A Comparative Analysis of HIPAA Security Risk Assessments for Two Small Dental Clinics

Cyber security risk assessments in the healthcare industry are legally required and demand an ongoing investment of time and resources. Small healthcare clinics are less likely to have streamlined processes in place to meet these requirements. This work presents two case studies featuring qualitative Health Insurance Portability and Accountability Act (HIPAA) security risk assessments of small dental clinics using the free Security Risk Assessment (SRA) tool provided by the US Department of Health and Human Services. One clinic used a cloud service provider to safeguard protected health information (PHI) while the other used an on-premises server. The data revealed detailed information relating to the cyber risk posture of each organization within the scope of the HIPAA Security Rule. Analysis included suggestions to mitigate the compliance gaps and vulnerabilities within the environment. Based on the data gathered, a comparative analysis of using the cloud vs. on-premises to manage PHI was conducted to provide insight into the need to balance security with other business requirements. This work provides greater context to the process of conducting HIPAAcompliant security risk assessments, including the responsibilities that small healthcare providers must own to protect their business reputation in the event of a major security incident

INSTITUTIONAL EFFECTS OF COMPARATIVE GOVERNMENT REGULATION FOR THE PROTECTION AND PRIVACY OF HEALTH DATA IN THE CLOUD

This research is a comparative study of the institutional effects of regulatory and compliance issues surrounding cloud computing in healthcare. Our focus is on health care organizations and the IT industry, and how these two important stakeholders interpret and apply the privacy and security rules from the U.S. and EU. As an institutional environment, healthcare is experiencing coercive, normative and mimetic isomorphic pressures on macro, meso and micro levels. International governments are seeking ways to build capacity in the cloud computing market, yet they are faced with difficult issues in relation to privacy and security of personal data. Our findings suggest that regulatory and compliance is being developed ‘in response to’ rather than ‘in anticipation of’ technical change. Normative pressures to encourage healthcare organizations to develop effective data protection and privacy policies to comply with new regulatory change are further complicated in an environment where cloud data may be transferred across different legal and regulatory jurisdictions. Our findings show that healthcare organizations and cloud providers need to work more closely together as business associates. However, translating HIPAA and EU rules and regulations into practice is thwarted by a lack of legal and regulatory knowledge, particularly in the smaller organizations

Personalized Pain Study Platform Using Evidence-Based Continuous Learning Tool

With the increased accessibility to mobile technologies, research utilizing mobile technologies in medical and public health area has also increased. The efficiency and effectiveness of healthcare services are also improved by introduction of mobile technologies. Effective pain treatment requires regular and continuous pain assessment of the patients. Mobile Health or mHealth has been an active interdisciplinary research area for more than a decade to research pain assessment through different software research tools. Different mHealth support systems are developed to assess pain level of patient using different techniques. Close attention to participant’s self- reported pain along with data mining based pain level detection could help the healthcare industry and researchers to deliver effective health services in pain treatment. Pain expression recognition can be a good way for data mining based approach though pain expression recognition itself may utilize different approach based on the research study scope. Most of the pain research tools are study or disease specific. Some of the tools are pain specific (lumber pain, cancer pain etc) and some are patient group specific (neonatal, adult, woman etc). This results in recurrent but potentially avoidable costs such as time, money, and workforce to develop similar service or software research tools for each research study. Based on the pain study research characteristics, it is possible to design and implement a customizable and extensible generic pain research tool. In this thesis, we have proposed, designed, and implemented a customizable personalized pain study platform tool following a micro service architecture. It has most of the common software research modules that are needed for a pain research study. These include real-time data collection, research participant management, role based access control, research data anonymization etc. This software research tool is also used to investigate pain level detection accuracy using evidence-based continuous learning from facial expression which yielded about 71% classification accuracy. This tool is also HIPAA compliant and platform independent which makes it device independent, privacy-aware, and security-aware

Security and Privacy of Wearable Internet of Medical Things: Stakeholders Perspective

Internet of medical things (IoMT) is a fast-emerging technology in healthcare with a lot of scope for security vulnerabilities. Like any other internet connected device, IoMT is not immune to breaches. These breaches can not only affect the functionality of the device but also impact the security and privacy (S&P) of the data. The impact of these breaches can be devastating as well as life-threatening. The proposed methodology used a stakeholder-centric approach to Improve security of wearable IoMT devices. The proposed methodology firstly relied on a set of S&P attributes for wearable IoMTs that are identified to quantify security in these devices. Second, presented a method to quantify security in these devices. Finally, presented a case study to show how the proposed framework can be used to rank Wearable IoMTs in terms of S&P. This work aimed to (1) guide hesitant users when choosing a secure IoMT device, (2) encourage healthier competition among manufacturers of IoMT devices, and therefore, (3) improve the security of wearable IoMT devices

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications

The Potential for Machine Learning Analysis over Encrypted Data in Cloud-based Clinical Decision Support - Background and Review

This paper appeared at the 8th Australasian Workshop on Health Informatics and Knowledge Management (HIKM 2015), Sydney, Australia, January 2015. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 164, Anthony Maeder and Jim Warren, Ed. Reproduction for academic, not-for profit purposes permitted provided this text is includedIn an effort to reduce the risk of sensitive data exposure in untrusted networks such as the public cloud, increasing attention has recently been given to encryption schemes that allow specific computations to occur on encrypted data, without the need for decryption. This relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data in a meaningful way while still in encrypted form. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. This review paper examines the history and current status of homomoprhic encryption and its potential for preserving the privacy of patient data underpinning cloud-based CDS applications