Group D Privacy with accountability, auditability and transparency.

Slides:

Advertisements

Similar presentations

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

Advertisements

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Waiver of Liability. Purpose The main intent of the Waiver of Liability statement is to highlight the very small yet real risk that volunteer activities.

Organizing Your Argument The Argumentative Essay.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.

1 Exploring Acceptance and Legal Nature of eRecords Within a Paper-Based Framework Electronic Signature & Records Association November 14, 2012 Rafael.

Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.

Workshop 501 and 505 Review barriers to communication

Database Management System

HIM 2200 Release of Information. Release of Information (ROI) is the process of disclosing patient-identifiable information from the health record to.

SWE Introduction to Software Engineering

Software Requirements

Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

COPYRIGHT, LEGAL ISSUES & TAKEDOWN. 2 Work priorities Orphan Works ALRC review Copyright and the Digital Economy Creative Commons licenses Legal.

Millennium Challenge Corporation (MCC) Component Three US Department of Justice/OPDAT (Office of Overseas Prosecutorial Development, Assistance and Training)

“Privacy and the Future of Justice Statistics” Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice.

Worshipping at the Shrine: Myths and Legends from comp.text.xml Kerry “the heretic” Raymond, CiTR.

Practical Implementation of Automated Assessment Tools for the IT Auditor John A. Otte, CISSP, CISA, CFE, EnCE, MSIA Director, Strategic Services FishNet.

Limmer et al., Emergency Care, 10 th Edition © 2005 by Pearson Education, Inc. Upper Saddle River, NJ CHAPTER 3 Medical/Legal and Ethical Issues.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Social Responsibilities In recent years firms have been held more accountable for the impact of their activities on society. This has arisen due to pressure.

Dangers of Social Media

 Dr. Syed Noman Hasany.  Review of known methodologies  Analysis of software requirements  Real-time software  Software cost, quality, testing and.

© 2012 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian.

Medical Legal Issues. Criminal Law Deals with wrong against society or its members. Deals with crime and punishment. Need proof of guilt.

Networking and Health Information Exchange Unit 6b EHR Functional Model Standards.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Truthfulness and Confidentiality, Ch. 5. HIPAA (1996) Health Insurance Portability and Accountability Act Effort to codify and give national conformity.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

Chapter No 4 Query optimization and Data Integrity & Security.

Slide 1 Mike Trigg Group Money Laundering Reporting Officer.

TRUST, Washington, D.C. Meeting January 9–10, 2006 The TRUST Agenda: Convergence of Technical and Policy Issues Fred B. Schneider Chief Scientist.

Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Consent & Vulnerable Adults Aim: To provide an opportunity for Primary Care Staff to explore issues related to consent & vulnerable adults.

This material was developed by Duke University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information.

Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

CS223: Software Engineering Lecture 2: Introduction to Software Engineering.

Introduction to Databases Dr. Osama AL Rababah. Objectives In this capture you will learn: Some common uses of database systems. The characteristics of.

Software Engineering, COMP201 Slide 1 Software Requirements BY M D ACHARYA Dept of Computer Science.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

CONFIDENTIALITY AND HIPAA LEGAL AND ETHICAL. HIPPOCRATIC OATH = CONFIDENTIALITY “And whatsoever I shall see or hear in the course of my profession, as.

Assessment, Challenging Validity and Complex Policy Issues

Health Insurance Portability and Accountability Act of 1996

Medical/Legal and Ethical Issues

FREQUENTLY ASKED QUESTIONS ABOUT ADVANCED CARE PLANNING

Legal and Ethical Responsibilities

CHAPTER 4 LEGAL AND ETHICAL PRINCIPLES

Confidentiality & HIPAA

Database Security and Authorization

Data Protection Act and Other Laws

Dangers of Social Media

OECD - Introduction It is an organisation of those countries which describe themselves as Democratic and have Market economy. Its HQ is in Paris, France.

Richard Purcell Corporate Privacy Officer Microsoft Corporation

HTHS240-Final Exam Zenobia Ursery.

Other Sources of Information

Impact and the trustee’s role

PBKM: A Secure Knowledge Management Framework

Research Challenges in Enterprise Privacy Authorization Language

Introduction to Health Privacy

PLANNING A SECURE BASELINE INSTALLATION

18734: Foundations of Privacy

Protect data in core business applications

Presentation transcript:

Group D Privacy with accountability, auditability and transparency

Accountability, auditability and transparency in service of Privacy

18 Nov Grand Challenge Statement Develop technologies that allow individuals, governments and organizations to control the release and use of information according to flexible and understandable policies.

18 Nov Motivating Scenario It will soon be possible to determine an individual’s complete genome Terrific benefits: –Customized medical treatments –Knowledge of predisposition for diseases –Aid medical research Terrific risk of abuse: –Unauthorized use by insurance, employers, law enforcement

18 Nov Enabling Assumptions 1.There will be semi-trusted computing platforms (can provide a program to a machine and believe it will execute it only as intended). 2.Legal mechanisms will be in place to sufficiently deter misuse. 3.Perfect encryption primitives are available. We don’t believe any of these exist yet… but close enough approximations do.

18 Nov Policy Questions Who should set the policies? –Individuals: change balance of power It shouldn’t be up to individuals to understand and agree to a service’s privacy policy Instead, individuals provide data in a way that enforces their policies, and the service decides what service to provide –Society: “owner” is not only one impacted Releasing my genome also releases information about my sister, parents, etc. Society may deserve to know about criminal records, infectious diseases, etc. Non-technical issues, but technology must be able to support range of desired policies.

18 Nov Policy Questions How do you express and reason about policies? –Average users need to understand what policies allow and disallow, and select (maybe define) policies that reflect their intent –Privacy policies are complex: release of information, history, location (jurisdiction), remnants, independence –Transfers between programs and organizations Design languages for defining policies, tools for reasoning about what policies allow, models for presenting policies that are understandable

18 Nov Accountability Need workarounds: Doctor in foreign country should be able to get medical history of unconscious patient Auditability: policies can specify that information is only released if an audit record is produced –Privacy of requestor may conflict with policy Policies can relate information release and use to accountability of user: credentials expand accountability, laws in user’s jurisdiction

18 Nov Enforcement Control for release and use of data has to be part of data itself –Programs that release information according to a policy (DRM-like) Constrain the use of that information after it is released to one program, but not yet to another (or a human) Revocation: if there is a mistake, can we retrieve all information derived from bad data

18 Nov Timeline Now3 years5 years7 years RevocationControl Use Control Release Enforcement Policies that depend on jurisdiction, revocation policies Policies that vary with Accountability, Society-level policies Understandable Release Policies For Individuals Policies

18 Nov Impact Success criterion: People are willing to provide their genome to medical databases in a way that enables customized treatments and medical research, without fear that it will be abused.

18 Nov Recap: Challenge Statement Develop technologies that allow individuals, governments and organizations to control the release and use of information according to flexible and understandable policies.