Healthcare Information Privacy Research: Iusses, Gaps and What Next?

The proliferation of e-health holds great promises in sharing medical data, improving healthcare quality, saving patient lives and reducing costs. However, these potential benefits also bring much attention to the issues of information privacy. Given that medical data disclosure is the second highest reported breaches, it is imperative to understand both information privacy and its context in healthcare. Just as lack of appropriate privacy measures might cause economic harm or denied service from insurance or employers, tight privacy can prevent care providers from accessing patient information in time to save lives. This paper takes an integrated look into the area of healthcare information privacy from both MIS and health informatics perspectives. Based on the literature review and our personal communication with health informatics experts, we identified and presented four major themes: 1) scope and definition of privacy and electronic health records, 2) the information privacy issues and threats, 3) the countermeasures used to address and manage information privacy and 4) why privacy responses matter. This paper provides a unique perspective to privacy in the context of healthcare by focusing on the issues, the matching countermeasures and the drivers behind organizational behaviors into how they manage these threats

DATA CLUSTERING AND MICRO-PERTURBATION FOR PRIVACY-PRESERVING DATA SHARING AND ANALYSIS

Clustering-based data masking approaches are widely used for privacy-preserving data sharing and data mining. Existing approaches, however, cannot cope with the situation where confidential attributes are categorical. For numeric data, these approaches are also unable to preserve important statistical properties such as variance and covariance of the data. We propose a new approach that handles these problems effectively. The proposed approach adopts a minimum spanning tree technique for clustering data and a micro-perturbation method for masking data. Our approach is novel in that it (i) incorporates an entropy-based measure, which represents the disclosure risk of the categorical confidential attribute, into the traditional distance measure used for clustering in an innovative way; and (ii) introduces the notion of cluster-level microperturbation (as opposed to conventional micro-aggregation) for masking data, to preserve the statistical properties of the data. We provide both analytical and empirical justification for the proposed methodology

Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may over- or under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address the issue of investment inefficiency. We show that compared with cyberinsurance, MSS is more effective in mitigating the security investment inefficiency because the MSS provider (MSSP) serving multiple firms can endogenize the externalities of security investments. However, the investment externalities may discourage a for-profit MSSP from serving all firms even on a monopoly market. We then show that firms can use RPA as a complement to cyberinsurance to address risk interdependency for all firms. However, the adoption of RPA is incentive-compatible for firms only when the security investments generate negative externalities

Releasing Individually Identifiable Microdata with Privacy Protection Against Stochastic Threat: An Application to Health Information

The ability to collect and disseminate individually identifiable microdata is becoming increasingly important in a number of arenas. This is especially true in health care and national security, where this data is considered vital for a number of public health and safety initiatives. In some cases legislation has been used to establish some standards for limiting the collection of and access to such data. However, all such legislative efforts contain many provisions that allow for access to individually identifiable microdata without the consent of the data subject. Furthermore, although legislation is useful in that penalties are levied for violating the law, these penalties occur after an individual’s privacy has been compromised. Such deterrent measures can only serve as disincentives and offer no true protection. This paper considers security issues involved in releasing microdata, including individual identifiers. The threats to the confidentiality of the data subjects come from the users possessing statistical information that relates the revealed microdata to suppressed confidential information. The general strategy is to recode the initial data, in which some subjects are “safe” and some are at risk, into a data set in which no subjects are at risk. We develop a technique that enables the release of individually identifiable microdata in a manner that maximizes the utility of the released data while providing preventive protection of confidential data. Extensive computational results show that the proposed method is practical and viable and that useful data can be released even when the level of risk in the data is high

The Impact of Consumer Perceptions of Information Privacy and Security Risks on the Adoption of Residual RFID Technologies

In today’s global competitive environment, organizations face a variety of challenges. Continuous improvement in organizational efficiencies and improving the entire supply chain are necessary to stay competitive. Many organizations are adopting radio frequency identification technologies (RFID) as part of their information supply chains. These technologies provide many benefits to the organizations that use them. However, how these technologies affect the consumer and their willingness to adopt the technology is often overlooked. Many of these RFID tags remain active after the consumers purchase them. These RFID tags, placed in a product for one purpose and left in the product after the tags have served their purpose, are residual RFIDs. Residual RFID technology can have many positive and negative effects on consumers’ willingness to buy and use products containing RFID, and thus, on the business’s ability to sell products containing RFID. If consumers refuse to buy products with residual RFID tags in them, the business harm is greater than the business benefit, regardless of any gain in supply chain efficiency. In this study, we outline some of the advantages and disadvantages of Residual RFID from the consumer perspective, then follow up with an in depth survey and analysis of consumer perceptions. Using structural equation modeling (SEM) we demonstrate that consumers’ perceptions of privacy risk likelihood and privacy risk harm negatively impact their intentions to use this technology. The implications of these findings need to be considered before the pending implementation of residual RFID technologies in the supply chain on a mass scale

Protecting Time Series Data with Minimal Forecast Loss

Forecasting could be negatively impacted due to anonymization requirements in data protection legislation. To measure the potential severity of this problem, we derive theoretical bounds for the loss to forecasts from additive exponential smoothing models using protected data. Following the guidelines of anonymization from the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), we develop the $k$-nearest Time Series ($k$-nTS) Swapping and $k$-means Time Series ($k$-mTS) Shuffling methods to create protected time series data that minimizes the loss to forecasts while preventing a data intruder from detecting privacy issues. For efficient and effective decision making, we formally model an integer programming problem for a perfect matching for simultaneous data swapping in each cluster. We call it a two-party data privacy framework since our optimization model includes the utilities of a data provider and data intruder. We apply our data protection methods to thousands of time series and find that it maintains the forecasts and patterns (level, trend, and seasonality) of time series well compared to standard data protection methods suggested in legislation. Substantively, our paper addresses the challenge of protecting time series data when used for forecasting. Our findings suggest the managerial importance of incorporating the concerns of forecasters into the data protection itself

Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat

A practical model and an associated method are developed for providing consistent, deterministically correct responses to ad-hoc queries to a database containing a field of binary confidential data. COUNT queries, i.e., the number of selected subjects whose confidential datum is positive, are to be answered. Exact answers may allow users to determine an individual's confidential information. Instead, the proposed technique gives responses in the form of a number plus a guarantee so that the user can determine an interval that is sure to contain the exact answer. At the same time, the method is also able to provide both deterministic and stochastic protection of the confidential data to the subjects of the database. Insider threat is defined precisely and a simple option for defense against it is given. Computational results on a simulated database are very encouraging in that most queries are answered with tight intervals, and that the quality of the responses improves with the number of subjects identified by the query. Thus the results are very appropriate for the very large databases prevalent in business and governmental organizations. The technique is very efficient in terms of both time and storage requirements, and is readily scalable and implementable.confidentiality protection, database security, categorical data, inference disclosure