Privacy Criteria Research Articles

Optimizing Cloud-Based Clinical Platforms Best Practices for HIPAA and HITRUST Compliance

It is essential to ensure compliance with regulatory standards such as HIPAA (Health Insurance Portability and Accountability Act) and HITRUST (Health Information Trust Alliance) in order to safeguard patient information and preserve trust. This is because cloud-based clinical platforms are becoming increasingly popular among healthcare organisations. The purpose of this paper is to give a complete review of best practices for optimising cloud-based healthcare platforms, with a particular emphasis on HIPAA and HITRUST compliance. The use of cloud technology provides a multitude of benefits, some of which include scalability, cost effectiveness, and enhanced accessibility. On the other hand, it also presents difficulties in terms of data security, privacy, and compliance with regulatory requirements. The implementation of strong solutions that are in accordance with the standards of HIPAA and HITRUST is necessary for healthcare organisations in order to solve these difficulties. In the first place, the study conducts an investigation of the key concepts of HIPAA and HITRUST, underlining the relevance of these principles in protecting patient information. At the same time as HIPAA is responsible for establishing national standards for the protection of sensitive patient data, HITRUST is responsible for providing a framework that is certifiable and incorporates several security and privacy criteria. In order to design a compliance plan, it is vital to have a better understanding of these frameworks.

Personal data protection compliance assessment: A privacy policy scoring approach and empirical evidence from Thailand's SMEs

Privacy policies, intended to provide information to individuals regarding how their personal data is processed, are often complex and challenging for users to understand. Businesses often demonstrate non-compliance with personal data protection laws, ranging from the absence of privacy policies to the existence of policies that do not adhere to legal requirements. This paper aims to (1) develop a quantitative and systematic tool for evaluating privacy policies' compliance with the Personal Data Protection Act (PDPA), (2) assess compliance among Small and Medium Enterprises (SMEs) in Thailand, and (3) provide recommendations for enhancing compliance practices. To achieve this, we proposed a multi-criteria privacy policy scoring model integrated with comprehensive statistical data analyses. The privacy policy scoring model consists of ten privacy principles and 31 privacy criteria, providing a structured framework for evaluating privacy policies. During a two-year postponement period for enforcing the PDPA law, we conducted a stratified random-sampling survey of 384 SMEs to evaluate their privacy policies using the proposed scoring model. The accomplished results revealed significantly lower scores than anticipated, with the nationwide average score of SMEs reaching only 6.1909 out of 100 points. More than half of the SMEs collected personal data without announcing privacy policies, and those with privacy policies adhered to an average of only 12.15 out of 31 privacy criteria. These findings highlight the pressing need to improve compliance practices among SMEs in Thailand. The proposed methodology can be customized and applied to align with the requirements of personal data protection laws in other countries. Additionally, our findings indicate that compliance with the PDPA is influenced by the Thailand Standard Industrial Classification (TSIC) sections, suggesting the adoption of tailored approaches by policymakers to address the specific needs of different TSIC sections.

Secured Scheme for Privacy Preserving and Node Authentication Mechanism for a Special Mobile Ad hoc Network

Opportunistic networks are a special type of Mobile Ad hoc network which are wirelessly interlinked nodes with the absence of end to end connectivity. All nodes in an opportunistic network are free to move in an environment. Due to the high degree of mobility of nodes, opportunistic networks differ significantly from the existing traditional networks and it works on store, carry &forward mechanism in which, each node has a communication range. Within its proximity, if any node comes, it can send and receive messages. In an opportunistic network, there is no proper infrastructure available for communication and node have limited storage and computational capabilities. The major problem being faced in an opportunistic network is the identification of normal and malicious nodes because due to the open nature of the opportunistic network, malicious nodes also can join the network and perform some malicious activities like Sybil attack. We propose a remedy to address the authentication and privacy issue that can arise in an opportunistic network. According to the findings of the simulation, the proposed research work satisfies the authentication and privacy criteria of an opportunistic network.

