Privacy Rules Research Articles

Evaluation of synthetic electronic health records: A systematic review and experimental assessment

Recent studies have shown how synthetic data generation methods can be applied to electronic health records (EHRs) to obtain synthetic versions that do not violate privacy rules. This growing body of research has resulted in the emergence of numerous methods for evaluating the quality of generated data, with new publications often introducing novel evaluation methods. This work presents a detailed review of synthetic EHRs, focusing on the various evaluation methods used to assess the quality of the generated EHRs. We discuss the existing evaluation methods, offering insights into their use as well as providing an interpretation of the evaluation metrics from the perspectives of achieving fidelity, utility and privacy. Furthermore, we highlight the key factors influencing the selection of evaluation methods, such as the type of data (e.g., categorical, continuous, or discrete) and the mode of application (e.g., patient level, cohort level, and feature level). To assess the effectiveness of current evaluation measures, we conduct a series of experiments to shed light on the potential limitations of these measures. The findings from these experiments reveal notable shortcomings, including the need for meticulous application of methods to the data to reduce inconsistent evaluations, the qualitative nature of some assessments subject to individual judgment, the need for clinical validations, and the absence of techniques to evaluate temporal dependencies within the data. This highlights the need to place greater emphasis on evaluation measures, their application, and the development of comprehensive evaluation frameworks as it is crucial for advancing progress in this field.

New Reproductive Privacy Rule to Protect Both Patients and Physicians

This Viewpoint describes the newly finalized Reproductive Privacy Rule, a HIPAA regulatory update intended to prevent law enforcement in abortion-restrictive states from obtaining reproductive care medical records to prosecute patients and physicians.

Legal and Ethical Considerations of Artificial Intelligence for Residents in Post-Acute and Long-Term Care

This article proposes a framework for examining the ethical and legal concerns for using artificial intelligence (AI) in post-acute and long-term care (PA-LTC). It argues that established frameworks on health, AI, and the law should be adapted to specific care contexts. For residents in PA-LTC, their social, psychological, and mobility needs should act as a gauge for examining the benefits and risks of integrating AI into their care. Using those needs as a gauge, 4 areas of particular concern are identified. First, the threat that AI poses to the autonomy of residents can undermine their core needs. Second, how discrimination and bias in algorithmic decision-making can undermine Medicare coverage for PA-LTC, causing doctors' recommendations to be ignored and denying residents the care they are entitled to. Third, privacy rules concerning data use may undermine developers’ ability to train accurate AI systems, limiting their usefulness in PA-LTC contexts. Fourth, the importance of obtaining consent before AI is used and discussions about how that care should continue if there are concerns about an ongoing decline in cognition. Together, these considerations elevate existing frameworks and adapt them to the context-specific case of PA-LTC. It is hoped that future research will examine the legal implications of these matters in each of these specific cases.

REGULATION OF CROSS-BORDER DATA FLOW AND ITS PRIVACY IN THE DIGITAL ERA

We are living in a world where information systems are becoming a new weapon to control the future. When the data flows across national borders, it becomes an invaluable resource for economic and informational development in any nation. Today, cross-border data flows are an important component of international trade because companies are frequently transfer customer’s and employee’s data across different countries. This paper will examine the importance of the free flow of cross-border data and its privacy concerns. It also examines the failure of the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, to provide protection from cross-border data transfer; specifically, the Digital Personal Data Protection Act, 2023, is silent on the criteria of listing countries for data transfer and the processing of personal data of those data principals who are living outside India. Some countries have implemented laws pertaining to “data localization” as a means to restrict the movement of data outside their respective borders, but it affects international trade and development. So, it raises a question: What kind of and how much data do nations have to restrict for cross-border data transfer internationally? This paper analyse the General Data Protection Regulation of the European Union, the Cross-Border Privacy Rules of the Asia-Pacific Economic Cooperation of the United States, and the Privacy Shield Framework between the EU and the US. In the end this paper concludes with suggestions for the privacy of cross-border data and the need of uniform law for its worldwide applicability.

