-
Journal of Cloud Computing (Heidelberg,... 2023Supporting security and data privacy in cloud workflows has attracted significant research attention. For example, private patients' data managed by a workflow deployed...
Supporting security and data privacy in cloud workflows has attracted significant research attention. For example, private patients' data managed by a workflow deployed on the cloud need to be protected, and communication of such data across multiple stakeholders should also be secured. In general, security threats in cloud environments have been studied extensively. Such threats include data breaches, data loss, denial of service, service rejection, and malicious insiders generated from issues such as multi-tenancy, loss of control over data and trust. Supporting the security of a cloud workflow deployed and executed over a dynamic environment, across different platforms, involving different stakeholders, and dynamic data is a difficult task and is the sole responsibility of cloud providers. Therefore, in this paper, we propose an architecture and a formal model for security enforcement in cloud workflow orchestration. The proposed architecture emphasizes monitoring cloud resources, workflow tasks, and the data to detect and predict anomalies in cloud workflow orchestration using a multi-modal approach that combines deep learning, one class classification, and clustering. It also features an adaptation scheme to cope with anomalies and mitigate their effect on the workflow cloud performance. Our prediction model captures unsupervised static and dynamic features as well as reduces the data dimensionality, which leads to better characterization of various cloud workflow tasks, and thus provides better prediction of potential attacks. We conduct a set of experiments to evaluate the proposed anomaly detection, prediction, and adaptation schemes using a real COVID-19 dataset of patient health records. The results of the training and prediction experiments show high anomaly prediction accuracy in terms of precision, recall, and F1 scores. Other experimental results maintained a high execution performance of the cloud workflow after applying adaptation strategy to respond to some detected anomalies. The experiments demonstrate how the proposed architecture prevents unnecessary wastage of resources due to anomaly detection and prediction.
PubMed: 36691661
DOI: 10.1186/s13677-022-00387-2 -
Journal of Medical Internet Research Aug 2023The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The... (Review)
Review
The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as solutions to meet the demands of a heavily saturated industry. During the COVID-19 pandemic, studies have shown that cybercriminals are exploiting the health care industry, and data breaches are targeting user credentials through authentication vulnerabilities. Poor password use and management and the lack of multifactor authentication security posture within IoHT cause a loss of millions according to the IBM reports. Therefore, it is important that health care authentication security moves toward adaptive multifactor authentication (AMFA) to replace the traditional approaches to authentication. We identified a lack of taxonomy for data models that particularly focus on IoHT data architecture to improve the feasibility of AMFA. This viewpoint focuses on identifying key cybersecurity challenges in a theoretical framework for a data model that summarizes the main components of IoHT data. The data are to be used in modalities that are suited for health care users in modern IoHT environments and in response to the COVID-19 pandemic. To establish the data taxonomy, a review of recent IoHT papers was conducted to discuss the related work in IoHT data management and use in next-generation authentication systems. Reports, journal articles, conferences, and white papers were reviewed for IoHT authentication data technologies in relation to the problem statement of remote authentication and user management systems. Only publications written in English from the last decade were included (2012-2022) to identify key issues within the current health care practices and their management of IoHT devices. We discuss the components of the IoHT architecture from the perspective of data management and sensitivity to ensure privacy for all users. The data model addresses the security requirements of IoHT users, environments, and devices toward the automation of AMFA in health care. We found that in health care authentication, the significant threats occurring were related to data breaches owing to weak security options and poor user configuration of IoHT devices. The security requirements of IoHT data architecture and identified impactful methods of cybersecurity for health care devices, data, and their respective attacks are discussed. Data taxonomy provides better understanding, solutions, and improvements of user authentication in remote working environments for security features.
Topics: Humans; Confidentiality; Telemedicine; Pandemics; COVID-19; Internet; Computer Security
PubMed: 37490633
DOI: 10.2196/44114 -
The American Journal of Managed Care Feb 2018The objectives of this study were to describe the locations in hospitals where data are breached, the types of breaches that occur most often at hospitals, and hospital...
OBJECTIVES
The objectives of this study were to describe the locations in hospitals where data are breached, the types of breaches that occur most often at hospitals, and hospital characteristics, including health information technology (IT) sophistication and biometric security capabilities, that may be predicting factors of large data breaches that affect 500 or more patients.
STUDY DESIGN
The Office of Civil Rights breach data from healthcare providers regarding breaches that affected 500 or more individuals from 2009 to 2016 were linked with hospital characteristics from the Health Information Management Systems Society and the American Hospital Association Health IT Supplement databases.
METHODS
Descriptive statistics were used to characterize hospitals with and without breaches, data breach type, and location/mode of data breaches in hospitals. Multivariate logistic regression analysis explored hospital characteristics that were predicting factors of a data breach affecting at least 500 patients, including area characteristics, region, health system membership, size, type, biometric security use, health IT sophistication, and ownership.
RESULTS
Of all types of healthcare providers, hospitals accounted for approximately one-third of all data breaches and hospital breaches affected the largest number of individuals. Paper and films were the most frequent location of breached data, occurring in 65 hospitals during the study period, whereas network servers were the least common location but their breaches affected the most patients overall. Adjusted multivariate results showed significant associations among data breach occurrences and some hospital characteristics, including type and size, but not others, including health IT sophistication or biometric use for security.
CONCLUSIONS
Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs. Additionally, information security systems should be implemented concurrently with health information technologies. Improving access control and prioritizing patient privacy will be important steps in minimizing future breaches.
Topics: Biometric Identification; Computer Security; Confidentiality; Hospital Bed Capacity; Hospital Information Systems; Hospitals; Hospitals, Special; Humans; Logistic Models; Ownership; United States
PubMed: 29461854
DOI: No ID Found -
Journal of Medical Internet Research May 2020Data from electronic health records (EHRs) are increasingly used in the field of genetic research to further precision medicine initiatives. However, many of these... (Review)
Review
BACKGROUND
Data from electronic health records (EHRs) are increasingly used in the field of genetic research to further precision medicine initiatives. However, many of these efforts exclude individuals with intellectual disabilities, which often stem from genetic conditions. To include this important subpopulation in EHR research, important ethical, legal, and social issues should be considered.
OBJECTIVE
The goal of this study was to review prior research to better understand what ethical, legal, and social issues may need further investigation when considering the research use of EHRs for individuals with genetic conditions that may result in intellectual disability. This information will be valuable in developing methods and best practices for involving this group in research given they are considered a vulnerable population that may need special research protections.
METHODS
We conducted a scoping review to examine issues related to the use of EHRs for research purposes and those more broadly associated with genetic research. The initial search yielded a total of 460 unique citations. We used an evaluative coding process to determine relevancy for inclusion.
RESULTS
This approach resulted in 59 articles in the following areas: informed consent, privacy and security, return of results, and vulnerable populations. The review included several models of garnering informed consent in EHR or genetic research, including tiered or categorical, blanket or general, open, and opt-out models. Second, studies reported on patients' concerns regarding the privacy and security of EHR or genetic data, such as who has access, type of data use in research, identifiability, and risks associated with privacy breach. The literature on return of research results using biospecimens examined the dissension in the field, particularly when sharing individualized genetic results. Finally, work involving vulnerable populations highlighted special considerations when conducting EHR or genetic research.
CONCLUSIONS
The results frame important questions for researchers to consider when designing EHR studies, which include individuals with intellectual disabilities, including appropriate safeguards and protections.
Topics: Electronic Health Records; Ethical Analysis; Humans; Intellectual Disability
PubMed: 32436848
DOI: 10.2196/16734 -
Journal of Healthcare Leadership 2022Artificial Intelligence (AI) and Machine Learning (ML) promise to transform all facets of medicine. Expected changes include more effective clinical triage, enhanced...
Artificial Intelligence (AI) and Machine Learning (ML) promise to transform all facets of medicine. Expected changes include more effective clinical triage, enhanced accuracy of diagnostic interpretations, improved therapeutic interventions, augmented workflow algorithms, streamlined data collection and processing, more precise disease prognostication, newer pharmacotherapies, and ameliorated genome interpretation. However, many caveats remain. Reliability of input data, interpretation of output data, data proprietorship, consumer privacy, and liability issues due to potential for data breaches will all have to be addressed. Of equal concern will be decreased human interaction in clinical care, patient satisfaction, affordability, and skepticism regarding cost-benefit. This descriptive literature-based treatise expounds on the promise and provisos associated with the anticipated import of AI and ML into all domains of medicine and healthcare in the very near future.
PubMed: 35898671
DOI: 10.2147/JHL.S369498 -
History and Philosophy of the Life... Jan 2021Many governments have seen digital health technologies as promising tools to tackle the current COVID-19 pandemic. A much-talked example in this context involves the...
Many governments have seen digital health technologies as promising tools to tackle the current COVID-19 pandemic. A much-talked example in this context involves the recent deluge of digital contact tracing apps (DCT) aimed at detecting Covid-19 exposure. In this short contribution we look at the bio-political justification of this phenomenon and reflect on whether DCT apps constitute, as it is often argued, a serious potential breach of our right to privacy. Despite praising efforts attempting to develop legal and ethical frameworks for DCT apps' usage; we argue that such endeavours are not sufficient to tackle the more fundamental problem of mass surveillance, which will remain largely unaddressed unless we deal with the biopolitical arguments presented and resort to a technical and structural defence.
Topics: COVID-19; Contact Tracing; Freedom; Humans; Pandemics; Philosophy; Privacy
PubMed: 33417016
DOI: 10.1007/s40656-020-00354-7 -
Journal of Law and the Biosciences 2020The COVID-19 emergency poses particularly high infection risks in a clinical setting, where patients and health care providers are placed in the same room. Due to these...
The COVID-19 emergency poses particularly high infection risks in a clinical setting, where patients and health care providers are placed in the same room. Due to these risks, patients are encouraged to avoid clinics and instead use Telemedicine for safer consultations and diagnoses. In March, the Office for Civil Rights (OCR) at the U.S. Department for Health and Human Services (HHS) issued a notice titled (the 'Notification'). The Notification relaxes the enforcement of privacy and security safeguards established by the Health Insurance Portability and Accountability Act (HIPAA) until further notice, in order to facilitate the transition to telehealth services for the broader purpose of promoting public health during the pandemic. Specifically, covered healthcare providers can use telehealth to provide all services that, in their professional judgment, they believe can be provided through telehealth. If providers make good faith efforts to provide the most timely and accessible care possible, they be subject to penalties for breaching the HIPAA Privacy, Security, and Breach Notification Rules. This paper examines the implications of the Notification on patients' health information privacy. It recommends that patients should undertake a careful reading of provider privacy policies to make sure their protected health information (PHI) is not at risk before switching to telehealth consultation. Acknowledging the limitations of patient self-protection from bad privacy practices when in need for medical treatment during pandemic, the paper proposes that consumers' data privacy should be protected through one of two alternative regulatory interventions: the FTC's authority under §5, or HIPAA's business associates agreements.
PubMed: 33269090
DOI: 10.1093/jlb/lsaa075 -
Journal of Medical Internet Research Jul 2018Modern research is heavily reliant on online and mobile technologies, which is particularly true among historically hard-to-reach populations such as gay, bisexual, and...
Privacy, Trust, and Data Sharing in Web-Based and Mobile Research: Participant Perspectives in a Large Nationwide Sample of Men Who Have Sex With Men in the United States.
BACKGROUND
Modern research is heavily reliant on online and mobile technologies, which is particularly true among historically hard-to-reach populations such as gay, bisexual, and other men who have sex with men (GBMSM). Despite this, very little empirical research has been published on participant perspectives about issues such as privacy, trust, and data sharing.
OBJECTIVE
The objective of our study was to analyze data from an online sample of 11,032 GBMSM in the United States to examine their trust in and perspectives on privacy and data sharing within online and mobile research.
METHODS
Participants were recruited via a social networking site or sexual networking app to complete an anonymous online survey. We conducted a series of repeated measures analyses adjusted for between-person factors to examine within-person differences in the following: (1) trust for guarding personal information across different venues (eg, online research conducted by a university vs. an online search engine); (2) privacy concerns about 12 different types of data for three distinct data activities (ie, collection by app owners, anonymous selling to third parties, and anonymous sharing with researchers); and (3) willingness to share those 12 different types of data with researchers. Due to the large sample size, we primarily reported measures of effect size as evidence of clinical significance.
RESULTS
Online research was rated as most trusted and was more trusted than online and mobile technology companies, such as app owners and search engines, by magnitudes of effect that were moderate-to-large (η=0.06-0.11). Responding about 12 different types of data, participants expressed more concerns about data being anonymously sold to third-party partners (mean 7.6, median 10.0) and fewer concerns about data being collected by the app owners (mean 5.8, median 5.0) or shared anonymously with researchers (mean 4.6, median 3.0); differences were small-to-moderate in size (η=0.01-0.03). Furthermore, participants were most willing to share their public profile information (eg, age) with researchers but least willing to share device usage information (eg, other apps installed); the comparisons were small-to-moderate in size (η=0.03).
CONCLUSIONS
Participants reported high levels of trust in online and mobile research, which is noteworthy given recent high-profile cases of corporate and government data security breaches and privacy violations. Researchers and ethical boards should keep up with technological shifts to maintain the ability to guard privacy and confidentiality and maintain trust. There was substantial variability in privacy concerns about and willingness to share different types of data, suggesting the need to gain consent for data sharing on a specific rather than broad basis. Finally, we saw evidence of a privacy paradox, whereby participants expressed privacy concerns about the very types of data-related activities they have likely already permitted through the terms of the apps and sites they use regularly.
Topics: Adolescent; Adult; Aged; Aged, 80 and over; Computer Security; Confidentiality; Homosexuality, Male; Humans; Information Dissemination; Internet; Male; Middle Aged; Privacy; Sexual Behavior; Social Networking; Trust; United States; Young Adult
PubMed: 29973332
DOI: 10.2196/jmir.9019 -
Drug and Alcohol Dependence Mar 2023The prevalence of drug use in Muslim communities is difficult to estimate due to religious, social, and cultural prohibition toward drug use. With Islam affecting all... (Review)
Review
Barriers and facilitators to accessing inpatient and community substance use treatment and harm reduction services for people who use drugs in the Muslim communities: A systematic narrative review of studies on the experiences of people who receive services and service providers.
BACKGROUND
The prevalence of drug use in Muslim communities is difficult to estimate due to religious, social, and cultural prohibition toward drug use. With Islam affecting all aspects of life in the Muslim world, people who use drugs do it clandestinely to avoid stigma and exclusion from the community, leading to a low number of them seeking treatment for their drug use. This review explored the barriers and facilitators to accessing inpatient and community substance use treatment and harm reduction services for people who use drugs in Muslim communities.
METHODS
This review was in accordance with PRISMA. Seven databases were systematically searched for qualitative, quantitative, and mixed methods studies conducted in countries where at least 70% of the population were Muslim or where data were presented separately for Muslim communities in other countries. Eligible articles were reviewed, and key qualitative themes were abstracted and compared across studies and settings.
RESULTS
Twenty-four studies were included from Iran, Bangladesh, Afghanistan, Tajikistan, Kazakhstan, Kyrgyzstan, Egypt, Lebanon, and UAE. Two themes were identified: a psychosocial theme included denial of the problem severity, lack of trust in the treatment system, fear of breach in confidentiality and privacy, the need for community support, religion and women who use drugs. Additionally, an organizational theme included affordability, treatment Service characteristics, lack of Awareness, service providers' Attitudes, drug use registration and fear of legal consequences of drug use. Stigma was also identified as an over-arching theme. The Mixed Methods Appraisal Tool (MMAT) was used to assess the quality of the included studies with where 12 of the studies met all 5 the quality criteria. No studies were excluded for having lower quality scores.
CONCLUSION
This review reflected how diverse the Muslim world is in drug use. It is important to use mosques to raise awareness on people who use drugs and reduce stigma. Providing holistic services for people who use drugs specially women will improve their access to treatment and harm reduction services in the Muslim world.
Topics: Humans; Female; Islam; Harm Reduction; Inpatients; Substance-Related Disorders; Social Stigma; Qualitative Research
PubMed: 36805826
DOI: 10.1016/j.drugalcdep.2023.109790