Regulatory Compliance and the Correlation to Privacy Protection in Healthcare

  title={Regulatory Compliance and the Correlation to Privacy Protection in Healthcare},
  author={Tyrone Grandison and Rafae Bhatti},
  journal={Int. J. Comput. Model. Algorithms Medicine},
Recent government-led efforts and industry-sponsored privacy initiatives in the healthcare sector have received heightened publicity. The current set of privacy laws and regulations mandate that all parties involved in the delivery of care specify and publish privacy policies regarding the use and disclosure of personal health information. Our study of actual privacy policies in the healthcare industry indicates that the vague representations in published privacy policies are not strongly… 

Human and Organizational Factors of Healthcare Data Breaches: The Swiss Cheese Model of Data Breach Causation And Prevention

The author's research suggests that incorporating the SCM concepts into the healthcare security policies and procedures can assist healthcare providers in assessing the vulnerabilities and risks associated with the maintenance and transmission of protected health information.

Audit Mechanisms in Electronic Health Record Systems: Protected Health Information May Remain Vulnerable to Undetected Misuse

The authors analyzed the audit mechanisms of two open source EHR systems, OpenEMR and Tolven eCHR, and one proprietary EHR system and found a noteworthy lack of easily accessible and readable auditing for non-repudiation in each of the three E HR systems.

Analyzing the Interplay Between Regulatory Compliance and Cybersecurity

Through an in-depth literature review, this paper investigates the complexity surrounding compliance and the factors that have an impact on the interplay between compliance and cyber-security.

Analyzing the Interplay Between Regulatory Compliance and Cybersecurity (Revised)

Through an in-depth literature review, the complexity surrounding compliance and the factors that have an impact on the interplay between compliance and cybersecurity are investigated.

Development of a Differential Evolution-based Fuzzy Cognitive Maps for Data Breach in Health-care Sector Fuzzy Cognitive Maps for Data Breach

A fuzzy-based model, which is a fuzzy cognitive map, for a data breach in health-centres using organizational and human criteria, which combines fuzzy logic, decision-makers' opinions and cognitive maps method is presented.

Dynamic Assignment of Crew Reserve in Airlines

A low cost approach is proposed to provide on-line efficient solutions to face perturbed operating conditions and uses a dynamic programming approach for the duties scheduling problem and shows good potential acceptability by the operations staff.

Metaheuristic Search with Inequalities and Target Objectives for Mixed Binary Optimization - Part II: Exploiting Reaction and Resistance

This paper develops a more advanced approach for generating the target objective based on exploiting the mutually reinforcing notions of reaction and resistance and demonstrates how to produce new inequalities by "mining" reference sets of elite solutions.

New Evolutionary Algorithm Based on 2-Opt Local Search to Solve the Vehicle Routing Problem with Private Fleet and Common Carrier

The authors describe hybrid Iterated Density Estimation Evolutionary Algorithm with 2-opt local search to determine the specific assignment of each tour to a private vehicle (internal fleet) or an outside carrier (external fleet).

A Hybrid Meta-Heuristic Algorithm for Dynamic Spectrum Management in Multiuser Systems: Combining Simulated Annealing and Non-Linear Simplex Nelder-Mead

A low-complex algorithm based on a combination of simulated annealing and non-linear simplex to find local (almost global) optimum spectra for multiuser DSL systems, whilst significantly reducing the prohibitive complexity of traditional OSB.

Cuckoo Search Algorithm for Hydrothermal Scheduling Problem

The results obtained have shown that the two methods are favorable for solving short-term hydrothermal scheduling problems.



Towards Improved Privacy Policy Coverage in Healthcare Using Policy Refinement

The fundamental idea behind PRIMA is to exploit policy refinement techniques to gradually and seamlessly embed privacy controls into the clinical workflow based on the actual practices of the organization in order to improve the coverage of the privacy policy.

A security policy model for clinical information systems

  • Ross J. Anderson
  • Computer Science
    Proceedings 1996 IEEE Symposium on Security and Privacy
  • 1996
This article presents a clear and concise access rules for clinical information systems that was commissioned by doctors and is driven by medical ethics; it is informed by the actual threats to privacy, and reflects current best clinical practice.

Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data

The Platform for Enterprise Privacy Practices (E-P3P), which defines technology for privacy-enabled management and exchange of customer data, is described, which introduces a viable separation of duty between the three "administrators" of a privacy system.

HIPAA's Effect on Web Site Privacy Policies

A longitudinal study examines the effects of HIPAA's enactment on a collection of privacy policy documents for a fixed set of organizations over a four-year period, analyzed using goal mining, a content-analysis method that supports extraction of useful information about institutions' privacy practices from documents.

Reading level of privacy policies on Internet health Web sites.

The privacy policies of health Web sites are not easily understood by most individuals in the United States and do not serve to inform users of their rights.

A comparative study of online privacy policies and formats

It was found participants were not able to reliably understand companies' privacy practices with any of the formats, and participants were faster with standardized formats but at the expense of accuracy for layered policies, and Privacy Finder formats supported accuracy more than natural language for harder questions.

Personal health records: empowering consumers.

By empowering consumers, electronic personal health records will play a key role in the evolving electronically enabled health information environment and the value of the PHR will lie in shared information and shared decision-making, as its components support the continuity of care.

A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs

It is found that the uses of the exception mechanisms were too frequent and widespread to be considered exceptions and the huge size of the log and the use of pre-defined or uninformative reasons for access make it infeasible to audit the log for misuse.

Expressive Privacy Promises — How to Improve the Platform for Privacy Preferences (P3P)

This position paper summarizes the experiences and some problems the authors have encountered when using P3P and suggests a extended but simplified syntax and a revised consent model that groups opt-in and opt-out to multiple statements into one ‘consent block’.