Abstract
Transparency is described as the quality to be open about policies and practices. It is intended to inform end users of what happens to their data. It promotes good quality of service and is believed to sustain people’s demand for privacy. However, at least for medical data systems, a clear definition of the property is missing and there is no agreement on what requirements qualify it. We look into this problem. First we identify concepts that relate with transparency: openness, empowerment, auditability, availability, accountability, verifiability. We discuss them in Health Information Technology, so clarifying what transparency is. Then we elicit a list of requirements that indicate how transparency can be realised in modern medical data systems such as those managing electronic health records.
Similar content being viewed by others
References
AL Faresi, A., Wijesekera, D., Moidu, K.: A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules. In: Proceedings of the 1st ACM International Health Informatics Symposium, pp. 637–646. ACM (2010)
Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: Ensuring privacy of electronic medical records. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pp. 103–114. ACM (2009)
Berthold, S., Fischer-Hübner, S., Martucci, L., Pulls, T.: Crime and punishment in the cloud - accountability, transparency, and privacy. In: Pre-Proceedings of International Workshop on Trustworthiness, Accountability and Forensics in the Cloud in conjunction with the 7th IFIP WG 11.11 International Conference on Trust Management (2013)
Cappelli, C.: Uma abordagem para transparência em processos organizacionais utilizando aspectos. Ph.D. thesis, PUC-Rio (2009)
Cruzes, D., and Jaatun, M.: D:b-2.4 requirements report deliverable (2014)
EU: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). http://ec.europa.eu/justice/data-protection/reform/index_en.htm (2012)
Ferreira, A., and Lenzini, G.: Can transparency enhancing tools support patient’s accessing electronic health records?. In: Proceedings of the 3rd World Conference on Information Systems and Technologies (2015)
Fischer-Hübner, S., Angulo, J., Pulls, T.: How can cloud users be supported in deciding on, tracking and controlling how their data are used?. In: Privacy and Identity Management for Emerging Services and Technologies, IFIP Advances in Information and Communication Technology, Vol. 421, pp. 77–92. Springer, Berlin Heidelberg (2014)
Gajanayake, R., Iannella, R., Sahama, T., Sharing with care: an information accountability perspective. Intern. Comput. IEEE 15(4):31–38, 2011.
Goodman, K. W., Berner, E. S., Dente, M. A., Kaplan, B., Koppel, R., Rucker, D., Sands, D. Z., Winkelstein, P., et al., Challenges in ethics, safety, best practices, and oversight regarding HIT vendors, their customers, and patients: a report of an AMIA special task force. J. Amer. Med. Inf. Assoc. 18(1):77–81 , 2011.
Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., Aspects of privacy for electronic health records. Int. J. Med. Inf. 80(2):e26–e31, 2011. Special Issue: Security in Health Information Systems.
Hansen, M.: Marrying transparency tools with user-controlled identity management. In: The Future of Identity in the Information Society, Vol. 262, pp. 199–220. Springer, US (2008)
Hedbom, H.: A survey on transparency tools for enhancing privacy. In: The Future of Identity in the Information Society, IFIP Advances in Information and Communication Technology, Vol. 298, pp. 67–82. Springer, Berlin Heidelberg (2009)
Henke, N., Kelsey, T., Whately, H., Transparency — the most powerful driver of health care improvement? Health Int.,64–73, 2011.
Hu, J., Chen, H., Hou, T., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput. Standards Interf. 32:274–280, 2010.
International Organization for Standardization: ISO 9241-11:1998 Ergonomic requirements for office work with visual display terminals (VDTs) (2000). Part 11: Guidance on usability
Kim, K., McGraw, D., Mamo, L., Ohno-Machado, L., Development of a privacy and security policy framework for a multistate comparative effectiveness research network. Med. Care 51:S66–S72, 2013.
Kremer, S., Ryan, M., Smyth, B.: Computer Security – ESORICS 2010: 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. In: Proceedings, chap. Election Verifiability in Electronic Voting Protocols, pp. 389–404. Berlin Heidelberg , Berlin, Heidelberg (2010)
Ku̇sters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010, pp. 526–535. ACM (2010)
van Lamsweerde, A., Requirements Engineering: From System Goals to UML Models to Software Specifications: Wiley, 2009.
Leite, J. C. S.d.P., and Cappelli, C., Software transparency. Bus. Inf. Syst. Eng. 2:127–139, 2010.
Liebovitz, D., Meaningful EHR attributes for an era of accountability, transparency, shared decision making, and value assessment. J. Legal Med. 34(1):43–53, 2013.
Moe, N.: D:b-2.1 workshop 1 results (requirements) (2013)
Office for Civil Right of the Department of Health and Human Services, USA: Privacy, Security, and Electronic Health Records (2015)
Online Computer Library Center, Inc.: Dewey decimal classification. https://www.oclc.org/dewey/features/summaries.en.html. Last accessed in May 2016
Open Source Initiative: The Open Source Definition. https://opensource.org/. Last accessed in May 2016
Peters, M.: The idea of openness: Open education and education for openness. In: Peters, M., Besley, T., Gibbons, A., žarnić, B., Ghiraldelli, P. (Eds.) The Encyclopaedia of Educational Philosophy and Theory (2010)
Press, O.U.: Oxford Dictionaries. http://www.oxforddictionaries.com/. Last accessed in May 2016
Ray, P., and Wimalasiri, J.: The need for technical solutions for maintaining the privacy of EHR. In: Engineering in Medicine and Biology Society, 2006. EMBS’06. 28th Annual International Conference of the IEEE, pp. 4686–4689. IEEE (2006)
Rostad, L.: An initial model and a discussion of access control in patient controlled health records. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, pp. 935–942 (2008)
Ruotsalainen, P., Blobel, B., Nykänen, P., Seppälä, A., Sorvari, H.: Framework model and principles for trusted information sharing in pervasive health (2011)
Señor, I., and Fernández-Alemán, J., Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inf. 46(3):541–562, 2013.
Seneviratne, O., and Kagal, L.: Enabling privacy through transparency. In: Proceedings of the 12th Annual International Conference on Privacy, Security and Trust, pp. 121–128 (2014)
Spagnuelo, D., Bartolini, C., Lenzini, G.: Metrics for Transparency. In: Proceedings of Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, pp. 3–18 (2016)
Spagnuelo, D., and Lenzini, G.: Patient-centred transparency requirements for medical data sharing systems. In: New Advances in Information Systems and Technologies, pp. 1073–1083. Springer (2016)
Tang, P. C., and Lansky, D., The missing link: bridging the patient–provider health information gap. Health Affairs 24(5):1290–1295, 2005.
Thorogood, A., and Zawati, M. H., International guidelines for privacy in genomic biobanking (or the unexpected virtue of pluralism). J. Law Med. Ethics 43(4):690–702, 2015.
Turilli, M., and Floridi, L., The ethics of information transparency. Ethics Inf. Technol. 11(2):105–112, 2009.
Acknowledgments
Spagnuelo’s research is supported by FNR/AFR project 7842804 TYPAMED.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Patient Facing Systems
Rights and permissions
About this article
Cite this article
Spagnuelo, D., Lenzini, G. Transparent Medical Data Systems. J Med Syst 41, 8 (2017). https://doi.org/10.1007/s10916-016-0653-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0653-8