Hacking HIPAA: Best Practices for Avoiding Oversight in the Sale of Your Identifiable Medical Information

In light of the confusion invited by applying the label de-identified to information that can be used to identify patients, it is paramount that regulators, compliance professionals, patient advocates and the general public understand the significant differences between the standards applied by HIPAA and those applied by permissive de-identification guidelines. This Article discusses those differences in detail. The discussion proceeds in four Parts. Part II (HIPAA’s Heartbeat: Why HIPAA Protects Identifiable Patient Information) examines Congress’s motivations for defining individually identifiable health information broadly, which included to stop the harms patients endured prior to 1996 arising from the commercial sale of their medical records. Part III (Taking the I Out of Identifiable Information: HIPAA’s Requirements for De-Identified Health Information) discusses HIPAA’s requirements for de-identification that were never intended to create a loophole for identifiable patient information to escape HIPAA’s protections. Part IV (Anatomy of a Hack: Methods for Labeling Identifiable information De-Identified ) examines the goals, methods, and results of permissive de-identification guidelines and compares them to HIPAA’s requirements. Part V (Protecting Un-Protected Health Information) evaluates the suitability of permissive de-identification guidelines, concluding that the vulnerabilities inherent in their current articulation render them ineffective as a data protection standard. It also discusses ways in which compliance professionals, regulators, and advocates can foster accountability and transparency in the utilization of health information that can be used to identify patients

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Privacy in the Smart City - Applications, Technologies, Challenges and Solutions

Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities

Transaction Surveillance by the Government

This symposium article is the second of two on regulation of government efforts to obtain recorded information for criminal prosecutions. More specifically, it explores the scope and regulation of transaction surveillance, which it defines as government attempts to access already existing records, either physically or through data banks, and government efforts to obtain, in real-time or otherwise, catalogic data (the identifying signals of a transaction, such as the address of an email recipient). Transaction surveillance is a potent way of discovering and making inferences about a person\u27s activities, character and identity. Yet, despite a bewildering array of statutorily created authorization requirements, transaction surveillance is subject to far less regulation than either physical surveillance of activities inside the home or communications surveillance. My principal argument is that transaction surveillance should be subject to much more legal monitoring than it is. Part I explains why government, and in particular law enforcement, finds transaction surveillance so attractive, and why it is so easy to carry out in this digital age. Part II describes the current law regulating transaction surveillance. Not only is this regulation minimal, it is confusing and contradictory; beyond the traditional subpoena, challengeable by the target of the investigation, current law recognizes a number of subpoena mutations that seem to have little rhyme or reason. If it contributes nothing else, this article should at least clarify the nature of today\u27s regulatory framework. Part III criticizes this framework and outlines a more promising approach. The proposed reform recognizes, as does the current regime, that different sorts of records merit different levels of protection. But, in contrast to current law, the proposal would significantly increase the degree of protection in a number of situations, to the probable cause level for personal records held by private and public entities and to the reasonable suspicion level for records readily available to the public. The relevance standard, which is all that is required today for any type of transaction surveillance, would be reserved for investigations of organizational crime and for obtaining isolated catalogic data. Part IV examines alternatives to these proposals. It rejects both an approach that requires probable cause for all records searches and, at the other extreme, an approach that would allow suspicionless records searches on condition that anything discovered is subject to strict limitations on disclosure. It also criticizes an approach that relies on the legislature, rather than the courts and the Fourth Amendment, to establish fundamental regulatory requirements

An identity- and trust-based computational model for privacy

The seemingly contradictory need and want of online users for information sharing and privacy has inspired this thesis work. The crux of the problem lies in the fact that a user has inadequate control over the flow (with whom information to be shared), boundary (acceptable usage), and persistence (duration of use) of their personal information. This thesis has built a privacy-preserving information sharing model using context, identity, and trust to manage the flow, boundary, and persistence of disclosed information. In this vein, privacy is viewed as context-dependent selective disclosures of information. This thesis presents the design, implementation, and analysis of a five-layer Identity and Trust based Model for Privacy (ITMP). Context, trust, and identity are the main building blocks of this model. The application layer identifies the counterparts, the purpose of communication, and the information being sought. The context layer determines the context of a communication episode through identifying the role of a partner and assessing the relationship with the partner. The trust layer combines partner and purpose information with the respective context information to determine the trustworthiness of a purpose and a partner. Given that the purpose and the partner have a known level of trustworthiness, the identity layer constructs a contextual partial identity from the user's complete identity. The presentation layer facilitates in disclosing a set of information that is a subset of the respective partial identity. It also attaches expiration (time-to-live) and usage (purpose-to-live) tags into each piece of information before disclosure. In this model, roles and relationships are used to adequately capture the notion of context to address privacy. A role is a set of activities assigned to an actor or expected of an actor to perform. For example, an actor in a learner role is expected to be involved in various learning activities, such as attending lectures, participating in a course discussion, appearing in exams, etc. A relationship involves related entities performing activities involving one another. Interactions between actors can be heavily influenced by roles. For example, in a learning-teaching relationship, both the learner and the teacher are expected to perform their respective roles. The nuances of activities warranted by each role are dictated by individual relationships. For example, two learners seeking help from an instructor are going to present themselves differently. In this model, trust is realized in two forms: trust in partners and trust of purposes. The first form of trust assesses the trustworthiness of a partner in a given context. For example, a stranger may be considered untrustworthy to be given a home phone number. The second form of trust determines the relevance or justification of a purpose for seeking data in a given context. For example, seeking/providing a social insurance number for the purpose of a membership in a student organization is inappropriate. A known and tested trustee can understandably be re-trusted or re-evaluated based on the personal experience of a trustor. In online settings, however, a software manifestation of a trusted persistent public actor, namely a guarantor, is required to help find a trustee, because we interact with a myriad of actors in a large number of contexts, often with no prior relationships. The ITMP model is instantiated as a suite of Role- and Relationship-based Identity and Reputation Management (RRIRM) features in iHelp, an e-learning environment in use at the University of Saskatchewan. This thesis presents the results of a two-phase (pilot and larger-scale) user study that illustrates the effectiveness of the RRIRM features and thus the ITMP model in enhancing privacy through identity and trust management in the iHelp Discussion Forum. This research contributes to the understanding of privacy problems along with other competing interests in the online world, as well as to the development of privacy-enhanced communications through understanding context, negotiating identity, and using trust

