A Privacy Preservation Model for Health-Related Social Networking Sites

The increasing use of social networking sites (SNS) in health care has resulted in a growing number of individuals posting personal health information online. These sites may disclose users'' health information to many different individuals and organizations and mine it for a variety of commercial and research purposes, yet the revelation of personal health information to unauthorized individuals or entities brings a concomitant concern of greater risk for loss of privacy among users. Many users join multiple social networks for different purposes and enter personal and other specific information covering social, professional, and health domains into other websites. Integration of multiple online and real social networks makes the users vulnerable to unintentional and intentional security threats and misuse. This paper analyzes the privacy and security characteristics of leading health-related SNS. It presents a threat model and identifies the most important threats to users and SNS providers. Building on threat analysis and modeling, this paper presents a privacy preservation model that incorporates individual self-protection and privacy-by-design approaches and uses the model to develop principles and countermeasures to protect user privacy. This study paves the way for analysis and design of privacy-preserving mechanisms on health-related SNS.     

The health care information directive

Background  

Developments in information technology promise to revolutionise the delivery of health care by providing access to data in a timely and efficient way. Information technology also raises several important concerns about the confidentiality and privacy of health data. New and existing legislation in Europe and North America may make access to patient level data difficult with consequent impact on research and health surveillance. Although research is being conducted on technical solutions to protect the privacy of personal health information, there is very little research on ways to improve individuals power over their health information. This paper proposes a health care information directive, analogous to an advance directive, to facilitate choices regarding health information disclosure.     

Patient data confidentiality and patient rights

There has been a recent trend to gather and record more comprehensive and more detailed personal medical information in computerized databases. Retrieval and access are much easier from electronic records than from hard copies stored in the archives of care-providing institutions. The Institute of Medicine voiced concern that these developments raised numerous problematic issues, the most disturbing of which is a much more widespread and systematic violation of privacy via what they called 'authorized abuse', i.e. authorized users abusing their access privileges. Other worries stemmed from the sharing of patient information among different entities. Multitudes of organizations receive information about patients' health records, often without their knowledge or consent. These include care providers, insurers, pharmacists, employers, life insurance companies and marketing firms. This article addresses the issues of medical data ownership and some health data-recording problems to which we propose co-ownership and co-documentation as part of the solution. We believe that a cooperative approach will help to maintain greater accuracy of personal medical data, written in language that can be shared and understood by the consumers and not one couched in terminology understandable only to professional personnel and to delegate the power to the patient to decide when and to whom to give authorization for its use by a third party and for research.     

Examining the evidence of the impact of health information technology in primary care: An argument for participatory research with health professionals and patients

PurposeHealth information technology represents a promising avenue to improve health care delivery. How can we use lessons learnt from existing health information technologies in primary care to inform the optimal design of newer developments such as personal health records?MethodsThe results of systematic literature reviews about the impact of different information systems on health outcomes in primary care are critically discussed in a narrative synthesis, with a focus on their implications for the development of personal health records.ResultsGiven the proliferation of systematic reviews and randomized controlled trials, high quality evidence for health information technology in primary care is accumulating with mixed results. The heterogeneity of systems being compared and the quality of research can no longer account for these findings. One potential explanation may be that systems originally designed for acute care settings are being implemented in primary care. Early studies evaluating personal health records suggest that targeting patient outcomes directly and adapting systems to patients’ needs may be part of the solution.ConclusionIn order to develop personal health records for primary care, studies are needed that involve the users, namely patients and primary care health professionals, in the design and evaluation of these systems from their inception. Participatory research is a recommended methodological approach.     

Medical Students and Personal Smartphones in the Clinical Environment: The Impact on Confidentiality of Personal Health Information and Professionalism

Background

Smartphones are becoming ubiquitous in health care settings. The increased adoption of mobile technology such as smartphones may be attributed to their use as a point-of-care information source and to perceived improvements in clinical communication and efficiency. However, little is known about medical students’ use of personal smartphones for clinical work.

Objective

The intent of the study was to examine final-year medical students’ experience with and attitudes toward using personal mobile technology in the clinical environment, with respect to the perceived impact on patient confidentiality and provider professionalism.

Methods

Cross-sectional surveys were completed by final-year medical students at the University of Toronto. Respondents were asked about the type of personal mobile phone they use, security features on their personal phone, experiences using their personal phone during clinical rotations, and attitudes about using their personal phone for clinical work purposes.

