Health Information Security and Privacy: A Social Science Exploration of Nurses\u27 Knowledge and Risk Behaviors with Security and Privacy Issues Focusing on Mobile Device Usage

Background. Health information system security and privacy are critical issues that impact the wide use of the Electronic Health Record (EHR) in healthcare including hospitals, providers and health systems (Breaches Affecting 500 or More Individuals, 2017). These issues have been researched from a technology standpoint in this era of accelerated electronic health record adoption, but less has been done related to the EHR users in the United States. Most of the literature related to security and privacy explores research topics, peripheral and direct, regarding policy adherence mechanisms. Yet to be studied is a social science exploration of nurses’ risk knowledge and risk behaviors associated with security and privacy issues. Purpose. This dissertation examines characteristics related to cybersecurity practices of new nurses a year following graduation from nursing school where they may have been prepared to work in environments with EHRs. The study will explore their understanding of cybersecurity as it relates to use and protection of the sources of information in the EHRs, and their own personal risk behaviors with mobile technologies that may put them at risk to outside hacking or misuse of information. The questions that drive the study are the associations with nurses’ knowledge of information system security, risk behaviors specifically with mobile device use, and their threat appraisal that may influence their personal habits and their concern for potential misuse of their own electronic health information. Method. A web-based survey was emailed to a sample of new graduates who completed the National Student Nurses’ Association (NSNA) Annual Survey and gave their permanent email address voluntarily to be contacted again for additional surveys. The survey designed in SurveyMonkey®, the same approach used with this sample in prior studies, was sent to a list of 3,000 addresses. The variables of interest are Knowledge of Information System Security (KISS), ii Risk Behaviors (RB), Personal Technology Practices (PTP), Mobile Device Habits (MDH), Threat Appraisal (Internal and External), Concern for Information Privacy (CFIP), and Information Privacy Protection Response (IPPR). Pilot Testing. Several measures developed for the study were tested on a sample of senior graduating nursing students (n=167) to assess their validity and reliability, including KISS, RB and PTP. Prior to data collection, the new items were assessed for content validity by five judges in preparation to be tested for reliability analysis. A paper-pencil version of the new items was distributed to the nursing students just prior to their graduation. Their responses were entered and analyzed using SPSS, which yielded a final set of items with acceptable reliability (α = .700), These new items were combined with the other variables of previously studied items, slightly modified, for integration on the final tool. Additional demographic questions and mobile device usage were added. Procedures. The final survey was distributed to the list of participants (n=3,000), anticipating a 10 - 20% return rate that would yield 300 - 600 subjects. A reminder was sent every 2 weeks for 6 weeks while the study remained open. Participants were offered an incentive of being eligible for a $250 drawing at the conclusion of the study. Analysis. The first level of analysis included an extensive descriptive analysis of the frequencies and measures of central tendency for subject self-reported mobile device frequency and types of use. The subsequent analysis included a series of correlations calculated on the variables of interest to determine the relationships of predicted relationships. The model did not support the predictions and an adjusted model was proposed for future studies on the measured variables and demographic variables of interest. iii Limitations. The pilot study was distributed in a paper format whereas the proposed format for the national study used an electronic medium. Conclusions. This study provided information about the relationship between the core variables and demographic components. These findings could inform educators and employers about new nurses’ knowledge and risk behaviors related to information system security

An investigation of electronic Protected Health Information (e-PHI) privacy policy legislation in California for seniors using in-home health monitoring systems

This study examined privacy legislation in California to identify those electronic Protected Health Information (e-PHI) privacy policies that are suited to seniors using in-home health monitoring systems. Personal freedom and independence are essential to a person\u27s physical and mental health, and mobile technology applications provide a convenient and economical method for monitoring personal health. Many of these apps are written by third parties, however, which poses serious risks to patient privacy. Current federal regulations only cover applications and systems developed for use by covered entities and their business partners. As a result, the responsibility for protecting the privacy of the individual using health monitoring apps obtained from the open market falls squarely on the states. The goal of this study was to conduct an exploratory study of existing legislation to learn what was being done at the legislative level to protect the security and privacy of users using in-home mobile health monitoring systems. Specifically, those developed and maintained by organizations or individuals not classified as covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The researcher chose California due to its reputation for groundbreaking privacy laws and high population of seniors. The researcher conducted a content analysis of California state legislation, federal and industry best practices, and extant literature to identify current and proposed legislation regarding the protection of e-PHI data of those using in-home health monitoring systems. The results revealed that in-home health monitoring systems show promise, but they are not without risk. The use of smartphones, home networks, and downloadable apps puts patient privacy at risk, and combining systems that were not initially intended to function together carries additional concerns. Factors such as different privacy-protection profiles, opt-in/opt-out defaults, and privacy policies that are difficult to read or are not adhered to by the application also put user data at risk. While this examination showed that there is legislative support governing the development of the technology of individual components of the in-home health monitoring systems, it appears that the in-home health monitoring system as a whole is an immature technology and not in wide enough use to warrant legislative attention. In addition – unlike the challenges posed by the development and maintenance of the technology of in-home health monitoring systems – there is ample legislation to protect user privacy in mobile in-home health monitoring systems developed and maintained by those not classified as covered entities under HIPAA. Indeed, the volume of privacy law covering the individual components of the system is sufficient to ensure that the privacy of the system as a whole would not be compromised if deployed as suggested in this study. Furthermore, the legislation evaluated over the course of this study demonstrated consistent balance between technical, theoretical, and legal stakeholders. This study contributes to the body of knowledge in this area by conducting an in-depth review of current and proposed legislation in the state of California for the past five years. The results will help provide future direction for researchers and developers as they struggle to meet the current and future needs of patients using this technology as it matures. There are practical applications for this study as well. The seven themes identified during this study can serve as a valuable starting point for state legislators to evaluate existing and proposed legislation within the context of medical data to identify the need for legislation to assist in protecting user data against fraud, identity theft, and other damaging consequences that occur because of a data breach

