Health Informatics in Low- and Middle-Income Countries

Short Course for Health Information System Professionals

Introduction to Health Informatics:

Privacy, Security, and Confidentiality

Privacy, Security, and Confidentiality
Learning Objectives

• Define and discern the differences between privacy, security, and

confidentiality
• Discuss methods for using information technology to protect privacy
and confidentiality

2
Principles of Ethics

• Respect for persons

• Beneficence
• Justice

3
Respect for Persons

• Autonomy and self-determination

• Informed consent
• Protection of vulnerable populations

4
Beneficence

• Weigh risks versus benefits

• Physical, mental, and social well-being
• Risk reduction (to a minimum)
• Protection of participants

5
Justice

• Equal distribution of risk and benefits

• Equitable recruitment of participants
• Protection of vulnerable groups

6
Privacy, Security, and Confidentiality

• Definitions
• Concerns
o Privacy
o Security
• Tools for protecting health information
• Health Insurance Portability and Accountability Act (HIPAA)
o Privacy rule
o Security rule
o Enhancements in Health Information Technology for Economic and
Clinical Health Act legislation
o Implications

7
Definitions

• Privacy
o The right to be left alone

o The right to keep personal information secret

o The right to control personal information

• Confidentiality
o Sharing or disseminating data only to those with a “need to know”

• Security
o Mechanisms to ensure the safety of data and systems in which the
data reside

8
Definitions

• Individually identifiable health information: Any data that can be

correlated with an individual
o Also called protected health information (PHI)

• Consent (in context of privacy): Written or verbal permission to allow

use of your individually identifiable health information

9
Concerns about Privacy

• Personal privacy versus common good

• Continued disclosures
• Concerns of public
• De-identified data

10
Digital Health and Privacy, Security,
and Confidentiality

Privacy

Confidentiality Security

11
Personal Privacy versus the Common Good

• Concerns expressed in American Civil Liberties Union video Scary Pizza

• A spectrum of views:
o One end holds that although personal privacy is important, there are some
instances when the common good of society outweighs it, such as in
biosurveillance (Gostin & Hodge, 2002; Hodge, Gostin, & Jacobson,
1999).
o The other end holds that personal privacy trumps all other concerns
(Privacy Rights Clearinghouse, 2009; see also video by Deborah Peel,
Designing Technology to Restore Privacy,
http://www.patientprivacyrights.org).
o More “balanced” views? (California Health Care Foundation, 2008;
Detmer, 2010; American College of Physicians, 2011)
• Where do your views fit?

12
Patient Information Disclosures

• Healthcare cybersecurity attacks over the past five years have increased 125 percent as the
industry has become an easy target; PHI is 50 times more valuable than financial information
on the black market (Kutscher, 2016).
• In Portland, Oregon, thieves broke into a car with back-up disks and tapes containing records of
365,000 patients (Rojas-Burke, 2006).
• Several episodes from Virginia, including a laptop with data of more than 1 million veterans,
were recovered without apparent access (Lee & Goldfarb, 2006).
• A hack of Indianapolis-based payer Anthem’s information technology (IT) systems exposed the
personal data of approximately 80 million customers (Perma, 2015).
• Improper disclosure of research participants’ PHI resulted in a $3.9 million HIPAA settlement
(U.S. Department of Health and Human Services [HHS], 2016b).
• A hospital paid hackers $17,000 to unlock electronic health records frozen in a “ransomware”
attack (Conn, 2016).

13
Patient Information Disclosures

• Privacy Rights Clearinghouse provides searchable Chronology of

Data Breaches—not limited to medical:
o http://www.privacyrights.org/data-breach

• HHS (2016a) must post list of breaches of unsecured PHI affecting

500 or more individuals (“wall of shame”):
o https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

o 2015 top 10 data breaches accounted for just more than111 million
records; the top 6 breaches affected at least 1 million individuals.

