Big data. Session 10, stream 1 Coordinators: Rattan Datta & R.K. Shyamasundar Chairman: Erich Neuhold
|
|
- Carol Anthony
- 7 years ago
- Views:
Transcription
1 The 22nd IFIP World Computer Congress September 2012 Amsterdam the Netherlands Towards an innovative, secure and sustainable information society Big data Session 10, stream 1 Coordinators: Rattan Datta & R.K. Shyamasundar Chairman: Erich Neuhold
2 The 22nd IFIP World Computer Congress September 2012 Amsterdam the Netherlands Towards an innovative, secure and sustainable information society Dr. Anupam Datta Cylab, Carnegie Mellon University, USA
3 Privacy, Audit and Accountability Anupam Datta Carnegie Mellon University Big Data Session WCC 2012
4 Repositories of Personal Information
5 The Privacy Problem How can we ensure that organizations respect privacy expectations in the collection, disclosure and use of personal information?
6 Questions for the Session Does big data' necessarily mean 'small' privacy? How can 'big data' improve the quality of life?
7 Privacy Laws and Promises EU Privacy Directive HIPAA (Healthcare), GLBA (Financial), FERPA (Education) in US,
8 Healthcare Privacy Privacy Policy Hospital Auditor Patient informatio n Patient informatio n Patient information Patient Physician Nurse Drug Company 8
9 A Research Area Formalize Privacy Policies Precise semantics of privacy concepts Enforce Privacy Policies Audit Detect violations of policy Accountability Identify agents to blame for policy violations Punish to deter policy violations (resource allocation)
10 Formalizing and Enforcing Purpose Restrictions Joint work with Michael Tschantz and Jeannette Wing Carnegie Mellon University 2012 IEEE Symposium on Security and Privacy
11 Purpose in Privacy Policies Yahoo!'s practice is not to use the content of messages [ ] for marketing purposes. By providing your personal information, you give [Social Security Administration] consent to use the information only for the purpose for which it was collected.
12 Purpose Restrictions in Privacy Policies Not for Yahoo!'s practice is not to use the content of messages [ ] for marketing purposes. Only for By providing your personal information, you give [Social Security Administration] consent to use the information only for the purpose for which it was collected.
13 Purpose Restrictions are Ubiquitous OECD s Privacy Guidelines US Privacy Laws HIPAA, GLBA, FERPA, COPPA, EU Privacy Directive Enterprise Privacy Policies Google, Facebook, Yahoo, Hospitals, banks, educational institutions, govt
14 Goal Give a semantics to Not for purpose restrictions Only for purpose restrictions that is parametric in the purpose Provide automated enforcement of purpose restrictions for that semantics
15 Auditing Purpose restriction Auditee s behavior Environme nt Model Obeyed Inconclusiv e Violated
16 Motivating Example
17 Add x-ray X-ray taken Send record No diagnosis by specialist Medical Record X-ray added Med records used only for diagnosis Send record Diagnosis by specialist
18 Label Actions with Purposes Attempt 1: An action is for a purpose, if it labeled as such Problem 1: Begs the question Problem 2: One action can have different purposes depending upon context
19 Add x-ray X-ray taken Send record No diagnosis by specialist Not for diagnosis X-ray added For diagnosis For diagnosis Send record Add x-ray: diagnosis Send record: diagnosis Diagnosis by specialist
20 States Matter The purpose of an action may depend upon the state from which the agent takes that action Formalization of purpose must include states
21 Add x-ray X-ray taken Send record No diagnosis by specialist Not sufficient Necessary and sufficient X-ray added Send record Diagnosis by specialist
22 Necessary and Sufficient Attempt 2: an action is for a purpose if it is necessary and sufficient as a part of a chain of actions for achieving that purpose
23 Add x-ray X-ray taken Send record No diagnosis by specialist Diagnosis by MRI X-ray added Refer patient Send record Diagnosis by specialist
24 Non-redundancy Given a sequence of actions that reaches a goal state, an action in that sequence is non-redundant if removing that action from the sequence results in the goal no longer being reached Adapted counterfactual definition of causality Attempt 3: an action is for a purpose if it is part of a sufficient and non-redundant chain of actions for achieving that purpose
25 Add x-ray X-ray taken Send record No diagnosis by specialist X-ray added Send record Diagnosis by specialist
26 Add x-ray X-ray taken Send record Choice point No diagnosis by specialist Specialist Best choice fails X-ray added Send record 1/4 3/4 Diagnosis by specialist
27 Add x-ray X-ray taken Send record No diagnosis by specialist X-ray added Send record 1/4 3/4 Diagnosis by specialist
28 Planning Hypothesis: An action is for a purpose iff that action is part of a plan for furthering the purpose i.e., always makes the best choice for furthering the purpose
29 Auditing algorithm
30 Add x-ray X-ray taken No reward X-ray added No reward Send record Markov Decision Processes: States, actions, transitions, rewards Send record 1/4 3/4 No diagnosis by specialist No reward Diagnosis by specialist Reward!
