A Study of the Intent to Fully Utilize Electronic Personal Health Records in the Context of Privacy and Trust

Richards, Rhonda J.

05 1900

Government initiatives called for electronic health records for each individual healthcare consumer by 2014. the purpose of the initiatives is to provide for the common exchange of clinical information between healthcare consumers, healthcare providers, third-party payers and public healthcare officials.This exchange of healthcare information will impact the healthcare industry and enable more effective and efficient application of healthcare so that there may be a decrease in medical errors, increase in access to quality of care tools, and enhancement of decision making abilities by healthcare consumers, healthcare providers and government health agencies. an electronic personal health record (ePHR) created, managed and accessed by healthcare consumers may be the answer to fulfilling the national initiative. However, since healthcare consumers potentially are in control of their own ePHR, the healthcare consumer’s concern for privacy may be a barrier for the effective implementation of a nationwide network of ePHR. a technology acceptance model, an information boundary theory model and a trust model were integrated to analyze usage intentions of healthcare consumers of ePHR. Results indicate that healthcare consumers feel there is a perceived usefulness of ePHR; however they may not see ePHR as easy to use. Results also indicate that the perceived usefulness of utilizing ePHR does not overcome the low perceived ease of use to the extent that healthcare consumers intend to utilize ePHR. in addition, healthcare consumers may not understand the different components of usage: access, management, sharing and facilitating third-party ePHR. Also, demographics, computer self-efficacy, personal innovativeness, healthcare need and healthcare literacy impact a healthcare consumer’s privacy concerns and trusting intentions in the context of ePHR and intent to utilize ePHR. Finally, this research indicates that healthcare consumers may need a better understanding of the Health Insurance and Portability and Accountability Act of 1996 (HIPAA) regulations of ePHR as well as a better understanding of the impact HIPAA has on websites that may facilitate ePHR.

Personal health records

privacy

trust

usage intentions

Validating the Veracity of User Data Collected and Disclosed by Ad Networks

Tatar, Can

31 May 2012

"The use of behavioral targeting practices provides ad networks with the opportunity to tailor ads to the individual characteristics of users. As privacy concerns over behavioral targeting have been growing lately, an increasing number of ad networks offer ad preferences managers (APMs) that show collected and/or inferred information about users. The focus of our study is to investigate the accuracy and completeness of the information contained in such APMs. On the basis of our experimental results, we propose a structured methodology for APM validation. We also assess how third parties render ads based on users’ browsing behavior. Our findings reveal cases in which even sensitive information is leaked as part of an HTTP header and is used to serve ads on multiple sites. The third parties examined in this study include an intent-focused data exchange (BlueKai) and a social network (Facebook) along with the ad networks owned by AOL, Google, and Yahoo!."

Web privacy

behavioral targeting

ad networks

The evolution of data protection and privacy in the public security context : an institutional analysis of three EU data retention and access regimes

Möller, Carolin

January 2017

Since nearly two decades threats to public security through events such as 9/11, the Madrid (2004) and London (2005) bombings and more recently the Paris attacks (2015) resulted in the adoption of a plethora of national and EU measures aiming at fighting terrorism and serious crime. In addition, the Snowden revelations brought the privacy and data protection implications of these public security measures into the spotlight. In this highly contentious context, three EU data retention and access measures have been introduced for the purpose of fighting serious crime and terrorism: The Data Retention Directive (DRD), the EU-US PNR Agreement and the EU-US SWIFT Agreement. All three regimes went through several revisions (SWIFT, PNR) or have been annulled (DRD) exemplifying the difficulty of determining how privacy and data protection ought to be protected in the context of public security. The trigger for this research is to understand the underlying causes of these difficulties by examining the problem from different angles. The thesis applies the theory of 'New Institutionalism' (NI) which allows both a political and legal analysis of privacy and data protection in the public security context. According to NI, 'institutions' are defined as the operational framework in which actors interact and they steer the behaviours of the latter in the policy-making cycle. By focusing on the three data retention and access regimes, the aim of this thesis is to examine how the EU 'institutional framework' shapes data protection and privacy in regard to data retention and access measures in the public security context. Answering this research question the thesis puts forward three main hypotheses: (i) privacy and data protection in the Area of Freedom, Security and Justice (AFSJ) is an institutional framework in transition where historic and new features determine how Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (CFREU) are shaped; (ii) policy outcomes on Articles 7 and 8 CFREU are influenced by actors' strategic preferences pursued in the legislation-making process; and (iii) privacy and data protection are framed by the evolution of the Court of Justice of the European Union (CJEU) from a 'legal basis arbiter' to a political actor in its own right as a result of the constitutional changes brought by the Lisbon Treaty.

A study of the movement for a national statistical data center : 1960-1967.

Yorsz, Walter

January 1976

Thesis. 1976. M.S.--Massachusetts Institute of Technology. Dept. of Political Science. / Microfiche copy available in Archives and Dewey. / Includes bibliographical references. / M.S.

Political Science

Privacy, Right of United States

Degree of privacy afforded in long-term care

Givens, Lynn Marie, Ornelas, Jesse

01 January 2008

The purpose of this study was to assess the level of privacy among the elderly living in long-term nursing and communal facilities. The data was collected through a probability sampling at the Veterans Home of California in Barstow.

Older people Housing

Long-term care facilities Management

Privacy

Privacy

Right of

Long-term care facilities Management

Older people Housing

Privacy

Privacy

Right of.

Gerontology

Social Work

Public street surveillance: a psychometric study on the perceived social risk.

