedures for requesting notification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.3 Information and... mail to the Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA... 32 National Defense 2 2010-07-01 2010-07-01 false Information and procedures for requesting...

32 CFR 321.7 - Request for correction or amendment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.7 Request for correction or... Defense Security Service, Office of FOI and Privacy, 1340 Braddock Place, Alexandria, VA 22314-1651. (b... 32 National Defense 2 2010-07-01 2010-07-01 false Request for correction or amendment. 321.7...

75 FR 68396 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0052] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

78 FR 16564 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... 1021 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0073] Privacy Act of 1974, as Amended...

78 FR 12127 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... 1310 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0007] Privacy Act of 1974, as Amended...

75 FR 51154 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... 1310 AGENCY: Social Security Administration (SSA) ACTION: Notice of a renewal of an existing computer..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0035] Privacy Act of 1974, as Amended...

Usability Evaluation of a Private Social Network on Mental Health for Relatives.

PubMed

Toribio-Guzmán, José Miguel; García-Holgado, Alicia; Soto Pérez, Felipe; García-Peñalvo, Francisco J; Franco Martín, Manuel

2017-09-01

Usability is one of the most prominent criteria that must be fulfilled by a software product. This study aims to evaluate the usability of SocialNet, a private social network for monitoring the daily progress of patients by their relatives, using a mixed usability approach: heuristic evaluation conducted by experts and user testing. A double heuristic evaluation with one expert evaluator identified the issues related to consistency, design, and privacy. User testing was conducted on 20 users and one evaluator using observation techniques and questionnaires. The main usability problems were found to be related to the structure of SocialNet, and the users presented some difficulties in locating the buttons or links. The results show a high level of usability and satisfaction with the product. This evaluation provides data on the usability of SocialNet based on the difficulties experienced by the users and the expert. The results help in redesigning the tool to resolve the identified problems as part of an iterative process.

The Regulatory Framework for Privacy and Security

NASA Astrophysics Data System (ADS)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

Security Design Flaws That Affect Usability in Online Banking

ERIC Educational Resources Information Center

Gurlen, Stephanie

2013-01-01

As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study…

12 CFR 1204.9 - Does FHFA collect and use Social Security numbers?

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 7 2011-01-01 2011-01-01 false Does FHFA collect and use Social Security... OPERATIONS PRIVACY ACT IMPLEMENTATION § 1204.9 Does FHFA collect and use Social Security numbers? FHFA collects Social Security numbers only when it is necessary and authorized. At least annually, the Privacy...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... from its inventory of record systems. TSA will rely upon DHS/ALL-017 General Legal Records (November 23, 2011, 76 FR 72428) to cover its legal activities. Eliminating the system of records notice DHS/TSA-009... Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

32 CFR 806b.12 - Requesting the Social Security Number.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Requesting the Social Security Number. 806b.12... ADMINISTRATION PRIVACY ACT PROGRAM Collecting Personal Information § 806b.12 Requesting the Social Security Number. When asking an individual for his or her Social Security Number, always give a Privacy Act...

12 CFR 1204.9 - Does FHFA collect and use Social Security numbers?

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Does FHFA collect and use Social Security... OPERATIONS PRIVACY ACT IMPLEMENTATION § 1204.9 Does FHFA collect and use Social Security numbers? FHFA collects Social Security numbers only when it is necessary and authorized. At least annually, the Privacy...

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0089] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that...

75 FR 23274 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

... is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0031] Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and Enforcement--011...

75 FR 5487 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

...The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a Department of Homeland Security/U.S. Customs and Border Protection system of records entitled the, ``Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting System of Records'' from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

Public attitudes toward health information exchange: perceived benefits and concerns.

PubMed

Dimitropoulos, Linda; Patel, Vaishali; Scheffler, Scott A; Posnack, Steve

2011-12-01

To characterize consumers' attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits. A cross-sectional study. A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE. A majority of the 1847 respondents reported they were either "very" or "somewhat" concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data. Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

NASA Astrophysics Data System (ADS)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

NASA Astrophysics Data System (ADS)

Jeng, Albert; Chang, Li-Chung; Chen, Sheng-Hui

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e. g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e. g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

77 FR 47767 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-10

... Protection, DHS/CBP--017 Analytical Framework for Intelligence (AFI) System of Records AGENCY: Privacy Office... Homeland Security/U.S. Customs and Border Protection, DHS/CBP--017 Analytical Framework for Intelligence... Analytical Framework for Intelligence (AFI) System of Records'' from one or more provisions of the Privacy...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2012-07-01 2012-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2010-07-01 2010-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2011-07-01 2011-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2013-07-01 2013-07-01 false DSS review of request for amendment. 321.8...

32 CFR 321.8 - DSS review of request for amendment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.8 DSS review of request for... himself and maintained by the Defense Security Service, Office of FOI and Privacy will handle the request... 32 National Defense 2 2014-07-01 2014-07-01 false DSS review of request for amendment. 321.8...

75 FR 69603 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security National...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... FURTHER INFORMATION CONTACT: For general questions please contact: Emily Andrew (703-235-2182), Privacy...: Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security... Nation's 18 critical infrastructures and key resources (CIKR) sectors during normal operations and...

77 FR 38274 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-27

.... SUPPLEMENTARY INFORMATION: The Defense Security Service systems of records notices subject to the Privacy Act of... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0077] Privacy Act of 1974; System of Records AGENCY: Defense Security Service, DoD. ACTION: Notice to Delete Four Systems of Records...

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

77 FR 38880 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (SSA...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-29

... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0002] Privacy Act of 1974, as Amended...

77 FR 27108 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0010] Privacy Act of 1974, as Amended...

78 FR 51264 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of the Treasury...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... 1016 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0022] Privacy Act of 1974, as Amended...

77 FR 24756 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0084] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1003 AGENCY: Social Security... above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988...

77 FR 6620 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/the States); Match 6000 and 6003

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-08

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0102] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ the States); Match 6000 and 6003 AGENCY: Social Security Administration..., as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

77 FR 24757 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Labor (DOL))-Match...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0083] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Labor (DOL))--Match Number 1015 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 62623 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match Number 1016 AGENCY: Social Security... regarding protections for such persons. The Privacy Act, as amended, regulates the use of computer matching...

75 FR 59780 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-28

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0040] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security...: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L.) 100-503), amended the...

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Public Perspectives of Mobile Phones’ Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey

PubMed Central

Richardson, Joshua E.; Ancker, Jessica S.

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician’s electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized. PMID:26958246

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

PubMed

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p < .001). There were no similar changes in privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

SAFETY, SECURITY, HYGIENE AND PRIVACY IN MIGRANT FARMWORKER HOUSING

PubMed Central

Arcury, Thomas A.; Weir, Maria M.; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F.; Bischoff, Werner E.; Quandt, Sara A.

