Top Banner
Mathur, N-1 CSE5 810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University of Connecticut, Storrs [email protected]
27

Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Dec 18, 2015

Download

Documents

Kadin Staring
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-1

CSE5810

CSE5810: Patient Data and Medical Data Privacy

Nitish Narain Mathurnnm12001

Department of Computer Science & EngineeringUniversity of Connecticut, Storrs

[email protected]

Page 2: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-2

CSE5810

Background

Importance of data privacy in the Biomedical?

Is it necessary for HCOs to protect data?

Page 3: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-3

CSE5810

Introduction

With technology advancements by the day, security vulnerabilities are also increasing

Collection of sensitive data is being done through wireless devices

HCOs are working towards upgrading to such advancements and extract fruitful data from those data archives and while doing so security vulnerabilities have been bought to publics attention

Ex: HC provider looking into patients data without consent (authorization). Patient might most likely be a famous personality, relative …

With this kind of a scenario, publics faith in such systems has taken a plunge over the years

Page 4: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-4

CSE5810

Privacy Privacy is defined as the ability to control what

information should be given out Privacy Anonymity, Confidentiality & Solitude When EMRs started to get widely used, privacy was

recognized as the core principle in this industry With every individual there is a change in how data

delegation should be done Better policies and technologies are being researched

upon and implemented A solution for such a concern should be cost effective

and beneficial for all If a short term solution is used, a much longer,

sustainable solution should be implemented in the near future.

Page 5: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-5

CSE5810

Privacy How comfortable are you that your personal health

information is disclosed to a HCP when compared with some random person on the street??? – With every situation it varies

Common practice was to remove such sensitive data from the DBs and are then given out to the public

But this leads to data inconsistency and this disseminated data is useless For this to be achieved clearly distinguish between

access control & disclosure control Just by removal of sensitive data from the data sets it

is not sufficient Data might be available in multiple locations and

when combined certain features of an individual can be known

Page 6: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-6

CSE5810

Issues in Biomedical Data Privacy Storing sensitive information on cloud storage by

HCOs when these systems are not under direct control of such systems

Unwanted disclosure of sensitive information happens in different ways Computer Security System compromise Breach of security in Institutional Infrastructure Insecure transmission Acts of disloyal employees, …

Page 7: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-7

CSE5810

Goals of Information Security in Health Care Ensure the privacy of patients and the confidentiality

of health care data. Ensure the integrity of health care data Ensure the availability of health data for authorized

persons.

Issues with these goals: Access Control? Application of cryptographic protocols Need for authentication of user for data integrity System reliability, backup mechanisms for data

availability

Page 8: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-8

CSE5810

Personal Health Records Patients access to their own information According to the Markle Foundation (Connecting for

health) Electronic application through which individuals can

access, manage and share their health information in a secure and confidential environment.

According to Center for Information Technology (CITL) An Internet based set of tools that allows people to

access and coordinate their lifelong health information and make appropriate parts of it available to those who need it.

HCOs and e-health services that are covered by HIPAA (Health Insurance Portability and Accountability Act) have an issue of implementing effective and cost-efficient security and privacy policies while being compliant with the regulations.

Page 9: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-9

CSE5810

Personal Health Records Primary responsibility is safeguard the organizations

information including EMRs and EHRs Security and privacy are 2 critical issues – both for

patient and provider Current PHRs provide essential security measures but

lack in privacy measures There are a few types of PHRs based on certain

constraints. These constraints are not universal and hence lead to difficulties in implementing security and privacy controls

Page 10: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-10

CSE5810

Personal Health Records along with HIPAA For PHRs to be widely accepted they should be patient

centric that is ensuring privacy and control by the patients over their own records.

HCOs are covered entities under HIPAA regulations and are subject to the HIPAA security and privacy rule, PHRs operated by HCOs may not be subject to HIPAA regulations

HCOs might regulate the use of PHRs by a contract (with the patient)

Page 11: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-11

CSE5810

Security and Privacy Concerns in PHRs Use of data by insurance companies Medical Identity theft by misuse of data and

challenges involved in preventing the same Inappropriate use of medical data by PHR vendors for

medical advertising Risk of misuse of health information by rogue entities,

payers, employers, third party care providers Risks that arise from granting data ownership to

patients (not all patients are e-friendly) Conflicting regulatory frameworks: State and Federal Data Access and Storage (Malicious attacks)

Page 12: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-12

CSE5810

Evaluation of MSHV – Privacy Policy

Evaluation Criteria Health Vault

Ease of Access Privacy policy is up on the home page

Self Containment - How difficult is the document to understand?

Combination of 3 documents. The account is actually a Live Account. 3rd party application

Transparency – does it state if compliant with HIPAA

Yes

Does each document state what data is collected, used, retained…. And for whom?

‘NO’. Only mention of how data can be shared with family members

Patient Consent – Choices available to user? How will provider take implicit or explicit consent?

‘NO’ details of the process for opt-in/opt-out mechanisms

Can de-identified data be used without consent?

Yes. Cannot opt out of this

Can users hide sensitive information? No segmentation. No data categories

Page 13: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-13

CSE5810

Evaluation of MSHV – Privacy Policy

Evaluation Criteria Health Vault

Is user consent needed before disclosure to 3rd parties?

If partnered with HIPAA then not needed

Direct Collection and disclosure of non personal data to 3rd parties

No liability issues covered, no breach of security covered

For how long does the data be stored on the system?