Pelanggaran Batas Privasi Anak dalam Praktik Sharenting pada Kalangan Selebriti Indonesia

The use of social media is increasingly massive, parents uploading photos, videos or other information about their children on social media has become increasingly common and has become a source of controversy in Indonesia recently. This research aims to investigate violations of children's privacy boundaries that occur due to sharenting practices among Indonesian celebrities. Using document study methodology, researchers compiled data related to sharenting practices that occurred in the latest Indonesian celebrity controversies and analyzed them in accordance with Communication Privacy Management (CPM) theory. The results of the research show that YouTube Adsense is a reward that is expected from parents who practice sharenting. Children are considered to have no awareness of their ownership of privacy so they are deemed unable to regulate their privacy rules. The failure to coordinate privacy boundaries between children and parents causes the boundaries of ownership of children's personal information to become blurred. The practice of sharenting by parents among Indonesian celebrities can raise ethical concerns regarding children's privacy rights and weak ownership of children's privacy in accordance with the concept in CPM theory.

Identifying undefined risks: A risk model and a privacy risk identification measure in the privacy impact assessment process

Privacy impact assessment (PIA) has attracted the attention of privacy watchdogs and researchers for decades. This study focuses on a risk model and risk identification method, which are two crucial elements of the risk identification step in the PIA process. As a preparatory work, this article reviews national and international organizations’ current templates and guidelines and finds that PIA guidance includes multiple domains but rarely provide a risk model or a systematic risk identification method. Based on the analysis, our study offers a risk model that can capture various privacy risk realization processes. It further proposes a combination of risk identification methods that correspond to the main target domains in the PIA and the proposed risk model. This combination consists of privacy principles of a given personal information or privacy rule to check compliance with the rule, and our suggested list of risk factors is useful in inductively finding potential risk scenarios that violate social expectations of privacy.

HHS Office for Civil Rights opens investigation into UnitedHealthcareGroup cyberattack

Last week, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) issued a “Dear Colleague” letter addressing the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealthcare Group (UHG), and many other health care entities. The cyberattack is disrupting health care and billing information operations nationwide and poses a direct threat to critically needed patient care and essential operations of the health care industry. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which require that HIPAA covered entities – virtually all health care providers, clearinghouses, and insurance companies – protect the privacy and security of protected health information. The likelihood that substance use disorder (SUD) treatment information was included in the breach is very likely. However, OCR does not mention 42 CFR Part 2, just HIPAA. HHS views ransomware and hacking as the “primary cyber threats in health care.” There has been a 256% increase in large breaches involving hacking, and a 264% increase in ransomware, over the last 5 years, and this only includes those breaches OCR was notified of. $22 million was reportedly paid to the Change Healthcare hackers, in the form of bitcoin, likely from UHG, according to news reports. HHS OCR says: “If you believe that your or another person's health information privacy or civil rights have been violated, you can file a complaint with OCR at https://www.hhs.gov/ocr/complaints/index.html.” The one bright side of the new Part 2 rules are that OCR now enforces the regulation.

Electronic Medical Records and Patient Privacy

Over the last few decades, technology has taken over the world and almost everything has switched to computers. With the transition to Electronic Medical Records, not many people are aware of the severe effects and their privacy rights. The purpose of this study was to measure the awareness of specifically high school students on electronic medical records and patient privacy. This study conducted an experiment between Calabasas High School students and U.S. doctors to see how aware each student was about this issue as well as the doctors’ thoughts on how aware the students are. All students (N=330) completed an online survey sent out to them via Google Classroom. Additionally, all doctors (N=100) also completed an online survey sent out to them via doctor pages. Student surveys collected reports of basic privacy issues, privacy rules, and electronic medical records. Doctor surveys mimicked the student surveys, but were adjusted accordingly. Results revealed that while many students were not aware of the effects of electronic medical records and issues with patient privacy, they were more aware of these issues than what doctors thought. Implications suggest that more students need to be educated on the effects of technology within the medical field and where their privacy rights stand.

A Reference Design Model to Manage Consent in Data Subjects-Centered Internet of Things Devices

Internet of Things (IoT) devices have changed how billions of people in the world connect and interact with each other. But, as more people use IoT devices, many questions arise about how these devices handle private data and whether they properly ask for permission when using it. Due to information privacy regulations such as the EU’s General Data Protection Regulation (GDPR), which requires companies to seek permission from data subjects (DS) before using their data, it is crucial for IoT companies to obtain this permission correctly. However, this can be really challenging in the IoT world because people often find it difficult to interact with and manage multiple IoT devices under their control. Also, the rules about privacy are not always clear. As such, this paper proposes a new model to improve how consent is managed in the world of IoT. The model seeks to minimize “consent fatigue” (when people get tired of always being asked for permission) and give DS more control over how their data are shared. This includes having default permission settings, being able to compare similar devices, and, in the future, using AI to give personalized advice. The model allows users to easily review and change their IoT device permissions if previous conditions are not met. It also emphasizes the need for easily understandable privacy rules, clear communication with users, and robust tracking of consent for data usage. By using this model, companies that provide IoT services can do a better job of protecting user privacy and managing DS consent. In addition, companies can more easily comply with data protection laws and build stronger relationships with their customers.