2013-01-01

Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed. PMID:22776578

Evaluation of privacy in high dynamic range video sequences

NASA Astrophysics Data System (ADS)

Řeřábek, Martin; Yuan, Lin; Krasula, Lukáš; Korshunov, Pavel; Fliegel, Karel; Ebrahimi, Touradj

2014-09-01

The ability of high dynamic range (HDR) to capture details in environments with high contrast has a significant impact on privacy in video surveillance. However, the extent to which HDR imaging affects privacy, when compared to a typical low dynamic range (LDR) imaging, is neither well studied nor well understood. To achieve such an objective, a suitable dataset of images and video sequences is needed. Therefore, we have created a publicly available dataset of HDR video for privacy evaluation PEViD-HDR, which is an HDR extension of an existing Privacy Evaluation Video Dataset (PEViD). PEViD-HDR video dataset can help in the evaluations of privacy protection tools, as well as for showing the importance of HDR imaging in video surveillance applications and its influence on the privacy-intelligibility trade-off. We conducted a preliminary subjective experiment demonstrating the usability of the created dataset for evaluation of privacy issues in video. The results confirm that a tone-mapped HDR video contains more privacy sensitive information and details compared to a typical LDR video.

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.5 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.5 Procedures. (a) The Director of... for the FOIA/PA office is: National Security Agency, ATTN: FOIA/PA Services (DC321), 9800 Savage Road...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

78 FR 15734 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0010] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

78 FR 15733 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0008] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... computer matching program between the Department of Homeland Security/U.S. Citizenship and Immigration...

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

Privacy and security in teleradiology.

PubMed

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2012 CFR

2012-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2011 CFR

2011-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

36 CFR 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2014 CFR

2014-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? 1202.90 Section 1202... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

ERIC Educational Resources Information Center

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Privacy-enhanced electronic mail

NASA Astrophysics Data System (ADS)

Bishop, Matt

1990-06-01

The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

PubMed Central

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

2015-01-01

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements. PMID:25599627

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

PubMed

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan; Sunyaev, Ali

2015-01-19

Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. We assessed apps available in English and offered in the categories "Medical" and "Health & Fitness" in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

78 FR 40542 - Privacy Act of 1974, As Amended: Proposed New Routine Use

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0032] Privacy Act of 1974, As Amended: Proposed New Routine Use AGENCY: Social Security Administration. ACTION: New Proposed Routine Use...: Master Files of Social Security Number (SSN) Holders and SSN Applications, (60-0058) (the Enumeration...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0006] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S...

A Hypertext-Based Computer Architecture for Management of the Joint Command, Control and Communications Curriculum

DTIC Science & Technology

1992-06-01

Boards) Security, Privacy, and Freedom of Speech Issues 4.1.2 Understand the relationships between information processing and collection and...to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) Security, Privacy, and Freedom of Speech Issues 69 4.1.3 Understand the...Communication one-to-one (e-mail) °o° one-to-many (Mailing and discussion Lists) ... Many-to-Many (Bulletin Boards) oo Security, Privacy, and Freedom of Speech Issues

Analysis of Vehicle-Based Security Operations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carter, Jason M; Paul, Nate R

Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications mustmore » be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be applicable to a VBSS, and suggest some additional research directions in order to find a practical solution that appropriately addresses security and privacy.« less

Security issues in healthcare applications using wireless medical sensor networks: a survey.

PubMed

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

PubMed Central

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs. PMID:22368458

6 CFR 5.29 - Fees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Fees. 5.29 Section 5.29 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.29 Fees. (a) Components shall charge fees for duplication of records under the Privacy Act in the...

78 FR 15407 - Privacy Act of 1974, as Amended

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-11

... alteration of the system of records entitled Treasury/IRS 34.037, Audit Trail and Security Records. DATES... the Privacy Act system of records entitled Treasury/IRS34.037, Audit Trail and Security Records, to.... TREASURY/IRS 34.037 System name: Audit Trail and Security Records--Treasury/IRS 34.037...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2012 CFR

2012-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2014 CFR

2014-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2014-01-01 2014-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2013 CFR

2013-01-01

... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Security of systems of records. 792.67 Section 792.67 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE OPERATIONS OF...

76 FR 44332 - Privacy Act of 1974; Notice of Updated Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-25

... are safeguarded in accordance with the requirements of the Privacy Act, the Computer Security Act, and... Security Numbers, birth dates and credit card numbers or other banking information, and (2) contract... bidders and buyers, including, but not limited to, names, phone numbers, addresses, Social Security...

75 FR 82121 - Privacy Act of 1974, as Amended; Proposed Routine Use

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-29

... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Proposed Routine Use AGENCY: Social Security Administration (SSA). ACTION: Proposed routine use. SUMMARY: In accordance with the... routine use to our system of records entitled Master Files of Social Security Number (SSN) Holders and SSN...

36 CFR § 1202.90 - What NARA systems of records are exempt from release under the National Security Exemption of the...

Code of Federal Regulations, 2013 CFR

2013-07-01

... are exempt from release under the National Security Exemption of the Privacy Act? § 1202.90 Section Â... from release under the National Security Exemption of the Privacy Act? (a) The Investigative Case Files... interfere with ongoing investigations and law enforcement or national security activities and impose an...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

28 CFR 20.24 - State laws on privacy and security.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Local Criminal History Record Information Systems § 20.24 State laws on privacy and security. Where a State originating criminal history record information provides for sealing or purging thereof, nothing...

36 CFR § 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Privacy Act shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures...

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

Design and Evaluation of a Web-Based Symptom Monitoring Tool for Heart Failure.

PubMed

Wakefield, Bonnie J; Alexander, Gregory; Dohrmann, Mary; Richardson, James

2017-05-01

Heart failure is a chronic condition where symptom recognition and between-visit communication with providers are critical. Patients are encouraged to track disease-specific data, such as weight and shortness of breath. Use of a Web-based tool that facilitates data display in graph form may help patients recognize exacerbations and more easily communicate out-of-range data to clinicians. The purposes of this study were to (1) design a Web-based tool to facilitate symptom monitoring and symptom recognition in patients with chronic heart failure and (2) conduct a usability evaluation of the Web site. Patient participants generally had a positive view of the Web site and indicated it would support recording their health status and communicating with their doctors. Clinician participants generally had a positive view of the Web site and indicated it would be a potentially useful adjunct to electronic health delivery systems. Participants expressed a need to incorporate decision support within the site and wanted to add other data, for example, blood pressure, and have the ability to adjust font size. A few expressed concerns about data privacy and security. Technologies require careful design and testing to ensure they are useful, usable, and safe for patients and do not add to the burden of busy providers.

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial, annual, and revised privacy notices that you...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

Medico legal issues.

PubMed

Mackenzie, Geraldine; Carter, Hugh

2010-01-01

This chapter gives an educational overview of: * An awareness of the legal issues involved in health informatics * The need for the privacy and security of the patient record * The legal consequences of a breach of the security of the patient record * The concept of privacy law and what precautions ought to be taken to minimize legal liability for a breach of privacy and/or confidentiality.

75 FR 67909 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of the...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-04

... facsimile (202) 254-4299. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief...;Prices of new books are listed in the first FEDERAL REGISTER issue of each #0;week. #0; #0; #0; #0;#0...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of the Inspector...

Secure open cloud in data transmission using reference pattern and identity with enhanced remote privacy checking

NASA Astrophysics Data System (ADS)

Vijay Singh, Ran; Agilandeeswari, L.