Results

The overall response rate was 45.4% (99/218). Smartphone ownership was prevalent (98%, 97/99) with the majority (86%, 85/99) of participants using their personal phones for patient-related communication during clinical rotations. A total of 26% (26/99) of participants reported not having any type of security feature on their personal phone, 94% (90/96) of participants agreed that using their personal phone for clinical work makes them more efficient, and 86% (82/95) agreed that their personal phone allows them to provide better patient care. Although 68% (65/95) of participants believe that the use of personal phones for patient-related communication with colleagues poses a risk to the privacy and confidentiality of patient health information, 22% (21/96) of participants still use their personal phone to text or email identifiable patient data to colleagues.

Conclusions

Our findings suggest that the use of personal smartphones for clinical work by medical students is prevalent. There is a need to more fully address the threat to patient confidentiality posed by the use of unsecured communication devices such as smartphones.     

Medical information privacy and the conduct of biomedical research.

Profound changes in the health care delivery system, the increasing pervasiveness of information technology, and dramatic advancements in research in human genetics are intensifying public concerns about the privacy of medical information. The author argues that some of these concerns, such as the fear that medical data could be used to deny health insurance or employment, are "pragmatic" and can be dealt with through the political process. But other, "ideologic" concerns tend to generate strong emotions and political positions that impede rational discourse and confound attempts to seek workable compromises. He stresses that the progress of medicine has long depended on studies of collections of empirical data about individuals, and discusses the federal oversight of research involving human subjects, including provisions in place to protect their privacy and maintain the confidentiality of data while at the same time permitting necessary access to data for research. He suggests that since every individual benefits from the accumulated medical knowledge base, everyone should contribute to the ongoing expansion and renewal of that base. The author then states nine principles crafted at the Association of American Medical Colleges to guide its thinking and advocacy efforts regarding medical-information privacy issues. (For example, "the free flow of identifiable medical information within the boundaries of the health care system is essential to the optimum provision of patient care and its payment.") He acknowledges that the flows and uses of identifiable patient information within our complex health care and research systems are bewildering and hard to explain to the public, which is deeply concerned about privacy in general, and especially medical information privacy. How to address this concern and at the same time protect the completeness, accuracy, and integrity of the medical record? The author offers no specific answers beyond those embodied in the AAMC principles, but maintains that a satisfactory solution will come only from carefully crafted federal legislation that creates a comprehensive, uniform, and effective system of workable protections of the confidentiality of medical information, while protecting the access needed to puruse the nation's ambitious agenda in health research.     

Health care in the information society. A prognosis for the year 2013

Our society is increasingly influenced by modern information and communication technology (ICT). Health care has profited greatly by this development. How could health care provision look in the near future, in 10 years, or more precisely, in the year 2013? What measures must be undertaken by political and self-governing health institutions, and by medical informatics research, to ensure an efficient, medically advanced and yet affordable future health care system? Three factors will greatly influence the further development of information processing in health care within the near future: the development of the population, medical advances, and advances in informatics. These factors have motivated us to set up 30 theses for health care provision in the year 2013. The theses cover areas of health care, such as its people, its information systems, and its ICT tools. Three major goals requiring achievement have been identified: patient-centered recording and use of medical data for cooperative care, process-integrated decision support through current medical knowledge, comprehensive use of patient data for research and health care reporting. In consequence, political institutions should provide a framework for networked, patient-centered health care. They are called on to regulate the storage and exchange of health care data and of appropriate information system architectures. Finally, the health care institutions themselves must emphasize professional information management more strongly. Relevant research topics in medical informatics are: comprehensive electronic patient records, modern health information system architectures, architectures for medical knowledge centers, specific data processing methods ('medical data mining'), and multi-functional, mobile ICT tools.     

Perspectives of Australian adults about protecting the privacy of their health information in statistical databases

