Deterrence approach on the compliance with electronic medical records privacy policy: the moderating role of computer monitoring.

BACKGROUND: This study explored the possible antecedents that will motivate hospital employees' compliance with privacy policy related to electronic medical records (EMR) from a deterrence perspective. Further, we also investigated the moderating effect of computer monitoring on relationships among the antecedents and the level of hospital employees' compliance intention. METHODS: Data was collected from a large Taiwanese medical center using survey methodology. A total of 303 responses was analyzed via hierarchical regression analysis. RESULTS: The results revealed that sanction severity and sanction certainty significantly predict hospital employees' compliance intention, respectively. Further, our study found external computer monitoring significantly moderates the relationship between sanction certainty and compliance intention. CONCLUSIONS: Based on our findings, the study suggests that healthcare facilities should take proactive countermeasures, such as computer monitoring, to better protect the privacy of EMR in addition to stated privacy policy. However, the extent of computer monitoring should be kept to minimum requirements as stated by relevant regulations.

Os desafios do RGPD perante as novas tecnologias blockchain / Los desafíos del RGPD ante las nuevas tecnologías blockchain / The challenges of RGPD in face of blockchain technology / Els desafiaments del RGPD davant les noves tecnologies blockchain

O surgimento de novos softwares baseados em tecnologia blockchain lançam novas perguntas ao novo RGPD, criticado por ter sido criado tendo apenas em vista realidades virtuais centralizadas de controlo de dados. Apesar de quer o RGPD, quer o blockchaindesejarem objetivos comuns, como o aumento da transparência e da confiança na troca de dados online, a verdade é que em vários aspetos os desentendimentos entre ambos são reais: certas noções, como a de responsável pelo tratamento ou subcontratante, dificilmente se adequam; certos direitos, como o direito ao esquecimento ou à transferência de dados, correm o risco de perder conteúdo útil; ou mesmo certos princípios, como o da limitação de tratamento, dificilmente se compatibilizam com esta nova tecnología

La creación y el surgimiento de nuevos programas informáticos basados en la tecnología blockchain desafían el reciente GDPR con nuevas cuestiones, ya que se le critica tener en cuenta sólo las realidades virtuales basadas en el control centralizado de datos. A pesar de que tanto el RGDP como la blockchain comparten intereses comunes para aumentar la transparencia y la confianza en el intercambio de datos en línea, lo cierto es que, en varios aspectos, los malentendidos entre ambos son reales: algunas nociones como la de controlador o procesador de datos, son poco adecuadas; ciertos derechos, como el derecho al olvido o el derecho a la portabilidad de los datos corren el riesgo de perder su aplicación; o incluso ciertos principios, como la minimización de datos, son difícilmente compatibles con esta nueva tecnología

The creation and emergence of new software based on blockchain technology challenge the recent GDPR to new questions, as it is severely criticized for bearing in mind only virtual realities based on centralized data control. Despite both RGDP and blockchain share common interests in increasing transparency and confidence in online data exchange, the truth is that in several ways misunderstandings between the two are real: certain notions, such as data controller or processor, hardly adequate; certain rights, such as right to be forgotten or the right to data portability risk losing their enforcement; or even certain principles, such as data minimization, are hardly compatible with this new technology

La creació i el sorgiment de nous programes informàtics basats en la tecnologia blockchain desafien el recent GDPR amb noves qüestions, ja que se li critica tenir en compte només les realitats virtuals basades en el control centralitzat de dades. A pesar que tant el RGDP com la blockchain comparteixen interessos comuns per a augmentar la transparència i la confiança en l'intercanvi de dades en línia, la veritat és que, en diversos aspectes, els malentesos entre tots dos són reals: algunes nocions com la de controlador o processador de dades, són poc adequades; certs drets, com el dret a l'oblit o el dret a la portabilitat de les dades corren el risc de perdre la seva aplicació; o fins i tot certs principis, com la minimització de dades, són difícilment compatibles amb aquesta nova tecnología

[Health privacy in the age of digital networks]. / Gesundheitsdatenschutz in vernetzten Zeiten.

Digitization in the health sector embodies opportunities and risks. These consist of patient and data confidentiality. Vulnerability of data concerning integrity and availability can lead to financial losses and to damage of the health of data subjects. Those risks must be tackled by privacy or data protection law. For this purpose we have the European Data Protection Regulation as a comprehensive legal framework and a harmonizing bracket.This framework contains regulations on consent, purpose binding and data transfer, on rights of the data subject, technical and organizational measures and procedural arrangements. Recently, codes of conduct and certification schemes have been added as instruments. The frame of privacy law is completed by the law on medical products and information security regulations.Unfortunately, German legislation did not grip the opportunity of the European regulation to modernize, tighten and harmonize national privacy law in the health sector. This led to a lack of clarity, particularly because of the parallel applicability of privacy law and professional law. Central issues - for instance concerning transparency for data subjects, official supervision, analytics and processing for research purposes - remain dysfunctional. The German legislation should adjust those deficits. Corporations and the chambers for health professionals could and should also be active for this concern.