2017-11-01

To handle the large amount of client’s data in open cloud lots of security issues need to be address. Client’s privacy should not be known to other group members without data owner’s valid permission. Sometime clients are fended to have accessing with open cloud servers due to some restrictions. To overcome the security issues and these restrictions related to storing, data sharing in an inter domain network and privacy checking, we propose a model in this paper which is based on an identity based cryptography in data transmission and intermediate entity which have client’s reference with identity that will take control handling of data transmission in an open cloud environment and an extended remote privacy checking technique which will work at admin side. On behalf of data owner’s authority this proposed model will give best options to have secure cryptography in data transmission and remote privacy checking either as private or public or instructed. The hardness of Computational Diffie-Hellman assumption algorithm for key exchange makes this proposed model more secure than existing models which are being used for public cloud environment.

Safety and privacy outcomes from a moderated online social therapy for young people with first-episode psychosis.

PubMed

Gleeson, John F; Lederman, Reeva; Wadley, Greg; Bendall, Sarah; McGorry, Patrick D; Alvarez-Jimenez, Mario

2014-04-01

Internet-based treatments for early psychosis offer considerable promise, but safety and security need to be established. This study pilot tested Horyzons, a novel online treatment application that integrates purpose-built moderated social networking with psychoeducation for recovery from early psychosis. Safety, privacy, and security were evaluated during a one-month single-group trial with 20 young consumers recovering from early psychosis who were recruited in Melbourne, Australia. Known clinical risk factors informed the safety protocol. Safety, privacy, and security were evaluated with respect to relapse and self-harm, users' perceptions of safety and privacy, and activity using Horyzons. No clinical or security problems with use of Horyzons were noted. Participants described feeling safe and trusting Horyzons. Private moderated online social networking combined with psychoeducation was a safe and secure therapeutic environment for consumers recovering from a first episode of psychosis. Testing the intervention in a randomized controlled trial is warranted.

6 CFR 5.35 - Sanctions and penalties.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Sanctions and penalties. 5.35 Section 5.35 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.35 Sanctions and penalties. Under the provisions of the Privacy Act, 5 U.S.C. 552a...

75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

...; Department of Homeland Security Transportation Security Administration-023 Workplace Violence Prevention... Administration-023 Workplace Violence Prevention Program System of Records and this proposed rulemaking. In this... Privacy Act (5 U.S.C. 552a) titled, DHS/TSA-023 Workplace Violence Prevention Program System of Records...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2014 CFR

2014-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2014-01-01 2014-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2012 CFR

2012-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2012-01-01 2012-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

12 CFR 792.68 - Use and collection of Social Security numbers.

Code of Federal Regulations, 2013 CFR

2013-01-01

... INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy... 12 Banks and Banking 7 2013-01-01 2013-01-01 false Use and collection of Social Security numbers. 792.68 Section 792.68 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING THE...

Social Security Number Protection Laws: State-by-State Summary Table

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

As state policymakers implement statewide longitudinal data systems that collect, store, link and share student-level data, it is critical that they understand applicable privacy and data security standards and laws designed to ensure the privacy, security, and confidentiality of that data. To help state policymakers navigate this complex legal…

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

76 FR 67621 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

...The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/U.S. Customs and Border Protection-003 Credit/Debit Care Data System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

Pathway to Support the Sustainable National Health Information System

NASA Astrophysics Data System (ADS)

Sahavechaphan, Naiyana; Phengsuwan, Jedsada; U-Ruekolan, Suriya; Aroonrua, Kamron; Ponhan, Jukrapong; Harnsamut, Nattapon; Vannarat, Sornthep

Heath information across geographically distributed healthcare centers has been recognized as an essential resource that drives an efficient national health-care plan. There is thus a need for the National Health Information System (NHIS) that provides the transparent and secure access to health information from different healthcare centers both on demand and in a time efficient manner. As healthiness is the ultimate goal of people and nation, we believe that the NHIS should be sustainable by taking the healthcare center and information consumer perspectives into account. Several issues in particular must be resolved altogether: (i) the diversity of health information structures among healthcare centers; (ii) the availability of health information sharing from healthcare centers; (iii) the efficient information access to various healthcare centers; and (iv) the privacy and privilege of heath information. To achieve the sustainable NHIS, this paper details our work which is divided into 3 main phases. Essentially, the first phase focuses on the application of metadata standard to enable the interoperability and usability of health information across healthcare centers. The second phase moves forward to make information sharing possible and to provide an efficient information access to a large number of healthcare centers. Finally, in the third phase, the privacy and privilege of health information is promoted with respect to access rights of information consumers.

Privacy Issues of a National Research and Education Network.

ERIC Educational Resources Information Center

Katz, James E.; Graveman, Richard F.

1991-01-01

Discussion of the right to privacy of communications focuses on privacy expectations within a National Research and Education Network (NREN). Highlights include privacy needs in scientific and education communications; academic and research networks; network security and privacy concerns; protection strategies; and consequences of privacy…

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

17 CFR 160.2 - Model privacy form and examples.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this...

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any privacy notices and opt out notices...

17 CFR 160.2 - Model privacy form and examples.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this...

17 CFR 160.2 - Model privacy form and examples.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in appendix...

17 CFR 160.2 - Model privacy form and examples.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Model privacy form and... (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of...

17 CFR 160.2 - Model privacy form and examples.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Model privacy form and... PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions in appendix...

Privacy and Security in Mobile Health: A Research Agenda

PubMed Central

Kotz, David; Gunter, Carl A.; Kumar, Santosh; Weiner, Jonathan P.

2017-01-01

Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges. PMID:28344359

78 FR 40541 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA)-Match Number 1014

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0019] Privacy Act of 1974, as Amended; Computer Matching Program (SSA)--Match Number 1014 AGENCY: Social Security Administration (SSA). [[Page 40542

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

Driving toward guiding principles: a goal for privacy, confidentiality, and security of health information.

PubMed

Buckovich, S A; Rippen, H E; Rozen, M J

1999-01-01

As health care moves from paper to electronic data collection, providing easier access and dissemination of health information, the development of guiding privacy, confidentiality, and security principles is necessary to help balance the protection of patients' privacy interests against appropriate information access. A comparative review and analysis was done, based on a compilation of privacy, confidentiality, and security principles from many sources. Principles derived from ten identified sources were compared with each of the compiled principles to assess support level, uniformity, and inconsistencies. Of 28 compiled principles, 23 were supported by at least 50 percent of the sources. Technology could address at least 12 of the principles. Notable consistencies among the principles could provide a basis for consensus for further legislative and organizational work. It is imperative that all participants in our health care system work actively toward a viable resolution of this information privacy debate.

Assessing the privacy policies in mobile personal health records.

PubMed

Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

2014-01-01

The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs.

A linkable identity privacy algorithm for HealthGrid.

PubMed

Zhang, Ning; Rector, Alan; Buchan, Iain; Shi, Qi; Kalra, Dipak; Rogers, Jeremy; Goble, Carole; Walker, Steve; Ingram, David; Singleton, Peter

2005-01-01

The issues of confidentiality and privacy have become increasingly important as Grid technology is being adopted in public sectors such as healthcare. This paper discusses the importance of protecting the confidentiality and privacy of patient health/medical records, and the challenges exhibited in enforcing this protection in a Grid environment. It proposes a novel algorithm to allow traceable/linkable identity privacy in dealing with de-identified medical records. Using the algorithm, de-identified health records associated to the same patient but generated by different healthcare providers are given different pseudonyms. However, these pseudonymised records of the same patient can still be linked by a trusted entity such as the NHS trust or HealthGrid manager. The paper has also recommended a security architecture that integrates the proposed algorithm with other data security measures needed to achieve the desired security and privacy in the HealthGrid context.