ObjectivesThe aim of this study was to discover the public's attitude and views towards privacy in health care. This is a part of a larger project which aims to gain an insight into what kind of privacy is needed and develop technical measures to provide such privacy.MethodsThe study was a two-stage process which combined qualitative and quantitative research. Stage One of the study comprised arranging and facilitating focus groups while in Stage Two we conducted a social survey.MeasurementsWe measured attitudes towards privacy, medical research and consent; privacy concern about sharing one's health information for research; privacy concern about the possibility that some specific information from medical records could be linked to the patient's name in a situation that was not related to medical treatment.ResultsThe results of the study revealed both great support for medical research (98%), and concern about privacy of health information (66%). Participants prefer to be asked for their permission before their health information is used for any purpose other than medical treatment (92%), and they would like to know the organisation and details of the research before allowing the use of their health records (83%). Age, level of education, place of birth and employment status are most strongly associated with privacy concerns. The study showed that there are some particularly sensitive issues and there is a concern (42–60%) about any possibility of linking these kinds of data to the patient's name in a situation that is not related to medical treatment. Such issues include sexually transmitted diseases, abortions and infertility, family medical history/genetic disorders, mental illness, drug/alcohol related incidents, lists of previous operations/procedures/dates and current medications.ConclusionsParticipants believe they should be asked for permission before their health information is used for any purpose other than medical treatment. However, consent and privacy concerns are not necessary related.Assuring individuals that their personal health information is de-identified reduces their concern about the necessity of consent for releasing health information for research purposes, but many people are not aware that removing their names and other direct identifiers from medical records does not guarantee full privacy protection for their health information. Privacy concerns decrease as extra security measures are introduced to protect privacy. Therefore, instead of “tailoring concern” as proposed by Willison [1] we suggest improving privacy protection of personal information by introducing additional security measures in data publishing.     

A conceptual framework and principles for trusted pervasive health

Background

Ubiquitous computing technology, sensor networks, wireless communication and the latest developments of the Internet have enabled the rise of a new concept—pervasive health—which takes place in an open, unsecure, and highly dynamic environment (ie, in the information space). To be successful, pervasive health requires implementable principles for privacy and trustworthiness.

Objective

This research has two interconnected objectives. The first is to define pervasive health as a system and to understand its trust and privacy challenges. The second goal is to build a conceptual model for pervasive health and use it to develop principles and polices which can make pervasive health trustworthy.

Methods

In this study, a five-step system analysis method is used. Pervasive health is defined using a metaphor of digital bubbles. A conceptual framework model focused on trustworthiness and privacy is then developed for pervasive health. On that model, principles and rules for trusted information management in pervasive health are defined.

Results

In the first phase of this study, a new definition of pervasive health was created. Using this model, differences between pervasive health and health care are stated. Reviewed publications demonstrate that the widely used principles of predefined and static trust cannot guarantee trustworthiness and privacy in pervasive health. Instead, such an environment requires personal dynamic and context-aware policies, awareness, and transparency. A conceptual framework model focused on information processing in pervasive health is developed. Using features of pervasive health and relations from the framework model, new principles for trusted pervasive health have been developed. The principles propose that personal health data should be under control of the data subject. The person shall have the right to verify the level of trust of any system which collects or processes his or her health information. Principles require that any stakeholder or system collecting or processing health data must support transparency and shall publish its trust and privacy attributes and even its domain specific policies.

Conclusions

The developed principles enable trustworthiness and guarantee privacy in pervasive health. The implementation of principles requires new infrastructural services such as trust verification and policy conflict resolution. After implementation, the accuracy and usability of principles should be analyzed.     

Current status and trends in the development of medical information systems for morphological research]

The time of cooperative action of the information medical systems is coming. Standardization of clinical laboratory information systems is one of the most difficult but important problems for clinical laboratory community and technicians. Electronic data exchange requires agreement on the data element format by which healthcare institutions can exchange. Computerization of health care service raises the problem of security because the risk of violation of medical privacy is dramatically increasing. Unauthorized users can access, copy, alter, delete or distort hundreds or thousands of medical records within minutes. Information can be faulted by individuals or system failure. It is necessary to discuss and make a final decision of joining some standard for the purpose of integration.     

Interprofessional education: a review and analysis of programs from three academic health centers

The past decade witnessed momentum toward redesigning the U.S. health care system with the intent to improve quality of care. To achieve and sustain this change, health professions education must likewise reform to prepare future practitioners to optimize their ability to participate in the new paradigm of health care delivery. Recognizing that interprofessional education (IPE) is gaining momentum as a crucial aspect of health care professions training, this article provides an introduction to IPE programs from three different academic health centers, which were developed and implemented to train health care practitioners who provide patient-centered, collaborative care. The three participating programs are briefly described, as well as the processes and some lessons learned that were critical in the process of adopting IPE programs in their respective institutions. Critical aspects of each program are described to allow comparison of the critical building blocks for developing an IPE program. Among those building blocks, the authors present information on the planning processes of the different institutions, the competencies that each program aims to instill in the graduates, the snapshot of the three curricular models, and the assessment strategies used by each institution. The authors conclude by providing details that may provide insight for academic institutions considering implementation of IPE programs.     