A Brief Report on the Ethical and Legal Guides For Technology Use in Marriage and Family Therapy.

Marriage and family therapists (MFTs) use ethical codes and state licensure laws/rules as guidelines for best clinical practice. It is important that professional codes reflect the potential exponential use of technology in therapy. However, current standards regarding technology use lack clarity. To explore this gap, a summative content analysis was conducted on state licensure laws/rules and professional ethical codes to find themes and subthemes among the many aspects of therapy in which technology can be utilized. Findings from the content analysis indicated that while there have been efforts by both state and professional organizations to incorporate guidance for technology use in therapy, a clear and comprehensive "roadmap" is still missing. Future scholarship is needed that develops clearer guidelines for therapists.

Data governance requirements for distributed clinical research networks: triangulating perspectives of diverse stakeholders.

There is currently limited information on best practices for the development of governance requirements for distributed research networks (DRNs), an emerging model that promotes clinical data reuse and improves timeliness of comparative effectiveness research. Much of the existing information is based on a single type of stakeholder such as researchers or administrators. This paper reports on a triangulated approach to developing DRN data governance requirements based on a combination of policy analysis with experts, interviews with institutional leaders, and patient focus groups. This approach is illustrated with an example from the Scalable National Network for Effectiveness Research, which resulted in 91 requirements. These requirements were analyzed against the Fair Information Practice Principles (FIPPs) and Health Insurance Portability and Accountability Act (HIPAA) protected versus non-protected health information. The requirements addressed all FIPPs, showing how a DRN's technical infrastructure is able to fulfill HIPAA regulations, protect privacy, and provide a trustworthy platform for research.

Application of growing hierarchical SOM for visualisation of network forensics traffic data.

Digital investigation methods are becoming more and more important due to the proliferation of digital crimes and crimes involving digital evidence. Network forensics is a research area that gathers evidence by collecting and analysing network traffic data logs. This analysis can be a difficult process, especially because of the high variability of these attacks and large amount of data. Therefore, software tools that can help with these digital investigations are in great demand. In this paper, a novel approach to analysing and visualising network traffic data based on growing hierarchical self-organising maps (GHSOM) is presented. The self-organising map (SOM) has been shown to be successful for the analysis of highly-dimensional input data in data mining applications as well as for data visualisation in a more intuitive and understandable manner. However, the SOM has some problems related to its static topology and its inability to represent hierarchical relationships in the input data. The GHSOM tries to overcome these limitations by generating a hierarchical architecture that is automatically determined according to the input data and reflects the inherent hierarchical relationships among them. Moreover, the proposed GHSOM has been modified to correctly treat the qualitative features that are present in the traffic data in addition to the quantitative features. Experimental results show that this approach can be very useful for a better understanding of network traffic data, making it easier to search for evidence of attacks or anomalous behaviour in a network environment.

Security issues in healthcare applications using wireless medical sensor networks: a survey.

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Institutionalizing telemedicine applications: the challenge of legitimizing decision-making.

During the last decades a variety of telemedicine applications have been trialed worldwide. However, telemedicine is still an example of major potential benefits that have not been fully attained. Health care regulators are still debating why institutionalizing telemedicine applications on a large scale has been so difficult and why health care professionals are often averse or indifferent to telemedicine applications, thus preventing them from becoming part of everyday clinical routines. We believe that the lack of consolidated procedures for supporting decision making by health care regulators is a major weakness. We aim to further the current debate on how to legitimize decision making about the institutionalization of telemedicine applications on a large scale. We discuss (1) three main requirements--rationality, fairness, and efficiency--that should underpin decision making so that the relevant stakeholders perceive them as being legitimate, and (2) the domains and criteria for comparing and assessing telemedicine applications--benefits and sustainability. According to these requirements and criteria, we illustrate a possible reference process for legitimate decision making about which telemedicine applications to implement on a large scale. This process adopts the health care regulators' perspective and is made up of 2 subsequent stages, in which a preliminary proposal and then a full proposal are reviewed.

A health insurance portability and accountability act-compliant ocular telehealth network for the remote diagnosis and management of diabetic retinopathy.