A cryptographic key management solution for HIPAA privacy/security regulations.

PubMed

Lee, W-B; Lee, C-D

2008-01-01

The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit.

PubMed

Haidar, Ali N; Zasada, Stefan J; Coveney, Peter V; Abdallah, Ali E; Beckles, Bruce; Jones, Mike A S

2011-06-06

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username-password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

PubMed Central

Haidar, Ali N.; Zasada, Stefan J.; Coveney, Peter V.; Abdallah, Ali E.; Beckles, Bruce; Jones, Mike A. S.

2011-01-01

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username–password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale. PMID:22670214

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

Secure authentication protocol for Internet applications over CATV network

NASA Astrophysics Data System (ADS)

Chin, Le-Pond

1998-02-01

An authentication protocol is proposed in this paper to implement secure functions which include two way authentication and key management between end users and head-end. The protocol can protect transmission from frauds, attacks such as reply and wiretap. Location privacy is also achieved. A rest protocol is designed to restore the system once when systems fail. The security is verified by taking several security and privacy requirements into consideration.

Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup

NASA Astrophysics Data System (ADS)

Kuo, Cynthia; Walker, Jesse; Perrig, Adrian

Bluetooth Simple Pairing and Wi-Fi Protected Setup specify mechanisms for exchanging authentication credentials in wireless networks. Both Simple Pairing and Protected Setup support multiple setup mechanisms, which increases security risks and hurts the user experience. To improve the security and usability of these specifications, we suggest defining a common baseline for hardware features and a consistent, interoperable user experience across devices.

76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-23

... 1974; Department of Homeland Security/ALL--017 General Legal Records System of Records AGENCY: Privacy... of records notice titled, ``Department of Homeland Security/ ALL--017 General Legal Records System of Records.'' This system will assist attorneys in providing legal advice to the Department of Homeland...

17 CFR 200.310 - Fees.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records... Information and Privacy Act Operations, SEC, Operations Center, 6432 General Green Way, Alexandria, VA 22312...

17 CFR 200.310 - Fees.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records... Information and Privacy Act Operations, SEC, Operations Center, 6432 General Green Way, Alexandria, VA 22312...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2010 CFR

2010-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Code of Federal Regulations, 2011 CFR

2011-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

45 CFR 164.520 - Notice of privacy practices for protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a) Standard... 45 Public Welfare 1 2014-10-01 2014-10-01 false Notice of privacy practices for protected health...

Acquisition of a High Performance Computing Instrument for Big Data Research and Education

DTIC Science & Technology

2015-12-03

Security and Privacy , University of Texas at Dallas, TX, September 16-17, 2014. • Chopade, P., Zhan, J., Community Detection in Large Scale Big Data...Security and Privacy in Communication Networks, Beijing, China, September 24-26, 2014. • Pravin Chopade, Kenneth Flurchick, Justin Zhan and Marwan...Balkirat Kaur, Malcolm Blow, and Justin Zhan, Digital Image Authentication in Social Media, The Sixth ASE International Conference on Privacy

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

PubMed

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

Customer privacy on UK healthcare websites.

PubMed

Mundy, Darren P

2006-09-01

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

A Progress Report on Information Privacy and Data Security.

ERIC Educational Resources Information Center

Salton, Gerard

1980-01-01

Describes the role of information privacy in modern society, examines recent legal cases to illustrate how privacy cases are adjudicated and to identify the limits of available privacy protection, and raises issues regarding techniques for insuring data confidentiality. (FM)

76 FR 66933 - Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG-014 Military Pay...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-28

... purpose of health and life insurance requests and eligibility and to the Department of Defense (DoD) for... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0072] Privacy Act of 1974; Department of Homeland Security U.S. Coast Guard DHS/USCG--014 Military Pay and Personnel System...

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

78 FR 57402 - Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection-019 Air...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-18

... forth in this system of records notice. AMOSS also has users from the Department of Defense (DOD... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0021] Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection--019 Air and Marine Operations...

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

Quality of Publicly Available Physical Activity Apps: Review and Content Analysis

PubMed Central

Alkhaldi, Ghadah; Slee, April; Hamilton, Fiona L; Murray, Elizabeth

2018-01-01

Background Within the new digital health landscape, the rise of health apps creates novel prospects for health promotion. The market is saturated with apps that aim to increase physical activity (PA). Despite the wide distribution and popularity of PA apps, there are limited data on their effectiveness, user experience, and safety of personal data. Objective The purpose of this review and content analysis was to evaluate the quality of the most popular PA apps on the market using health care quality indicators. Methods The top-ranked 400 free and paid apps from iTunes and Google Play stores were screened. Apps were included if the primary behavior targeted was PA, targeted users were adults, and the apps had stand-alone functionality. The apps were downloaded on mobile phones and assessed by 2 reviewers against the following quality assessment criteria: (1) users’ data privacy and security, (2) presence of behavior change techniques (BCTs) and quality of the development and evaluation processes, and (3) user ratings and usability. Results Out of 400 apps, 156 met the inclusion criteria, of which 65 apps were randomly selected to be downloaded and assessed. Almost 30% apps (19/65) did not have privacy policy. Every app contained at least one BCT, with an average number of 7 and a maximum of 13 BCTs. All but one app had commercial affiliation, 12 consulted an expert, and none reported involving users in the app development. Only 12 of 65 apps had a peer-reviewed study connected to the app. User ratings were high, with only a quarter of the ratings falling below 4 stars. The median usability score was excellent—86.3 out of 100. Conclusions Despite the popularity of PA apps available on the commercial market, there were substantial shortcomings in the areas of data safety and likelihood of effectiveness of the apps assessed. The limited quality of the apps may represent a missed opportunity for PA promotion. PMID:29563080

32 CFR 806b.51 - Privacy and the Web.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy and the Web. 806b.51 Section 806b.51 National Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE ADMINISTRATION PRIVACY ACT... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when...

17 CFR 248.2 - Model privacy form: rule of construction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Model privacy form: rule of... Safeguarding Personal Information § 248.2 Model privacy form: rule of construction. (a) Model privacy form. Use of the model privacy form in Appendix A to Subpart A of this part, consistent with the instructions...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Annual privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You must...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Initial privacy notice to... COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P, S-AM, AND S-ID Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement...

17 CFR 160.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... privacy notices. 160.6 Section 160.6 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.6 Information to be included in privacy notices. (a) General rule. The initial...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.4 Initial privacy notice to consumers required. (a) Initial notice requirement...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.5 Annual privacy notice to customers required. (a)(1) General rule. You must...

17 CFR 248.8 - Revised privacy notices.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Revised privacy notices. 248.8...) REGULATIONS S-P AND S-AM Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Privacy and Opt Out Notices § 248.8 Revised privacy notices. (a) General rule. Except as otherwise...

Chinese Mobile Health APPs for Hypertension Management: A Systematic Evaluation of Usefulness.