BROOKS, David, d.brooks@ecu.edu.au

January 2003

Public street surveillance, a domain of Closed Circuit Television (CCTV), has grown enormously and is becoming common place with increasing utilization in society as an all-purpose security tool. Previous authors (Ditton, 1999; Davies, 1998; Horne, 1998; Tomkins, 1998) have raised concern over social, civil and privacy issues, but there has been limited research to quantify these concerns. There are a number of core aspects that could relocate the risk perception and therefore, social support of public street surveillance. This study utilized the psychometric paradigm to quantitatively measure the social risk perception of public street surveillance. The psychometric paradigm is a method that presents risk perception in a two factor representation, being dread risk and familiarity to risk. Four additional control activities and technologies were tested, being radioactive waste, drinking water chlorination, coal mining disease and home swimming pools. Analysis included spatial representation, and multidimensional scaling (MDS) Euclidean and INDSCAL methods. The study utilized a seven point Likert scale, pre and post methodology, and had a target population of N=2106, with a sample of N=135 (alpha=0.7).

CCTV

security

perception

privacy

multidimensional scaling

The introduction of privacy legislation to Australia as a case study in policy making

Harding, Ian M., n/a

January 1998

The basis of this study was my belief that the introduction of the present privacy legislation had been done in such a "try and see" manner. To me, the whole process "begged" for a much closer look to try to understand the rationale behind successive governments' decisions on this policy initiative. I begin my look at the process from the 1960s as this is when general public concern for the security of personal information was high. I then move to the introduction of the proposed Australia Card and its demise and then to the present. Then, with reference to the "classic" policy analysis authors, I show that the implementation of federal privacy laws in Australia was an excellent example of how not to go about convincing the public the new laws would offer the protection they, the public, sought. I also explore the reasons behind negative lobbying by certain non-government sector interests to demonstrate how this sector has influenced government thinking. As an example of the study of a policy issue this thesis shows the effect a lack of planning, and a terrible lack of communication, can have on the introduction of any new legislation. Much of this is due to the fact that the real issue behind the introduction of privacy legislation was that of increasing taxation revenue and not the protection of individuals' privacy. The privacy legislation was the "sweetener" the government believed was needed to satisfy the general public's concerns so that the government could achieve the desired result for its taxation revenue policy.

privacy legislation

Australia

policy making

Australia Card

Abstract reality: the alienating gaze

Matheson, Clare

Unknown Date

This is a visual arts project consisting of 20% exegesis and 80% practical work. My work explores the visual possibilities of using the digital accumulation of data to convey socio-political concepts in relation to the surveillance of the individual in modern western society. The nature of surveillance is investigated with reference to Michel Foucault's metaphorical use of Jeremy Bentham's panopticon in describing the organization of society in the modern nation state. My critical interest lies in the intrusive aspect of surveillance in regard to the privacy of the individual and the concomitant sense of alienation and disempowerment. The concept of 'abstract reality' has been developed to describe the nature of the surveillance of the individual in the modern nation state.

Surveillance

Panopticon

Privacy

Heuristic

Foucault

Society

Outsourced Private Information Retrieval with Pricing and Access Control

Huang, Yizhou

15 May 2013

We propose a scheme for outsourcing Private Information Retrieval (PIR) to untrusted servers while protecting the privacy of the database owner as well as that of the database clients. We observe that by layering PIR on top of an Oblivious RAM (ORAM) data layout, we provide the ability for the database owner to perform private writes, while database clients can perform private reads from the database even while the owner is offline. We can also enforce pricing and access control on a per-record basis for these reads. This extends the usual ORAM model by allowing multiple database readers without requiring trusted hardware; indeed, almost all of the computation in our scheme during reads is performed by untrusted cloud servers. Built on top of a simple ORAM protocol, we implement a real system as a proof of concept. Our system privately updates a 1 MB record in a 16 GB database with an average end-to-end overhead of 1.22 seconds and answers a PIR query within 3.5 seconds over a 2 GB database. We make an observation that the database owner can always conduct a private read as an ordinary database client, and the private write protocol does not have to provide a "read" functionality as a standard ORAM protocol does. Based on this observation, we propose a second construction with the same privacy guarantee, but much faster. We also implement a real system for this construction, which privately writes a 1 MB record in a 1 TB database with an amortized end-to-end response time of 313 ms. Our first construction demonstrates the fact that a standard ORAM protocol can be used for outsourcing PIR computations in a privacy-friendly manner, while our second construction shows that an ad-hoc modification of the standard ORAM protocol is possible for our purpose and allows more efficient record updates.

Privacy Enhancing Technology

Applied Cryptography

Computer Science

Next Generation RFID Randomization Protocol

LaValley, Jason

06 December 2011

Radio Frequency IDentification (RFID) is a wireless communications technology which allows companies to secure their assets and increase the portability of information. This research was motivated by the increased commercial use of RFID technology. Existing security protocols with high levels of security have high computation requirements, and less intensive protocols can allow a tag to be tracked. The techniques proposed in this thesis result in the increase of ciphertexts available without a significant increase in processing power or storage requirements. The addition of random inputs to the generation of ciphertexts will increase the number of possible results without requiring a more advanced encryption algorithm or an increased number of stored encryption keys. Four methods of altering the plaintext/ciphertext pair (random block, set pattern, random pattern, and indexed placement) are analyzed to determine the effectiveness of each method. The number of ciphertexts generated, generation time, and generation errors were recorded to determine which of the four proposed methods would be the most beneficial in a RFID system. The comparison of these method characteristics determined that the set pattern placement method provided the best solution. The thesis also discusses how RFID transmissions appear to attackers and explains how the random inputs reduce effectiveness of current system attacks. In addition to improving the anonymity of RFID tag transmissions, the concept of authenticating random inputs is also introduced in this thesis. These methods help prevent an adversary from easily associating a tag with its transmissions, thus increasing the security of the RFID system.

RFID

Radio Frequency Identification

Randomization

Security

Privacy