Skip to main content
SpringerLink
Log in
Book cover

Medical Data Privacy Handbook pp 679–696Cite as

HIPAA and Human Error: The Role of Enhanced Situation Awareness in Protecting Health Information

  • Chapter

Abstract

Several contemporary studies have identified human error as a major cause of privacy breaches in healthcare organizations. In this chapter, we first highlight the costs healthcare organizations incur from HIPAA privacy breaches. We then discuss the concept of situation awareness (SA) and its link with privacy protection. Situation awareness represents individuals’ awareness of what is happening in their surroundings and their understanding of how information, events, and actions affect their goals and objectives. Applying Endsley’s three-level SA framework helps us to identify specific types of SA errors and build scenarios of privacy breaches arising from SA errors. Using a taxonomy of SA errors derived from Endsley’s work, we analyzed the 21 cases of HIPAA privacy breaches in which the Office for Civil Rights has reached a resolution agreement. The results bring into focus the often neglected situational aspects of privacy protection and help to better understand the latent causes of privacy breaches along with their related implications for policy formulation, system design, and user training.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Altman, I.: The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding. Brooks/Cole, Monterey (1975)

    Google Scholar 

  2. Annas, G.: HIPAA regulations – a new era of medical-record privacy? N. Engl. J. Med. 348(15), 1486–1490 (2003)

    Article  Google Scholar 

  3. Anton, A., Qingfeng, H., Baumer, D.: Inside JetBlue’s privacy policy violations. IEEE Secur. Priv. 2(6), 12–18 (2004)

    Article  Google Scholar 

  4. Berendt, B., Gunther, O., Spiekermann, S.: Privacy in e-Commerce: stated preferences vs. actual behavior. Commun. ACM 48, 38–51 (2005)

    Article  Google Scholar 

  5. Blumenthal, D., McGraw, D.: Keeping personal health information safe: the importance of good data hygiene. J. Am. Med. Assoc. 313(14), 1424–1424 (2015)

    Article  Google Scholar 

  6. Culnan, M., Armstrong, P.: Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organ. Sci. 10(1), 104–115 (1999)

    Article  Google Scholar 

  7. Dinev, T., Hart, P.: An extended privacy calculus model for e-Commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)

    Article  Google Scholar 

  8. Endsley, M.: Situation awareness in aviation systems. In: Garland, D.J., Wise, J.A., Hopkin, V.D. (eds.) Handbook of Aviation Human Factors. CRC Press, Boca Raton (1999)

    Google Scholar 

  9. Erickson, J., Millar, S.: Caring for patients while respecting their privacy: renewing our commitment. DOI: 10.3912/OJIN.Vol10No02Man04 Online J. Issues Nurs. 10(2) (2005)

  10. HITECH Act: 42 USC 139w-4(0)(2). http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html (2009). Accessed 27 Mar 2015

  11. Ishikawa, K., Ohmichi, H., Umesato, Y., Terasaki, H., Tsukuma, H., Iwata, N., Tanaka, T., Kawamura, A., Sakata, K., Sainohara, T., Sugimura, M., Konishi, N., Umemoto, R., Mase, S., Takesue, S., Tooya, M.: The guideline of the personal health data structure to secure safety healthcare. The balance between use and protection to satisfy the patients’ needs. Int. J. Med. Inform. 76(5), 412–418 (2007)

    Google Scholar 

  12. Johnson, M., Goetz, E.: Embedding information security into the organization. IEEE Secur. Priv. 5(3), 16–24 (2007)

    Article  Google Scholar 

  13. Jones, D., Endsley, M.: Sources of situation awareness errors in aviation. Aviat. Space Environ. Med. 67(6), 507–512 (1996)

    Google Scholar 

  14. Kagal, L., Abelson, H.: Access control is an inadequate framework for privacy protection. In: Proceedings of the W3C Workshop on Privacy for Advanced Web APIs, Paper No. 20 (2010)

    Google Scholar 

  15. Liginlal, D., Sim, I., Khansa, L.: How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Comput. Secur. 28(3–4), 215–228 (2009)

    Google Scholar 

  16. Liginlal, D., Sim, I., Khansa, L., Fearn, P.: HIPAA privacy rule compliance: an interpretive study using Norman’s action theory. Comput. Secur. 31(2), 206–220 (2012)

    Article  Google Scholar 

  17. McCann, E.: Biggest health data breaches, Healthcare IT News. http://www.healthcareitnews.com/slideshow/slideshow-top-10-biggest-hipaa-breaches (2015). Accessed 20 April 2015

  18. Otto, P., Anton, A., Baumer, D.: The ChoicePoint dilemma: how data brokers should handle the privacy of personal information. IEEE Secur. Priv. 5(5), 15–23 (2007)

    Article  Google Scholar 

  19. Ponemon Institute: IBM 2015 cost of data breach study - global analysis. http://www-03.ibm.com/security/data-breach/ (2015). Accessed 22 June 2015

  20. Reason, R.: Human Error. Cambridge University Press, New York (1990)

    Book  Google Scholar 

  21. Sim, I.: Online Information Privacy and Privacy Protective Behavior: How Does Situation Awareness Matter? Ph.D. Dissertation, The University of Wisconsin-Madison (2010)

    Google Scholar 

  22. Sim, I., Liginlal, D., Khansa, L.: Information privacy situation awareness: construct and validation. J. Comput. Inf. Syst. 53(1), 57 (2012)

    Google Scholar 

  23. Smith, C.: Somebody’s watching me: Protecting patient privacy in de-identified prescription health information. Vermont Law Rev. 36, 931 (2011)

    Google Scholar 

  24. US Department of Health & Human Services: Breaches affecting 500 or more individuals. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf (2015). Accessed 30 April 2015

  25. US Department of Health & Human Services: Case examples and resolution agreements. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples (2015). Accessed 30 April 2015

  26. US Department of Health & Human Services: Health information privacy. http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html (2015). Accessed 30 April 2015

  27. Westin, A.: Privacy and Freedom. Bodley Head, New York (1967)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dietrich College of Humanities and Social Sciences, Carnegie Mellon University, Pittsburgh, PA, USA

    Divakaran Liginlal

Authors
  1. Divakaran Liginlal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Divakaran Liginlal .

Editor information

Editors and Affiliations

  1. IBM Research - Ireland, Mulhuddart, Dublin, Ireland

    Aris Gkoulalas-Divanis

  2. Cardiff University, Cardiff, United Kingdom

    Grigorios Loukides

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Liginlal, D. (2015). HIPAA and Human Error: The Role of Enhanced Situation Awareness in Protecting Health Information. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23633-9_25

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23632-2

  • Online ISBN: 978-3-319-23633-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation