Abstract
It is now mandatory for healthcare organizations to specify and publish their privacy policies. This has made privacy management initiatives in the healthcare sector increasingly important. However, several recent reports in the public media and the research community about healthcare privacy [1,2] indicate that the use of privacy policies is not necessarily a strong indication of adequate privacy protection for the patient. These observations highlight the fact that the current state of privacy management in healthcare organizations needs improvement. In this paper, we present PRIMA, a PRIvacy Management Architecture, as a first step in addressing this concern. The fundamental idea behind PRIMA is to exploit policy refinement techniques to gradually and seamlessly embed privacy controls into the clinical workflow based on the actual practices of the organization in order to improve the coverage of the privacy policy. PRIMA effectively enables the transition from the current state of perceived to be privacy-preserving systems to actually privacy-preserving systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pear, R.: Warnings over privacy of us health network. New York Times (February 18, 2007)
Rostad, L., Edsburg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: Proc. of the 2006 Annual Computer Security Applications Conference, Miami Beach, FL, USA (December 2006)
Wong, R.: An overview of data protection laws around the world. http://pages.britishlibrary.net/rwong/dpa.html
Ministry of Internal Affairs, Communications Information, and Communications Policy. Personal data protection law. http://www.kantei.go.jp/jp/it/privacy/houseika/hourituan/index.html
Health insurance portability and accountability act, u.s. department of health and human services. http://www.hhs.gov/ocr/hipaa/
Office of the Privacy Commissioner of Canada. Personal information protection and electronic documents act. http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp
Break-glass an approach to granting emergency access to healthcare systems. http://www.nema.org/prod/med/security/upload/Break-Glass-Emergency_Access_to_Healthcare_Systems.pdf
United states presidential directive. http://www.himss.org/CPRIToolkit/html/4.11.html
Hand, D.J., Mannila, H., Smyth, P.: Principles of data mining (August 2001)
Agrawal, R., Kiernan, J., Shrikant, R., Xu, Y.: Hippocratic databases. In: Proc. of the 2002 Very Large Data Bases, Hong Kong, China (June 2002)
IBM. Ibm hippocratic database active enforcement (version 1.0): User’s guide. http://www.almaden.ibm.com/cs/projects/iis/hdb/Publications/papers/HDBEnforcementUserGuide.pdf
IBM. Ibm hippocratic database compliance auditing (version 1.0): User’s guide. http://www.almaden.ibm.com/cs/projects/iis/hdb/Publications/papers/HDBAuditingUserGuide.pdf
Blobel, B.: Authorisation and access control for electronic health record systems. International Journal of Medical Informatics 73(3) (2004)
Anderson, R.: A security policy model for clinical information systems. In: Proc. of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 1996)
Bhatti, R., Moidu, K., Ghafoor, A.: Policy-based security management for federated healthcare databases (or rhios). In: Proc. of the 2006 International Workshop on Healthcare Information and Knowledge Management, USA, November (2006)
Weaver, A.C., Dwyer III, S.J., Snyder, A.M.: Federated, secure trust networks for distributed healthcare it services. In: Proc. of the 2003 IEEE International Conference on Industrial Informatics, Alberta, Canada (August 2003)
Ihe patient care coordination technical framework: Basic patient privacy consents, supplement 2005-2006 (August 2006)
Agrawal, R., Srikant, R.: Fast algorithms for mining association rules. In: Proc. of the 1994 Very Large Data Bases, Santiago, Chile (September 1994)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bhatti, R., Grandison, T. (2007). Towards Improved Privacy Policy Coverage in Healthcare Using Policy Refinement. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-75248-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75247-9
Online ISBN: 978-3-540-75248-6
eBook Packages: Computer ScienceComputer Science (R0)