31 Auditing Purpose restriction Auditee s behavior Environme nt model Obeyed Inconclusiv e Violated
32 Record only for diagnosis [, send record] Violated
33 Record only for treatment Policy implications Violated No [, send record] Actions optimal? MDP Solve r Optimal actions for each state
34 No False Positives Theorem (Soundness): If the algorithm returns violation, then the actions recorded in the log are not only for the purpose
35 Quality of Life Improvement + Privacy Protection Learn MDPs from large audit logs E.g., using reinforcement learning techniques Compute optimal plans in MDP Improve healthcare outcomes Improve privacy protection
36 Summary: Research Area Formalize Privacy Policies Precise semantics of privacy concepts Enforce Privacy Policies Audit Detect violations of policy Accountability Identify agents to blame for policy violations Punish to deter policy violations (resource allocation)
37 Thanks!
38 Publications (1) 1. J. Blocki, N. Christin, A. Datta, A. Sinha, Audit Mechanisms for Provable Risk Management and Accountable Data Governance, in Proceedings of 3rd Conference on Decision and Game Theory for Security, November M. C. Tschantz, A. Datta, J. M. Wing, Formalizing and Enforcing Purpose Restrictions in Privacy Policies, in Proceedings of 33rd IEEE Symposium on Security and Privacy, May A. Datta, J. Blocki, N. Christin, H. DeYoung, D. Garg, L. Jia, D. Kaynar, A. Sinha, Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms, 7th International Conference on Information Systems Security, December D. Garg, L. Jia, A. Datta, Policy Auditing over Incomplete Logs: Theory, Implementation and Applications, in Proceedings of 18th ACM Conference on Computer and Communications Security, October 2011
39 Publications (2) 5. J. Blocki, N. Christin, A. Datta, A. Sinha, Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection, in Proceedings of 24th IEEE Computer Security Foundations Symposium, June M. C. Tschantz, D. Kaynar, A. Datta, Formal Verification of Differential Privacy for Interactive Systems, Extended abstract in Proceedings of the 27th Annual Conference on Mathematical Foundations of Programming Semantics, May H. DeYoung, D. Garg, L. Jia, D. Kaynar, A. Datta, Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws, in Proceedings of 9th ACM Workshop on Privacy in the Electronic Society, October 2010
Privacy through Accountability: A Computer Science Perspective
Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor Computer Science, ECE, CyLab Carnegie Mellon University February 2014 Personal Information is Everywhere
More informationIndian Institute of Technology, Kharagpur, India, June 2000 June 2004 B.Tech in Electrical Engineering, with minor in Electronics Engineering
ARUNESH SINHA University of Southern California Cell Phone: 412-420-9628 Department of Computer Science Official Email: aruneshs@usc.edu SAL 300, 941 Bloom Walk Alternate Email: aruneshsinha@gmail.com
More informationPrivacy Research at Carnegie Mellon (A Sampling)
Privacy Research at Carnegie Mellon (A Sampling) Jeannette M. Wing President s Professor of Computer Science Department Head Computer Science Department Information Security and Privacy Advisory Board
More informationThe Logic of Privacy. Adam Barth. Joint work with Anupam Datta, John C. Mitchell Helen Nissenbaum, and Sharada Sundaram
The Logic of Privacy Adam Barth Joint work with Anupam Datta, John C. Mitchell Helen Nissenbaum, and Sharada Sundaram Privacy and Health Care Doctor Electronic Health Record Patient Portal Specialist HIPAA
More informationNeedles in Haystacks: Creating Information Balance Sheets for Personal Data
Needles in Haystacks: Creating Information Balance Sheets for Personal Data Testimony of Daniel J. Weitzner Director, MIT Decentralized Information Group Principal Research Scientist,
More informationNotice of Privacy Practices
Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Carnegie Mellon
More informationAudit Mechanisms for Provable Risk Management and Accountable Data Governance
Audit Mechanisms for Provable Risk Management and Accountable Data Governance Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha September 4, 2012 CMU-CyLab-12-020 CyLab Carnegie Mellon
More informationTowards Privacy aware Big Data analytics
Towards Privacy aware Big Data analytics Pietro Colombo, Barbara Carminati, and Elena Ferrari Department of Theoretical and Applied Sciences, University of Insubria, Via Mazzini 5, 21100 - Varese, Italy
More informationWhitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA
Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationRowan University IT ACQUISITION POLICY
Rowan University IT ACQUISITION POLICY Effective: January 2014 Data Governance: IT Acquisition Policy Page 1 of 6 IT ACQUISITION POLICY Title: Data Governance: IT Acquisition Policy Subject: Information
More informationAudit Mechanisms for Provable Risk Management and Accountable Data Governance
Audit Mechanisms for Provable Risk Management and Accountable Data Governance Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha Carnegie Mellon University, Pittsburgh, PA {jblocki, nicolasc,
More informationHIPAA and Network Security Curriculum
HIPAA and Network Security Curriculum This curriculum consists of an overview/syllabus and 11 lesson plans Week 1 Developed by NORTH SEATTLE COMMUNITY COLLEGE for the IT for Healthcare Short Certificate
More informationInformation Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.
Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous
More informationDISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015
DISCLAIMER Direct Medical Imaging LLC (DMI) dba Pembina High Field MRI provides scanning and services, including an interpretation of the scan by a board certified radiologist. DMI cannot and does not
More informationMIGUEL GONZALEZ, MD, FCCP, FACP 303 S. Moorpark Rd. Thousand Oaks, Ca 91361 805-497-7508 Phone 805-495-6834 Fax PATIENT INFORMATION
MIGUEL GONZALEZ, MD, FCCP, FACP 303 S. Moorpark Rd. Thousand Oaks, Ca 91361 805-497-7508 Phone 805-495-6834 Fax PATIENT INFORMATION DATE: REFERRED BY: NAME: SEX: M / F MARITAL STATUS: BIRTHDATE: DRIVERS
More informationHIPAA Training for the MDAA Preceptorship Program. Health Insurance Portability and Accountability Act
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act Objectives Understand what information must be protected under the HIPAA privacy laws Understand the
More informationAn Exploratory Study of Mobile Application Privacy Policies
An Exploratory Study of Mobile Application Privacy Policies James Graves Highlights I examined privacy policies for 110 popular Android and ios apps. App stores provided working links to privacy policies
More informationHow To Write A Software Engineering Code Of Ethics And Professional Practice
Family Educational Rights and Privacy Act: Initial Act was 1974 Amended 9 times As first enacted, FERPA provided parents with the right to inspect and review "any and all official records, files, and data
More information2016 OCR AUDIT E-BOOK
!! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that
More informationDGPeterson, LLC. HIPAA Security Auditors Report. Prepared for: Vigilant Medical, LLC Date: January 28, 2011. HIPAA Privacy & Security Consulting
DGPeterson, LLC HIPAA Privacy & Security Consulting HIPAA Security Auditors Report Prepared for: Vigilant Medical, LLC Date: January 28, 2011 DGPeterson, LLC Page 1 of 9 DGPeterson, LLC HIPAA Privacy &
More informationNOTICE OF PRIVACY PRACTICES FOR PURDUE UNIVERSITY HEALTH PLANS
NOTICE OF PRIVACY PRACTICES FOR PURDUE UNIVERSITY HEALTH PLANS This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please
More informationAccountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools
Accountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools Nick Papanikolaou, Cloud and Security Lab, HP Labs Europe np1@hp.com With special thanks to Nick Wainwright and Siani
More informationChapter 2 Standards for EHRs 1 Chapter 2 Content: LO 2.1 Describe EHR Standards History LO 2.2 Identify basic HIPAA regulations LO 2.3 List basic CHI regulations LO 2.4 Summarize IOM s Core Functions LO
More informationHIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015
HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015 Mobile Physician Group PC 231 High Street Suite 1, Mount Holly, NJ 08060 1-855-MPG-DOCS THIS NOTICE DESCRIBES
More informationParametric Attack Graph Construction and Analysis
Parametric Attack Graph Construction and Analysis Leanid Krautsevich Department of Computer Science, University of Pisa Largo Bruno Pontecorvo 3, Pisa 56127, Italy Istituto di Informatica e Telematica,
More informationOverview of ehr Development. Slide - 1
Overview of ehr Development Slide - 1 Where are we today? Hospital Authority 8 million patient records 800 million laboratory results 340 million prescribed drugs 34 million Xray images 33 million transactions
More informationAuthorization, Audit, and Provenance in the AURA System
Authorization, Audit, and Provenance in the AURA System Jeff Vaughan Department of Computer and Information Science University of Pennsylvania Symposium on Provenance in Software Systems March 30, 2009
More informationWinthrop-University Hospital
Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationOCHIN Position Paper. April 2012. Student Treatment Records under HIPAA vs. FERPA
OCHIN Position Paper April 2012 Student Treatment Records under HIPAA vs. FERPA TABLE OF CONTENTS Purpose... 2 Definitions... 2 School-Based Health Centers and HIPAA... 4 Third-Party Healthcare Providers...