Standardization and evaluation of indicators for quantifying antimicrobial use on U.S. dairy farms

Antimicrobial resistance (AMR) is a global One Health threat. A portion of AMR development can be attributed to antimicrobial use (AMU) in animals, including dairy cattle. Quantifying AMU on U.S. dairy farms is necessary to inform antimicrobial stewardship strategies and help evaluate the relationship between AMU and AMR. Many AMU indicators have been proposed for quantifying AMU in dairy cattle. However, these indicators are difficult to interpret and compare because they differ in the type of data used, the calculation approach, and the definitions of variables and parameters used in the calculation. Therefore, we selected 16 indicators (count-based, mass-based, and dose-based) applicable for quantifying AMU on U.S. dairy farms. We systematized the indicators by standardizing their variables and parameters to improve their interchangeability, interpretation, and comparability. We scored indicators against six data-driven criteria (assessing their accuracy, data and effort needs, and level of privacy concern) and five stewardship-driven criteria (assessing their ability to capture trends and inform antimicrobial stewardship). The derived standardized indicators will aid farmers and veterinarians in selecting suitable indicators based on data availability and stewardship needs on a farm. The comparison of indicators revealed a trade-off requiring farmers to balance the granularity of data necessary for an accurate indicator and effort to collect the data, and a trade-off relevant to farmers interested in data sharing to inform stewardship because more accurate indicators are typically based on more sensitive information. Indicators with better accuracy tended to score better in stewardship criteria. Overall, two dose-based indicators, estimating the number of treatments and administered doses, scored best in accuracy and stewardship. Conversely, two count-based indicators, estimating the length of AMU, and a mass-based indicator, estimating the mass of administered antimicrobials, performed best in the effort and privacy criteria. These findings are expected to benefit One Health by aiding the uptake of farm-level AMU indicators by U.S. dairy farms.

Synthesis of an Obfuscation Policy that Guarantees Utility Satisfying a New Privacy Criterion

Nowadays, with the advancement of technology, several systems are connected through computer networks, which makes it necessary to develop techniques capable of guaranteeing the privacy and utility of the transmitted information. In this work, we consider the synthesis of an obfuscation policy of Discrete Event Systems that guarantees utility satisfying a new privacy criterion. The system is modeled as a labeled transition system with secret states. The first goal is to keep the information generated by the system useful so that legitimate users can use it for decision making. At the same time, the second goal is to hide critical information about the secret states of the system from attackers. However, unlike previous approaches presented in the literature, we consider the case in which it is possible for the obfuscator to report the secret states if the actual state of the system is in a safe region. Thus, this approach increases the number of systems that can be obfuscated. The software SynthSMV is used to perform the obfuscator synthesis.

Balancing data privacy and usability in the federal statistical system

The federal statistical system is experiencing competing pressures for change. On the one hand, for confidentiality reasons, much socially valuable data currently held by federal agencies is either not made available to researchers at all or only made available under onerous conditions. On the other hand, agencies which release public databases face new challenges in protecting the privacy of the subjects in those databases, which leads them to consider releasing fewer data or masking the data in ways that will reduce their accuracy. In this essay, we argue that the discussion has not given proper consideration to the reduced social benefits of data availability and their usability relative to the value of increased levels of privacy protection. A more balanced benefit–cost framework should be used to assess these trade-offs. We express concerns both with synthetic data methods for disclosure limitation, which will reduce the types of research that can be reliably conducted in unknown ways, and with differential privacy criteria that use what we argue is an inappropriate measure of disclosure risk. We recommend that the measure of disclosure risk used to assess all disclosure protection methods focus on what we believe is the risk that individuals should care about, that more study of the impact of differential privacy criteria and synthetic data methods on data usability for research be conducted before either is put into widespread use, and that more research be conducted on alternative methods of disclosure risk reduction that better balance benefits and costs.

Evaluation of security metrics in AIoT and blockchain-based supply chain by Neutrosophic decision-making method

ABSTRACT Today, smart supply chains are one of the main and growing applications of evolving technologies such as the Internet of Things (IoT), artificial intelligence (AI), and blockchain, which bring many benefits. IoT and blockchain security is a subset of cybersecurity that protects against IoT-related threats. Therefore, the simultaneous combination of these technologies and the creation of a supply chain based on the artificial intelligence of things (AIoT) and blockchain, in addition to increasing the performance of activities in supply chain processes, can also bring many security challenges to this smart supply chain. Because the data collected by IoT devices and stored in the blockchain-based systems that manage them are much more sensitive than traditional network security strategies.Due to the importance of this issue, in this study, an attempt has been made to analyse these security indicators in the AIoT and blockchain-based intelligent supply chain using a combined decision-making method in a fuzzy neutrosophic environment. Understanding these security measures will definitely help to implement more secure and powerful smart supply chains. The results showed that customer privacy criteria have the highest priority. The following priorities are authentication, Security challenges based on infrastructure, and network integrity.

