-
Journal of Nuclear Medicine Technology Dec 2019The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has made an impact on the operation of health-care organizations. HIPAA includes 5 titles, and... (Review)
Review
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has made an impact on the operation of health-care organizations. HIPAA includes 5 titles, and its regulations are complex. Many are familiar with the HIPAA aspects that address protection of the privacy and security of patients' medical records. There are new rules to HIPAA that address the implementation of electronic medical records. HIPAA provides rules for protected health information (PHI) and what should be protected and secured. The privacy rule regulates the use and disclosure of PHI and sets standards that an entity working with health data must follow to protect patients' private medical information. The HIPAA security rule complements the privacy rule and requires entities to implement physical, technical, and administrative safeguards to protect the privacy of PHI. This article-part 1 of a 2-part series-is a refresher on HIPAA, its history, its rules, its implications, and the role that imaging professionals play.
Topics: Guideline Adherence; Health Information Exchange; Health Insurance Portability and Accountability Act; Privacy; United States
PubMed: 31182664
DOI: 10.2967/jnmt.119.227819 -
Sensors (Basel, Switzerland) May 2022Under the Internet of Things paradigm, the emergence and use of a wide variety of connected devices and personalized telematics services have proliferated recently. As a... (Review)
Review
Under the Internet of Things paradigm, the emergence and use of a wide variety of connected devices and personalized telematics services have proliferated recently. As a result, along with the penetration of these devices in our daily lives, the users' security and privacy have been compromised due to some weaknesses in connected devices and underlying applications. This article focuses on analyzing the security and privacy of such devices to promote safe Internet use, especially by young people. First, the connected devices most used by the target group are classified, and an exhaustive analysis of the vulnerabilities that concern the user is performed. As a result, a set of differentiated security and privacy issues existing in the devices is identified. The study reveals that many of these vulnerabilities are related to the fact that device manufacturers often prioritize functionalities and services, leaving security aspects in the background. These companies even exploit the data linked to the use of these devices for various purposes, ignoring users' privacy rights. This research aims to raise awareness of severe vulnerabilities in devices and to encourage users to use them correctly. Our results help other researchers address these issues with a more global perspective.
Topics: Adolescent; Computer Security; Humans; Privacy
PubMed: 35684588
DOI: 10.3390/s22113967 -
Nature Reviews. Genetics Jul 2022Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of... (Review)
Review
Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of genomic data that are collected, used and shared. This state of affairs raises new and challenging concerns for personal privacy, both legally and technically. This Review appraises existing and emerging threats to genomic data privacy and discusses how well current legal frameworks and technical safeguards mitigate these concerns. It concludes with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information.
Topics: Genome; Genomics; Privacy
PubMed: 35246669
DOI: 10.1038/s41576-022-00455-y -
Philosophical Transactions. Series A,... Sep 2018This position paper observes how different technical and normative conceptions of privacy have evolved in parallel and describes the practical challenges that these... (Review)
Review
This position paper observes how different technical and normative conceptions of privacy have evolved in parallel and describes the practical challenges that these divergent approaches pose. Notably, past technologies relied on intuitive, heuristic understandings of privacy that have since been shown not to satisfy expectations for privacy protection. With computations ubiquitously integrated in almost every aspect of our lives, it is increasingly important to ensure that privacy technologies provide protection that is in line with relevant social norms and normative expectations. Similarly, it is also important to examine social norms and normative expectations with respect to the evolving scientific study of privacy. To this end, we argue for a rigorous analysis of the mapping from normative to technical concepts of privacy and vice versa. We review the landscape of normative and technical definitions of privacy and discuss specific examples of gaps between definitions that are relevant in the context of privacy in statistical computation. We then identify opportunities for overcoming their differences in the design of new approaches to protecting privacy in accordance with both technical and normative standards.This article is part of a discussion meeting issue 'The growing ubiquity of algorithms in society: implications, impacts and innovations'.
Topics: Attitude; Privacy
PubMed: 30082304
DOI: 10.1098/rsta.2017.0358 -
IEEE Transactions on Pattern Analysis... Feb 2022Multi-task learning (MTL) refers to the paradigm of learning multiple related tasks together. In contrast, in single-task learning (STL) each individual task is learned...
Multi-task learning (MTL) refers to the paradigm of learning multiple related tasks together. In contrast, in single-task learning (STL) each individual task is learned independently. MTL often leads to better trained models because they can leverage the commonalities among related tasks. However, because MTL algorithms can "leak" information from different models across different tasks, MTL poses a potential security risk. Specifically, an adversary may participate in the MTL process through one task and thereby acquire the model information for another task. The previously proposed privacy-preserving MTL methods protect data instances rather than models, and some of them may underperform in comparison with STL methods. In this paper, we propose a privacy-preserving MTL framework to prevent information from each model leaking to other models based on a perturbation of the covariance matrix of the model matrix. We study two popular MTL approaches for instantiation, namely, learning the low-rank and group-sparse patterns of the model matrix. Our algorithms can be guaranteed not to underperform compared with STL methods. We build our methods based upon tools for differential privacy, and privacy guarantees, utility bounds are provided, and heterogeneous privacy budgets are considered. The experiments demonstrate that our algorithms outperform the baseline methods constructed by existing privacy-preserving MTL methods on the proposed model-protection problem.
Topics: Algorithms; Learning; Privacy
PubMed: 32780696
DOI: 10.1109/TPAMI.2020.3015859 -
Sensors (Basel, Switzerland) Oct 2022Intelligent transportation systems will play a key role in the smart cities of the future. In particular, railway transportation is gaining attention as a promising... (Review)
Review
Intelligent transportation systems will play a key role in the smart cities of the future. In particular, railway transportation is gaining attention as a promising solution to cope with the mobility challenges in large urban areas. Thanks to the miniaturisation of sensors and the deployment of fast data networks, the railway industry is being augmented with contextual, real-time information that opens the door to novel and personalised services. Despite the benefits of this digitalisation, the high complexity of railway transportation entails a number of challenges, particularly from security and privacy perspectives. Since railway assets are attractive targets for terrorism, coping with strong security and privacy requirements such as cryptography and privacy-preserving methods is of utmost importance. This article provides a thorough systematic literature review on information security and privacy within railway transportation systems, following the well-known methodology proposed by vom Brocke et al. We sketch out the most relevant studies and outline the main focuses, challenges and solutions described in the literature, considering technical, societal, regulatory and ethical approaches. Additionally, we discuss the remaining open issues and suggest several research lines that will gain relevance in the years to come.
Topics: Privacy; Computer Security; Transportation
PubMed: 36298049
DOI: 10.3390/s22207698 -
Briefings in Bioinformatics May 2019Genomic data hold salient information about the characteristics of a living organism. Throughout the past decade, pinnacle developments have given us more accurate and... (Review)
Review
Genomic data hold salient information about the characteristics of a living organism. Throughout the past decade, pinnacle developments have given us more accurate and inexpensive methods to retrieve genome sequences of humans. However, with the advancement of genomic research, there is a growing privacy concern regarding the collection, storage and analysis of such sensitive human data. Recent results show that given some background information, it is possible for an adversary to reidentify an individual from a specific genomic data set. This can reveal the current association or future susceptibility of some diseases for that individual (and sometimes the kinship between individuals) resulting in a privacy violation. Regardless of these risks, our genomic data hold much importance in analyzing the well-being of us and the future generation. Thus, in this article, we discuss the different privacy and security-related problems revolving around human genomic data. In addition, we will explore some of the cardinal cryptographic concepts, which can bring efficacy in secure and private genomic data computation. This article will relate the gaps between these two research areas-Cryptography and Genomics.
Topics: Genetic Privacy; Genome, Human; Humans; Surveys and Questionnaires
PubMed: 29121240
DOI: 10.1093/bib/bbx139 -
International Journal of Environmental... Sep 2022This article offers a brief overview of 'privacy-by-design (or data-protection-by-design) research environments', namely Trusted Research Environments (TREs, most... (Review)
Review
This article offers a brief overview of 'privacy-by-design (or data-protection-by-design) research environments', namely Trusted Research Environments (TREs, most commonly used in the United Kingdom) and Personal Health Trains (PHTs, most commonly used in mainland Europe). These secure environments are designed to enable the safe analysis of multiple, linked (and often big) data sources, including sensitive personal data and data owned by, and distributed across, different institutions. They take data protection and privacy requirements into account from the very start (conception phase, during system design) rather than as an afterthought or 'patch' implemented at a later stage on top of an existing environment. TREs and PHTs are becoming increasingly important for conducting large-scale privacy-preserving health research and for enabling federated learning and discoveries from big healthcare datasets. The paper also presents select examples of successful TRE and PHT implementations and of large-scale studies that used them.
Topics: Computer Security; Delivery of Health Care; Europe; Information Storage and Retrieval; Privacy
PubMed: 36231175
DOI: 10.3390/ijerph191911876 -
Social Studies of Science Dec 2022The European Union's General Data Protection Regulation (GDPR), in force since 2018, has introduced design-based approaches to data protection and the governance of...
The European Union's General Data Protection Regulation (GDPR), in force since 2018, has introduced design-based approaches to data protection and the governance of privacy. In this article we describe the emergence of the professional field of privacy engineering to enact this shift in digital governance. We argue that privacy engineering forms part of a broader techno-regulatory imaginary through which (fundamental) rights protections become increasingly future-oriented and anticipatory. The techno-regulatory imaginary is described in terms of three distinct privacy articulations, implemented in technologies, organizations, and standardizations. We pose two interrelated questions: What happens to rights as they become implemented and enacted in new sites, through new instruments and professional practices? And, focusing on shifts to the nature of boundary work, we ask: What forms of legitimation can be discerned as privacy engineering is mobilized for the making of future digital markets and infrastructures?
Topics: Privacy; Computer Security; Engineering
PubMed: 36000578
DOI: 10.1177/03063127221119424 -
Current Opinion in Psychology Feb 2020Communication Privacy Management (CPM) theory explains one of the most important, yet challenging social processes in everyday life, that is, managing disclosing and... (Review)
Review
Communication Privacy Management (CPM) theory explains one of the most important, yet challenging social processes in everyday life, that is, managing disclosing and protecting private information. The CPM privacy management system offers researchers, students, and the public a comprehensive approach to the complex and fluid character of privacy management in action. Following an overview of Communication Privacy Management framework, this review focuses on recent research utilizing CPM concepts that cross a growing number of contexts and illustrates the way people navigate privacy in action. Researchers operationalize the use of privacy rules and other core concepts that help describe and explain the ups and downs of privacy management people encounter.
Topics: Communication; Concept Formation; Humans; Privacy; Psychological Theory; Research
PubMed: 31526974
DOI: 10.1016/j.copsyc.2019.08.009