A novel approach for constructing privacy‐aware architecture utilizing Shannon's entropy

SummaryThe right to privacy refers to an individual's decision about how personal information can be gathered, utilized, and disseminated. Individual consent and openness are the most important foundations for gaining consumers' confidence, and this pushes businesses to use privacy‐enhancing techniques while developing systems. The purpose of a privacy‐aware design is to safeguard data in such a manner that it does not expand an adversary's current understanding of an individual beyond what would be permitted. When these data pieces are coupled with the plethora of source data accessible outside the system to identify a user, this becomes crucial. Individual privacy is protected by privacy rules all around the globe, but they are often complicated and ambiguous, making their translation into practical and technologically privacy‐friendly structures difficult. The main contribution of this article is that we use Shannon's entropy (SE) to construct an objective measure that may guide our major technical design choices. And for privacy‐aware architecture, simplifying the state‐of‐the‐art security approaches given in the literature.

The viewpoints of parents of children with mental disorders regarding the confidentiality and security of their children’s information in the Iranian national electronic health record system

IntroductionElectronic health records help collect and communicate patient information among healthcare providers. The confidentiality of information, especially for patients with mental disorders, is paramount due to its profound impacts on individuals’ lives' social and personal aspects. This study aimed to investigate the viewpoints and concerns of parents of children with mental disorders regarding the confidentiality and security of their children's information in the Iranian National Electronic Health Record System (IEHRS). MethodsThis is a survey study on parents or guardians of children with mental disorders who visited Kerman’s specialised child psychiatry treatment centres. The data collection tool was a researcher-made questionnaire with 28 questions organised in seven sections, including demographic information of parents, children’s medical history, Internet use, knowledge about IEHRS, the necessity of data collection, IEHRS security concerns, and privacy concerns. The data were analysed in SPSS 24 software using descriptive statistics and logistic and ordinal regressions to assess the relationship between parents’ demographic characteristics and their viewpoints regarding information security and confidentiality concerns. ResultsThe results showed that more than 85 % of the parents believed that the security of their children’s information in IEHRS was moderate to high. More than two-thirds (71 %) of the parents also believed that IEHRS should tighten its privacy policies. Most participants (87 %) were concerned about their children’s information security in IEHRS. In this study, the parents’ concerns about the privacy and security of information in IEHRS were not significantly associated with their age, gender, or knowledge about IEHRS. ConclusionsMost parents of children with mental disorders were concerned about the security and confidentiality of their children's information in IEHRS. Thus, health policymakers should maintain a high level of security and establish appropriate privacy and confidentiality rules in IEHRS. In addition, they should be transparent about the system’s security mechanisms and confidentiality regulations to win public trust.

Secure data sharing in collaborative network environments for privacy-preserving mechanisms

In today’s world where everything is linked, shared network settings are necessary to share info between companies. However, making sure that data is safe and private in these kinds of settings is very hard. This paper describes a new way to share data safely, focusing on privacy-protecting features that keep private data safe while making it easier for people to work together.To keep data safe at different steps of sharing and processing, the suggested answer uses a mix of cryptography, access controls, and anonymization techniques. Unauthorized access is stopped and privacy is kept by encrypting data both while it is being sent and while it is being stored. Access controls are also used to make sure that only people who are allowed to can see or change private data. These controls are based on rules that have already been set. Also, methods like differential privacy are used to make privacy even better by adding noise to question results. This stops individual records from being identified while still allowing useful analysis. Together, these methods make it possible to share data safely and privately, which encourages cooperation without jeopardizing accuracy or privacy.Overall, this method provides a complete framework for dealing with the tricky issues of data security and privacy in collaborative network settings. It lets businesses share information freely while still following strict privacy rules and keeping private data from getting into the wrong hands or being shared without permission.

Security and Privacy in AI-Driven Industry 5.0: Experimental Insights and Threat Analysis

This empirical research offers important insights from simulated industrial situations as it examines security and privacy in AI-driven Industry 5.0. When responding to security problems, participants' remarkable average reaction time of 14 minutes demonstrated their preparedness. On a 5-point rating scale, the clarity and openness of privacy rules were scored 3.8 overall; however, differences between 3.5 and 4.2 indicated the range of privacy issues. These results highlight the need of well-defined security procedures, thorough training, and easily available, transparent privacy regulations in order to manage the ethical integration of AI into Industry 5.0 and promote stakeholder confidence and data protection.

