nach oben

Health and Technology

Erschienen in:

01.09.2012 | Original Paper

What electronic health records don’t know just yet. A privacy analysis for patient communities and health records interaction

verfasst von: Kim Wuyts, Griet Verhenneman, Riccardo Scandariato, Wouter Joosen, Jos Dumortier

Erschienen in: Health and Technology | Ausgabe 3/2012

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The advent of Web 2.0 has resulted in the emergence of a new generation of user-centric applications. Healthcare too follows this trend and a whole range of health-related applications are being introduced. Electronic health record (EHR) systems are being developed to enable electronic storing and sharing of medical data between health practitioners. Recently, initial steps have been taken to evolve toward cross-border sharing of EHR data. Patients also become more involved in their healthcare and start storing their health data online in personal health record (PHR) systems or look for online support and medical advice from other patients with similar diseases or treatments. The consolidation of these different systems is described as a promising approach to bring healthcare to a higher level. A consequence of this evolution is the rise of new privacy threats to the patient’s medical data, as more data becomes easily accessible to more people. Not only the treating physicians have access to the health data, the patient himself will have direct access to it and even be in control of his data and the access to it. As a first step in the answer to this trend, this paper presents a legally-founded analysis of the privacy issues emerging from the integration of EHR and patient communities. First, a taxonomy of health data types and user roles that have a key role in integrated health record systems is proposed. Second, privacy-preserving access rights are discussed and a set of privacy-aware access levels are suggested. Finally, ethical, legal, and technically challenges are highlighted, and a set of high-level privacy-enhancing technical requirements are presented.

Vorheriger Artikel What patients want: relevant health information technology for diabetes self-management

Nächster Artikel Local knowing and the use of electronic patient records: categories and continuity of health care

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

www.epsos.eu

http://www.nhscarerecords.nhs.uk/

www.medhelp.org

www.epsos.eu

http://www.nhscarerecords.nhs.uk/

https://www.childrenshospital.org/mychildrens/index.cfm

http://www.microsoft.com/en-us/healthvault/

http://www.dossia.org

For more information see www.medischegegevens.nl.

www.google.com/health/

www.patientslikeme.com

www.sugarstats.com

www.mdjunction.com

www.medhelp.org

Art 8 Data Protection Directive [24]

HIPAA [22], 42 U.S.C. §1302d; 45 C.F.R. §146.103.

Art 2 (a) Data Protection Directive [24]

Recommendation No. (97) 5 of the Committee of Ministers to Member States on the Protection of Medical data, 13 February 1997.

European Court of Justice, Judgment of 6 November 2003, Case C-101/01—Bodil Lindqvist.

Doctor of medicine is the doctoral degree for physicians granted by medical schools (from http://en.wikipedia.org/wiki/Doctor_of_Medicine)

http://www.interrai.org/

https://www.ehealth.fgov.be/nl/application/applications/BELRAI.html

article 7,2. (a), (c), (e) and 7,3. Data Protection Directive [24].

The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act.

http://www.oracle.com/technetwork/middleware/coherence/overview/index.html

www.epsos.eu

http://www.nhscarerecords.nhs.uk/

https://www.childrenshospital.org/mychildrens/index.cfm

http://www.ibbt.be/en/projects/overview-projects/p/detail/share4health

http://www.interrai.org/

https://www.ehealth.fgov.be/nl/application/applications/BELRAI.html

http://www.medibridge.be

http://www.corilus.be/documents/segments/general-practitioners/software.xml?lang=nl

https://www.childrenshospital.org/mychildrens/index.cfm

www.google.com/health/

http://www.microsoft.com/en-us/healthvault/

http://hellohealth.com/

www.izip.cz

http://www.patientslikeme.com/

http://www.medhelp.org/

http://www.mdjunction.com/

http://www.sugarstats.com/

http://www.webmd.com/

also on http://www.youtube.com/user/IBMResearchZurich#p/u/4/RhHjOxPlSgY and http://www.youtube.com/user/IBMResearchZurich#p/u/3/YFRjOB39hvA

Sunyaev A, Chornyi D, Mauro C, Kremar H. Evaluation framework for personal health records: Microsoft HealthVault vs. Google Health. In: 43th Hawaii International Conference on System Sciences; 2010.

Cabrnoch M, Hasic B. Electronic Health Book—a unique Czech solution for eHealth. Health and Technology; July 2011.

Eysebach G. Medicine 2.0: Social networking, collaboration, participation, apomediation, and openness. Medicine 2.0 Proceedings, in Journal of Medical Internet Research 10(3);2008.