14
Breaches Adversely Impact Organizations

• Costs (Ponemon Institute, 2015)

o Estimated cost to the industry: $6 billion
o Average cost per breach: $2.1 million
o Significant part of cost: “lost business”
o Criminal attacks up 125 percent in healthcare organizations—now number one cause of
breaches
• Attack sources (HIMSS, 2015)
o Foreign sources, hacktivist, nation-state actor, malicious insider, hacker, social engineering,
online scam artist
• Security budgets (HIMSS, 2015)
o Healthcare providers average more than 6 percent of the IT budget for security
o The federal government spends 16 percent of its IT budget on security, while financial and
banking institutions spend 12 to 15 percent
o Information security is a business priority

15
Challenges from Proliferation of Technologies
and Applications

• Increased technology use by all care providers

• Health information exchange and data-sharing activities across multiple
networks
• Cloud computing and third-party outsourcing
• Increased use by patients, families, and consumers of their devices (tablets,
smartphones, etc.)
• New models of care require more care providers to access data across the
patient care continuum
• Clinicians using their own devices
o Personal laptops, tablet devices, smartphones, and so on

• Connected medical devices and implantable devices

16
Some Technologies Can Worsen
the Problem

• USB (“thumb”) drives run programs when plugged into a USB port;
they can be modified to extract data from computer (Wright & Sittig,
2007a, 2007b).
• Personal health records, other systems, may lack encryption and can
be easily compromised.
• Ten percent of hard drives sold by a second-hand retailer in Canada
had remnants of PHI (El Emam, Neri, & Jonker, 2007).
• Peer-to-peer file sharing—0.5 percent of all U.S. IP addresses have
PHI (El Emam et al., 2010).
• Digital photocopiers store all copies made (Keteyian, 2010); scanners
may also store copies.
Restrict physical access where possible and always encrypt!
17
Healthcare Organizations Are Not
Well Prepared for Security

• Security budgets are not keeping pace with complex IT environments and the growing
risk of attacks (HIMSS, 2015).
• The growing sophistication of attacks and the number of threats make it hard to keep
up.
• There is a need for innovative, advanced security tools and in-depth approaches to
address threats and vulnerabilities (HIMSS, 2015).
• There is not enough highly skilled, security expertise (Ponemon Institute, 2015).
• Paper security breaches remain an issue (Ponemon Institute, 2015).
• Data leakage is a primary threat.
o Identity and access management is a top priority.

• Chief information security officers are not in all organizations.

18
What is the role of your government?

19
European Union General Data Protection
Regulation

The General Data Protection Regulation (GDPR) imposes new rules on

organizations that offer goods and services to people in the European
Union (EU), or that collect and analyze data tied to EU residents, no
matter where they are located.

Enforced on May 25, 2018

20
GDPR Data Definitions Regardless of
Nationality or EU Residence

Personal Data (from GDPR) Examples:

“…means any information relating
• Name
to an identified or identifiable
natural person ('data subject'); an • Identification number
identifiable natural person is one (e.g., Social Security number)
who can be identified, directly or • Location data
indirectly, in particular by reference (e.g., home address)
to an identifier such as a name, an • Online identifier
identification number, location data, (e.g., e-mail address, screen names,
an online identifier or to one or more IP address, device IDs)
factors specific to the physical,
physiological, genetic, mental, • Genetic data
economic, cultural or social identity (e.g., biological samples from an
of that natural person.” individual)
• Biometric data
(e.g., fingerprints, facial recognition)

“The GDPR also requires compliance from non-EU organizations that offer goods or services to EU residents
or monitor the behavior of EU residents.”
Source: Brief: You Need An Action Plan For The GDPR; Forrester Research; October 2016
21
GDPR Basics

• Provide notification to data subjects, in clear and plain language.

• Request and obtain the data subject’s affirmative and granular
consent.
• Discontinue with processing activities if the data subject denies
consent.
• Provide a mechanism for data subjects to withdraw consent.
• Obtain affirmative consent from a child’s (under the age of 16) parent
or guardian.

22
What do other governments do?

23
Related Issues for Medical Privacy
• Who “owns” medical information?
o Complex; varies from state to state (
http://www.healthinfolaw.org/comparative-analysis/who-owns-medical-records-
50-state-comparison
)
o May have economic value, which should be shared back to the patient (Hall &
Shulman, 2009; Rodwin, 2009)
• “Compelled” disclosures (Rothstein & Talbott, 2006)
o We are often compelled to disclose information for nonclinical care reasons

• Ultimate “personal identifier” may be individual’s genome (McGuire & Gibbs,

2006)
o Even “de-identified” data may compromise privacy (Malin & Sweeney, 2005)
o Genome of family members can identify siblings (Cassa et al., 2008)
o Data from genome-wide association studies can reveal individual-level
information (Lumley & Rice, 2010)

