Risk-Based Models for Managing Data Privacy in Healthcare

Literaturnachweis - Detailanzeige

Trefferliste

Autor/in	AL Faresi, Ahmed
Titel	Risk-Based Models for Managing Data Privacy in Healthcare
Quelle	(2011), (170 Seiten) PDF als Volltext Verfügbarkeit Ph.D. Dissertation, George Mason University
Sprache	englisch
Dokumenttyp	gedruckt; online; Monographie
ISBN	978-1-2671-0042-9
Schlagwörter	Hochschulschrift; Dissertation; Identification; Information Security; Compliance (Legal); Patients; Social Networks; Health Services; Risk Management; Models; Privacy; Policy Formation; Classification; Internet; Federal Legislation; Computer System Design; Information Technology; Access to Information; Health Personnel; Preferences; Case Studies; Genetics; Information Policy; Information Management + Suchen Sie Ihr Suchwort? Thesis; Dissertations; Academic thesis; Identifikation; Identifizierung; Patient; Social network; Soziales Netzwerk; Health service; Gesundheitsdienst; Gesundheitswesen; Risikomanagement; Analogiemodell; Privatsphäre; Politische Betätigung; Classification system; Klassifikation; Klassifikationssystem; Bundesrecht; Informationstechnologie; Medizinisches Personal; Case study; Fallstudie; Case Study; Humangenetik; Informationspolitik; Procurement of information; Informationsbeschaffung
Abstract	Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step towards identifying and classifying privacy threats from a selection of health data exchange scenarios. Specifically I investigate data sharing scenarios that occur within a health care organization, between a health organization and a research group, and between patients and online social networks. I first derive the privacy requirements from legislative laws for protecting patient privacy in the U.S., namely the Health Insurance Portability and Accountability Act (HIPAA). Using the derived requirements I develop methods to enforce them in the data sharing scenarios specified. I use risk modeling to quantify the privacy threat in each sharing scenario and I incorporate that risk intelligence to develop security solutions to counteract the vulnerabilities found. I found that sharing health data within a care entity is vulnerable to breaches by authorized users. I developed a risk-scoring model, that profiles authorized healthcare employees based on their tendency to commit privacy breaches. I also found that current access control models that handle health data lack the necessary conditions to enforce HIPAA rules and to involve patients in the management of data. In response I designed an access control framework that enforces HIPAA rules and preserves data privacy when it is shared among authorized users. The access control model makes use of automated object policies that allows patients to set their privacy preferences regarding how data is disclosed and shared. I identified a privacy vulnerability when genomic data is shared for secondary usage using a real case study. The vulnerability allows the re-identification of contributors to genomic studies by combining information from publicly available data with the geographical location of the study participants. Knowledge of location can be explicitly stated in published results or implicitly inferred from the collection point (i.e. requesting data from a known location). In response I proposed a security protocol to anonymously share medical sequencing data and demonstrated that the risk of re-identification can be reduced with the proposed technique while keeping the fidelity of the data intact. Finally I identified a privacy vulnerability when patients share data on health social networks, by exploiting the fact that they reuse their pseudonyms in other social networks that contain identifying information about them. A Bayesian model was used to estimate risk, and the method of re-identification was demonstrated empirically. I propose a set of heuristics to reduce the risk of this privacy vulnerability. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] (As Provided).
Anmerkungen	ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml
Erfasst von	ERIC (Education Resources Information Center), Washington, DC
Update	2017/4/10