Regulatory Disruption and Arbitrage in Health-Care Data Protection

This article explains how the structure of U.S. health-care data protection(specifically its sectoral and downstream properties) has led to a chronically uneven policy environment for different types of health-care data. It examines claims for health-care data protection exceptionalism and competing demands such as data liquidity. In conclusion, the article takes the position that health­ care-data exceptionalism remains a valid imperative and that even current concerns about data liquidity can be accommodated in an exceptional protective model. However, re-calibrating our protection of health-care data residing outside of the traditional health-care domain is challenging, currently evenpolitically impossible

Privacy and Security Concerns Associated with MHealth Technologies: A Social Media Mining Perspective

mHealth technologies seek to improve personal wellness; however, there are stillsignificant privacy and security challenges. With social networking sites serving as lens through which public sentiments and perspectives can be easily accessed, little has been done to investigate the privacy and security concerns of users, associated with mHealth technologies, through social media mining. Therefore, this study investigated various privacy and security concerns conveyed by social media users, in relation to the use of mHealth wearable technologies, using text mining and grounded theory. In addition, the study examined the general sentiments toward mHealth privacy and security related issues, while unearthing how the various issues have evolved over time. Our target social media platform for data collection was the microblogging platform Twitter, which was accessed through Brandwatch providing access to the “Twitter firehose” to extract English tweets. Triangulation was conducted on a representative sample to confirm the results of the Latent Dirichlet Allocation (LDA) Topic Modeling using manual coding through ATLAS.ti. By using the grounded theory analysis methodology, we developed the D-MIT Emergent Theoretical Model which explains that the concerns of users can be categorized as relating to data management, data invasion, or technical safety issues. This model claims that issues affecting data management of mHealth users through the misuse of their data by entities such as wearable companies and other third-party applications, negatively impact their adoption of these devices. Also, concerns of data invasion via real-time data, security breaches, and data surveillance inhibit the adoption of mHealth wearables, which is further impacted by technical safety issues. Further, when users perceived that they do not have full control over their wearables or patient applications, then their acceptance of these mHealth technologies is diminished. While a lack of data and privacy protection policies contribute negatively to users’ adoption of these devices, it also plays a pivotal role in the data management issues presented in this emergent model. Therefore, the importance of having robust legal and policy frameworks that can support mHealth users is desired. Theoretically, the results support the literature on user acceptance of mHealth wearables. These findings were compared with extant literature, and confirmations found across several studies. Further, the results show that over time, mHealth users are still concerned about areas such as security breaches, real-time data invasion, surveillance, and how companies use the data collected from these devices. The findings reveal that more than 75% of the posts analyzed were categorized as depicting anger, fear, or demonstrating levels of disgust. Additionally, 70% of the posts exhibited negative sentiments, whereas 26% were positive, which indicates that users are ambivalent concerning privacy and security, notwithstanding mentions of privacy or security issues in their posts