More informationHIPAA PRIVACY FOR NON-EMPLOYEES. 2010 Edition
HIPAA PRIVACY FOR NON-EMPLOYEES 2010 Edition Introduction The HIPAA Privacy Standards have been in effect since April 14, 2003. The purpose of the HIPAA Privacy Standards is to protect the privacy of what
More informationJOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES
JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Jennings
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More information2012 HIPAA Privacy and Security Audits
Office of the Secretary Office for Civil Rights (OCR) 2012 HIPAA Privacy and Security Audits Linda Sanches OCR Senior Advisor, Health Information Privacy Lead, HIPAA Compliance Audits OCR 1 Agenda Background
More informationAuditing EMR System Usage. You Chen Jan, 17, 2013 You.chen@vanderbilt.edu
Auditing EMR System Usage You Chen Jan, 17, 2013 You.chen@vanderbilt.edu Health data being accessed by hackers, lost with laptop computers, or simply read by curious employees Anomalous Usage You Chen,
More informationCOPPA. How COPPA & Parental Intelligence Systems Help Parents Protect Their Kids Online. The Children s Online Privacy Protection Act
The Children s Online Privacy Protection Act COPPA How COPPA & Parental Intelligence Systems Help Parents Protect Their Kids Online A uknow White Paper by Tim Woda, co founder of uknow.com, Inc Overview
More informationKeweenaw Holistic Family Medicine Patient Registration Form
Keweenaw Holistic Family Medicine Patient Registration Form How did you first learn of our Clinic? Circle one: Attended Lecture Internet KHFM website Newspaper Sign in window Yellow Pages Physician Friend
More informationAccess control for data integration in presence of data dependencies. Mehdi Haddad, Mohand-Saïd Hacid
Access control for data integration in presence of data dependencies Mehdi Haddad, Mohand-Saïd Hacid 1 Outline Introduction Motivating example Related work Approach Detection phase (Re)configuration phase
More informationRole-Based Access Control Requirements Model with Purpose Extension
Role-Based Access Control Requirements Model with Purpose Extension Faranak Farzad 1, Eric Yu Faculty of Information Studies University of Toronto, Canada Patrick C. K. Hung Faculty of Business and Information
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES In 1996, the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA). Among others, the Act applies to health care providers and hospitals; it is
More informationNOTICE OF PRIVACY PRACTICES FOR THE NORTH CENTRAL NURSING CLINICS
NOTICE OF PRIVACY PRACTICES FOR THE NORTH CENTRAL NURSING CLINICS This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please
More informationEfficient Response to Bad Behavior - Network Marketing Model
Audit Mechanisms for Provable Risk Management and Accountable Data Governance Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha Carnegie Mellon University, Pittsburgh, PA {jblocki, nicolasc,
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationMaster OPML file Statistics on 9 March 2016 1 / 10 Statistics provided by Jukka S. Rannila
Master OPML file Statistics on 9 March 2016 1 / 10 These journals dont have RSS feeds ACM Computing Surveys ACM Journal of Data and Information Quality ACM Journal on Educational Resources in Computing
More informationLexmark Enterprise Software. Transforming customer engagement
Lexmark Enterprise Software Transforming customer engagement Customer relationships are the lifeblood of your business Whether you serve businesses, consumers, patients, students or citizens, the quality
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationCertifying the Security of Android Applications with Cassandra
1 15 th International School on Foundations of Software Security and Design August 31 st, 2015, Bertinoro Certifying the Security of Android Applications with Cassandra Steffen Lortz, Heiko Mantel, David
More informationELECTRONIC HEALTH RECORDS
ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability
More informationImplementing XML-based Role and Schema Migration Scheme for Clouds
Implementing XML-based Role and Schema Migration Scheme for Clouds Gurleen Kaur 1, Sarbjeet Singh 2 Computer Science and Engineering, UIET Panjab University, Chandigarh, India 1 gurleenturka@gmail.com
