Abstract
Several contemporary studies have identified human error as a major cause of privacy breaches in healthcare organizations. In this chapter, we first highlight the costs healthcare organizations incur from HIPAA privacy breaches. We then discuss the concept of situation awareness (SA) and its link with privacy protection. Situation awareness represents individuals’ awareness of what is happening in their surroundings and their understanding of how information, events, and actions affect their goals and objectives. Applying Endsley’s three-level SA framework helps us to identify specific types of SA errors and build scenarios of privacy breaches arising from SA errors. Using a taxonomy of SA errors derived from Endsley’s work, we analyzed the 21 cases of HIPAA privacy breaches in which the Office for Civil Rights has reached a resolution agreement. The results bring into focus the often neglected situational aspects of privacy protection and help to better understand the latent causes of privacy breaches along with their related implications for policy formulation, system design, and user training.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Altman, I.: The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding. Brooks/Cole, Monterey (1975)
Annas, G.: HIPAA regulations – a new era of medical-record privacy? N. Engl. J. Med. 348(15), 1486–1490 (2003)
Anton, A., Qingfeng, H., Baumer, D.: Inside JetBlue’s privacy policy violations. IEEE Secur. Priv. 2(6), 12–18 (2004)
Berendt, B., Gunther, O., Spiekermann, S.: Privacy in e-Commerce: stated preferences vs. actual behavior. Commun. ACM 48, 38–51 (2005)
Blumenthal, D., McGraw, D.: Keeping personal health information safe: the importance of good data hygiene. J. Am. Med. Assoc. 313(14), 1424–1424 (2015)
Culnan, M., Armstrong, P.: Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organ. Sci. 10(1), 104–115 (1999)
Dinev, T., Hart, P.: An extended privacy calculus model for e-Commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)
Endsley, M.: Situation awareness in aviation systems. In: Garland, D.J., Wise, J.A., Hopkin, V.D. (eds.) Handbook of Aviation Human Factors. CRC Press, Boca Raton (1999)
Erickson, J., Millar, S.: Caring for patients while respecting their privacy: renewing our commitment. DOI: 10.3912/OJIN.Vol10No02Man04 Online J. Issues Nurs. 10(2) (2005)
HITECH Act: 42 USC 139w-4(0)(2). http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html (2009). Accessed 27 Mar 2015
Ishikawa, K., Ohmichi, H., Umesato, Y., Terasaki, H., Tsukuma, H., Iwata, N., Tanaka, T., Kawamura, A., Sakata, K., Sainohara, T., Sugimura, M., Konishi, N., Umemoto, R., Mase, S., Takesue, S., Tooya, M.: The guideline of the personal health data structure to secure safety healthcare. The balance between use and protection to satisfy the patients’ needs. Int. J. Med. Inform. 76(5), 412–418 (2007)
Johnson, M., Goetz, E.: Embedding information security into the organization. IEEE Secur. Priv. 5(3), 16–24 (2007)
Jones, D., Endsley, M.: Sources of situation awareness errors in aviation. Aviat. Space Environ. Med. 67(6), 507–512 (1996)
Kagal, L., Abelson, H.: Access control is an inadequate framework for privacy protection. In: Proceedings of the W3C Workshop on Privacy for Advanced Web APIs, Paper No. 20 (2010)
Liginlal, D., Sim, I., Khansa, L.: How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Comput. Secur. 28(3–4), 215–228 (2009)
Liginlal, D., Sim, I., Khansa, L., Fearn, P.: HIPAA privacy rule compliance: an interpretive study using Norman’s action theory. Comput. Secur. 31(2), 206–220 (2012)
McCann, E.: Biggest health data breaches, Healthcare IT News. http://www.healthcareitnews.com/slideshow/slideshow-top-10-biggest-hipaa-breaches (2015). Accessed 20 April 2015
Otto, P., Anton, A., Baumer, D.: The ChoicePoint dilemma: how data brokers should handle the privacy of personal information. IEEE Secur. Priv. 5(5), 15–23 (2007)
Ponemon Institute: IBM 2015 cost of data breach study - global analysis. http://www-03.ibm.com/security/data-breach/ (2015). Accessed 22 June 2015
Reason, R.: Human Error. Cambridge University Press, New York (1990)
Sim, I.: Online Information Privacy and Privacy Protective Behavior: How Does Situation Awareness Matter? Ph.D. Dissertation, The University of Wisconsin-Madison (2010)
Sim, I., Liginlal, D., Khansa, L.: Information privacy situation awareness: construct and validation. J. Comput. Inf. Syst. 53(1), 57 (2012)
Smith, C.: Somebody’s watching me: Protecting patient privacy in de-identified prescription health information. Vermont Law Rev. 36, 931 (2011)
US Department of Health & Human Services: Breaches affecting 500 or more individuals. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf (2015). Accessed 30 April 2015
US Department of Health & Human Services: Case examples and resolution agreements. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples (2015). Accessed 30 April 2015
US Department of Health & Human Services: Health information privacy. http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html (2015). Accessed 30 April 2015
Westin, A.: Privacy and Freedom. Bodley Head, New York (1967)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Liginlal, D. (2015). HIPAA and Human Error: The Role of Enhanced Situation Awareness in Protecting Health Information. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-23633-9_25
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23632-2
Online ISBN: 978-3-319-23633-9
eBook Packages: Computer ScienceComputer Science (R0)