24
Health Information Rights
• Declaration of Health Data Rights
o Right to our own health data
o Right to know the source of each health data element
o Right to take possession of a complete copy of our individual health data,
without delay, at minimal or no cost; if data exist in computable form, they
must be made available in that form
o Right to share our health data with others as we see fit
o Read:
https://sites.tufts.edu/prep/2009/07/07/declaration-of-health-data-rights
• American Health Information Management Association (AHIMA) Health
Information Bill of Rights (2009)
o http://bok.ahima.org/PdfView?oid=107674
o Slightly more detailed but with similar provisions

• HIPAA Privacy Rule Provisions (2016)

o www.healthit.gov/patients-families/your-health-information-rights

25
Are “de-identified” data more secure?
Not Necessarily

• 87 percent of the U.S. population can be uniquely identified by five-digit

ZIP code, gender, and date of birth (Sweeney, 2002).
• Sweeney identified William Weld, governor of Massachusetts, in a health
insurance database for state employees by purchasing voter registration for
Cambridge, Massachusetts, for $20 and linking ZIP code, gender, and date
of birth to the “de‑identified” medical database (Sweeney, 1997).
• Genomic data can aid in re-identification in clinical research studies (Malin
& Sweeney, 2005; Lumley & Rice, 2010).
• Social Security numbers can be predicted from public data (Acquisti &
Gross, 2009).

26
How Governor Weld Was Identified

Ethnicity
Name
Visit date Zip
Address
Diagnosis Date of
Date registered
Procedure birth
Party affiliation
Medication Gender
Date last voted
Charge

Figure: The overlapping data enabled identification of the governor.

(Adapted from Sweeney, 1997)
27
Concerns about Security

• Comprehensive overview (Herzig, 2010)

• Guide to Privacy and Security of Electronic Health Information (Office
of the National Coordinator for Health Information Technology [ONC]
& Office for Civil Rights [OCR], 2015)
o https://www.youtube.com/watch?v=phrXsdnhE7w

• Many points of leakage

• Also a problem for paper records
• Consequences of poor security
• Medical identity theft

28
Flow of Information in Healthcare:
Many Points to “Leak”

Chart. Flow of information in healthcare (Rindfleisch, 1997)

29
 Security for Paper Records Is a Significant
Problem

• Difficult to audit trail of paper chart

• Fax machines, scanners are easily accessible
• Records frequently copied for many reasons
o New providers, insurance purposes
• Records abstracted for variety of purposes
o Research
o Quality assurance
o Insurance fraud → Medical Information Bureau (Rothfeder, 1992)

30
Potential Consequences of Poor Security

• According to Rindfleisch (1997):

o Patients avoid healthcare
o Patients lie
o Providers avoid entering sensitive data
o Providers devise workarounds

• California Health Care Foundation (2005)

o Thirteen percent of consumers admit to engaging in “privacy-protective”
behaviors that might their put health at risk, such as:
 Asking a doctor to lie about a diagnosis
 Paying for a test because they did not want to submit a claim
 Avoiding seeing their regular doctor

31
Medical Identity Theft

• AHIMA reported in 2008 a growing concern of general identity theft

• 2015 Medical Identity Fraud Alliance Annual Report
o Medical information more valuable than financial
o Costly to the victim
o Can be complex to solve over a long time

• HHS report outlines approaches to prevention, detection, and

remediation (ONC & OCR, 2015)

32
Tools for Protecting Health Information

• Brought to wider light by Institute of Medicine report For the Record

(Committee on Maintaining Privacy and Security,1997)
• Guide to Privacy and Security of Electronic Health Information (ONC
& OCR, 2015)
• National Institute of Standards and Technology (NIST) Critical
Cybersecurity Infrastructure Framework
• SANS
• And many more ….