Digital Forensics Challenges in Cyberspace: Overcoming Legitimacy and Privacy Issues Through Modularisation

The significance of the cloud environment is growing in the current digital world. It provides several advantages, such as reduced expenses, the ability to adjust to different needs, adaptability and enhanced cooperation. The field of digital forensic investigations has encountered substantial difficulties in reconciling the requirement for efficient data analysis with the increasing apprehensions regarding privacy in recent times. As investigators analyse digital evidence to unearth crucial information, they must also traverse an intricate network of privacy rules and regulations. Given the increasing prevalence of remote work and the necessity for businesses to be adaptable and quick to react to shifting market circumstances, the cloud infrastructure has become a crucial asset for organisations of various scales. Although the cloud offers benefits such as scalability, flexibility and enhanced collaboration, it presents difficulties in digital forensic investigations regarding data protection, ownership and jurisdictional boundaries. These concerns are becoming increasingly significant as more data is kept in the cloud. In this paper, we present three major challenges that are faced during cloud-based forensics investigation. We analyse the extent to which different data formats increase complexity in forensics investigations in cyberspace. This paper analyses three core challenges facing digital forensics in the cloud environment: legitimacy, complexity and an increase in data volume, looking at the implications these have on data liable for legal issues in court. These challenges contribute to the backlog in digital forensics investigations due to a lack of modularisation of the procedures. To address these concerns, modularisation model is proposed to offer a way to integrate traditional processing functions while ensuring strict adherence to privacy protocols. To overcome these challenges, we propose modularisation as a strategy for improving the future of digital forensic research's operational efficiency, overcoming the identified challenges faced during cloud-based investigations and demonstrating how organisations can mitigate potential risks associated with storing sensitive information in the cloud.

Graduate students’ privacy boundaries in communicating about mental health with their advisors

ABSTRACT The purpose of this study is to understand the decision-making process that graduate students engage in when deciding whether to withhold or disclose information about mental health to their academic advisors. Guided by the principles of the phronetic iterative approach and Communication Privacy Management Theory, a thematic analysis of open-ended survey responses from 81 participants currently enrolled in graduate education revealed several privacy boundary rules used to determine whether to disclose private health information with advisors. Graduate students in this study enacted three motivational criteria (i.e., help-seeking, transparency, and relationship-building), two contextual criteria (i.e., relational closeness and relevance), and four risk–benefit ratios (i.e., anticipated advisor response, stigma, student emotional response, and advisor mental health) in creating privacy rule boundaries. These rules are discussed in terms of both theoretical and practical implications for the graduate student mental health crisis in the United States.

Kajian Literatur Manajemen Privasi dalam Konteks Hubungan Keluarga di Facebook

The rapid development of technology makes social media an important part of the communication process. Facebook as one of the most popular social media and has many users encourages the emergence of privacy disturbances. As the number of families using Facebook increases, the risk of privacy disclosure also becomes more open in the public sphere. The management of personal data and information on social media has triggered privacy disturbances. The research team used a qualitative methodology with a literature review method to examine privacy management using the theory of Communication Privacy Management (CPM) in the family context on Facebook Social Media. The results of the study show that as owners of individual information, they apply privacy controls through privacy rules and restrictions as a way to decide what to disclose and hide on Facebook. Privacy disclosure decisions are influenced by the quality of family relationships and topics of discussion. Individuals will apply personal boundaries to information related to sex and HIV disease. Privacy controls carried out by individuals in the context of family relationships on Facebook are carried out to avoid turbulence.

Enhancing Symptom Management and Coordination of Breast Cancer Care at Secondary Hospitals in Saudi Arabia

The passage highlights the complexity of integrated breast cancer care and the importance of effective communication in ensuring treatment compliance, reducing errors and complications, and managing co-morbidities. It emphasizes the need for clarity in the role of the care director to prevent patients from getting lost across different departments. Digital tools are recognized as valuable resources for improving care communication, but their directives and integration within the care team need to be clearly defined. Multidisciplinary team meetings are essential for driving care planning, establishing directives, and collecting structured data. Nurse navigators play a pivotal role in ensuring care continuity and assuming the director's role in the complex landscape of breast cancer care. While AI-driven planning can facilitate their tasks, human intervention remains crucial for providing psychosocial support and addressing unexpected urgencies. The allocation of patients across different healthcare centers is often managed manually and through phone communication, resulting in time-consuming processes and discontinuous system solutions. Privacy rules and competition among providers further limit the effectiveness of current solutions. Additionally, the collection of comprehensive outcome information is currently limited to specific collaborative networks. To address these challenges, AI tools can play a role in facilitating care allocation and predicting risks by leveraging data continuity over time. This can help identify non-compliance issues caused by factors such as limited local resources, distance, and costs. However, it is essential to conduct applied research to bring AI modeling into clinical practice and promote well-coordinated, patient-centric cancer care within the complex healthcare landscape.