IBM. Made in IBM Labs: IBM Reinvents the Patient Portal, New healthcare portal offers increased patient safety and empowerment. In: IBM Press Releases. (Accessed March 3, 2011) Available at: http://www-03.ibm.com/press/us/en/pressrelease/33944.wss.

European Network and Information Security Agency: Security Issues and Recommendations for Online Social Networks; 2007.

O’Reilly T. What Is Web 2.0: design patterns and business models for the next generation of software. Commun Strateg. 2007;65:17–37.

Bos L, Marsh A, Carroll D, Gupta S, Rees M. Patient 2.0 empowerment. In: Arabnia H, Marsh A, editors. Proceedings of the 2008 International Conference on Semantic Web & Web Services (SWWS08); 2008.

Van De Belt T, Engelen L, Berben S, Schoonhoven L. Definition of Health 2.0 and Medicine 2.0: a systematic review. J Med Internet Res (JMIR). April–June 2010; 12(2).

Gunter T, Terry N. The Emergence of National Electronic Health Record Architectures in the United States and Australia: models, costs, and questions. J Med Internet Res. 2005.

10.

US Department of Health and Human Services: The National Alliance for Health Information Technology Report to the Office of the National Coordinator for Health Information Technology on Defining Key Health Information Technology Terms; 2008.

11.

Waegemann C. Status Report 2002: Electronic Health Records. 2002.

12.

ISO/TR 20514:2005 Health informatics—Electronic health record—Definition, scope and context; 2005.

13.

Nyssen M, Thomeer K, Buyl R. Generating and transmitting ambulatory electronic medical prescriptions. In: XII Mediterranean Conference on Medical and Biological Engineering and Computing 2010 29. Springer Berlin Heidelberg; 2010.

14.

Markle Foundation: Connecting for Health. The personal health working group final report; 2003.

15.

U.S. Department of Health & Human Services: Personal Health Records (PHRs) and the HIPAA Privacy Rule. http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf.

16.

Weihl A. An update on Google Health and Google PowerMeter. In: The Official Google Blog. (Accessed June 24, 2011) Available at: http://googleblog.blogspot.com/2011/06/update-on-google-health-and-google.html.

17.

McGee M. 5 Reasons Why Google Health Failed. In: InformationWeek. (Accessed June 29, 2011) Available at: http://www.informationweek.com/news/healthcare/EMR/231000697.

18.

Schonfeld E. Google Health Creator Adam Bosworth On Why It Failed: “It’s Not Social”. In: TechCrunch. (Accessed June 24, 2011) Available at: http://techcrunch.com/2011/06/24/google-health-bosworth-social/.

19.

Leimeister JM, Daum M, Krcmar H. Mobile communication and computing in healthcare—designing and implementing mobile virtual communities for cancers patients. In: Tokyo Mobile Business Roundtable, Tokyo; 2002.

20.

Narayanan A, Shmatikov V. Myths and fallacies of “personally identifiable information”. Communications of the ACM; 2010.

21.

Kuner C. European Data Protection Law. Oxford University Press; 2007.

22.

U.S. Department of Health and Human Services: Health Insurance Portability and Accountability Act (HIPAA); 1996.

23.

Bygrave L. Data Protection Law, Approaching its rationale, logic, and limits. Kluwer Law International; 2002.

24.

European Communities: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; 1995.

25.

Wong R. Data Protection online: alternative approaches to sensitive data. J Int Commer Law Technol. 2007;2(1):9–16.

26.

Simitis S. Review of the answers to the Questionnaire of the Consultative Committee of the. 1999.

27.

Gossum K, Verhenneman G. Privacy and digital homecare, allies not enemies. In: Handbook of Digital Homecare, Series in Biomedical Engineering. Berlin: Springer-Verlag; 2009.

28.

De Hert P. Titel VI Persoonsgevevens en beroepsgeheim. In: Privacy en persoonsgegevens. Antwerpen: Politeia; 2010. p. 114–118.

29.

Graux H, Dumortier J. Privacywetgeving in de praktijk. Antwerpen: UGA; 2009.

30.

Jenkins P, Potter S. No more “personal notes”? Data protection policy and practice in Higher Education counselling services in the UK. Br J Guid Counsel. 2007;35(1):131–46.CrossRef

31.

Vansweevelt T, Dewallens F. Het patiëntendossier. Antwerpen: Intersentia; 2011.

32.

