In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient’s complete medical record and... Show More

In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient’s complete medical record and uniformly integrates this heterogeneous collection of medical data to deliver it to the healthcare professionals. As a result, healthcare providers are more willing to shift their electronic medical record (EMR) systems to clouds that can remove the geographical distance barriers among providers and patients. Since a shared electronic health record (EHR) essentially represents a virtualized aggregation of distributed clinical records from multiple healthcare providers, sharing of such integrated EHRs should comply with various authorization policies from these data providers. In previous work, the authors present and implement a secure medical data sharing system to support selective sharing of composite EHRs aggregated from various healthcare providers in cloud computing environments. In this paper, the authors point out that when EMR systems are migrated to clouds, it is also critical to ensure that EMR systems are compliant with government regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Also, the authors propose a HIPAA compliance management approach by leveraging logic-based techniques and apply it to the cloud-based EHRs sharing system. The authors also describe evaluation results to demonstrate the feasibility and effectiveness of the approach.

Inadequate audit mechanisms may result in undetected misuse of data in software-intensive systems. In the healthcare domain, electronic health record (EHR) systems should log the creating, reading... Show More

Inadequate audit mechanisms may result in undetected misuse of data in software-intensive systems. In the healthcare domain, electronic health record (EHR) systems should log the creating, reading, updating, or deleting of privacy-critical protected health information. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing for non-repudiation and to assess whether general audit guidelines adequately address non-repudiation. The authors analyzed the audit mechanisms of two open source EHR systems, OpenEMR and Tolven eCHR, and one proprietary EHR system. The authors base the qualitative assessment on a set of 16 general auditable events and 58 black-box test cases for specific auditable events. The authors find that OpenEMR satisfies 62.5% of the general criteria and passes 63.8% of the black-box test cases. Tolven eCHR and the proprietary EHR system each satisfy less than 19% of the general criteria and pass less than 11% of the black-box test cases.

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the... Show More

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.

In neuroscience, collaboration and data sharing are undermined by concerns over the management of protected health information (PHI) and personal identifying information (PII) in neuroimage... Show More

In neuroscience, collaboration and data sharing are undermined by concerns over the management of protected health information (PHI) and personal identifying information (PII) in neuroimage datasets. The HIPAA Privacy Rule mandates measures for the preservation of subject privacy in neuroimaging studies. Unfortunately for the researcher, the management of information privacy is a burdensome task. Wide scale data sharing of neuroimages is challenging for three primary reasons: (i) A dearth of tools to systematically expunge PHI/PII from neuroimage data sets, (ii) a facility for tracking patient identities in redacted datasets has not been produced, and (iii) a sanitization workflow remains conspicuously absent. This article describes the XNAT Redaction Toolkit - an integrated redaction workflow which extends a popular neuroimage data management toolkit to remove PHI/PII from neuroimages. Quickshear defacing is also presented as a complementary technique for deidentifying the image data itself. Together, these tools improve subject privacy through systematic removal of PII/PHI.