PubMed

Liang, Jun; He, Xiaojun; Jia, Yuxi; Zhu, Wei; Lei, Jianbo

2018-01-01

To analyze and compare the usefulness of hypertension management APPs released in the Chinese market; to understand the general situations, characteristics, problems, and trends in hypertension management mHealth APPs; and to identify the gaps between mainland China products and non-mainland China products with the aim to provide recommendations for developers in industry and assist hypertensive patients in selecting suitable APPs. The hypertension management APPs available by October 2016 in China were analyzed from the perspective of data items and function usefulness. Sample sets were determined through PRISMA. An evaluation item set was developed based on the usability framework of TURF and the Chinese Guideline for the Management of Hypertension and used to quantitatively analyze the functionalities and data items collected from the sample APPs from the perspective of designers, users, and activity models. Among the 73 Chinese-supported APPs, none of the hypertension management APPs could fully cover the usefulness item set (mean = 37.4%). Regarding the use of mobile terminal hardware, only cameras and positioning sensors are commonly used in information collection. Regarding the data items and services provided, the most commonly collected data are "demographic information" (88% versus 100%) and "vital signs" (76% versus 100%), but APPs developed in mainland China and non-mainland China provided significantly different services and profit-making patterns. Regarding data security and privacy protection, the APPs from mainland China provided far lower usefulness (31% versus 56%). mHealth APPs can promptly and efficiently acquire sign-related data by improving the professionality and scientificity of data about healthy living habits. APPs also improve the preventive usefulness of the collected data and bring about new opportunities for the management and control of hypertension. Other important research trends include privacy protection and data security.

Chinese Mobile Health APPs for Hypertension Management: A Systematic Evaluation of Usefulness

PubMed Central

Jia, Yuxi; Zhu, Wei

2018-01-01

Objective To analyze and compare the usefulness of hypertension management APPs released in the Chinese market; to understand the general situations, characteristics, problems, and trends in hypertension management mHealth APPs; and to identify the gaps between mainland China products and non-mainland China products with the aim to provide recommendations for developers in industry and assist hypertensive patients in selecting suitable APPs. Methods The hypertension management APPs available by October 2016 in China were analyzed from the perspective of data items and function usefulness. Sample sets were determined through PRISMA. An evaluation item set was developed based on the usability framework of TURF and the Chinese Guideline for the Management of Hypertension and used to quantitatively analyze the functionalities and data items collected from the sample APPs from the perspective of designers, users, and activity models. Results Among the 73 Chinese-supported APPs, none of the hypertension management APPs could fully cover the usefulness item set (mean = 37.4%). Regarding the use of mobile terminal hardware, only cameras and positioning sensors are commonly used in information collection. Regarding the data items and services provided, the most commonly collected data are “demographic information” (88% versus 100%) and “vital signs” (76% versus 100%), but APPs developed in mainland China and non-mainland China provided significantly different services and profit-making patterns. Regarding data security and privacy protection, the APPs from mainland China provided far lower usefulness (31% versus 56%). Conclusions mHealth APPs can promptly and efficiently acquire sign-related data by improving the professionality and scientificity of data about healthy living habits. APPs also improve the preventive usefulness of the collected data and bring about new opportunities for the management and control of hypertension. Other important research trends include privacy protection and data security. PMID:29744027

Web-based Factors Affecting Online Purchasing Behaviour

NASA Astrophysics Data System (ADS)

Ariff, Mohd Shoki Md; Sze Yan, Ng; Zakuan, Norhayati; Zaidi Bahari, Ahamad; Jusoh, Ahmad

2013-06-01

The growing use of internet and online purchasing among young consumers in Malaysia provides a huge prospect in e-commerce market, specifically for B2C segment. In this market, if E-marketers know the web-based factors affecting online buyers' behaviour, and the effect of these factors on behaviour of online consumers, then they can develop their marketing strategies to convert potential customers into active one, while retaining existing online customers. Review of previous studies related to the online purchasing behaviour in B2C market has point out that the conceptualization and empirical validation of the online purchasing behaviour of Information and Communication Technology (ICT) literate users, or ICT professional, in Malaysia has not been clearly addressed. This paper focuses on (i) web-based factors which online buyers (ICT professional) keep in mind while shopping online; and (ii) the effect of web-based factors on online purchasing behaviour. Based on the extensive literature review, a conceptual framework of 24 items of five factors was constructed to determine web-based factors affecting online purchasing behaviour of ICT professional. Analysis of data was performed based on the 310 questionnaires, which were collected using a stratified random sampling method, from ICT undergraduate students in a public university in Malaysia. The Exploratory factor analysis performed showed that five factors affecting online purchase behaviour are Information Quality, Fulfilment/Reliability/Customer Service, Website Design, Quick and Details, and Privacy/Security. The result of Multiple Regression Analysis indicated that Information Quality, Quick and Details, and Privacy/Security affect positively online purchase behaviour. The results provide a usable model for measuring web-based factors affecting buyers' online purchase behaviour in B2C market, as well as for online shopping companies to focus on the factors that will increase customers' online purchase.

Privacy and security compliance in the E-healthcare marketplace.

PubMed

Lutes, M

2000-03-01

Complying with security and privacy regulations proposed by HHS in response to the Health Insurance Portability and Accountability Act (HIPAA) will require healthcare managers to address both internal and external business interactions and initiatives. The proposed regulations mandate certain procedures regarding administration, physical safeguards, technical security for data integrity and confidentiality, and technical security against unauthorized access. In particular, the proposed regulations require organizations to contractually ensure that vendors adhere to the regulations. Healthcare organizations also must implement training procedures for staff members who have contact with protected health information and designate a privacy officer to guard against improper disclosure of such information. Documented policies for organizational decision making are vital to an organization's efforts to implement procedures for compliance with the regulations.

Inter-organizational future proof EHR systems. A review of the security and privacy related issues.

PubMed

van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan

2009-03-01

Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in literature. Ensuring secure health information exchange across organizations requires a standardization of security measures that goes beyond organizational boundaries, such as global definitions of professional roles, global standards for patient consent and semantic interoperable audit logs. As to be able to fully address the privacy and security issues in interoperable EHRs and the long-life virtual EHR it is necessary to realize a paradigm shift from storing all incoming information in a local system to retrieving information from external systems whenever that information is deemed necessary for the care of the patient.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

Cyber security challenges in Smart Cities: Safety, security and privacy.

PubMed

Elmaghraby, Adel S; Losavio, Michael M

2014-07-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Survey of cyber security issues in smart grids

NASA Astrophysics Data System (ADS)

Chen, Thomas M.

2010-04-01

The future smart grid will enable cost savings and lower energy use by means of smart appliances and smart meters which support dynamic load management and real-time monitoring of energy use and distribution. The introduction of two-way communications and control into power grid introduces security and privacy concerns. This talk will survey the security and privacy issues in smart grids using the NIST reference model, and relate these issues to cyber security in the Internet.

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...

Ownership, Privacy, Confidentiality, and Security Data.

ERIC Educational Resources Information Center

Staman, E. Michael

1986-01-01

One of the areas most often neglected by those responsible for information systems in colleges and universities relates to ownership, privacy, confidentiality, and security of data. Background information and definitions are provided, and a suggested environment is described. Model recommendations for institutional policy are offered. (MLW)

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

32 CFR 322.4 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Responsibilities. 322.4 Section 322.4 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.4 Responsibilities. (a) The...

Minutiae Matching with Privacy Protection Based on the Combination of Garbled Circuit and Homomorphic Encryption

PubMed Central

Li, Mengxing; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks. PMID:24711729

Minutiae matching with privacy protection based on the combination of garbled circuit and homomorphic encryption.

