Presentation is loading. Please wait.

Presentation is loading. Please wait.

Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop.

Published byRosalyn Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop."— Presentation transcript:

1 Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop Arlington, VA 1

2 The Context (1) electronic records & handwritten physician notes coexist electronic records everywhere Obama's healthcare policy: -Improved health; -Reduced costs Current status EHR national standard Future 2

3 The Context (2) Data characteristics Structured; unstructured; semi-structured; multimedia time-series; data stream; temporal vs. spatial dimensions 1: Patient records at hospital and across hospitals 2: Remote healthcare at home 3: Data sharing for research 4: Doctors consult with other doctors 5: Medical info system Billing fraud 6: Cyber-physical systems – Bugs in heart monitors 3

4 The main security issues IntegrityPrivacyFraud Current6 aspects Transition6 aspects Futureunknown 4

5 Integrity + Current (1) Story 1: The Oklahoma state children health care database is a set of records contributed by physicians at multiple hospitals – The database is used to generate official state level statistics – The database cannot generate correct statistics Reason: the same kid has multiple records: “baby A” “baby B” “last name 1” “last name 2” Research problem: the attribution problem 5

6 Integrity + Current (2) Story 2: My doctors or nurses or lab technicians make mistakes; they told me that I am now 50 pounds heavier. – Reality checks – Consistency checks – Some kind of alarming measures Bigger research question: How to systematically cleanse health records? 6

7 Integrity + Transition Story 3: To create jobs, people are hired to type physicians’ handwritten notes into computers – How to alert human typing errors in real time? – Are these people trusted? – Do they really understand the notes? 7

8 Privacy + Current (1) Story 4: A patient’s doctor wants to consult with other doctors (via an online forum) to get comments and second opinions: – How much to disclose? – How much is too much? – Via the online forum, indirect inference attack could succeed through attribute aggregation & correlation (between related postings) – Can the patient have any “control” of this process? – Economic and social issues 8

9 Privacy + Current (2) Story 5: For research purpose, a provider can multicast need- driven data requests to her federated partners. Result: Patient records pulled together then used by researchers: great privacy threat How to accommodate patients’ concerns during data gathering? Privacy aware patient record integration Patient record set anonymization Group based inference Purpose driven access control (PDAC) The government may have a different purpose from researchers How to do selective sharing? Policy requirements 9

10 Privacy + Current (3) Story 6: RHIO (Regional Health Inter- Organization) systems are being promoted by federal and state governments to let providers share patient records: – Privacy threats: – Query content privacy – Data location privacy – Patient location privacy – How to construct privacy preserving RHIO systems? 10

11 Fraud + Current Story 7: Doctor double charging multiple insurance companies; insurance company double billing – Fraud detection – Collusion attack – Healthcare info system auditing 11

12 Integrity + Current (3) Story 8: Bugs in medical devices could kill people (see Kevin Fu’s paper). – In remote healthcare, could a criminal misuse the remote control channel to trigger bugs? – Bug isolation 12

13 Integrity + Current (4) Story 9: Data tampering leads to wrong diagnosis. – Prevent tampering: tampering proof – Integrity check – Tampering of real time health condition monitoring data 13

14 Privacy + Current (4) Story 10: My hospital shares my X-Ray images with researchers; however, these images could be used to reconstruct (the shape of) my face  hurt privacy – Privacy preserving digital image processing 14

15 Privacy + Current (5) Story 11: In remote healthcare, monitors send a data stream of health data to a remote doctor: – Correlation attacks to infer sensitive medical condition – Time is critical: time series analysis 15

16 Privacy + Current (6) Story 12: A patient sits with doctor Bob at hospital A, asking for information from hospital B – The answer from hospital B: I need to ask my lawyer  now this process discontinues – Could need new delegation models – Need some assurance mechanisms 16

Download ppt "Healthcare Group: The 12 Stories Peng (group lead), Paul, Bhavani, Le, Gail, Prabhakaran, Khan, Murat Feb 19-20, 2009 NSF Data & Application Security Workshop."

Similar presentations

ICT in Healthcare Topic 6.

ICT in Healthcare Topic 6.
Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.

Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.
EHealth Privacy & Security Closing Remarks Brenda Kelley AARP CT 4/20/2009.

EHealth Privacy & Security Closing Remarks Brenda Kelley AARP CT 4/20/2009.
Quality Data for a Healthy Nation by Mary H. Stanfill, RHIA, CCS, CCS-P.

Quality Data for a Healthy Nation by Mary H. Stanfill, RHIA, CCS, CCS-P.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Living with HIV Know Your Rights Disclosure at work The information contained in this publication is information about the law, but it is not legal advice.

Living with HIV Know Your Rights Disclosure at work The information contained in this publication is information about the law, but it is not legal advice.
What Can YOU Do to Help Prevent Healthcare Fraud? Sponsored by: Idaho Commission on Aging Senior Medicare Patrol Program Presented by: (Presenter name,

What Can YOU Do to Help Prevent Healthcare Fraud? Sponsored by: Idaho Commission on Aging Senior Medicare Patrol Program Presented by: (Presenter name,
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Personal Digital Assistants: Revolutionizing Medical Care Lauren McKenna and Dallas Warren ORF/PSY 322- H/M Interactions May 5 th, 2005.

Personal Digital Assistants: Revolutionizing Medical Care Lauren McKenna and Dallas Warren ORF/PSY 322- H/M Interactions May 5 th, 2005.
Lecture 6 Personal Health Record (Chapter 16)

Lecture 6 Personal Health Record (Chapter 16)
E-HIM ™ : It Will Transform Your Job! By Beth Hjort, RHIA, CHP National Health Information and Technology Week November 7–13, 2004.

E-HIM ™ : It Will Transform Your Job! By Beth Hjort, RHIA, CHP National Health Information and Technology Week November 7–13, 2004.
Chapter 5. Describe the purpose, use, key attributes, and functions of major types of clinical information systems used in health care. Define the key.

Chapter 5. Describe the purpose, use, key attributes, and functions of major types of clinical information systems used in health care. Define the key.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
What Can YOU Do to Prevent Healthcare Fraud? Funded by: This project is supported in part by grant numbers 90MP0026 and 90MP0127 from the U.S. Administration.

What Can YOU Do to Prevent Healthcare Fraud? Funded by: This project is supported in part by grant numbers 90MP0026 and 90MP0127 from the U.S. Administration.
Have You Read Your Medical Record? Peggy Beck, RHIA, CMT, FAAMT.

Have You Read Your Medical Record? Peggy Beck, RHIA, CMT, FAAMT.

Similar presentations

Ads by Google