Home care delivery through the mobile telecommunications platform: the Citizen Health System (CHS) perspective

Health delivery practices are shifting towards home care. The reasons are the better possibilities for managing chronic care, controlling health delivery costs, increasing quality of life and quality of health services and the distinct possibility of predicting and thus avoiding serious complications. For the above goals to become routine, new telemedicine and information technology (IT) solutions need to be implemented and integrated in the health delivery scene, and these solutions need to be assessed through evidence-based medicine in order to provide solid proof for their usefulness. Thus, the concept of contact or call centers has emerged as a new and viable reality in the field of IT for health and telemedicine. In this paper we describe a generic contact center that was designed in the context of an EU funded IST for health project with acronym Citizen Health System (CHS). Since the generic contact center is composed by a number of modules, we shall concentrate in the modules dealing with the communication between the patient and the contact center using mobile telecommunications solutions, which can act as link between the internet and the classical computer telephony communication means. We further elaborate on the development tools of such solutions, the interface problems we face, and on the means to convey information from and to the patient in an efficient and medically acceptable way. This application proves the usefulness of wireless technology in providing health care services all around the clock and everywhere the citizen is located, it proves the necessity for restructuring the medical knowledge for education delivery to the patient, and it shows the virtue of interactivity by means of using the limited, yet useful browsing capabilities of the wireless application protocol (WAP) technology.     

Impacts of mobile tablet computing on provider productivity,communications, and the process of care

ObjectiveHealth information technology investments continue to increase while the value derived from their implementation and use is mixed. Mobile device adoption into practice is a recent trend that has increased dramatically and formal studies are needed to investigate consequent benefits and challenges. The objective of this study is to evaluate practitioner perceptions of improvements in productivity, provider-patient communications, care provision, technology usability and other outcomes following the adoption and use of a tablet computer connected to electronic health information resources.MethodsA pilot program was initiated in June 2013 to evaluate the effect of mobile tablet computers at one health provider organization in the southeast United States. Providers were asked to volunteer for the evaluation and were each given a mobile tablet computer. A total of 42 inpatient and outpatient providers were interviewed in 2015 using a survey style questionnaire that utilized yes/no, Likert-style, and open ended questions. Each had previously used an electronic health record (EHR) system a minimum of one year outside of residency, and were regular users of personal mobile devices. Each used a mobile tablet computer in the context of their practice connected to the health system EHR.ResultsThe survey results indicate that more than half of providers perceive the use of the tablet device as having a positive effect on patient communications, patient education, patient's perception of the provider, time spent interacting with patients, provider productivity, process of care, satisfaction with EHR when used together with the device, and care provision. Providers also reported feeling comfortable using the device (82.9%), would recommend the device to colleagues (69.2%), did not experience increased information security and privacy concerns (95%), and noted significant reductions in EHR login times (64.1%). Less than 25% of participants reported negative impacts on any of these areas as well as on time spent on order submission, note completion time, overall workload, patient satisfaction with care experience and patient outcomes. Gender, number of years in practice, practice type (general practitioner vs. specialist), and service type (inpatient/outpatient) were found to have a significant effect on perceptions of patient satisfaction, care process, and provider productivity.ConclusionsProviders found positive gains from utilizing mobile devices in overall productivity, improved communications with their patients, the process of care, and technology efficiencies when used in combination with EHR and other health information resources. Demographic and health care work environment play a role in how mobile technologies are integrated into practice by providers.     

Lack of Acceptance of Digital Healthcare in the Medical Market: Addressing Old Problems Raised by Various Clinical Professionals and Developing Possible Solutions

Various digital healthcare devices and apps, such as blood glucose meters, blood pressure monitors, and step-trackers are commonly used by patients; however, digital healthcare devices have not been widely accepted in the medical market as of yet. Despite the various legal and privacy issues involved in their use, the main reason for its poor acceptance is that users do not use such devices voluntarily and continuously. Digital healthcare devices generally do not provide valuable information to users except for tracking self-checked glucose or walking. To increase the use of these devices, users must first understand the health data produced in the context of their personal health, and the devices must be easy to use and integrated into everyday life. Thus, users need to know how to manage their own data. Medical staff must teach and encourage users to analyze and manage their patient-generated healthcare data, and users should be able to find medical values from these digital devices. Eventually, a single customized service that can comprehensively analyze various medical data to provide valuable customized services to users, and which can be linked to various heterogeneous digital healthcare devices based on the integration of various health data should be developed. Digital healthcare professionals should have detailed knowledge about a variety of digital healthcare devices and fully understand the advantages and disadvantages of digital healthcare to help patients understand and embrace the use of such devices.     