NiPA: Nicknames Pool Approach for Protecting Privacy of User Data in Intelligent Transportation Systems

The intelligent transportation system has made a huge leap in the level of human services, which has had a positive impact on the quality of life of users. On the other hand, these services are becoming a new source of risk due to the use of data collected from vehicles, on which intelligent systems rely to create automatic contextual adaptation. Most of the popular privacy protection methods, such as Dummy and obfuscation, cannot be used with many services because of their impact on the accuracy of the service provided itself, they depend on changing the number of vehicles or their physical locations. This research presents a new approach based on the shuffling Nicknames of vehicles. It fully maintains the quality of the service and prevents tracking users permanently, penetrating their privacy, revealing their whereabouts, or discovering additional details about the nature of their behavior and movements. Our approach is based on creating a central Nicknames Pool in the cloud as well as distributed sub-pools in fog nodes to avoid intelligent delays and overloading of the central architecture. Finally, we will prove by simulation and discussion by examples the superiority of the proposed approach and its ability to adapt to new services and provide an effective level of protection. In the comparison, we will rely on the well-known privacy criteria: Entropy, Ubiquity, and Performance.

Vehicle-based secure location clustering for IoT-equipped building and facility management in smart city

Vehicles equipped with various sensing devices have the strong ability to generate location information, which is beneficial to a lot of applications in smart city. In special, it is important to take full advantage of the traffic information to manage the buildings and facilities with special services, including charging/gas stations, car parks and leisure centers. However, location data are outsourced to the third party (e.g., vehicles and the vehicular cloud), which causes high security risks. In this paper, we first define a personalized local differential privacy criterion for location data, which offers a strong private guarantee to drivers. Then, we propose a density-based location clustering mechanism, i.e., PLPP-CLIQUE, which not only satisfies the proposed privacy criterion but also maximizes the utility of vehicles for location-based services. Moreover, we design a more efficient mechanism, i.e., Improved-PLPP-CLIQUE, to increase the utility of location clustering for vehicular clouds under the same privacy requirement. We demonstrate that our mechanisms satisfy the privacy criterion and have the high utility by theoretical analysis. Finally, we perform extensive experiments to show the good capability of our mechanisms.

Data Disclosure With Non-Zero Leakage and Non-Invertible Leakage Matrix

We study a statistical signal processing privacy problem, where an agent observes useful data <inline-formula> <tex-math notation="LaTeX">$Y$ </tex-math></inline-formula> and wants to reveal the information to a user. Since the useful data is correlated with the private data <inline-formula> <tex-math notation="LaTeX">$X$ </tex-math></inline-formula>, the agent employs a privacy mechanism to generate data <inline-formula> <tex-math notation="LaTeX">$U$ </tex-math></inline-formula> that can be released. We study the privacy mechanism design that maximizes the revealed information about <inline-formula> <tex-math notation="LaTeX">$Y$ </tex-math></inline-formula> while satisfying a strong <inline-formula> <tex-math notation="LaTeX">$\ell _{1}$ </tex-math></inline-formula>-privacy criterion. When a sufficiently small leakage is allowed, we show that the optimizer distributions of the privacy mechanism design problem have a specific geometry, i.e., they are perturbations of fixed vector distributions. This geometrical structure allows us to use a local approximation of the conditional entropy. By using this approximation the original optimization problem can be reduced to a linear program so that an approximate solution for the optimal privacy mechanism can be easily obtained. The main contribution of this work is to consider a non-invertible leakage matrix with non-zero leakage. In our first example, inspired by a watermark application, we first demonstrate the accuracy of the approximation. Then, we employ different measures for utility and privacy leakage to compare the privacy-utility trade-off using our approach with other methods. In particular, we show that by allowing small leakage, significant utility can be achieved using our method compared to the case where no leakage is allowed. In the second and third examples which are based on the MNIST data set and medical applications, we illustrate the suggested design for disclosed data <inline-formula> <tex-math notation="LaTeX">$U$ </tex-math></inline-formula>. It has been shown that the letters of <inline-formula> <tex-math notation="LaTeX">$Y$ </tex-math></inline-formula> which are disclosing more information about <inline-formula> <tex-math notation="LaTeX">$X$ </tex-math></inline-formula> are combined (randomized) to produce a new letter of <inline-formula> <tex-math notation="LaTeX">$U$ </tex-math></inline-formula>.

