Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data

The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to access her personal healthcare data and who has not, by giving her personal privacy consent. Patients’ privacy consent is regulated by local legislations, which can vary frequently from region to region. The technology implementing such privacy aspects must be highly adaptable, often resulting in complex security scenarios that cannot be easily managed by patients and software designers. To overcome such security problems, we advocate the use of a linguistic approach that relies on languages for expressing policies with solid mathematical foundations. Our approach bases on FACPL, a policy language we have intentionally designed by taking inspiration from OASIS XACML, the de-facto standard used in all projects covering secure EHRs transmission protected by patients’ privacy consent. FACPL can express policies similar to those expressible by XACML but, differently from XACML, it has an intuitive syntax, a formal semantics and easy to use software tools supporting policy development and enforcement. In this paper, we present the potentialities of our approach and outline ongoing work

Privacy Preserving HIPAA-Compliant Access Control Model for Web Services

Software applications are developed to help companies and organizations process and manage data that support their daily operations. However, this data might contain sensitive clients’ information that should be protected to ensure the clients’ privacy. Besides losing the clients’ trust, neglecting to ensure the clients’ data privacy may also be unlawful and inflict serious legal and financial consequences. Lately, different laws and regulations related to data privacy have been enacted specially in vital sectors such as health care, finance, and accounting. Those regulations dictate how clients’ data should be disclosed and transmitted within the organization as well as with external partners. The privacy rules in these laws and regulations presented a challenge for software engineers who design and implement the software applications used in processing the clients’ private data. The difficulty is linked to the complexity and length of the letter of the law and how to guarantee that the software application is maintaining the clients’ data privacy in compliance with the law. Some healthcare organization are trying to perform their own interpretation of the law privacy rules by creating custom systems. However, the problems with such approach is that the margin of error while interpreting the letter of the law is high specially with separate efforts carried out by individual companies. According to a survey carried out to check the Healthcare Insurance Portability and Accountability Act (HIPAA) requirements interpretation created for medical and healthcare related applications, none of the frameworks were well developed to capture the relationships specified in the law. To solve this problem, a standard framework is required that will analyze the regulatory text and provide a method to extract the relevant component that can be used during software roles engineering and development. The extracted components will include all the possible arrangements of roles, purposes, permissions, temporal factors, and any carried out obligations. In this work we propose a framework to analyze, extract, model, and enforce the privacy requirements from HIPAA regulatory text. The framework goal is to translate the law privacy rules text into more manageable components in the form of entities, roles, purposes, and obligations. Those components together can be used as building blocks to create formal privacy policies. The process concentrates on two main components; entities and their roles, and data access context. To accomplish the first part, the framework will parse the privacy sections of the regulatory text to mine all the subjects, and then categorize those subjects into roles based on their characterization in the law. To acquire the access context, the process will extract all the purposes, temporal clauses and any carried out obligations and classify them based on their permissibility

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

PriCL: Creating a Precedent A Framework for Reasoning about Privacy Case Law

We introduce PriCL: the first framework for expressing and automatically reasoning about privacy case law by means of precedent. PriCL is parametric in an underlying logic for expressing world properties, and provides support for court decisions, their justification, the circumstances in which the justification applies as well as court hierarchies. Moreover, the framework offers a tight connection between privacy case law and the notion of norms that underlies existing rule-based privacy research. In terms of automation, we identify the major reasoning tasks for privacy cases such as deducing legal permissions or extracting norms. For solving these tasks, we provide generic algorithms that have particularly efficient realizations within an expressive underlying logic. Finally, we derive a definition of deducibility based on legal concepts and subsequently propose an equivalent characterization in terms of logic satisfiability.Comment: Extended versio

Information Privacy: Issues, Concerns and Strategies

The twenty-first century globalized world is characterized by an explosive and exponential growth of data and information that is generated from diverse heterogeneous sources and stored in various formats about all kinds of human endeavour for use in decision making and policy formulation. With this phenomenal growth in information comes with it privacy concerns which have legal implications. This research seeks to comprehensively review critical issues in information privacy, defining key terms like Information, Privacy, Personally Identifiable Information and Expectation of Privacy, this paper will also examine types of personally identifiable information that come under privacy concerns, privacy on the internet, categories of technology to address privacy protection in commercial information technology systems such as: P3P, and XACML. Privacy-enhancing technologies, privacy and the internet, areas of privacy, data and privacy laws of Nigeria and other countries and industry-standard information security requirements and frameworks like the Sarbanes-Oxley law (SOX), privacy issues of social networking sites will all be looked into, so as to broaden our knowledge on information privacy issues. Keywords: Information privacy, P3P, XACML, Sarbanes-Oxley law

Toward Effective Access Control Using Attributes and Pseudoroles

Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages. This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats

Bottom-Up Modeling of Permissions to Reuse Residual Clinical Biospecimens and Health Data

Consent forms serve as evidence of permissions granted by patients for clinical procedures. As the recognized value of biospecimens and health data increases, many clinical consent forms also seek permission from patients or their legally authorized representative to reuse residual clinical biospecimens and health data for secondary purposes, such as research. Such permissions are also granted by the government, which regulates how residual clinical biospecimens may be reused with or without consent. There is a need for increasingly capable information systems to facilitate discovery, access, and responsible reuse of residual clinical biospecimens and health data in accordance with these permissions. Semantic web technologies, especially ontologies, hold great promise as infrastructure for scalable, semantically interoperable approaches in healthcare and research. While there are many published ontologies for the biomedical domain, there is not yet ontological representation of the permissions relevant for reuse of residual clinical biospecimens and health data. The Informed Consent Ontology (ICO), originally designed for representing consent in research procedures, may already contain core classes necessary for representing clinical consent processes. However, formal evaluation is needed to make this determination and to extend the ontology to cover the new domain. This dissertation focuses on identifying the necessary information required for facilitating responsible reuse of residual clinical biospecimens and health data, and evaluating its representation within ICO. The questions guiding these studies include: 1. What is the necessary information regarding permissions for facilitating responsible reuse of residual clinical biospecimens and health data? 2. How well does the Informed Consent Ontology represent the identified information regarding permissions and obligations for reuse of residual clinical biospecimens and health data? We performed three sequential studies to answer these questions. First, we conducted a scoping review to identify regulations and norms that bear authority or give guidance over reuse of residual clinical biospecimens and health data in the US, the permissions by which reuse of residual clinical biospecimens and health data may occur, and key issues that must be considered when interpreting these regulations and norms. Second, we developed and tested an annotation scheme to identify permissions within clinical consent forms. Lastly, we used these findings as source data for bottom-up modelling and evaluation of ICO for representation of this new domain. We found considerable overlap in classes already in ICO and those necessary for representing permissions to reuse residual clinical biospecimens and health data. However, we also identified more than fifty classes that should be added to or imported into ICO. These efforts provide a foundation for comprehensively representing permissions to reuse residual clinical biospecimens and health data. Such representation fills a critical gap for developing applications which safeguard biospecimen resources and enable querying based on their permissions for use. By modeling information about permissions in an ontology, the heterogeneity of these permissions at a range of levels (e.g., federal regulations, consent forms) can be richly represented using entity-relationship links and embedded rules of inference and inheritance. Furthermore, by developing this content in ICO, missing content will be added to the Open Biological and Biomedical Ontology (OBO) Foundry, enabling use alongside other widely adopted ontologies and providing a valuable resource for biospecimen and information management. These methods may also serve as a model for domain experts to interact with ontology development communities to improve ontologies and address gaps which hinder successful uptake.PHDNursingUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162937/1/eliewolf_1.pd