In this article, we present the design and implementation of a regional ocular telehealth network for remote assessment and management of diabetic retinopathy (DR), including the design requirements, network topology, protocol design, system work flow, graphics user interfaces, and performance evaluation. The Telemedical Retinal Image Analysis and Diagnosis Network is a computer-aided, image analysis telehealth paradigm for the diagnosis of DR and other retinal diseases using fundus images acquired from primary care end users delivering care to underserved patient populations in the mid-South and southeastern United States.

Data-centric privacy protocol for intensive care grids.

Modern e-Health systems require advanced computing and storage capabilities, leading to the adoption of technologies like the grid and giving birth to novel health grid systems. In particular, intensive care medicine uses this paradigm when facing a high flow of data coming from intensive care unit's (ICU) inpatients just like demonstrated by the ICGrid system prototyped by the University of Cyprus. Unfortunately, moving an ICU patient's data from the traditionally isolated hospital's computing facilities to data grids via public networks (i.e., the Internet) makes it imperative to establish an integral and standardized security solution to avoid common attacks on the data and metadata being managed. Particular emphasis must be put on the patient's personal data, the protection of which is required by legislations in many countries of the European Union and the world in general. In this paper, we extend our previous research with the following contributions: 1) a mandatory access control model to protect patient's metadata; 2) a major security revision to our previously proposed privacy protocol by contributing with a "quality of security" quantitative metric to improve fragmented data's assurance; and finally, 3) a set of early results to demonstrate that our protocol not only improves a patient personal data's security and privacy but also achieves a performance comparable with existing approaches.

[The analysis of legal basis of telediagnosis and teleconsultation in clinical practice. Are we allowed to consult our patients via phone? Part II]. / Analiza podstaw legalnosci telekonsultacji i telediagnostyki w codziennej praktyce klinicznej. Czy wolno konsultowac pacjentów przez telefon? Czesc II.

BACKGROUND: This paper is composed of two parts, the first one addresses the issue of legal grounds for teleconsultation and telemedicine in Poland, the other tries to answer the questions whether the provision of health services with use of telemedical tools does not breach medical professional secrecy or personal data protection. MATERIAL AND METHODS: The material comprised a whole set of Polish and European legal acts that could have any impact on the legal basis of telemedicine in Poland. The method applied was of interpretative nature, and the texts of above-mentioned acts were thoroughly analyzed, providing the first comprehensive study on this subject. RESULTS: The medical professional secrecy is not violated if the range of transmitted data is limited to those, which are absolutely necessary in the diagnostic and therapeutic process. This rule involves the transmission of indispensable personal and medical data, however, sharing the patient's appearance should be preceded by his/her informed consent. CONCLUSIONS: The achievements of information technology greatly contribute to the quality of diagnostic and therapeutic processes. Due to the rapid development of modern means of telemedicine we face the need to establish legal regulations, specifying the principles of distant exchange of medical data.

[The analysis of legal basis of telediagnosis and teleconsultation in clinical practice. are we allowed to consult our patients via phone? Part I]. / Analiza podstaw legalnosci telekonsultacji i telediagnostyki w codziennej praktyce klinicznej. Czy wolno konsultowac pacjentów przez telefon? Czesc I.

BACKGROUND: Telemedicine means the delivery of medical service without personal contact between the patient and physician. Although Polish legal regulations do not prohibit so called "distant medical treatment", they do not specify clear and ambiguous terms of such a service. The practitioner faces numerous doubts concerning the telediagnosis and teleconsultation. The authors discuss the problems of acceptability of telediagnosis and teleconsultation in Poland. MATERIAL AND METHODS: The material comprised a whole set of legal acts of the Polish and European origin that could have any impact on the legal basis of telemedicine in Poland. The method applied was of interpretative nature, and the texts of above-mentioned acts were thoroughly analyzed, providing the first comprehensive study on this subject. RESULTS: The results applied to practitioners of numerous medical specializations, but it should be stated that the examples studied and analyzed focused on teleconsultations in occupational medicine. The analysis revealed that current legal regulations do not specify the exact form the medical consultations should acquire. Nevertheless, it should be admitted that "distant consultation"; via the Internet, phone or other means of IT is not prohibited. The authors emphasize, however, that the distant consultations should be treated as an exception to the rule, which says that the patient should be personally consulted by the physician. CONCLUSIONS: The achievements of information technology greatly contributes to the quality of diagnostic and therapeutic processes. The existence of many unclear and ambiguous rules and opinions makes it necessary to establish legal regulations specifying the principles of distant exchange of medical data.