PubMed

Li, Mengxing; Feng, Quan; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks.

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

Computer-facilitated rapid HIV testing in emergency care settings: provider and patient usability and acceptability.

PubMed

Spielberg, Freya; Kurth, Ann E; Severynen, Anneleen; Hsieh, Yu-Hsiang; Moring-Parris, Daniel; Mackenzie, Sara; Rothman, Richard

2011-06-01

Providers in emergency care settings (ECSs) often face barriers to expanded HIV testing. We undertook formative research to understand the potential utility of a computer tool, "CARE," to facilitate rapid HIV testing in ECSs. Computer tool usability and acceptability were assessed among 35 adult patients, and provider focus groups were held, in two ECSs in Washington State and Maryland. The computer tool was usable by patients of varying computer literacy. Patients appreciated the tool's privacy and lack of judgment and their ability to reflect on HIV risks and create risk reduction plans. Staff voiced concerns regarding ECS-based HIV testing generally, including resources for follow-up of newly diagnosed people. Computer-delivered HIV testing support was acceptable and usable among low-literacy populations in two ECSs. Such tools may help circumvent some practical barriers associated with routine HIV testing in busy settings though linkages to care will still be needed.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the mission of improving the quality and quantity of the contents of the biobank. This motivated us to request users to share the results of their research as feedback to the biobank. The TMM data sharing policy has tackled every security problem originating with the missions. We believe our current implementation to be the best way to protect privacy in data sharing.

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any...

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Delivering privacy and opt out... PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any...

17 CFR 160.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 2 2014-04-01 2014-04-01 false Delivering privacy and opt out... (CONTINUED) PRIVACY OF CONSUMER FINANCIAL INFORMATION UNDER TITLE V OF THE GRAMM-LEACH-BLILEY ACT Privacy and Opt Out Notices § 160.9 Delivering privacy and opt out notices. (a) How to provide notices. You must...

Privacy preservation and information security protection for patients' portable electronic health records.

PubMed

Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

2009-09-01

As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

Using Computerized Clinical Nursing Data Bases for Nursing Research.

ERIC Educational Resources Information Center

Nail, Lillian M.; Lange, Linda L.

1996-01-01

Addresses the recognition of differences between clinical and research data in using computerized clinical nursing databases and the issues of privacy and confidentiality for patients whose records are involved. Describes procedures for assessing the quality and usability of these data for nursing research. (SK)

Toward protocols for quantum-ensured privacy and secure voting

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario

2011-08-15

We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by amore » different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.« less

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. (1...

Security and privacy in electronic health records: a systematic literature review.

PubMed

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright © 2013 Elsevier Inc. All rights reserved.

Naked on the Information Highway: The 6th Ian P. Sharp Lecture.

ERIC Educational Resources Information Center

Phillips, Bruce

1995-01-01

This lecture by the Privacy Commissioner of Canada addresses issues related to information technology and privacy, including privacy law, government role, surveillance techniques, and security measures to protect the privacy of electronic communications. The text of the question and answer period following the lecture is included. (MES)

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 9 2012-10-01 2012-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 9 2013-10-01 2013-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

49 CFR 1560.103 - Privacy notice.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Privacy notice. 1560.103 Section 1560.103... Secure Flight Passenger Data for Watch List Matching § 1560.103 Privacy notice. (a) Electronic collection... with § 1560.101(a), a covered aircraft operator must make available the complete privacy notice set...

76 FR 11435 - Privacy Act of 1974; Computer Matching Program

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-02

... Security Administration. SUMMARY: Pursuant to the Computer Matching and Privacy Protection Act of 1988, Public Law 100-503, the Computer Matching and Privacy Protections Amendments of 1990, Pub. L. 101-508... Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988...

76 FR 22615 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-22

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2011-OS-0003] 32 CFR Part 322... Part 322 Privacy. Accordingly, 32 CFR part 322 is amended as follows: PART 322--NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE PROGRAM 0 1. The authority citation for 32 CFR part 322.7 continues to...

Information Security and Privacy in Network Environments.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

32 CFR 322.7 - Exempt systems of records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Exempt systems of records. 322.7 Section 322.7 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.7 Exempt systems of...

77 FR 40863 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-11

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2012-OS-0085] Privacy Act of 1974... Register Liaison Officer, Department of Defense. QNRO-31 System name: Software Security Risk Evaluations... the Department of Defense; DoDD 5240.2, DoD Counterintelligence (CI); DoDI 5240.8, Security...

76 FR 34616 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... questions please contact: Emily Andrew (703-235-2182), Privacy Officer, National Protection and Programs... U.S.C. 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate... Screening Database (TSDB). The TSDB is the Federal government's consolidated and integrated terrorist...

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 69926 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0059] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0022] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare & Medicaid Services (CMS))--Match Number 1076 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

Measuring and Modeling Security and Privacy Laws

ERIC Educational Resources Information Center

Romanosky, Sasha

2012-01-01

This manuscript presents empirical and analytical analysis and discussion of security and privacy laws. The introduction, together with the three substantive chapters each represent separate research papers written as partial fulfillment of my PhD dissertation in the Heinz College, Carnegie Mellon University. Chapter 2 is an abbreviated version of…

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation

PubMed Central

Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack). PMID:27326763

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation.

PubMed

Ren, Wei; Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack).

A Lightweight Encryption Scheme Combined with Trust Management for Privacy-Preserving in Body Sensor Networks.

PubMed

Guo, Ping; Wang, Jin; Ji, Sai; Geng, Xue Hua; Xiong, Neal N

2015-12-01

With the pervasiveness of smart phones and the advance of wireless body sensor network (BSN), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving framework combining with multilevel trust management. In our scheme, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive PHI (personal health information) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient lightweight encryption for those users whose trust level is low, which is based on mix cipher algorithms and pair of plain text and cipher texts, and allow a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis and simulations show that the proposed framework can efficiently achieve user-centric privacy protection in m-Healthcare system.

Telerehabilitation store and forward applications: a review of applications and privacy considerations in physical and occupational therapy practice.

PubMed

Peterson, Christopher; Watzlaf, Valerie

2014-01-01

An overview of store and forward applications commonly used in physical and occupational therapy practice is reviewed with respect to regulation, privacy, security, and clinical applications. A privacy and security checklist provides a clear reference of pertinent regulatory issues regarding these software applications. A case study format is used to highlight clinical applications of store and forward software features. Important considerations of successful implementation of store and forward applications are also identified and discussed.

Cyber security challenges in Smart Cities: Safety, security and privacy

PubMed Central

Elmaghraby, Adel S.; Losavio, Michael M.

2014-01-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Phishing

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

NASA Astrophysics Data System (ADS)

Zhang, Yuanfei; Pei, Qianwen; Dai, Feifei; Zhang, Lei

2017-10-01

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.

Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

PubMed

Rosenbaum, Benjamin P

2014-03-01

Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

Privacy, security, and the public health researcher in the era of electronic health record research

PubMed Central

Sarwate, Anand D.

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools. PMID:28210428

Privacy, security, and the public health researcher in the era of electronic health record research.

