CHORUS Deliverable 3.3: Vision Document - Intermediate version

The goal of the CHORUS vision document is to create a high level vision on audio-visual search engines in order to give guidance to the future R&D work in this area (in line with the mandate of CHORUS as a Coordination Action). This current intermediate draft of the CHORUS vision document (D3.3) is based on the previous CHORUS vision documents D3.1 to D3.2 and on the results of the six CHORUS Think-Tank meetings held in March, September and November 2007 as well as in April, July and October 2008, and on the feedback from other CHORUS events. The outcome of the six Think-Thank meetings will not just be to the benefit of the participants which are stakeholders and experts from academia and industry – CHORUS, as a coordination action of the EC, will feed back the findings (see Summary) to the projects under its purview and, via its website, to the whole community working in the domain of AV content search. A few subjections of this deliverable are to be completed after the eights (and presumably last) Think-Tank meeting in spring 2009

Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier

As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property. Two parallel developments in academic data collection are converging: (1) open access requirements, whereby researchers must provide access to their data as a condition of obtaining grant funding or publishing results in journals; and (2) the vast accumulation of 'grey data' about individuals in their daily activities of research, teaching, learning, services, and administration. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities are exploiting these data for research, learning analytics, faculty evaluation, strategic decisions, and other sensitive matters. Commercial entities are besieging universities with requests for access to data or for partnerships to mine them. The privacy frontier facing research universities spans open access practices, uses and misuses of data, public records requests, cyber risk, and curating data for privacy protection. This paper explores the competing values inherent in data stewardship and makes recommendations for practice, drawing on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.Comment: Final published version, Sept 30, 201

Enhanced privacy governance in Health Information Systems through business process modelling and HL7

© 2019 The Authors. Published by Elsevier B.V. Medical data privacy is nowadays an alarming issue thanks to the technological revolution witnessed in the medical field and the ease of data access and exchange leveraged by newly implemented Hospital Information Systems (HIS). In order to help protect patient data while offering them the required medical procedures, many computerized techniques could be made available to be implemented in HIS since an early stage of their design. Those techniques should be applied throughout the rolling of clinical pathways to preserve medical data privacy and security in order to enhance privacy governance within Hospitals. When considered as processes, and because of their complexity and multidisciplinary nature, clinical pathways should be modelled in a simple way paying attention to medical tasks and the underlining shared clinical data. It is important to highlight the data with higher protection and sensitivity level. These data characteristics will influence many governance and security decisions of each process. This work aims to present a methodology to model clinical pathway specifications for data driven clinical processes, distinguishing sensitive data from other data and identifying personal data protection principles and the Protected Health Information (PHI). In this context, we precise for each clinical task potentially involving data processing and sharing, the level of protection the data requires through the use of privacy tags and labels added to data elements predefined using the HL7 standard. This method of tagging would help mapping extracted data, classified into categories, to a set of privacy requirements as needed by the HIPAA legislation. Hence data protection and privacy governance are leveraged in a seamless and highly transparent way. The use of HL7 allowed better data discovery and parsing which facilitates the definition of medical data protection measures at a later stage

Is There an App for That? Electronic Health Records (EHRs) and a New Environment of Conflict Prevention and Resolution

Katsh discusses the new problems that are a consequence of a new technological environment in healthcare, one that has an array of elements that makes the emergence of disputes likely. Novel uses of technology have already addressed both the problem and its source in other contexts, such as e-commerce, where large numbers of transactions have generated large numbers of disputes. If technology-supported healthcare is to improve the field of medicine, a similar effort at dispute prevention and resolution will be necessary

An Activity Theory Approach to Leak Detection and Mitigation in Personal Health Information (PHI)

The migration to Electronic Health Records (EHR) has raised issues with respect to security and privacy. One such issue that has become a concern for the healthcare providers, insurance companies and pharmacies is Patient Health Information (PHI) leak. Borrowing from Document Control Domain (DCD) literature, in this paper, we develop a methodology for detection and mitigation of PHI leaks by employing Activity Theory to elucidate the complex activities in the transitive workflow

ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

Confidential Informants in Private Litigation: Balancing Interests in Anonymity and Disclosure

Heightened pleading standards and limits on discovery in private securities fraud actions make confidential informants crucial in many cases. While courts have widely recognized the importance of confidential informants and the need to protect them from retaliation, they have not applied consistent standards for how informants must be identified in pleadings, and have failed to take into account substantial bodies of relevant caselaw when deciding whether to require that informants’ names be disclosed in discovery. This article offers a framework for when and how confidential informants should be identified, taking into account the competing interests in anonymity and disclosure. It offers a refined standard for identifying informants at the pleading stage that focuses on how the employee came to have the information pleaded, rather than on the employee’s job title or duties. It also proposes use of in camera review of witness statements. At the discovery stage, this article criticizes the use of the attorney work product doctrine as a basis for protecting informant identities. It argues that courts should perform a balancing analysis that directly weighs public policy and privacy interests in favor of informant anonymity against defendants’ legitimate needs for disclosure. This approach is supported by numerous cases protecting the identities of informants and other types of witnesses under Fed. R. Civ. P. 26(c), and also finds support in the many cases construing the formal privilege applicable to government informants. Finally, this article encourages plaintiffs to seek protective orders for informants early in litigation and briefly discusses protection for witness interview notes

Dwarna : a blockchain solution for dynamic consent in biobanking

Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within the context of biobanking, it gives individuals access to information and control to determine how and where their biospecimens and data should be used. We present Dwarna—a web portal for ‘dynamic consent’ that acts as a hub connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the general public. The portal stores research partners’ consent in a blockchain to create an immutable audit trail of research partners’ consent changes. Dwarna’s structure also presents a solution to the European Union’s General Data Protection Regulation’s right to erasure—a right that is seemingly incompatible with the blockchain model. Dwarna’s transparent structure increases trustworthiness in the biobanking process by giving research partners more control over which research studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen and associated data are destroyed.peer-reviewe

The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers