The NPFIT strategy for information security of care record service

The National Programme for IT in England doesn’t have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents

Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule

In this Article, we discuss how these principles for balancing apply in a number of important contexts where individually identifiable health data are shared. In Part I, we analyze the modern view favoring autonomy and privacy. In the last several decades, individual autonomy has been used as a justification for preventing sharing of information irrespective of the good to be achieved. Although respect for privacy can sometimes be important for achieving public purposes (e.g., fostering the physician/patient relationship), it can also impair the achievement of goals that are necessary for any healthy and prosperous society. A framework for balancing that strictly favors privacy can lead to reduced efficiencies in clinical care, research, and public health. We reason that society would be better served, and individuals would be only marginally less protected, if privacy rules permitted exchange of data for important public benefits. In Part II, we explain the national health information privacy regulations: (1) what do they cover?; (2) to whom do they apply?; and (3) how do they safeguard personal privacy? Parts III and IV focus on whether the standards adhere, or fail to adhere, to the privacy principles discussed in Part I. In Part III, we examine two autonomy rules established in the national privacy regulations: informed consent (for uses or disclosures of identifiable health data for health-care related purposes) and written authorization (for uses or disclosures of health data for non-health care related purposes). We observe that the informed consent rule is neither informed nor consensual. The rule is likely to thwart the effective management of health organizations without benefiting the individual. Requiring written authorization, on the other hand, protects individual privacy to prevent disclosures to entities that do not perform health-related functions, such as employers and life insurers. In Part IV, we examine various contexts in which data can be shared for public purposes under the national privacy rule: public health, research, law enforcement, familial notification, and commercial marketing. We apply our framework for balancing in each context and observe the relative strengths and weaknesses of the privacy regulations in achieving a fair balance of private and public interests

An authorization policy management framework for dynamic medical data sharing

In this paper, we propose a novel feature reduction approach to group words hierarchically into clusters which can then be used as new features for document classification. Initially, each word constitutes a cluster. We calculate the mutual confidence between any two different words. The pair of clusters containing the two words with the highest mutual confidence are combined into a new cluster. This process of merging is iterated until all the mutual confidences between the un-processed pair of words are smaller than a predefined threshold or only one cluster exists. In this way, a hierarchy of word clusters is obtained. The user can decide the clusters, from a certain level, to be used as new features for document classification. Experimental results have shown that our method can perform better than other methods.<br /

The National Health Information Network and the Future of Medical Information Privacy

Medical information has a special status among the various items of personal information. The introduction of information technology (IT) has changed the handling of medical information in ways that are both promising for improving health care as well as threatening to the individual patient\u27s medical information privacy. The challenge to business practitioners is to manage medical information intelligently and to avoid the negative consequences of mismanaging this information, which may include customer backlash in the forms of boycotts, lawsuits, and loss of company reputation. This challenge is particularly important in the context of the U.S. National Health Information Network initiative, which has the potential of sending electronic medical information to IT devices worldwide in the not too distant future