PubMed

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

76 FR 19110 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... the Web AGENCY: Privacy Office, Department of Homeland Security (DHS). ACTION: Notice of Publication... the Privacy Office's Web site between May 3, 2010 and January 7, 2011. DATES: The Privacy Impact Assessments are available on the DHS Web site until June 6, 2011, after which they are obtained by contacting...

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... is contained in records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2011 CFR

2011-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2014-10-01 2014-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2013-10-01 2013-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2011-10-01 2011-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for... 47 Telecommunication 1 2012-10-01 2012-10-01 false FOIA and Privacy Act requests. 0.506 Section 0....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

47 CFR 0.506 - FOIA and Privacy Act requests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 1 2010-10-01 2010-10-01 false FOIA and Privacy Act requests. 0.506 Section 0... Declassification of National Security Information § 0.506 FOIA and Privacy Act requests. Requests for....461), of the Privacy Act of 1974, (See § 0.554) shall be processed in accordance with the provisions...

12 CFR 792.69 - Training and employee standards of conduct with regard to privacy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... regard to privacy. 792.69 Section 792.69 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION... UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.69 Training and employee standards of conduct with regard to...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2014 CFR

2014-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2012 CFR

2012-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2013 CFR

2013-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

PubMed

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

Musings on privacy issues in health research involving disaggregate geographic data about individuals

PubMed Central

Boulos, Maged N Kamel; Curtis, Andrew J; AbdelMalik, Philip

2009-01-01

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case. PMID:19619311

The double-edged sword of electronic health records: implications for patient disclosure.

PubMed

Campos-Castillo, Celeste; Anthony, Denise L

2015-04-01

Electronic health record (EHR) systems are linked to improvements in quality of care, yet also privacy and security risks. Results from research studies are mixed about whether patients withhold personal information from their providers to protect against the perceived EHR privacy and security risks. This study seeks to reconcile the mixed findings by focusing on whether accounting for patients' global ratings of care reveals a relationship between EHR provider-use and patient non-disclosure. A nationally representative sample from the 2012 Health Information National Trends Survey was analyzed using bivariate and multivariable logit regressions to examine whether global ratings of care suppress the relationship between EHR provider-use and patient non-disclosure. 13% of respondents reported having ever withheld information from a provider because of privacy/security concerns. Bivariate analysis showed that withholding information was unrelated to whether respondents' providers used an EHR. Multivariable analysis showed that accounting for respondents' global ratings of care revealed a positive relationship between having a provider who uses an EHR and withholding information. After accounting for global ratings of care, findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks. Despite evidence that EHRs inhibit patient disclosure, their advantages for promoting quality of care may outweigh the drawbacks. Clinicians should leverage the EHR's value in quality of care and discuss patients' privacy concerns during clinic visits, while policy makers should consider how to address the real and perceived privacy and security risks of EHRs. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

45 CFR 164.500 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.500 Applicability. (a... implementation of the privacy standards. (2) When a health care clearinghouse creates or receives protected...

Assessing Factors Affecting Physician's Intention to Adopt Biometric Authentication Technology in Electronic Medical Records

ERIC Educational Resources Information Center

Corazao, Cesar E.

2014-01-01

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulated the privacy and security of patient information. Since HIPPA became a law, hospital operators have struggled to comply fully with its security and privacy provisions. The proximity-based biometric authentication (PBBA) technology evolved in last decade to help…

77 FR 33547 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare and Medicaid...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0015] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Centers for Medicare and Medicaid Services (CMS))--Match Number 1094 AGENCY: Social Security Administration (SSA). ACTION: Notice of a new computer matching program that will expire...

75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant... System of Records and this proposed rulemaking. In this proposed rulemaking, the Department proposes to...

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

78 FR 69393 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... records in its inventory of record systems subject to the Privacy Act of 1974, as amended. The National....O. 12968, as amended, Access to classified information; 5 CFR part 732, National security positions...); 5 U.S.C. 7532, Suspension and Removal; E.O. 12958, Classified National Security Information; DoD...

77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-13

.... ACTION: Proposed rule. SUMMARY: This document seeks comment on the privacy and data security practices of... Practice and Procedure and Part 0 Rules of Commission Organization, Notice of Proposed Rulemaking, 25 FCC... practices of mobile wireless service providers with respect to customer information stored on their users...

17 CFR 200.308 - Appeal of initial adverse agency determination as to access or as to amendment or correction.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Regulations Pertaining to the Privacy of Individuals and Systems of Records Maintained by the... legal holidays) after his request was received by the Office of Information and Privacy Act Operations...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary to carry out the functions described in § 155.200 of...: (1) Gain access to personally identifiable information submitted to an Exchange; or (2) Collect, use...

75 FR 53005 - Privacy Act of 1974, as amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-30

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as amended; Notice of Computer Matching Program...

78 FR 34678 - Privacy Act of 1974, as Amended; Notice of Computer Matching Program (Railroad Retirement Board...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... notice of its renewal of an ongoing computer-matching program with the Social Security Administration... computer-matching program with the Committee on Homeland Security and Governmental Affairs of the Senate... RAILROAD RETIREMENT BOARD Privacy Act of 1974, as Amended; Notice of Computer Matching Program...

78 FR 37647 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Railroad Retirement Board (RRB...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2013-0010] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Railroad Retirement Board (RRB))--Match Number 1006 AGENCY: Social Security Administration. ACTION: Notice of a renewal of an existing computer matching program that will expire on...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

Advances and current state of the security and privacy in electronic health records: survey from a social perspective.

PubMed

Tejero, Antonio; de la Torre, Isabel

2012-10-01

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

Personal control of privacy and data: Estonian experience.

PubMed

Priisalu, Jaan; Ottis, Rain

2017-01-01

The Republic of Estonia leads Europe in the provision of public digital services. The national communications and transactions platform allows for twenty-first century governance by allowing for transparency, e-safety (inter alia privacy), e-security, entrepreneurship and, among other things, rising levels of prosperity, and well-being for all its Citizens. However, a series of Information Infrastructure attacks against the Estonian e-society infrastructure in 2007 became one of best known incidents and experiences that fundamentally changed both Estonian and international discussions about Cyber Security and Privacy. Estonian experience shows that an open and transparent attitude provides a good foundation for trust between the Citizen and the State, and gives more control to the real owner of the data - the Citizen. Another important lesson is that the Citizen needs to be confident in the government's ability to keep their data safe -- in terms of confidentiality, integrity and availability - establishing a strong link between privacy and information security. This paper discusses certain critical choices, context, and events connected to the birth and growth of the Estonian e-society in terms of Privacy.

Hacked E-mail

MedlinePlus

... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making Money Privacy, Identity & Online Security Limiting Unwanted Calls and Emails Online Security "Free" Security Scans Computer Security Disposing of Old Computers ...

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices used by Healthcare Providers.

PubMed

Watzlaf, Valerie J M; Zhou, Leming; Dealmeida, Dilhari R; Hartman, Linda M

2017-01-01

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 - 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth. Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen's kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.