Midyat Geleneksel Süryani Evlerinde Şeffaflık

The concept of transparency is a very important design criterion for the user to perceive the architectural structures and to interpret these structures, thanks to the literal and connotations that the user evokes. In the scope of the article, the concept of transparency in architecture is defined and its relation with architecture and different interpretations in architecture are analyzed. Midyat Traditional Syriac Houses; data obtained from literature reviews, on-site observation and questionnaires with different user maggots were evaluated. Data were obtained with The Shapiro-Wilk Test. Privacy phenomenon and transparency interpretations in architecture shaped within the framework of this phenomenon have been examined in Midyat Syriac Traditional Housing architecture. The reflections of privacy criteria that emerged depending on lifestyles to the architectural structure in terms of transparency have been determined. In the study, it’s understood that the concept of life style and privacy of societies affects the formation of the house in which they live, both in the internal space regulation and in the connection with the outside world, in other words with the ratio of transparency on the fronts. The fact that the subject hasn’t been done before in the literature indicates the contribution of the study to science.

Private‐encoder: Enforcing privacy in latent space for human face images

SummaryThe explosive growth of various computer vision technologies generates a tremendous amount of visual data online every day. In addition to bringing convenience and revolutionizing our daily life, image data also reveal a wide range of sensitive information and pose unprecedented privacy leakage risks. Particularly, in the case of photos contain human faces, people can easily access those face images on social media without any consent, and the misuse of personal information could cause serious privacy violation to individuals. Therefore, it is essential to consider sanitizing people's identity information when using images containing human faces. As a result, there has been rapid development in the area of facial anonymization, also called image de‐identification. However, due to the emergence of numerous deep‐learning based attacks, traditional anonymization methods such as blurring and mosaic are weak and ineffective to protect individual's privacy in face images. To respond to this challenge, this article proposes a novel de‐identification method that utilizes a deep neural network. The proposed framework encompasses two modules: encoder network and generator network. The encoder transforms a face image into a high‐semantic latent vector of codes, which will be de‐identified according to the differential privacy criterion. The generator leverages the unconditional generative adversarial network to synthesize high‐quality images based on the modified latent codes from the encoder. Extensive experimental results indicate that our proposed model can protect image privacy while keeping the processed image visual realistic.

A Survey of Automatic Contact Tracing Approaches Using Bluetooth Low Energy

To combat the ongoing Covid-19 pandemic, many new ways have been proposed on how to automate the process of finding infected people, also called contact tracing . A special focus was put on preserving the privacy of users. Bluetooth Low Energy as base technology has the most promising properties, so this survey focuses on automated contact tracing techniques using Bluetooth Low Energy. We define multiple classes of methods and identify two major groups: systems that rely on a server for finding new infections and systems that distribute this process. Existing approaches are systematically classified regarding security and privacy criteria.

Identifying Privacy Related Requirements for the Design of Self-Adaptive Privacy Protections Schemes in Social Networks