33
Threats to Security

• Insider
o Accidental disclosure

o Curiosity

o Malicious/subornation

• Outsider
o Organized crime

o Hacktivists

o Cyber thieves

34
Technologies to Secure Information

• Deterrents • Obstacles
o Alerts o Authentication
o Audit trails o Authorization
• System management precautions o Integrity management
o Software management o Digital signatures
o Analysis of vulnerability o Encryption
o Firewalls
o Rights management

35
Encryption

• Necessary but not sufficient to ensure security

o Is a “safe harbor” under federal and state laws when data loss
occurs
• Should, however, be used for all communications over public
networks, such as the Internet, and with mobile devices
• Information is scrambled and unscrambled using a key
• Types: Symmetric and asymmetric
o Asymmetric, also known as public key encryption, can be used for
digital certificates, electronic signatures, and so on

36
Standards for Encryption and Related
Functions

• Advanced Encryption Standard (AES): NIST-designated standard for encryption and decryption
(Daemen & Rijmen, 2002)
• Transport Layer Security (TLS) and predecessor, Secure Sockets Layer (SSL): Cryptographic
protocols that provide security for communications over all points on networks (Rescorla, 2001)
• Internet Protocol Security (IPsec): Protocol for securing Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a data stream
o Part of IPv6 but also added as standalone on top of IPv4
• Secure Hash Algorithm (SHA): Protocols that ensure integrity of transmitted information and
documents (NIST, 2002)
o Security flaws have been identified in SHA-1, so SHA-2 family of protocols has been
developed
• For more:
o Secure Hash Algorithm https://en.wikipedia.org/wiki/Secure_Hash_Algorithm
o NIST’s Cryptographic Toolkit http://csrc.nist.gov/groups/ST/toolkit/index.html

37
For the Record Best Practices
(Committee on Maintaining Privacy and Security, 1997)
• Organizational
o Information and security governance
o Confidentiality and security policies
and committees
o Education and training programs
o Sanctions
o Patient access to audit trails
o Management dashboards
o Risk management and compliance
• Technical
o Authentication of users
o Audit trails
o Physical security and disaster
recovery
o Protection of remote access points
and external communications
o Software discipline
o Ongoing system vulnerability
assessment
o Infrastructure management
38
Authentication and Passwords

• Authentication: Process of gaining access to secure computer

• Usual approach is passwords (“what you know”), but secure systems may add
physical entities (“what you have”)
o Biometric devices: Physical characteristic (e.g., thumbprint)
o Physical devices: Smart card or some other physical “key”
• Ideal password is one you can remember but no one else can guess
• Typical Internet user interacts with many sites for which he or she must use
password
o “Single sign-on” is commonly used
• Two-factor authentication

39
Some Challenges with Passwords

• Common approach to security is password “aging” (i.e., expiration),

which is less effective than other measures (Wagner, Allan, & Heiser,
2005)
o Session-locking: One or small number of simultaneous logons
o Login failure lockout: After three to five attempts
• Password aging may also induce counterproductive behavior (Allan,
2005)

40
Health Information Security Is Probably
a Trade-off

Chart. Health information security is a trade-off (CC BY-NC-SA 3.0, 2012).

41
Privacy, Security, Confidentiality
Summary

• Privacy is the right to keep information to ourselves, whereas

confidentiality is the right to keep information about ourselves from
being disclosed to others.
• For many reasons, breaches and disclosures of patient information are
increasing.
• “De-identified” information is not necessarily more secure.

42
Privacy, Security, and Confidentiality
Summary

• There are many points where information can “leak” out of the
system.
• Many technologies are available for protecting security.
• Encryption is necessary but not sufficient.
• Paper-based information has its own security problems.

43
Privacy, Security, and Confidentiality
References
Acluvideos. (2009). Scary Pizza [Video file] Retrieved from https://youtu.be/33CIVjvYyEk
Acquisti, A., & Gross, R. (2009). Predicting Social Security numbers from public data. Proceedings
of the National Academy of Sciences, 106, 10975–10980.
Allan, A. (2005). Password aging can burden an already-weak authentication method. Stamford, CT:
Gartner.
American College of Physicians. (2011). Health information technology & privacy: Position paper.
Philadelphia, PA: American College of Physicians. Retrieved from
http://www.acponline.org/advocacy/where_we_stand/policy/hit_privacy.pdf
American Health Information Management Association. (n.d.). AHIMA consumer health information
bill of rights. Retrieved from http://bok.ahima.org/PdfView?oid=107674
American Health Information Management Association. (2003). Flow of patient health information
inside and outside the healthcare industry. Retrieved from
http://library.ahima.org/PdfView?oid=22958
Bowe, R. (2013). Identity crisis: Organizations are implementing medical identity theft teams to
combat rising incidents. Journal of AHIMA, 84(1), 38–42.
California Health Care Foundation (CHCF). (2005). National consumer health privacy survey 2005.
Oakland, CA: CHCF. Retrieved from http://www.chcf.org/topics/view.cfm?itemID=115694