eHealth in Belgium, a new "secure" federal network: role of patients, health professions and social security services

eHealth platform is the official federal network in Belgium (created by law on 21 August 2008) devoted to a secure exchange of health data in many types of applications, such as health care purposes, simplification of administrative procedures and contribution to health policy. It implies a controlled access to decentralized databases and uses encrypted personal data. The national identification number has been chosen in order to authenticate the requester, the patient, and the receiver of information exchange. Authorizations have to be respected in order to obtain personal health data. Several questions are raised about its security: the lack of mandatory request for systematic journaling on accesses to the electronic patient record as well as the absence of explicit procedures for sanctions in case of unauthorized access, the new role of social security administration in managing security where a eHealth manager can be both judge and party (in the function of trusted third party for health data encryption and of a required lawyer for texts proposed by physicians to the Commission for the protection of private life). Another critic concerns the number of physicians in minority and the absence of patients' delegates in the eHealth Board. At a time when the patient is becoming a partner in the care team, should not he be the gate-keeper for the access to his own health record? How could networks help him to get the appropriate knowledge to contribute to care and to write his testament of life? Recent laws (on private life, patient rights and euthanasia) have contributed to a behavioural change in citizens and physician attitudes. Recommendations are made in order to improve the acceptability of eHealth platform.     

Information technology and patient safety in nursing practice: an international perspective

When people become patients, they place their trust in their health care providers. As providers assume responsibility for their diagnosis and treatment, patients have a right to expect that this will include responsibility for their safety during all aspects of care. However, increasing epidemiological data make it clear that patient safety is a global problem. Improved nursing care may prevent many adverse events, and nursing must take a stronger leadership role in this area. Although errors are almost inevitable, safety can be improved, and health care institutions are increasingly making safety a top priority. Information technology provides safety benefits by enhancing communication and delivering decision-support; its use will likely be a cornerstone for improving safety. This paper will discuss the status of patient safety from an international viewpoint, provide case studies from different countries, and discuss information technology solutions from a nursing perspective.     

Information technology sophistication in health care: an instrument validation study among Canadian hospitals

Several empirical studies have shown that the use of computer-based information systems could have positive impacts on organizational performance. Many agree to say that health care organizations are no exceptions. But if one wishes to identify the effects of information technology (IT) on the delivery of care, one must be able to characterize IT for operationalization purposes. The primary objective of this research project is to develop and validate a measurement instrument of IT sophistication in the hospital milieu. Such instrument should provide hospital managers with a diagnostic tool capable of indicating the profile of their respective institutions in regard to IT adoption and comparing this profile to those of other similar medical centers. Both qualitative and quantitative data were collected in order to assess the psychometric properties of the measurement instrument. Overall, findings suggest a high-moderate level of functional sophistication, a somewhat low level of technological sophistication, and an even lower level of integration sophistication in all of the sampled medical centers. Hence, future investments shall therefore be directed towards the integration of clinical and administrative applications and the acquisition of more advanced technological devices, more specifically those, which allow direct capture of clinical data at the bedside.     

Genetic privacy and academic medicine: the Oregon experience.

Legislators are considering the conflicting concerns of consumers, researchers, health care providers, and business in the rapidly developing area of genetics. The Oregon Genetic Privacy Act of 1995 was written to protect the individual's right to genetic privacy by providing legal protection for medical information, tissue samples, and DNA samples. This legislation has had an impact on the academic medical center of Oregon Health Sciences University (OHSU) with its teaching hospital and associated clinics, both in providing medical services and in research. This impact has occurred in several areas: (1) informed consent, (2) ownership of genetic information, and (3) security of medical information. It affects both patient care and research. OHSU and other academic medical centers have a mandate to provide leadership in the education of medical students, residents, and physicians about genetic privacy and the issues and areas affected by it. As genetic privacy legislation is developed and enacted at state and federal levels, the needs of individuals must be balanced with the needs of institutions and of research in the larger context of societal needs.