Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop.

Slides:



Advertisements
Similar presentations
ICT in Healthcare Topic 6.
Advertisements

Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.
EHealth Privacy & Security Closing Remarks Brenda Kelley AARP CT 4/20/2009.
Quality Data for a Healthy Nation by Mary H. Stanfill, RHIA, CCS, CCS-P.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Living with HIV Know Your Rights Disclosure at work The information contained in this publication is information about the law, but it is not legal advice.
What Can YOU Do to Help Prevent Healthcare Fraud? Sponsored by: Idaho Commission on Aging Senior Medicare Patrol Program Presented by: (Presenter name,
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Personal Digital Assistants: Revolutionizing Medical Care Lauren McKenna and Dallas Warren ORF/PSY 322- H/M Interactions May 5 th, 2005.
Lecture 6 Personal Health Record (Chapter 16)
E-HIM ™ : It Will Transform Your Job! By Beth Hjort, RHIA, CHP National Health Information and Technology Week November 7–13, 2004.
Chapter 5. Describe the purpose, use, key attributes, and functions of major types of clinical information systems used in health care. Define the key.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
What Can YOU Do to Prevent Healthcare Fraud? Funded by: This project is supported in part by grant numbers 90MP0026 and 90MP0127 from the U.S. Administration.
Have You Read Your Medical Record? Peggy Beck, RHIA, CMT, FAAMT.
EMRs, EHRs, PHRs, questions and answers
Electronic Health Records
Chapter 2 Electronic Health Records
Training Adult Learners to Use EMR Technology Ruth Bowen Susan Thomas.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
The University of Kansas Medical Center Shadow Experience Training.
The Use of Health Information Technology in Physician Practices
L ă cr ă mioara STOICU-TIVADAR, Vasile STOICU-TIVADAR, Dorin BERIAN “Politehnica” University Timisoara Department of Automation and Applied Informatics,
NAPHSIS Annual Meeting 2009 Electronic Health Records: Why are they important? Linette T Scott, MD, MPH Deputy Director Health Information and Strategic.
WORKSHOP IV Integrating Ethics, Compliance, Privacy and Security into a Single Organizational Initiative Geralyn Kidera JD Senior Vice President Council.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Coordinating Care Sierra Dulaney Lisa Fassett Morgan Little McKenzie McManus Summer Powell Jackie Richardson.
The Tension Between Confidentiality and Accessibility Edward B. Goldman, J.D. Deputy General Counsel University of Michigan October 10, 2007.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.
Economic Development for the DFW Metroplex Related to Security: An Academic Perspective Dr. Bhavani Thuraisingham The University of Texas at Dallas December.
The potential to bring huge benefits to Patients..
Needs, Barriers, and Opportunities Associated with Using Health IT: a personal Perspective Accessibility and Usability in Health Information Technology.
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.
Component 1: Introduction to Health Care and Public Health in the U.S. Unit 1: Introduction to modern healthcare in the US The role of technology in healthcare.
Welcome! George Mason University HSCI 722. Future Scenario Fictional, but not utopian Based on Bringing Health Care Online: the Role of Information Technologies.
Medical Manager Unit 9 ICBS 170. Medical Manager Electronic Data Interchange (EDI)  Ability to request, receive, transfer and integrate information electronically.
HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
CS818 SOFTWARE SYSTEM ENGINEERING Team 3 Steve Grimes, Craig Mitchell, Mark Oden, Mark Ramos, Brian Rater, Kat Reagan.
Broadband & Healthcare Jason Crosby Strategic Healthcare Partners.
Clinical Computing Secure, reliable technology that improves clinical workflow at the point of care.
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
Click to edit Master title style © by Nat Sakimura. Coping with Information Asymmetry SESSION G: Managing Risk & Reducing Online Fraud Using New.
Smartphones in the Clinical Environment 25 September 2015.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
© 2016 Cengage Learning ®. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
© 2016 TM Forum Live! 2016 | 1 E2E Service Orchestration for Smarter Health Real-World Business User Stories Draft.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Health Informatics Awareness Planned DayTopicPlanned Time Day 1 22/7/ Course introduction & pre course survey 2.Pre evaluation test 3.Introduction.
Compass Professional Health Services Healthcare Consumer Tools and Support for You and Your Family.
Information Technology for the Health Professions, Third Edition Lillian Burke and Barbara Weill Copyright ©2009 by Pearson Education, Inc. Upper Saddle.
MO 260 SEMINAR 4 MEDICAL RECORDS!.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
A Pilot Study of Dexmedetomidine-Propofol in Children Undergoing Magnetic Resonance Imaging
Electronic Health Records (EHR)
INTEGRATED ELECTRONIC HEALTH RECORD SYSTEM
HTHS240-Final Exam Zenobia Ursery.
Lesson 1- Introduction to Health Information Technology
The Nelson Medical Practice Privacy Notice
Move this to online module slides 11-56
HIPAA Overview.
Presentation transcript:

Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop Arlington, VA 1

The Context (1) electronic records & handwritten physician notes coexist electronic records everywhere Obama's healthcare policy: -Improved health; -Reduced costs Current status EHR national standard Future 2

The Context (2) Data characteristics Structured; unstructured; semi-structured; multimedia time-series; data stream; temporal vs. spatial dimensions 1: Patient records at hospital and across hospitals 2: Remote healthcare at home 3: Data sharing for research 4: Doctors consult with other doctors 5: Medical info system Billing fraud 6: Cyber-physical systems – Bugs in heart monitors 3

The main security issues IntegrityPrivacyFraud Current6 aspects Transition6 aspects Futureunknown 4

Integrity + Current (1) Story 1: The Oklahoma state children health care database is a set of records contributed by physicians at multiple hospitals – The database is used to generate official state level statistics – The database cannot generate correct statistics Reason: the same kid has multiple records: “baby A” “baby B” “last name 1” “last name 2” Research problem: the attribution problem 5

Integrity + Current (2) Story 2: My doctors or nurses or lab technicians make mistakes; they told me that I am now 50 pounds heavier. – Reality checks – Consistency checks – Some kind of alarming measures Bigger research question: How to systematically cleanse health records? 6

Integrity + Transition Story 3: To create jobs, people are hired to type physicians’ handwritten notes into computers – How to alert human typing errors in real time? – Are these people trusted? – Do they really understand the notes? 7

Privacy + Current (1) Story 4: A patient’s doctor wants to consult with other doctors (via an online forum) to get comments and second opinions: – How much to disclose? – How much is too much? – Via the online forum, indirect inference attack could succeed through attribute aggregation & correlation (between related postings) – Can the patient have any “control” of this process? – Economic and social issues 8

Privacy + Current (2) Story 5: For research purpose, a provider can multicast need- driven data requests to her federated partners. Result: Patient records pulled together then used by researchers: great privacy threat How to accommodate patients’ concerns during data gathering? Privacy aware patient record integration Patient record set anonymization Group based inference Purpose driven access control (PDAC) The government may have a different purpose from researchers How to do selective sharing? Policy requirements 9

Privacy + Current (3) Story 6: RHIO (Regional Health Inter- Organization) systems are being promoted by federal and state governments to let providers share patient records: – Privacy threats: – Query content privacy – Data location privacy – Patient location privacy – How to construct privacy preserving RHIO systems? 10

Fraud + Current Story 7: Doctor double charging multiple insurance companies; insurance company double billing – Fraud detection – Collusion attack – Healthcare info system auditing 11

Integrity + Current (3) Story 8: Bugs in medical devices could kill people (see Kevin Fu’s paper). – In remote healthcare, could a criminal misuse the remote control channel to trigger bugs? – Bug isolation 12

Integrity + Current (4) Story 9: Data tampering leads to wrong diagnosis. – Prevent tampering: tampering proof – Integrity check – Tampering of real time health condition monitoring data 13

Privacy + Current (4) Story 10: My hospital shares my X-Ray images with researchers; however, these images could be used to reconstruct (the shape of) my face  hurt privacy – Privacy preserving digital image processing 14

Privacy + Current (5) Story 11: In remote healthcare, monitors send a data stream of health data to a remote doctor: – Correlation attacks to infer sensitive medical condition – Time is critical: time series analysis 15

Privacy + Current (6) Story 12: A patient sits with doctor Bob at hospital A, asking for information from hospital B – The answer from hospital B: I need to ask my lawyer  now this process discontinues – Could need new delegation models – Need some assurance mechanisms 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.