Social Networks (SNs) bring new types of privacy risks threats for users; which developers should be aware of when designing respective services. Aiming at safeguarding users’ privacy more effectively within SNs, self-adaptive privacy preserving schemes have been developed, considered the importance of users’ social and technological context and specific privacy criteria that should be satisfied. However, under the current self-adaptive privacy approaches, the examination of users’ social landscape interrelated with their privacy perceptions and practices, is not thoroughly considered, especially as far as users’ social attributes concern. This study, aimed at elaborating this examination in depth, in order as to identify the users’ social characteristics and privacy perceptions that can affect self-adaptive privacy design, as well as to indicate self-adaptive privacy related requirements that should be satisfied for users’ protection in SNs. The study was based on an interdisciplinary research instrument, adopting constructs and metrics from both sociological and privacy literature. The results of the survey lead to a pilot taxonomic analysis for self-adaptive privacy within SNs and to the proposal of specific privacy related requirements that should be considered for this domain. For further establishing of our interdisciplinary approach, a case study scenario was formulated, which underlines the importance of the identified self-adaptive privacy related requirements. In this regard, the study provides further insight for the development of the behavioral models that will enhance the optimal design of self-adaptive privacy preserving schemes in SNs, as well as designers to support the principle of PbD from a technical perspective.

A Design Framework for Strongly χ²-Private Data Disclosure

In this paper, we study a stochastic disclosure control problem using information-theoretic methods. The useful data to be disclosed depend on private data that should be protected. Thus, we design a privacy mechanism to produce new data which maximizes the disclosed information about the useful data under a strong $\chi^2$-privacy criterion. For sufficiently small leakage, the privacy mechanism design problem can be geometrically studied in the space of probability distributions by a local approximation of the mutual information. By using methods from Euclidean information geometry, the original highly challenging optimization problem can be reduced to a problem of finding the principal right-singular vector of a matrix, which characterizes the optimal privacy mechanism. In two extensions we first consider a scenario where an adversary receives a noisy version of the user's message and then we look for a mechanism which finds $U$ based on observing $X$, maximizing the mutual information between $U$ and $Y$ while satisfying the privacy criterion on $U$ and $Z$ under the Markov chain $(Z,Y)-X-U$.

Variational Bayes In Private Settings (VIPS)

Many applications of Bayesian data analysis involve sensitive information such as personal documents or medical records, motivating methods which ensure that privacy is protected. We introduce a general privacy-preserving framework for Variational Bayes (VB), a widely used optimization-based Bayesian inference method. Our framework respects differential privacy, the gold-standard privacy criterion, and encompasses a large class of probabilistic models, called the Conjugate Exponential (CE) family. We observe that we can straightforwardly privatise VB’s approximate posterior distributions for models in the CE family, by perturbing the expected sufficient statistics of the complete-data likelihood. For a broadly-used class of non-CE models, those with binomial likelihoods, we show how to bring such models into the CE family, such that inferences in the modified model resemble the private variational Bayes algorithm as closely as possible, using the Pólya-Gamma data augmentation scheme. The iterative nature of variational Bayes presents a further challenge since iterations increase the amount of noise needed. We overcome this by combining: (1) an improved composition method for differential privacy, called the moments accountant, which provides a tight bound on the privacy cost of multiple VB iterations and thus significantly decreases the amount of additive noise; and (2) the privacy amplification effect of subsampling mini-batches from large-scale data in stochastic learning. We empirically demonstrate the effectiveness of our method in CE and non-CE models including latent Dirichlet allocation, Bayesian logistic regression, and sigmoid belief networks, evaluated on real-world datasets.

Robust Privacy-Utility Tradeoffs Under Differential Privacy and Hamming Distortion

A privacy-utility tradeoff is developed for an arbitrary set of finite-alphabet source distributions. Privacy is quantified using differential privacy (DP), and utility is quantified using expected Hamming distortion maximized over the set of distributions. The family of source distribution sets (source sets) is categorized into three classes, based on different levels of prior knowledge they capture. For source sets whose convex hull includes the uniform distribution, symmetric DP mechanisms are optimal. For source sets whose probability values have a fixed monotonic ordering, asymmetric DP mechanisms are optimal. For all other source sets, general upper and lower bounds on the optimal privacy leakage are developed and a necessary and sufficient condition for tightness are established. Differentially private leakage is an upper bound on mutual information (MI) leakage: the two criteria are compared analytically and numerically to illustrate the effect of adopting a stronger privacy criterion.