Potencial da mHealth e barreiras à sua adopção na União Europeia

Mestrado em Biomedicina FarmacêuticaOs sistemas de saúde Europeus defrontam-se com problemas de sustentabilidade financeira decorrentes de uma população envelhecida e do crescimento na prevalência de doenças crónicas. Mobile Health (mHealth), a prática médica apoiada por dispositivos móveis, tem o potencial para impulsionar o sector da saúde no sentido de uma prestação de serviços mais eficiente e centrada no paciente, estimulando a sustentabilidade económica dos sistemas de saúde. Apesar das promissoras projeções iniciais, a implementação da mHealth na União Europeia aparenta ter sido limitada por obstáculos estruturais e regulamentares. Este trabalho visa desenvolver uma melhor compreensão sobre os mais relevantes desafios que previnem a ampla adoção da mHealth na União Europeia, focando particularmente nas aplicações médicas móveis. A pesquisa por literatura científica sobre mHealth foi realizada na base de dados PubMed recorrendo a palavras-chave relevantes. Literatura cinzenta sobre mHealth foi propositadamente consultada e analisada para completar o estudo. Além de capacitar o doente na gestão da sua própria saúde, a mHealth foca-se na prevenção da doença, na agilização do diagnóstico e na melhoria da adesão ao tratamento, portanto contribuindo para uma prestação de serviços de saúde mais eficiente e sustentável. A incerteza associada ao quadro regulamentar aplicável, a proteção de dados pessoais e a falta de modelos adequados de reembolso são apontados como principais barreiras a uma ampla adoção deste tipo de tecnologias. Um diálogo permanente e construtivo entre as partes interessadas é vital para garantir que soluções de mHealth, seguras e eficazes, são plenamente exploradas.European healthcare systems are struggling with financial sustainability problems arising from an ageing population and chronic diseases prevalence growth. Mobile Health (mHealth), the medical practice supported by mobile devices has the potential to drive the health sector towards a more efficient and patient-centered healthcare as well as stimulate health system economic sustainability. Despite the promising early projections, mHealth’s deployment in the European Union seems to have been limited by structural and regulatory. This work seeks to develop a better understanding over the relevant challenges preventing the wide adoption of mHealth in the European Union, particularly mobile medical applications. A search for empirical literature on mHealth was conducted on PubMed database using relevant key-words. Grey literature regarding mHealth was examined and purposively consulted to further inform the study. Besides empowering patients in managing their own health, mHealth focuses on disease prevention, expediting diagnosis and enhancing treatment compliance, contributing to a more efficient and sustainable healthcare delivery. Regulatory uncertainty, data protection issues and lack of appropriate reimbursement models are appointed as main barriers to a wide adoption of this kind of technologies. An ongoing and constructive dialogue between relevant stakeholders is vital to ensure that safe and effective mHealth solutions are fully exploited

Securing the privacy of patients’ electronic personal information in South African hospitals during COVID-19.

Masters Degree. University of KwaZulu-Natal, Durban.South African organisations have been noticeably ill-prepared in their prevention of data breaches, even amidst the coronavirus public health predicament, where a palpable onslaught of cyberattacks targeting the healthcare sector has arisen locally and globally. The true victims of hospital data breaches in particular remain the patients, who are ultimately deprived of their constitutional right to privacy when electronic records containing their personal information become ‘free real estate’ to cybercriminals. The crux of deterrence of such cybercrime is within the principle of prevention via the utilisation of appropriate cybersecurity and information security controls at an organisational level. With the newly promulgated Protection of Personal Information Act (2013) and Cybercrimes Act (2020), greater legal scrutiny is placed upon South African hospitals to defend the privacy of patients’ data stored on their systems. As per the National Health Act (2003), hospitals have a further obligation to maintain the confidentiality of their patients’ records. This study proposes effective cybersecurity and information security practices that lend support in ensuring the confidentiality, integrity and accessibility of patients’ electronic personal information records in South African private hospitals. Compliance thereof would definitively result in enhanced service delivery and data security for these hospitals and patients alike, whilst adhering to the national legislative requirements

Privacy Protection for Mobile Health (MHEALTH) in Nigeria: A Consideration of the EU Regime for Data Protection as a Conceptual Model for Reforming Nigeria\u27s Privacy Legislation

The use of mobile technologies to provide and deliver healthcare is known as Mobile Health. Nigeria is one of the countries witnessing a profound use of these technologies. While discussions have focused on the potentials of this technologies to address the challenges in the health system, nothing is said about the risks from unauthorized disclosure or misuse of health information provided by users. This becomes worse when Nigeria\u27s laws do not offer adequate protection. As Mobile Health is a novelty to Nigeria, this thesis looks to relevant international standards on privacy protection. It does this by examining the European regime for protection of personal information. To prescribe this regime for Nigeria however, the differences in the socio-economic and cultural realities between Nigeria and Europe are presented and examined. This thesis argues that notwithstanding, Nigeria can draw on the European regime to reform its privacy framework

Transactions of the First International Conference on Health Information Technology Advancement vol. 1, no. 1

Full proceedings of The First International Conference on Health Information Technology Advancement held at Western Michigan University in Kalamazoo, Michigan on October 28, 2011. Conference Co-Chairs: Dr. Bernard Han, Director of the Center for HIT Advancement (CHITA) at Western Michigan University Dr. Sharie Falan, Associate Director of the Center for HIT Advancement (CHITA) at Western Michigan University Transactions Editor: Dr. Huei Lee, Professor in the Department of Computer Information Systems at Eastern Michigan Universit