Settling For Discrimination: Hiv/Aids Carriers And The Resolution Of Legal Claims

In the last decade, foundations and international non-governmental organisations (INGOs) have provided financial backing and transferred litigious techniques to Chinese NGOs operating in the HIV/AIDS area. A few NGOs have developed legal programs that provide legal services to HIV/AIDS carriers. HIV/AIDS carriers seek compensation for contracting their disease from transfusions of contaminated blood, illegal and incompetent blood collection as well as discrimination in employment, education and access to medical care. To date, China's courts have accepted few cases brought by HIV/AIDS carriers seeking claims. Many HIV/AIDS carriers have opted to pursue alternative dispute resolution (ADR) such as mediation and conciliation in order to reach a settlement. The settlements offered by ADR, however, institutionalise discriminatory practices. This paper argues that a combination of societal discrimination against HIV/AIDS carriers, government policies and the approach of courts to HIV/AIDS cases strongly discourages litigation and encourages ADR. By analysing court decisions and more importantly, court refusals to hear cases, the article claims that state policies toward HIV/AIDS carriers are driven by state interests more than protecting the rights and interests of HIV/AIDS carriers. The Four Free and One Care (simian yiguanhuai) policy is used by China to channel potential plaintiffs away from litigation. Rather than undermining discrimination, the courts' handling of HIV/AIDS cases helps sustain societal discrimination

Fighting Cybercrime After \u3cem\u3eUnited States v. Jones\u3c/em\u3e

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus on the technologies that make collecting and aggregating large quantities of information possible. In those efforts, we focused on reasonable expectations held by “the people” that they will not be subjected to broad and indiscriminate surveillance. These expectations are anchored in Founding-era concerns about the capacity for unfettered search powers to promote an authoritarian surveillance state. Although we also readily acknowledged that there are legitimate and competing governmental and law enforcement interests at stake in the deployment and use of surveillance technologies that implicate reasonable interests in quantitative privacy, we did little more. In this Article, we begin to address that omission by focusing on the legitimate governmental and law enforcement interests at stake in preventing, detecting, and prosecuting cyber-harassment and healthcare fraud

Ortsbezogene Anwendungen und Dienste: 9. Fachgespräch der GI/ITG-Fachgruppe Kommunikation und Verteilte Systeme ; 13. & 14. September 2012

Der Aufenthaltsort eines mobilen Benutzers stellt eine wichtige Information für Anwendungen aus den Bereichen Mobile Computing, Wearable Computing oder Ubiquitous Computing dar. Ist ein mobiles Endgerät in der Lage, die aktuelle Position des Benutzers zu bestimmen, kann diese Information von der Anwendung berücksichtigt werden -- man spricht dabei allgemein von ortsbezogenen Anwendungen. Eng verknüpft mit dem Begriff der ortsbezogenen Anwendung ist der Begriff des ortsbezogenen Dienstes. Hierbei handelt es sich beispielsweise um einen Dienst, der Informationen über den aktuellen Standort übermittelt. Mittlerweile werden solche Dienste kommerziell eingesetzt und erlauben etwa, dass ein Reisender ein Hotel, eine Tankstelle oder eine Apotheke in der näheren Umgebung findet. Man erwartet, nicht zuletzt durch die Einführung von LTE, ein großes Potenzial ortsbezogener Anwendungen für die Zukunft. Das jährlich stattfindende Fachgespräch "Ortsbezogene Anwendungen und Dienste" der GI/ITG-Fachgruppe Kommunikation und Verteilte Systeme hat sich zum Ziel gesetzt, aktuelle Entwicklungen dieses Fachgebiets in einem breiten Teilnehmerkreis aus Industrie und Wissenschaft zu diskutieren. Der vorliegende Konferenzband fasst die Ergebnisse des neunten Fachgesprächs zusammen.The location of a mobile user poses an important information for applications in the scope of Mobile Computung, Wearable Computing and Ubiquitous Computing. If a mobile device is able to determine the current location of its user, this information may be taken into account by an application. Such applications are called a location-based applications. Closely related to location-based applications are location-based services, which for example provides the user informations about his current location. Meanwhile such services are deployed commercially and enable travelers for example to find a hotel, a petrol station or a pharmacy in his vicinity. It is expected, not least because of the introduction of LTE, a great potential of locations-based applications in the future. The annual technical meeting "Location-based Applications and Services" of the GI/ITG specialized group "Communication and Dsitributed Systems" targets to discuss current evolutions in a broad group of participants assembling of industrial representatives and scientists. The present proceedings summarizes the result of the 9th annual meeting