44
Privacy, Security, and Confidentiality
References
Cassa, C., Schmidt, B., Kohane, I., & Mandl, K. (2008). My sister's keeper?: Genomic research
and the identifiability of siblings. BMC Medical Genomics, 1(1), 32. Retrieved from
http://www.biomedcentral.com/1755-8794/1/32
Cohn, S. (2006). Privacy and confidentiality in the nationwide health information network.
Retrieved from
http://www.ncvhs.hhs.gov/recommendations-reports-presentations/june-22-2006-letter-to-the-secr
etary-recommendations-regarding-privacy-and-confidentiality-in-the-nationwide-health-informati
on-network/
Cohn, S. (2008). Individual control of sensitive health information accessible via the Nationwide
Health Information Network for purposes of treatment. Retrieved from
http://www.ncvhs.hhs.gov/wp-content/uploads/2014/05/080220lt.pdf
Committee on Maintaining Privacy and Security in Health Care Applications of the National
Information Infrastructure. (1997). For the record: Protecting electronic health information.
Washington, DC: National Academies Press. Retrieved from
http://www.nap.edu/catalog/5595/for-the-record-protecting-electronic-health-information
Conn, J. (2016, February 17). Hospital pays hackers $17,000 to unlock EHRs frozen in
“ransomware” attack. Modern Healthcare. Retrieved from
http://www.modernhealthcare.com/article/20160217/NEWS/160219920
Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES—The advanced encryption
standard. Berlin, Germany: Springer-Verlag.
45
Privacy, Security, and Confidentiality
References
Department of Health, Education, and Welfare. (1979). The belmont report: Ethical guidelines for the
protection of human subjects of research. Washington, DC: Department of Health, Education, and Welfare.
Retrieved from:
https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html
Detmer, D. (2010). Activating a full architectural model: Improving health through robust population health
records. Journal of the American Medical Informatics Association, 17, 367–369.
El Emam, K., Neri, E., & Jonker, E. (2007). An evaluation of personal health information remnants in
second-hand personal computer disk drives. Journal of Medical Internet Research, 9(3), e24.
El Emam, K., Neri, E., Jonker, E., Sokolova, M., Peyton, L., Neisa, A., & Scassa, T. (2010). The inadvertent
disclosure of personal health information through peer-to-peer file sharing programs. Journal of the
American Medical Informatics Association, 17, 148–158.
European Commission. (2016, February 29). European Commission unveils EU-U.S. privacy shield.
Retrieved from http://ec.europa.eu/justice/newsroom/data-protection/news/160229_en.htm
European Commission. (2016, March 23). Protection of personal data. Retrieved from
http://ec.europa.eu/justice/data-protection/index_en.htm
Gostin, L., & Hodge, J. (2002). Personal privacy and common goods: A framework for balancing under the
national health information privacy rule. Minnesota Law Review, 86, 1439–1479. Retrieved from
http://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?article=1086&context=facpub

46
Privacy, Security, and Confidentiality
References
Hall, M., & Schulman, K. (2009). Ownership of medical information. JAMA, 301, 1282–1284.
HealthIT.gov. (2013). Federal-state healthcare coordination: Health information security and
privacy collaboration (HISPC). Retrieved from
https://www.healthit.gov/policy-researchers-implementers/health-information-security-privacy-col
laboration-hispc
HealthIT.gov. (2016). Your health information rights. Retrieved from
https://www.healthit.gov/patients-families/your-health-information-rights
Healthcare Information and Management Systems Society (HIMSS). (2015). 2015 HIMSS security
survey. Chicago, IL: HIMSS. Retrieved from http://www.himss.org/2015-cybersecurity-survey
(full report limited to members only; executive summary available free to download).
Herzig, T. (Ed.). (2010). Information security in healthcare—Managing risk. Chicago, IL:
Healthcare Information Management Systems Society.
Hodge, J., Gostin, L., & Jacobson, P. (1999). Legal issues concerning electronic health
information: Privacy, quality, and liability. JAMA, 282, 1466–1471.