Patients and professionals have different views on online patient information about cleft lip and palate

Background: Patients with cleft lip and palate (CLP) and their parents are actively searching for online information about CLP. For many conditions the quality of online information has been evaluated. However, the quality of online information on CLP is unexplored. Furthermore in the well-known quality assessment checklists, the patients’ perspectives on quality were not taken in account. In the current shift towards patient-centred care, involving patients in the evaluation and development of online information is a logical next step. To be able to evaluate the quality of online information, quality needs to be defined by the end-users of this information. Objective: The aims of this study are to define quality criteria for online information and assess the quality of frequently accessed online information sources. Patients, parents and professionals are equally involved in all stages of this study. Methods: A literature review was performed to distillate the most relevant quality criteria. These criteria were prioritised on relevance by patients (n = 25), parents (n = 25) and professionals (n = 9). The most important quality criteria were subsequently used by patients (n = 20), parents (n = 20) and professionals (n = 20) to rate existing online CLP information. Results: Distinct differences in prioritised criteria and evaluation of information between the three groups emerged. For instance professionals find reliability criteria of high importance, while patients and parents don’t. Privacy criteria are of importance for patients and parents, not for professionals. Conclusions: This study shows the importance of patient–participation in healthcare research, as well as a feasible approach to do so.

Prospective analysis of the quality of Spanish health information web sites after 3 years

ABSTRACTObjective: Although the Internet has become an essential source of health information, our study conducted 3 years ago provided evidence of the low quality of Spanish health web sites. The objective of the present study was to evaluate the quality of Spanish health information web sites now, and to compare these results with those obtained 3 years ago. Methods: For the original study, the most visited health information web sites were selected through the PageRank® (Google®) system. The present study evaluated the quality of the same web sites from February to May 2013, using the method developed by Bermúdez-Tamayo et al. and HONCode® criteria. Results: The mean quality of the selected web sites was low and has deteriorated since the previous evaluation, especially in regional health services and institutions’ web sites. The quality of private web sites remained broadly similar. Compliance with privacy and update criteria also improved in the intervening period. Conclusion: The results indicate that, even in the case of health web sites, design or appearance is more relevant to developers than quality of information. It is recommended that responsible institutions should increase their efforts to eliminate low-quality health information that may further contribute to health problems.

Automated Detection of HONcode Website Conformity Compared to Manual Detection: An Evaluation.

BackgroundTo earn HONcode certification, a website must conform to the 8 principles of the HONcode of Conduct In the current manual process of certification, a HONcode expert assesses the candidate website using precise guidelines for each principle. In the scope of the European project KHRESMOI, the Health on the Net (HON) Foundation has developed an automated system to assist in detecting a website’s HONcode conformity. Automated assistance in conducting HONcode reviews can expedite the current time-consuming tasks of HONcode certification and ongoing surveillance. Additionally, an automated tool used as a plugin to a general search engine might help to detect health websites that respect HONcode principles but have not yet been certified.ObjectiveThe goal of this study was to determine whether the automated system is capable of performing as good as human experts for the task of identifying HONcode principles on health websites.MethodsUsing manual evaluation by HONcode senior experts as a baseline, this study compared the capability of the automated HONcode detection system to that of the HONcode senior experts. A set of 27 health-related websites were manually assessed for compliance to each of the 8 HONcode principles by senior HONcode experts. The same set of websites were processed by the automated system for HONcode compliance detection based on supervised machine learning. The results obtained by these two methods were then compared.ResultsFor the privacy criterion, the automated system obtained the same results as the human expert for 17 of 27 sites (14 true positives and 3 true negatives) without noise (0 false positives). The remaining 10 false negative instances for the privacy criterion represented tolerable behavior because it is important that all automatically detected principle conformities are accurate (ie, specificity [100%] is preferred over sensitivity [58%] for the privacy criterion). In addition, the automated system had precision of at least 75%, with a recall of more than 50% for contact details (100% precision, 69% recall), authority (85% precision, 52% recall), and reference (75% precision, 56% recall). The results also revealed issues for some criteria such as date. Changing the “document” definition (ie, using the sentence instead of whole document as a unit of classification) within the automated system resolved some but not all of them.ConclusionsStudy results indicate concordance between automated and expert manual compliance detection for authority, privacy, reference, and contact details. Results also indicate that using the same general parameters for automated detection of each criterion produces suboptimal results. Future work to configure optimal system parameters for each HONcode principle would improve results. The potential utility of integrating automated detection of HONcode conformity into future search engines is also discussed.