Confidentiality, Privacy and SecurityPrivacyConfidentialitySecurityWhy do they matter?Why do they matter?Users of health informationUsersSlide 9Slide 10Slide 11Slide 12Slide 13Privacy solutionsSecurity controlsManagement controlsCore security policiesBiometricsApproaches to identificationSlide 20IdentificationProbabilisticBiometric IDBiometric applicationsBiometric identifiersBiometric technologiesFingerprintHand geometryRetinal scanSlide 30Voice recognitionIris scanningFace recognition/thermographyHand veinSignatureSlide 36Biometric identification issuesSecurity: availabilitySecurity: accountabilitySecurity: perimeter definitionSecurity: rule-limited accessSecurity: comprehensibility and controlAvailabilityAccountabilityPerimeter definitionSlide 46Role limited accessTaxonomy of organizational threatsResourcesInitial accessTechnical capabilitySlide 52Levels of threatThreatThreatsCountering threatsCountermeasuresCounter threat 1Counter threat 2Counter threat 3Counter threat 4Counter threat 5Issues with countermeasuresRecommendationsRecommendationsSlide 66Slide 67Future recommendationsUniversal patient identifierImplications of the Health Insurance Portability and Accountability Act of 1996Slide 71What is HIPAAWhat Information is covered under HIPAAPrivacy vs. SecurityPrivacy before HIPAAGaps in privacy protectionConcern about loss of PrivacyConcern About Loss of PrivacySlide 79Slide 80Slide 81Are These Privacy Concerns Unfounded?Slide 83Slide 84Slide 85Why does electronic communication increase privacy concerns?What is HIPAA designed to do?HIPAA TimelineSlide 89Slide 90HIPAA Stipulations for Using and Releasing InformationSlide 92Slide 93Slide 94Health-related activities covered by HIPAAHIPAA In Health CareSlide 97Research under HIPAASlide 99HIPAA in Research SummarySlide 101Slide 102Penn’s High Level Approach to HIPAAUniversity of Pennsylvania Health SystemSlide 105The overlapping lines of communicationPenn’s Approach to Research Data UseSlide 108Data Integration and AccessAvailable DataSlide 111Slide 112Slide 113Administrative Issues in Data UseResearch Data Use vs Patient ContactQuestions for discussionSlide 117Confidentiality, Privacy and SecurityC. William Hanson M.D. Professor of Anesthesiology and Critical Care CS DepartmentPrinceton Universityhttp://www.cs.princeton.edu/courses/archive/spr02/cs495/Confidentiality%20Privacy%20and%20Security.pptPrivacy•The desire of a person to control the disclosure of personal health informationConfidentiality•The ability of a person to control release of personal health information to a care provider or information custodian under an agreement that limits further release of that informationSecurity•Protection of privacy and confidentiality through policies, procedures and safeguards.Why do they matter?•Ethically, privacy and confidentiality are considered to be rights (in our culture)•Information revealed may result in harm to interests of the individual•The provision of those rights tends to ensure that the information is accurate and complete•Accurate and complete information from individuals benefits society in limiting spread of diseases to society (i.e. HIV)Why do they matter?•The preservation of confidentiality assists research which in turn assists patientsUsers of health information•Patient–Historical information for current and future care–Insurance claims•MD’s –Patient’s medical needs–Documentation–Interface with other providers–BillingUsers•Health insurance company–Claims processing–Approve consultation requests•Laboratory–Process specimens–Results reporting–BillingUsers•Pharmacy–Fill prescription–Billing•Hospital–Care provision–Record of services–Billing–Vital statistics–Regulatory agenciesUsers•State bureau–Birth statistics–Epidemiology•Accrediting organization–Hospital review•Employer–Request claims data–Review claims for $ reduction–Benefits package adjustmentsUsers•Life insurance companies–Process applications–Process claims–Risk assessment•Medical information bureau–Fraud reduction for life insurance companies•Managed care company–Process claims–Evaluate MD’sUsers•Lawyers–Adherence to standard of practice–Malpractice claims•Researcher–Evaluate research programSecurity•Availability•Accountability•Perimeter definition•Rule-limited access•Comprehensibility and controlPrivacy solutions•Forbid the collection of data that might be misused•Allow the collection of health information within a structure, but with rules and penalties for violation pertaining to collecting organizations•Generate policies to which individual information handlers must adhereSecurity controls•Management controls–Program management/risk management•Operational controls–Operated by people•Technical controls–Operated by the computer systemManagement controls•Establishment of key security policies, i.e. policies pertaining to remote access–Program policy•Definition, scope, roles and responsibilities of the computer security program–Issue specific policy•Example: Y2K–System specific policy•Who can access what functions whereCore security policies•Confidentiality•Email•System access•Virus protection•Internet/intranet use•Remote access•Software code of ethics•Backup and recovery•Security training and awarenessBiometrics•The scientific discipline of measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics–Can be used to evaluate changes over time for medical monitoring or diagnosis–Can be used for securityApproaches to identification•Token based simple security–House key, security card, transponder•Knowledge based–SSN, password, PIN•Two-factor–Card + PINCard PINID AuthenticationAccess+Approaches to identification•Authoritative IDIDAuthent-icationPolicyAccessAuditTFIdentification•Certain and unambiguous–Deterministic•Certain with small probability of error–Probabilistic•Uncertain and ambiguous•Biometric schemes are probabilisticProbabilistic•False acceptance rate (type I error)–Percentage of unauthorized attempts that will be accepted–Also relevant for medical studies•False rejection rate (type II error)–Percentage of authorized attempts that will be rejected–Also relevant for medical studies•Equal error rate–Intersection of the lowest FAR and FRRBiometric ID•Acquire the