Baldwin, G. To scan or not to scan. In: Health Data Management. (Accessed 2011) Available at: http://www.healthdatamanagement.com/issues/19_5/to-scan-or-not-to-scan-42391-1.html?pg=3.

33.

Congdon K. Meaningful use: what about the specialists? In: Healthcare Technology Online. (Accessed October 7, 2010) Available at: http://www.healthcaretechnologyonline.com/article.mvc/Meaningful-Use-What-About-The-Specialists-0001.

34.

McCarthy C. Paging Dr. Google: personal health records and patient privacy. William and Mary Law Review. 2010;51(6):2243(26)

35.

Safer Social Networking Principles for the EU. http://ec.europa.eu/information_society/activities/social_networking/docs/sn_principles.pdf. 2009.

36.

Sophos: Sophos Facebook ID probe shows 41 % of users happy to reveal all to potential identity thieves. In: Sophos Press Releases. (Accessed August 14, 2007) Available at: http://www.sophos.com/en-us/press-office/press-releases/2007/08/facebook.aspx.

37.

Santana S, Lausen B, Bujnowska-Fedak M, Chronaki C, Kummervold P, Rasmussen J, Sorensen T. Online communication between doctors and patients in Europe: status and perspectives. J Med Internet Res. 2010;12(2).

38.

Xerox: patients need Assurance that Electonic Health Records are Secure, Xerox Survey Says. In: Xerox News Room. (Accessed July 26, 2011) Available at: http://news.xerox.com/pr/xerox/Xerox-Survey-Shows-Impact-of-Electronic-Health-Records.aspx.

39.

Pelino D. The social media doctor is in. In: The health care blog. (Accessed July 12, 2011) Available at: http://thehealthcareblog.com/blog/2011/07/12/the-social-media-doctor-is-in/.

40.

Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services: Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information. 2008.

41.

Beaver K, Herold R. The practical guide to HIPAA privacy and security compliance. Auerbach Publications; 2004.

42.

Wuyts K, Scandariato R, Verhenneman G, Joosen W. Integrating patient consent in e-Health access control. Int J Secure Softw Eng. 2011;2(2).

43.

Fang L, LeFevre K. Privacy Wizards for Social Networking Sites. In: 19th international conference on World wide web (WWW’10); 2010.

44.

Pfitzmann B, Waidner M. Federated identity-management protocols. In: Security Protocols, Lecture Notes in Computer Science 3364. Springer Berlin/Heidelberg; 2005.

45.

De Borde D. Two-factor authentication. Siemens Enterprise Communications UK-Security Solutions; 2008.

46.

Neamatullah I. Automated de-identification of free-text medical records. BMC Medical Informatics and Decision Making. 2008;8(1).

47.

El Emam K. Methods for the de-identification of electronic health records for genomic research. Genome Med. 2011;3(4).

48.

Lederer S, Hong J, Dey A, Landay J. Personal privacy through understanding and action: five pitfalls for designers. Pers Ubiquitous Comput. 2004;8:440–54.CrossRef

49.

Liu H, Maes P, Davenport G. Unraveling the taste fabric of social networks. International Journal on Semantic Web and Information Systems (IJSWIS) 2(1).

50.

Nguyen D, Mynatt E. Privacy mirrors: understanding and shaping socio-technical ubiquitous computing systems; 2001.

51.

Jernigan C, Mistree B. Gaydar: Facebook friendships expose sexual orientation. First Monday. October 2009;14(10).

52.

Williams J. Social networking applications in health care: threats to the privacy and security of health information. In: Software Engineering in Health Care (SEHC 2010), Cape Town, South Africa; 2010.

53.

Asim M, Petkovic M, Que M, Wang C. An interoperable security framework for connected healthcare. In: 7th IEEE International Workshop on Digital Rights Management Impact on Consumer Communication (DRM 2011); 2011.

Titel: What electronic health records don’t know just yet. A privacy analysis for patient communities and health records interaction
verfasst von: Kim Wuyts
Griet Verhenneman
Riccardo Scandariato
Wouter Joosen
Jos Dumortier
Publikationsdatum: 01.09.2012
Verlag: Springer-Verlag
Erschienen in: Health and Technology / Ausgabe 3/2012
Print ISSN: 2190-7188
Elektronische ISSN: 2190-7196
DOI: https://doi.org/10.1007/s12553-012-0026-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 3/2012

Local knowing and the use of electronic patient records: categories and continuity of health care

Standalone personal health records in the United States: meeting patient desires

What patients want: relevant health information technology for diabetes self-management

Erratum to: Standalone personal health records in the United States: meeting patient desires