NFC Internal: An Indoor Navigation System

PubMed Central

Ozdenizci, Busra; Coskun, Vedat; Ok, Kerem

2015-01-01

Indoor navigation systems have recently become a popular research field due to the lack of GPS signals indoors. Several indoors navigation systems have already been proposed in order to eliminate deficiencies; however each of them has several technical and usability limitations. In this study, we propose NFC Internal, a Near Field Communication (NFC)-based indoor navigation system, which enables users to navigate through a building or a complex by enabling a simple location update, simply by touching NFC tags those are spread around and orient users to the destination. In this paper, we initially present the system requirements, give the design details and study the viability of NFC Internal with a prototype application and a case study. Moreover, we evaluate the performance of the system and compare it with existing indoor navigation systems. It is seen that NFC Internal has considerable advantages and significant contributions to existing indoor navigation systems in terms of security and privacy, cost, performance, robustness, complexity, user preference and commercial availability. PMID:25825976

Electronic Commerce "in the dark"

NASA Astrophysics Data System (ADS)

Buzzi, Maria Claudia; Buzzi, Marina; Leporini, Barbara; Senette, Caterina

The widespread diffusion of electronic commerce offers a great opportunity for blind people. We describe the results of an electronic survey carried out with 22 blind and 22 sighted users in order to understand the difficulties and obstacles they experience shopping on-line, and solicit their expectations and suggestions for making the interaction simpler and more satisfying. Results show that blind users shop on-line much less than their sighted counterparts, since they encounter more difficulties not only when making a purchase, but even in the navigation phase preceding the commercial transaction. Complex layouts and unstructured content can prevent an e-transaction from being successfully completed. Furthermore, security, privacy and trustiness, common concerns for all consumers, also impact on the fear of buying via Internet for the visually impaired. Poor usability leads to a potential loss of revenue for on-line companies and a lost opportunity to increase a blind person's independence. Providing simpler, more understandable UIs would benefit all users and fuel the expansion of electronic commerce.

45 CFR 164.530 - Administrative requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

....530 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.530... privacy official who is responsible for the development and implementation of the policies and procedures...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2013 CFR

2013-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2012 CFR

2012-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2014 CFR

2014-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2011 CFR

2011-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 45 Public Welfare 1 2012-10-01 2012-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Rights to request privacy protection for protected health information. 164.522 Section 164.522 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights...

76 FR 55693 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-08

... instructions for submitting comments. Fax: 703-483-2999. Mail: Mary Ellen Callahan, Chief Privacy Officer... approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public... obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer...

45 CFR 164.524 - Access of individuals to protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable... records that are subject to the Privacy Act, 5 U.S.C. 552a, may be denied, if the denial of access under the Privacy Act would meet the requirements of that law. (v) An individual's access may be denied if...

76 FR 71417 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Law Enforcement Agencies (LEA...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-17

...; Computer Matching Program (SSA/ Law Enforcement Agencies (LEA)) Match Number 5001 AGENCY: Social Security... protections for such persons. The Privacy Act, as amended, regulates the use of computer matching by Federal... accordance with the Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of...

Privacy Policy Enforcement for Ambient Ubiquitous Services

NASA Astrophysics Data System (ADS)

Oyomno, Were; Jäppinen, Pekka; Kerttula, Esa

Ubiquitous service providers leverage miniaturised computing terminals equipped with wireless capabilities to avail new service models. These models are pivoted on personal and inexpensive terminals to customise services to individual preferences. Portability, small sizes and compact keyboards are few features popularising mobile terminals. Features enable storing and carrying of ever increasing proportions of personal data and ability to use them in service adaptations. Ubiquitous services automate deeper soliciting of personal data transparently without the need for user interactions. Transparent solicitations, acquisitions and handling of personal data legitimises privacy concerns regarding disclosures, retention and re-use of the data. This study presents a policy enforcement for ubiquitous services that safeguards handling of users personal data and monitors adherence to stipulated privacy policies. Enforcement structures towards usability and scalability are presented.

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Panel: RFID Security and Privacy

NASA Astrophysics Data System (ADS)

Fu, Kevin

The panel on RFID security and privacy included Ross Anderson, Jon Callas, Yvo Desmedt, and Kevin Fu. Topics for discussion included the "chip and PIN" EMV payment systems, e-Passports, "mafia" attacks, and RFID-enabled credit cards. Position papers by the panelists appear in the following pages, and the RFID-enabled credit card work appears separately in these proceedings.

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2012-07-01 2012-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2011-07-01 2011-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2013-07-01 2013-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2010-07-01 2010-07-01 false Procedures for determining if an individual is...

32 CFR 2102.4 - Procedures for determining if an individual is the subject of a record.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense NATIONAL SECURITY COUNCIL RULES AND REGULATIONS TO IMPLEMENT THE PRIVACY ACT OF 1974 § 2102.4... their inquiries, marking them plainly as a PRIVACY ACT REQUEST, to: Staff Secretary, National Security... 32 National Defense 6 2014-07-01 2014-07-01 false Procedures for determining if an individual is...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary: (i) For the Exchange to carry out the functions described in § 155.200; (ii) For the Exchange to carry out other functions not described in paragraph (a)(1...

32 CFR 806b.27 - When to include a Privacy Act warning statement in publications.

Code of Federal Regulations, 2010 CFR

2010-07-01

... include the Warning Statement when publications direct collection of the Social Security Number, or any part of the Social Security Number, from the individual. The warning statement will cite legal authority and when part of a record system, the Privacy Act system of records number and title. You can use...

What We Can Learn from the Suits

ERIC Educational Resources Information Center

Panettieri, Joseph C.

2006-01-01

This article discusses what colleges and universities can learn from Uncle Sam and corporate America when it comes to designing secure networks and ensuring privacy. After all, schools face many of the same privacy and information security challenges seen in the business and government sectors. The fact of the matter is, in the age of cyber crime…

Archiving data from new survey technologies: Enabling research with high-precision data while preserving participant privacy

DOE PAGES

Gonder, Jeffrey; Burton, Evan; Murakami, Elaine

2015-12-29

Despite the significant effort and expense to collect high-resolution Global Positioning System (GPS) data in travel surveys, privacy concerns often lead to its underutilization. This paper describes development of the Transportation Secure Data Center (TSDC) to address this dilemma of providing data access while preserving privacy. Furthermore, the TSDC operating structure was developed in consultation with an advisory committee and includes: a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using amore » variety of tools and reference information.« less

Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels

DOE Office of Scientific and Technical Information (OSTI.GOV)

Deutsch, D.; Ekert, A.; Jozsa, R.

1996-09-01

Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyze and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an {open_quote}{open_quote}entanglement purification{close_quote}{close_quote} procedure which, because it requires only a few quantum controlled-not and single-qubit operations, could be implemented using technology that is currently being developed. {copyright} {ital 1996 Themore » American Physical Society.}« less

Hacking Facebook Privacy and Security

DTIC Science & Technology

2012-08-28

that their information is somehow protected. However, practically this is not always the case and privacy on social networking sites has received...fraudsters target Facebook and other social networking sites to harvest information about you. Here’s how we recommend you set your Facebook privacy

The study on privacy preserving data mining for information security

NASA Astrophysics Data System (ADS)

Li, Xiaohui

2012-04-01

Privacy preserving data mining have a rapid development in a short year. But it still faces many challenges in the future. Firstly, the level of privacy has different definitions in different filed. Therefore, the measure of privacy preserving data mining technology protecting private information is not the same. So, it's an urgent issue to present a unified privacy definition and measure. Secondly, the most of research in privacy preserving data mining is presently confined to the theory study.

SecureMA: protecting participant privacy in genetic association meta-analysis.

PubMed

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.