47
Privacy, Security, and Confidentiality
References
Joint NEMA/COCIR/JIRA Security and Privacy Committee. (2004). Break glass procedure:
Granting emergency access to critical ePHI systems. Retrieved from
http://hipaa.yale.edu/security/break-glass-procedure-granting-emergency-access-critical-ephi-syst
ems
Keteyian, A. (2010, April 15). Digital photocopiers loaded with secrets. CBS News. Retrieved
from http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Kutscher, B. (2016, March 3). Healthcare underspends on cybersecurity as attacks accelerate.
Modern Healthcare. Retrieved from
http://www.modernhealthcare.com/article/20160303/NEWS/ 160309922/healthcare-underspends-
on-cybersecurity-as-attacks-accelerate
Lee, C., & Goldfarb, Z. (2006, June 30). Stolen VA laptop and hard drive recovered. The
Washington Post, p. A01. Retrieved from
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/29/AR2006062900352.html
Lumley, T., & Rice, K. (2010). Potential for revealing individual-level information in genome-
wide association studies. JAMA, 303, 859–860.
Malin, B., & Sweeney, L. (2005). How (not) to protect genomic data privacy in a distributed
network: Using trail re-identification to evaluate and design anonymity protection systems.
Journal of Biomedical Informatics, 37, 179–192.

48
Privacy, Security, and Confidentiality
References
McGuire, A., & Gibbs, R. (2006). No longer de-identified. Science, 312, 370–371.
Milken Institute School of Public Health. (2012). Who owns medical records: 50 state comparison.
Retrieved from
http://www.healthinfolaw.org/comparative-analysis/who-owns-medical-records-50-state-comparis
on
McNabb, J., & Rhodes, H. B. (2014). Combating the privacy crime that can KILL. Journal of
AHIMA, 85(4), 26–29.
Munro, D. (2015, Dec. 31). Data breaches in healthcare totaled over 112 million records in 2015.
Forbes, Pharma & Healthcare. Retrieved from
http://www.forbes.com/sites/danmunro/2015/12/31/data-breaches-in-healthcare-total-over-112-mil
lion-records-in-2015/#356bb7337fd5
National Academies Press. (1997). For the record protecting electronic health information.
Retrieved from https://www.nap.edu/read/5595/chapter/2#4
National Institute for Standards and Technology (NIST). (2015). Secure hash standard.
Gaithersburg, MD: NIST. Retrieved from
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
National Institute of Standards and Technology. (2014). Cryptographic toolkit. Retrieved from
http://csrc.nist.gov/groups/ST/toolkit

49
Privacy, Security, and Confidentiality
References
National Institute of Standards and Technology (NIST). (2014). Framework for improving critical
infrastructure cybersecurity. Gaithersburg, MD: NIST. Retrieved from
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
Office of the National Coordinator for Health Information Technology (ONC) & Office for Civil
Rights. (2015). Guide to privacy and security of electronic health information. Washington, DC:
ONC. Retrieved from
https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
Orcutt, M. (2015, Dec. 23). 2015 could be the year of the hospital hack. MIT Technology Review.
Retrieved from
https://www.technologyreview.com/s/533631/2015-could-be-the-year-of-the-hospital-hack
Pabrai, A. (2008, January 23). The single sign-on solution. H&HN’s Most Wired Magazine.
Patient Privacy Rights Foundation. (n.d.). Patient privacy rights. Retrieved from
https://patientprivacyrights.org
Perma, G. (2015, Feb. 5). Anthem hit by large data breach. Healthcare Informatics. Retrieved from
http://www.healthcare-informatics.com/news-item/anthem-hit-large-data-brach

50
Privacy, Security, and Confidentiality
References
Ponemon Institute. (2015). Fifth annual benchmark study on privacy and security
of healthcare data. Retrieved from https://www2.idexpertscorp.com/fifth-annual ponemon
-study-on-privacy-security-incidents-of-healthcare-data

