An Xacml Based Framework For Structured Patient Privacy Policy (s3p)

Mizani, Mehrdad Alizadeh

01 September 2006

The emergence of electronic healthcare have caused numerous changes in both substantive and procedural aspects of healthcare processes. Such changes have introduced new risks to patient privacy and information confidentiality. Traditional privacy policies fall too short to respond to privacy needs of patients in electronic healthcare. Structured and enforceable policies are needed in order to protect patient privacy in modern healthcare with its cross organizational information sharing and decision making. Structured Patient Privacy Policy (S3P) is a framework for a formalized and enforceable privacy policy in healthcare. S3P contains a prototype implementation of a structured and enforceable privacy policy based on eXtensible Access Control Markup Language (XACML). By simulating healthcare scenarios, S3P provides a means for experts from different professional backgrounds to assess the effect of policies on healthcare processes and to reach ethically sound privacy policies suitable for electronic healthcare.

Q General 1-295

Patient Privacy And Consent Management In Ehealth

Alpay, Erdem

01 August 2012

Health information of patients are preserved either in Electronic Health Records (EHR) repositories which are generally managed in national level or in local hospital systems. However, the real owners of the data are always the patients themselves, without depending where or by whom the data is preserved. Patients should have the rights to permit or deny the access of modification of their information to whoever they want. Here comes the concept of Consent. Consent means provision of approval or agreement, after thoughtful consideration. Decisions of patients about sharing their information are collected and preserved in consent documents. These consent documents can be stored in different formats. The eXtensible Access Control Markup Language (XACML) defines the policy language for this purpose. Also there is another language defined by XACML called Request/Response Language for creating request to access information and response to reply requests. Even though XACML is the most appropriate standard for conserving consent documents, it has some weak points when used in practical systems. In the first part of this study, a new model based on XACML is designed. This model is easily convertable to XACML and vice versa. Then a Consent Management tool is designed using the new model. This tool has two parts, Basic Consent Editor and Consent Manager. Basic Consent Editor is aiming to provide a practical user interface for creating and managing consent documents. Consent Manager on the other hand plays a decision mechanism role which handle requests and create decision responses according to already created consent documents. In this study, three different tools are implemented based on the Consent Management tool, each for different purposes on different projects. Throughout these implementations, usability and possible extensibility of Consent Management tool is analysed.

Information Security Management of Healthcare System

Mahmood, Ashrafullah Khalid

January 2010

Information security has significant role in Healthcare organizations. The Electronic Health Record (EHR) with patient’s information is considered as very sensitive in Healthcare organization. Sensitive information of patients in healthcare has to be managed such that it is safe and secure from unauthorized access. The high-level quality care to patients is possible if healthcare management system is able to provide right information in right time to right place. Availability and accessibility are significant aspects of information security, where applicable information needs to be available and accessible for user within the healthcare organization as well as across organizational borders. At the same time, it is essentials to protect the patient security from unauthorized access and maintain the appropriate level in health care regarding information security. The aim of this thesis is to explore current management of information security in terms of Electronic Health Records (EHR) and how these are protected from possible security threats and risks in healthcare, when the sensitive information has to be communicated among different actors in healthcare as well as across borders. The Blekinge health care system was investigated through case study with conduction of several interviews to discover possible issues, concerning security threats to management of healthcare. The theoretical work was the framework and support for possible solutions of identified security risks and threats in Blekinge healthcare. At the end after mapping, the whole process possible guidelines and suggestions were recommended for healthcare in order to prevent the sensitive information from unauthorized access and maintain information security. The management of technical and administrative bodies was explored for security problems. It has main role to healthcare and in general, whole business is the responsibility of this management to manage the sensitive information of patients. Consequently, Blekinge healthcare was investigated for possible issues and some possible guidelines and suggestions in order to improve the current information security with prevention of necessary risks to healthcare sensitive information. / muqadas@gmail.com

Information Security

Electronic Health Records

Information Communication Technology

patient privacy and security

Computer Sciences

Datavetenskap (datalogi)

Distributed analyses of disease risk and association across networks of de-identified medical systems

McMurry, Andrew John

09 November 2015

Health information networks continue to expand under the Affordable Care Act yet little research has been done to query and analyze multiple patient populations in parallel. Differences between hospitals relating to patient demographics, treatment approaches, disease prevalences, and medical coding practices all pose significant challenges for multi-site analysis and interpretation. Furthermore, numerous methodological issues arise when attempting to analyze disease association in heterogeneous health care settings. These issues will only continue to increase as greater numbers of hospitals are linked. To address these challenges, I developed the Shared Health Research Informatics Network (SHRINE), a distributed query and analysis system used by more than 60 health institutions for a wide range of disease studies. SHRINE was used to conduct one of the largest comorbidity studies in Autism Spectrum Disorders. SHRINE has enabled population scale studies in diabetes, rheumatology, public health, and pathology. Using Natural Language Processing, we de-identify physician notes and query pathology reports to locate human tissues for high-throughput biological validation. Samples and evidence obtained using these methods supported novel discoveries in human metabolism and paripartum cardiomyopathy, respectively. Each hospital in the SHRINE network hosts a local peer database that cannot be overridden by any federal agency. SHRINE can search both coded clinical concepts and de-identified physician notes to obtain very large cohort sizes for analysis. SHRINE intelligently clusters phenotypic concepts to minimize differences in health care settings. I then analyzed a statewide sample of all Massachusetts acute care hospitals and found diagnoses codes useful for predicting Acute Myocardial Infarction (AMI). The AMI association methods selected 96 clinical concepts. Manual review of PubMed citations supported the automated associations. AMI associations were most often discovered in the circulatory system and were most strongly linked to background diabetic retinopathy, diabetes with renal manifestations, and hypertension with complications. AMI risks were strongly associated with chronic kidney failure, liver diseases, chronic airway obstruction, hemodialysis procedures, and medical device complications. Learning the AMI associated risk factors improved disease predictions for patients in Massachusetts acute care hospitals.

Bioinformatics

Deidentification

Health research policy

NLP

Patient privacy

Data mining

Health information technology

An investigation of the economic viability and ethical ramifications of video surveillance in the ICU

Bagge, Laura

01 August 2013

The purpose of this review of literature is to investigate the various roles of video surveillance (VS) in the hospital's intensive care unit (ICU) as well as its legal and ethical implications. Today, hospitals spend more money on the ICU than on any other unit. By 2030, the population of those 65 and over is expected to double. 80% of older adults have at least one chronic diseases (Centers for Disease Control and Prevention, 2013). As a consequence, the demand for ICU services will likely increase, which may burden hospital with additional costs. Because of increasing economic pressures, more hospitals are using video surveillance to enhance quality care and reduce ICU costs (Goran, 2012). Research shows that VS enhances positive outcomes among patients and best practice compliance among hospital staff. The results are fewer reports of patient complications and days spent in the ICU, and an increase in reported hospital savings. In addition, VS is becoming an important tool for the families of newborns in the neonatal ICU (NICU). The belief is that the VS can facilitate parent-baby bonding. In the United States of America, privacy rights impose legal restrictions on VS. These rights come from the U.S. Constitution, Statutory law, Regulatory law, and State law. HIPPA authorizes the patient to control the use and disclosure of his or her health information. Accordingly, hospitals are under obligation to inform patients on their right to protected health information. It is appropriate that hospitals use VS for diagnostic purposes as long as they have obtained patient consent. According to modern day privacy experts Charles Fried and Alan Westin, a violation of a person's privacy equates a violation on their liberty and morality. However, if a physician suspects that a third party person is causing harm to the patient, than the use of covert VS is justifiable.

Nursing