90 days after which it is deleted

Can user opt out of such data collection? NO

Access and data interaction – can users see who has accessed their data?

Audit trials provided, Provider partners may have own trials, no mention of 3rd parties

Can users remove themselves and their information from system upon request?

Users can “anytime completely delete” their account without assistance. Back-up copies are there for 90 days

Page 14: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-14

CSE5810

Electronic Health Records EHRs are a way to exchange medical data of patients

between different health care providers Existing approaches for protecting such data is

insufficient. A new security architecture is needed for EHRs Patients should be able to authorize access to their

records remotely (via phone) and should be time-independent for later processing by the physician.

Patient-controlled encryption provides the strongest security and privacy as the encryption keys are stored on the smart card

Page 15: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-15

CSE5810

EHRs But it comes with issues

Acceptance problems Diagnosis writeup is done after the patient has left After a home visit the patient is not available Elderly people and disabled people might not be e-

friendly If patient is too ill then he/she has to give their card

to a third person Patient might be unconscious and might not be

able to authorize access to the EHR Smartcard has to be connected to a local device of

a health professional. No authorization possible via internet

Page 16: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-16

CSE5810

Solution for the issues with EHRs Should allow patients to give an authorization secret to

doctors via different communication channels. Existing Systems:

Smartcard Encryption New System should have the following objectives:

Patient-controlled confidentiality of EHR data Flexible authorization of access to EHR data Emergency Access

Page 17: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-17

CSE5810

Solution for the issues with EHRs Requirements for such an EHR system:

End-to-end encryption Record-dependent encryption Transferability of authorization secrets Asynchronous authorization Access to emergency data Accountability of emergency access

Page 18: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-18

CSE5810

Protecting Health Information on Mobile Devices

Mobile applications are getting used increasingly by health care professionals and patients

Mobile devices are having security threats and hence there is an urge to address the issue of how this data can be protected

The mobile devices are easily available and are always connected which makes them highly attractive to use and access medical data at any location and during emergencies.

It reduces cost but at the same time it also introduces the problem of protection of health data on such mobile devices

Page 19: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-19

CSE5810

Protecting Health Information on Mobile Devices

Mobile devices are becoming easy targets of malware Studies have shown that medical data disclosure is one

of the top reasons for a breach Goals:

Ensure that sensitive data does not flow to untrusted applications

Such data should not must not be allowed to flow outside of the device to untrusted hosts

Explicit user consent can be taken when not clear if data should be sent or no

Securely capture and process user input to avoid malware scripted events

Page 20: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-20

CSE5810

Protecting Health Information on Mobile Devices

A new system was proposed in the paper by “Ahmed, Musheer and Ahamad, Mustaque; Protecting Health Information on Mobile Devices”

Their framework would help protect sensitive data against unsafe and unintended uses on mobile device.

Helps prevent 3rd-party health care applications from leaking sensitive medical information even after getting infected by malware

Explicit patient consent plays an important role

Page 21: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-21

CSE5810

Protecting Health Information on Mobile Devices

Contribution: Constrained application for the Android platform

which can be used to safeguard sensitive data and prevent its flow to unauthorized entities

Propose and describe how a user consent detection mechanism can help distinguish actual user input from scripted events that are generated by malware

Use of sample health applications and a security policy to demonstrate how sensitive health data can be securely accessed

Tagging of sensitive data which is easier when it is accessed for a small number of trusted repositories

Page 22: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-22

CSE5810

Protecting Health Information on Mobile Devices

According to HIPAA regulations, disclosures can only be made for specific purposes or situations such as a treatment, payment or other health related operation

As the health care professionals access sensitive patient medical data on mobile devices, regulatory requirements will apply to all these devices

Unintended disclosures can happen while using such a device by a malware

Another threat might be from application developers who do not take proper security measures to ensure data security

Already, from research it is known that there is unauthorized use of data from third party applications without user consent

Devices might be lost/stolen

Page 23: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-23

CSE5810

Protecting Health Information on Mobile Devices Security Policy:

These devices are commonly used by a single user and operate under user control

The security policy does not rely on identity credentials but deals with how information is shared

Requirements: Primary focus is on sharing of health data Use a 3rd party application, Sana Mobile This proposed framework would monitor and

prevent disclosure of sensitive health information to unauthorized parties

Also stop transfer of sensitive data to insecure locations

Page 24: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-24

CSE5810

Protecting Health Information on Mobile Devices

Areas that need to be considered: Controlling remote communication Preventing data sharing with other applications Controlling Insecure Data Storage User Consent Detection

Approach: OS on the mobile device is trusted Tagging Sensitive Data Tag all incoming data with a label Maintain tags properly Data tagging can be done in multiple ways

Page 25: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-25

CSE5810

Protecting Health Information on Mobile Devices Monitoring Tagged Data Flow:

Once information has been tagged allow it to freely move within the constrained application

As it flows, track it One can achieve this by using TaintDroid. It is an

information flow tracking system that taints data

Page 26: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-26

CSE5810

Overview Security Policy Privacy and Confidentiality in Health Care Data Ownership and Legal Accountability Informed consent to disclosure Use of Medical Data User Authentication and Access Control Cryptography Data Integrity Audit Trials

Page 27: Mathur, N-1 CSE 5810 CSE5810: Patient Data and Medical Data Privacy Nitish Narain Mathur nnm12001 Department of Computer Science & Engineering University.

Mathur, N-27

CSE5810

Questions?Thank You