Pritts, J., & Connor, K. (2007). The implementation of e-consent mechanisms in three countries: Canada,
England, and the Netherlands. Washington, DC: Substance Abuse and Mental Health Services
Administration. Retrieved from http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf
Privacy Rights Clearinghouse. (2005). Chronology of data breaches. Retrieved from
http://www.privacyrights.org/data-breach
Privacy Rights Clearinghouse. (2014). Fact sheet 8c: The HIPAA privacy rule: Patients’ rights. Retrieved
from https://www.privacyrights.org/content/hipaa-privacy-rule-patients-rights
Rescorla, E. (2001). SSL and TLS: Designing and building secure systems. Boston, MA: Addison Wesley.
Rindfleisch, T. (1997). Privacy, information technology, and healthcare. Communications of the ACM, 40(8), 93–
100.
Rodwin, M. (2009). The case for public ownership of patient data. JAMA, 302, 86–88.
Rojas-Burke, J. (2006). Providence critics push for safer records. The Oregonian.
Rothfeder, J. (1992). Privacy for sale: How computerization has made everyone’ s private life an open secret.
New York, NY: Simon & Schuster.

51
Privacy, Security, and Confidentiality
References
Rothstein, M., & Talbott, M. (2006). Compelled disclosure of health information: Protecting against the
greatest potential threat to privacy. JAMA, 295, 2882–2885.
Sequoia Project. (2016). Data use and reciprocal support agreement (DURSA). Retrieved from
http://sequoiaproject.org/ehealth-exchange/onboarding/dursa
Sweeney, L. (1997). Guaranteeing anonymity when sharing medical data: The Datafly System.
Proceedings of the 1997 AMIA Annual Fall Symposium, Nashville, TN, 51–55.
Sweeney, L. (2002). k-Anonymity: A model for protecting privacy. International Journal on
Uncertainty, Fuzziness, and Knowledge-based Systems, 10(5), 557–570.
TEDx Talks. (2104). Designing technology to restore privacy: Deborah C. Peel, MD at
TEDxTraverseCity [Video file]. Retrieved from https://www.youtube.com/watch?v=f1JPjLCxPFQ
The SANS Institute. (2016). About (SANS). Retrieved from https://www.sans.org/about
Tufts University School of Medicine. (2009). Declaration of health data rights. Retrieved from
https://sites.tufts.edu/prep/2009/07/07/declaration-of-health-data-rights
U.S. Department of Health and Human Services. (2016a). Breaches affecting 500 or more
individuals. Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf 

52
 Privacy, Security, and Confidentiality
References
U.S. Department of Health and Human Services. (2016b). Improper disclosure of research
participants’ protected health information results in $3.9 million HIPAA settlement. Retrieved from
http://www.hhs.gov/about/news/2016/03/17/improper-disclosure-research-participants-protected-heal
th-information-results-in-hipaa-settlement.html#

Wagner, R., Allan, A., & Heiser, J. (2005). Eight security practices offer more value than password
aging. Stamford, CT: Gartner.
White House Office of the Press Secretary. (2015). Fact sheet: President Obama’s precision medicine
initiative. Retrieved from
https://www.whitehouse.gov/the-press-office/2015/01/30/fact-sheet-president-obama-s-precision-med
icine-initiative
Wikipedia. (2016). Secure hash algorithm. Retrieved from
https://en.wikipedia.org/wiki/Secure_Hash_Algorithm
Wright, A., & Sittig, D. (2007a). Encryption characteristics of two USB-based personal health record
devices. Journal of the American Medical Informatics Association, 14, 397-399.
Wright, A., & Sittig, D. (2007b). Security threat posed by USB-based personal health records. Annals
of Internal Medicine, 146, 314–315.

53
Privacy, Security, and Confidentiality
References
Charts, Tables, Figures
Figure Adapted from Sweeney, L. (1997). Guaranteeing anonymity when sharing medical data: The Datafly System.
Proceedings of the 1997 AMIA Annual Fall Symposium, Nashville, TN, 51–55.
Chart. Flow of information in health care (Rindfleisch, 1997).
Chart. Health information security is a trade-off (CC BY-NC-SA 3.0, 2012).

54
This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of
the National Coordinator for Health Information Technology under Award Number IU24OC000015. This material was updated in 2016 by
Bellevue College under Award Number 90WT0002.

This presentation was produced with the support of the United States Agency for
International Development (USAID) under the terms of MEASURE Evaluation
cooperative agreement AID-OAA-L-14-00004. MEASURE Evaluation is
implemented by the Carolina Population Center, University of North Carolina at
Chapel Hill in partnership with ICF International; John Snow, Inc.; Management
Sciences for Health; Palladium; and Tulane University. Views expressed are not
necessarily those of USAID or the United States government.

www.measureevaluation.org