Healthcare Information Privacy Research: Iusses, Gaps and What Next?

The proliferation of e-health holds great promises in sharing medical data, improving healthcare quality, saving patient lives and reducing costs. However, these potential benefits also bring much attention to the issues of information privacy. Given that medical data disclosure is the second highest reported breaches, it is imperative to understand both information privacy and its context in healthcare. Just as lack of appropriate privacy measures might cause economic harm or denied service from insurance or employers, tight privacy can prevent care providers from accessing patient information in time to save lives. This paper takes an integrated look into the area of healthcare information privacy from both MIS and health informatics perspectives. Based on the literature review and our personal communication with health informatics experts, we identified and presented four major themes: 1) scope and definition of privacy and electronic health records, 2) the information privacy issues and threats, 3) the countermeasures used to address and manage information privacy and 4) why privacy responses matter. This paper provides a unique perspective to privacy in the context of healthcare by focusing on the issues, the matching countermeasures and the drivers behind organizational behaviors into how they manage these threats

Information Disclosure and Online Social Networks: From the Case of Facebook News Feed Controversy to a Theoretical Understanding

Based on the insights learned from the case analysis of the Facebook News Feed outcry, we develop a theoretical understanding that identifies major drivers and impediments of information disclosure in Online Social Networks (OSNs). Research propositions are derived to highlight the roles of privacy behavioral responses, privacy concerns, perceived information control, trust in OSN providers, trust in social ties, and organizational privacy interventions. The synthesis of privacy literature, bounded rationality and trust theories provides a rich understanding of the adoption of OSNs that creates privacy and security vulnerabilities, and therefore, informs the privacy research in the context of OSNs. The findings are also potentially useful to privacy advocates, regulatory bodies, OSN providers, and marketers to help shape or justify their decisions concerning OSNs

Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment

Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an ``ideal\u27\u27 scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.\u27s scheme and Li\u27s scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy