Personal health data - Privacy policy harmonization and global enforcement

This workshop is jointly organized by EFMI Working Groups Security, Safety and Ethics and Personal Portable Devices in cooperation with IMIA Working Group "Security in Health Information Systems". In contemporary healthcare and personal health management the collection and use of personal health information takes place in different contexts and jurisdictions. Global use of health data is also expanding. The approach taken by different experts, health service providers, data subjects and secondary users in understanding privacy and the privacy expectations others may have is strongly context dependent. To make eHealth, global healthcare, mHealth and personal health management successful and to enable fair secondary use of personal health data, it is necessary to find a practical and functional balance between privacy expectations of stakeholder groups. The workshop will highlight these privacy concerns by presenting different cases and approaches. Workshop participants will analyse stakeholder privacy expectations that take place in different real-life contexts such as portable health devices and personal health records, and develop a mechanism to balance them in such a way that global protection of health data and its meaningful use is realized simultaneously. Based on the results of the workshop, initial requirements for a global healthcare information certification framework will be developed.

Availability, Data Privacy and Copyrights – Opening Knowledge via Contracts and Pilots

Availability, Data Privacy and Copyrights – Opening Knowledge via Contracts and Pilots, discusses how in Aviisi-project of National Library of Finland, the digital contents, and their availability topics dealt together with pilot organizations

Data privacy in interoperability environments – a case study in the Portuguese healthcare sector

Data sharing between organizations through interoperability initiatives involving multiple information systems is fundamental to promote the collaboration and integration of services. However, in terms of data, the considerable increase in its exposure to additional risks, require a special attention to issues related to privacy of these data. For the Portuguese healthcare sector, where the sharing of health data is, nowadays, a reality at national level, data privacy is a central issue, which needs solutions according to the agreed level of interoperability between organizations. This context led the authors to study the factors with influence on data privacy in a context of interoperability, through a qualitative and interpretative research, based on the method of case study. This article presents the final results of the research that successfully identifies 10 subdomains of factors with influence on data privacy, which should be the basis for the development of a joint protection program, targeted at issues associated with data privacy.

Privacy in data publishing for tailored recommendation scenarios

Personal information is increasingly gathered and used for providing services tailored to user preferences, but the datasets used to provide such functionality can represent serious privacy threats if not appropriately protected. Work in privacy-preserving data publishing targeted privacy guarantees that protect against record re-identification, by making records indistinguishable, or sensitive attribute value disclosure, by introducing diversity or noise in the sensitive values. However, most approaches fail in the high-dimensional case, and the ones that don’t introduce a utility cost incompatible with tailored recommendation scenarios. This paper aims at a sensible trade-off between privacy and the benefits of tailored recommendations, in the context of privacy-preserving data publishing. We empirically demonstrate that significant privacy improvements can be achieved at a utility cost compatible with tailored recommendation scenarios, using a simple partition-based sanitization method.

Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems

Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.

Privacy and trust management for electronic health records

Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.

Privacy-aware workflow management

Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these policies are designed to enforce the organisation’s security requirements but do not consider those of other stakeholders. Privacy is an important security requirement that concerns the subject of data held by an organisation. WfMSs often process sensitive data about individuals and institutions who demand that their data is properly protected, but WfMSs fail to recognise and enforce privacy policies. In this paper, we illustrate existing WfMS privacy weaknesses and introduce WfMS extensions required to enforce data privacy. We have implemented these extensions in the YAWL system and present a case scenario to demonstrate how it can enforce a subject’s privacy policy.

When does Google hand over your data to governments?

Governments around the world want to know a lot about who we are and what we’re doing online and they want communications companies to help them find it. We don’t know a lot about when companies hand over this data, but we do know that it’s becoming increasingly common.

Data driven and practice-based evidence : design and development of efficient and effective clinical decision support system

Decision-making is such an integral aspect in health care routine that the ability to make the right decisions at crucial moments can lead to patient health improvements. Evidence-based practice, the paradigm used to make those informed decisions, relies on the use of current best evidence from systematic research such as randomized controlled trials. Limitations of the outcomes from randomized controlled trials (RCT), such as “quantity” and “quality” of evidence generated, has lowered healthcare professionals’ confidence in using EBP. An alternate paradigm of Practice-Based Evidence has evolved with the key being evidence drawn from practice settings. Through the use of health information technology, electronic health records (EHR) capture relevant clinical practice “evidence”. A data-driven approach is proposed to capitalize on the benefits of EHR. The issues of data privacy, security and integrity are diminished by an information accountability concept. Data warehouse architecture completes the data-driven approach by integrating health data from multi-source systems, unique within the healthcare environment.

Prediction and Privacy in Healthcare Analytics

Thesis (Master's)--University of Washington, 2016-03

Privacy-friendly Business Models for Location-Based Mobile Services

This paper presents a theoretical model to analyze the privacy issues around location based mobile business models. We report the results of an exploratory field experiment in Switzerland that assessed the factors driving user payoff in mobile business. We found that (1) the personal data disclosed has a negative effect on user payoff; (2) the amount of personalization available has a direct and positive effect, as well as a moderating effect on user payoff; (3) the amount of control over user's personal data has a direct and positive effect, as well as a moderating effect on user payoff. The results suggest that privacy protection could be the main value proposition in the B2C mobile market. From our theoretical model we derive a set of guidelines to design a privacy-friendly business model pattern for third-party services. We discuss four examples to show the mobile platform can play a key role in the implementation of these new business models.