Digital transformation of the agricultural sector: prospects, challenges and solutions

The digital transformation of the agricultural sector has received considerable attention due to its potential to increase efficiency and productivity. This paper reviews recent research and publications to identify key themes and gaps in the digitalisation of agriculture. The analysis shows that while some studies highlight the potential benefits of digital agriculture, others emphasise the limitations and challenges associated with its implementation. The case of Ukraine fits into the ‘light digitalisation’ scenario, where agriculture digitalisation is at a basic level, data control is limited, and digital literacy and technology adoption varies among different agricultural stakeholders.To promote the digitalisation process, data exchange between stakeholders such as farmers, government, traders, producers, consumers and AgriTech should be improved. Digital platforms, e-governance, agricultural extension, access to financial services and information exchange are very important for digital transformation. The author explores digital interactions between farmers and agri-tech companies, food traders/producers and consumers, highlighting the elements and benefits of such interactions.The role of the government in creating a reliable digitalisation system and facilitating cooperation between stakeholders is discussed. It proposes the implementation of solutions such as farm management systems, data collection tools, decision support systems and data-driven farming technologies. These solutions facilitate data analysis, informed decision-making and optimisation of farm operations.Challenges and limitations associated with the digital transformation of the agricultural sector are limited financial resources, regulatory constraints, resistance to change, and privacy concerns. Further research is needed to explore data quality standards, data ownership and privacy rules, skills development, modelling systems and digital platforms.
 JEL classification: H83, O38, Q10, Q18

S5-5 Developing an individual-based advice for sports participation and physical activity in children using the concept of Physical Literacy

Abstract Purpose Practitioners, researchers and policy makers have been looking for ways to change the negative trend observed in physical activity (PA) behaviour in children. An individual PA advice for children, based on the concept of physical literacy (PL), might offer an important avenue to support and motivate children to be physically active in a way that fits their needs and skills. Due to the holistic approach of PL, this concept is suitable for the development of an individual PA advice to motivate children to be physically active for life. Therefore, we aim to develop a feasible tool to provide children aged 4 to 12 years with an individual PA advice in the Dutch school setting. Method In this project, experts on the different areas of PL collaborate to create a tool feasible for implementation in the Dutch primary school setting. Experts will comprise children, parents, practitioners, researchers and policy makers. First, available measurement instruments on (elements of) PL will be reviewed. This will help us determine what instruments are best suitable to be used in the Dutch setting to create ‘input’ for a tool. Secondly, we will examine how data from these instruments can be harmonized to create an individual PA advice. This step will involve close collaborations with ICT while adhering to privacy rules and regulations. During this step we will also examine how the translation from ‘input’ to ‘output’, an individual PA advice, might have to differ for different age groups. Thirdly, we will develop a plan for the implementation in the Dutch setting and educational context. This involves feasibility in terms of finances as well as feasibility from a practical point of view. Conclusion By creating a tool to develop an individual PA advice, we hope to support and motivate children and parents to engage in PA that will last a life time. Throughout the process, relevant stakeholders will be involved in any step needed to ensure acceptability, feasibility and sustainability. Funding This project is funded by the Dutch Ministery of Health, Welfare, and Sports.

Managing tensions between privacy and connection in the sharing of personal information ownership on social media: overall and by gender

ABSTRACT Drawing on the premise of dialectical tensions in the management of privacy and connectivity, this study proposes a model presenting a clue to the privacy paradox: how social media users negotiate information ownership while reacting to privacy concerns. The study further examines gender differences in the perception of privacy concerns and negotiation of information ownership. The findings show that others’ sharing of information ownership influenced one’s own sharing of information ownership. While privacy concerns increased privacy rule adaptation, positive norms of shared information ownership negatively influenced privacy rule adaptation. There were gender differences found: women were more likely than men to react positively to expand shared information ownership and to regulate the degree of shared information ownership by adapting their privacy rules. Men were less likely than women to be concerned about privacy in reflection of the positive norms of sharing information ownership on social media.