Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001...
-
Upload
kadin-staring -
Category
Documents
-
view
213 -
download
0
Transcript of Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001...
Mathur, N-1
CSE5810
CSE5810: Patient Data and Medical Data Privacy
Nitish Narain Mathurnnm12001
Department of Computer Science & EngineeringUniversity of Connecticut, Storrs
Mathur, N-2
CSE5810
Background
Importance of data privacy in the Biomedical?
Is it necessary for HCOs to protect data?
Mathur, N-3
CSE5810
Introduction
With technology advancements by the day, security vulnerabilities are also increasing
Collection of sensitive data is being done through wireless devices
HCOs are working towards upgrading to such advancements and extract fruitful data from those data archives and while doing so security vulnerabilities have been bought to publics attention
Ex: HC provider looking into patients data without consent (authorization). Patient might most likely be a famous personality, relative …
With this kind of a scenario, publics faith in such systems has taken a plunge over the years
Mathur, N-4
CSE5810
Privacy Privacy is defined as the ability to control what
information should be given out Privacy Anonymity, Confidentiality & Solitude When EMRs started to get widely used, privacy was
recognized as the core principle in this industry With every individual there is a change in how data
delegation should be done Better policies and technologies are being researched
upon and implemented A solution for such a concern should be cost effective
and beneficial for all If a short term solution is used, a much longer,
sustainable solution should be implemented in the near future.
Mathur, N-5
CSE5810
Privacy How comfortable are you that your personal health
information is disclosed to a HCP when compared with some random person on the street??? – With every situation it varies
Common practice was to remove such sensitive data from the DBs and are then given out to the public
But this leads to data inconsistency and this disseminated data is useless For this to be achieved clearly distinguish between
access control & disclosure control Just by removal of sensitive data from the data sets it
is not sufficient Data might be available in multiple locations and
when combined certain features of an individual can be known
Mathur, N-6
CSE5810
Issues in Biomedical Data Privacy Storing sensitive information on cloud storage by
HCOs when these systems are not under direct control of such systems
Unwanted disclosure of sensitive information happens in different ways Computer Security System compromise Breach of security in Institutional Infrastructure Insecure transmission Acts of disloyal employees, …
Mathur, N-7
CSE5810
Goals of Information Security in Health Care Ensure the privacy of patients and the confidentiality
of health care data. Ensure the integrity of health care data Ensure the availability of health data for authorized
persons.
Issues with these goals: Access Control? Application of cryptographic protocols Need for authentication of user for data integrity System reliability, backup mechanisms for data
availability
Mathur, N-8
CSE5810
Personal Health Records Patients access to their own information According to the Markle Foundation (Connecting for
health) Electronic application through which individuals can
access, manage and share their health information in a secure and confidential environment.
According to Center for Information Technology (CITL) An Internet based set of tools that allows people to
access and coordinate their lifelong health information and make appropriate parts of it available to those who need it.
HCOs and e-health services that are covered by HIPAA (Health Insurance Portability and Accountability Act) have an issue of implementing effective and cost-efficient security and privacy policies while being compliant with the regulations.
Mathur, N-9
CSE5810
Personal Health Records Primary responsibility is safeguard the organizations
information including EMRs and EHRs Security and privacy are 2 critical issues – both for
patient and provider Current PHRs provide essential security measures but
lack in privacy measures There are a few types of PHRs based on certain
constraints. These constraints are not universal and hence lead to difficulties in implementing security and privacy controls
Mathur, N-10
CSE5810
Personal Health Records along with HIPAA For PHRs to be widely accepted they should be patient
centric that is ensuring privacy and control by the patients over their own records.
HCOs are covered entities under HIPAA regulations and are subject to the HIPAA security and privacy rule, PHRs operated by HCOs may not be subject to HIPAA regulations
HCOs might regulate the use of PHRs by a contract (with the patient)
Mathur, N-11
CSE5810
Security and Privacy Concerns in PHRs Use of data by insurance companies Medical Identity theft by misuse of data and
challenges involved in preventing the same Inappropriate use of medical data by PHR vendors for
medical advertising Risk of misuse of health information by rogue entities,
payers, employers, third party care providers Risks that arise from granting data ownership to
patients (not all patients are e-friendly) Conflicting regulatory frameworks: State and Federal Data Access and Storage (Malicious attacks)
Mathur, N-12
CSE5810
Evaluation of MSHV – Privacy Policy
Evaluation Criteria Health Vault
Ease of Access Privacy policy is up on the home page
Self Containment - How difficult is the document to understand?
Combination of 3 documents. The account is actually a Live Account. 3rd party application
Transparency – does it state if compliant with HIPAA
Yes
Does each document state what data is collected, used, retained…. And for whom?
‘NO’. Only mention of how data can be shared with family members
Patient Consent – Choices available to user? How will provider take implicit or explicit consent?
‘NO’ details of the process for opt-in/opt-out mechanisms
Can de-identified data be used without consent?
Yes. Cannot opt out of this
Can users hide sensitive information? No segmentation. No data categories
Mathur, N-13
CSE5810
Evaluation of MSHV – Privacy Policy
Evaluation Criteria Health Vault
Is user consent needed before disclosure to 3rd parties?
If partnered with HIPAA then not needed
Direct Collection and disclosure of non personal data to 3rd parties
No liability issues covered, no breach of security covered
For how long does the data be stored on the system?
90 days after which it is deleted
Can user opt out of such data collection? NO
Access and data interaction – can users see who has accessed their data?
Audit trials provided, Provider partners may have own trials, no mention of 3rd parties
Can users remove themselves and their information from system upon request?
Users can “anytime completely delete” their account without assistance. Back-up copies are there for 90 days
Mathur, N-14
CSE5810
Electronic Health Records EHRs are a way to exchange medical data of patients
between different health care providers Existing approaches for protecting such data is
insufficient. A new security architecture is needed for EHRs Patients should be able to authorize access to their
records remotely (via phone) and should be time-independent for later processing by the physician.
Patient-controlled encryption provides the strongest security and privacy as the encryption keys are stored on the smart card
Mathur, N-15
CSE5810
EHRs But it comes with issues
Acceptance problems Diagnosis writeup is done after the patient has left After a home visit the patient is not available Elderly people and disabled people might not be e-
friendly If patient is too ill then he/she has to give their card
to a third person Patient might be unconscious and might not be
able to authorize access to the EHR Smartcard has to be connected to a local device of
a health professional. No authorization possible via internet
Mathur, N-16
CSE5810
Solution for the issues with EHRs Should allow patients to give an authorization secret to
doctors via different communication channels. Existing Systems:
Smartcard Encryption New System should have the following objectives:
Patient-controlled confidentiality of EHR data Flexible authorization of access to EHR data Emergency Access
Mathur, N-17
CSE5810
Solution for the issues with EHRs Requirements for such an EHR system:
End-to-end encryption Record-dependent encryption Transferability of authorization secrets Asynchronous authorization Access to emergency data Accountability of emergency access
Mathur, N-18
CSE5810
Protecting Health Information on Mobile Devices
Mobile applications are getting used increasingly by health care professionals and patients
Mobile devices are having security threats and hence there is an urge to address the issue of how this data can be protected
The mobile devices are easily available and are always connected which makes them highly attractive to use and access medical data at any location and during emergencies.
It reduces cost but at the same time it also introduces the problem of protection of health data on such mobile devices
Mathur, N-19
CSE5810
Protecting Health Information on Mobile Devices
Mobile devices are becoming easy targets of malware Studies have shown that medical data disclosure is one
of the top reasons for a breach Goals:
Ensure that sensitive data does not flow to untrusted applications
Such data should not must not be allowed to flow outside of the device to untrusted hosts
Explicit user consent can be taken when not clear if data should be sent or no
Securely capture and process user input to avoid malware scripted events
Mathur, N-20
CSE5810
Protecting Health Information on Mobile Devices
A new system was proposed in the paper by “Ahmed, Musheer and Ahamad, Mustaque; Protecting Health Information on Mobile Devices”
Their framework would help protect sensitive data against unsafe and unintended uses on mobile device.
Helps prevent 3rd-party health care applications from leaking sensitive medical information even after getting infected by malware
Explicit patient consent plays an important role
Mathur, N-21
CSE5810
Protecting Health Information on Mobile Devices
Contribution: Constrained application for the Android platform
which can be used to safeguard sensitive data and prevent its flow to unauthorized entities
Propose and describe how a user consent detection mechanism can help distinguish actual user input from scripted events that are generated by malware
Use of sample health applications and a security policy to demonstrate how sensitive health data can be securely accessed
Tagging of sensitive data which is easier when it is accessed for a small number of trusted repositories
Mathur, N-22
CSE5810
Protecting Health Information on Mobile Devices
According to HIPAA regulations, disclosures can only be made for specific purposes or situations such as a treatment, payment or other health related operation
As the health care professionals access sensitive patient medical data on mobile devices, regulatory requirements will apply to all these devices
Unintended disclosures can happen while using such a device by a malware
Another threat might be from application developers who do not take proper security measures to ensure data security
Already, from research it is known that there is unauthorized use of data from third party applications without user consent
Devices might be lost/stolen
Mathur, N-23
CSE5810
Protecting Health Information on Mobile Devices Security Policy:
These devices are commonly used by a single user and operate under user control
The security policy does not rely on identity credentials but deals with how information is shared
Requirements: Primary focus is on sharing of health data Use a 3rd party application, Sana Mobile This proposed framework would monitor and
prevent disclosure of sensitive health information to unauthorized parties
Also stop transfer of sensitive data to insecure locations
Mathur, N-24
CSE5810
Protecting Health Information on Mobile Devices
Areas that need to be considered: Controlling remote communication Preventing data sharing with other applications Controlling Insecure Data Storage User Consent Detection
Approach: OS on the mobile device is trusted Tagging Sensitive Data Tag all incoming data with a label Maintain tags properly Data tagging can be done in multiple ways
Mathur, N-25
CSE5810
Protecting Health Information on Mobile Devices Monitoring Tagged Data Flow:
Once information has been tagged allow it to freely move within the constrained application
As it flows, track it One can achieve this by using TaintDroid. It is an
information flow tracking system that taints data
Mathur, N-26
CSE5810
Overview Security Policy Privacy and Confidentiality in Health Care Data Ownership and Legal Accountability Informed consent to disclosure Use of Medical Data User Authentication and Access Control Cryptography Data Integrity Audit Trials