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationIdentifying Data Integrity in the Cloud Storage
www.ijcsi.org 403 Identifying Data Integrity in the Cloud Storage Saranya Eswaran 1 and Dr.Sunitha Abburu 2 1 Adhiyamaan College of Engineering, Department of Computer Application, Hosur. 2 Professor and
More informationThe Promise of Industrial Big Data
The Promise of Industrial Big Data Big Data Real Time Analytics Katherine Butler 1 st Annual Digital Economy Congress San Diego, CA Nov 14 th 15 th, 2013 Individual vs. Ecosystem What Happened When 1B
More informationThe Health Information Act and You. A Primer for Pharmacy Technicians
The Health Information Act and You A Primer for Pharmacy Technicians Disclaimer As per the definition regarding bias or conflict of interest put forth in the Guidelines and Criteria for CCCEP Accreditation
More informationHIPAA Privacy Policies
HIPAA Privacy Policies Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) The HIPAA Privacy Rule created a national standard to protect patient s medical records and other personal
More informationH.R 2646 Summary and S. 1945 Comparison
H.R 2646 Summary and S. 1945 Comparison TITLE I ASSISTANT SECRETARY FOR MENTAL HEALTH AND SUBSTANCE USE DISORDERS It establishes an Office of the Assistant Secretary for Mental Health and Substance Use
More informationTable of Contents. Miami University Page 2
OBIEE Security Authors: Amy Goll Last Updated: 6/12/2012 Table of Contents Miami University s Confidential Information Policy... 4 Security within OBIEE... 5 OBIEE Security Roles... 5 Miami Security Roles...
More informationHIPAA Privacy Policy & Notice of Privacy Practices
HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the
More informationSample Privacy Notice to Clients
APPENDIX I Housing First, Inc. AL-501 Homeless Management Information System Sample Privacy Notice to Clients AL-501 Homeless Management Information System Privacy Notice The Homeless Management Information
More informationNOTICE OF PRIVACY PRACTICES effective April 14, 2003
NOTICE OF PRIVACY PRACTICES effective April 14, 2003 This document outlines the privacy practices of Dental Clinic of Marshfield S.C. and Dental Com Insurance Plan, Inc. All references to Dental Clinic
More informationNotice of Privacy Practices
Pauquette Center for Psychological Services Notice of Privacy Practices Effective Date 2-1-15 THIS NOTICE DESCRIBES HOW MEDICAL AND PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
More informationProceedings of the Third International Workshop on Formal Methods for Interactive Systems (FMIS 2009)
Electronic Communications of the EASST Volume X (2009) Proceedings of the Third International Workshop on Formal Methods for Interactive Systems (FMIS 2009) Poporo: A Formal Framework for Social Networking
More informationChief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL 60446-1679 cpo@cbservices.org 800-807-0100
Summary of Notice of Privacy Practices for Christian Brothers Prescription Drug Program Christian Brothers Services is the program sponsor of the Christian Brothers Prescription Drug Program (the Program
More informationCAROLINA DENTAL Notice of Privacy Practices
CAROLINA DENTAL Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
More informationFormal Methods for Preserving Privacy for Big Data Extraction Software
Formal Methods for Preserving Privacy for Big Data Extraction Software M. Brian Blake and Iman Saleh Abstract University of Miami, Coral Gables, FL Given the inexpensive nature and increasing availability
More informationEXCEL PHYSICAL THERAPY, INC.
EXCEL PHYSICAL THERAPY, INC. Medical History Form Name: Date of Birth: Date: Are you employed? YES NO Right Handed Left Handed If NO, last day worked? Do you smoke? YES NO #of packs/day Occupation: Height:
More informationEach system vendor has tended to solve security in its own way
Presentation By Cerner Corporation To the National Committee on Vital and Health Statistics (NCVHS) Hearing by the Subcommittee on Standards and Security On The Impact of the HIPAA Security Rule on Healthcare
More informationWorker s Compensation Intake Form
Worker s Compensation Intake Form Patient Information: Name Home Phone Address Work Phone Social Security No. Date of Birth Sex Male Female Height Weight lbs Occupation Marital Status Employer No of Children
More informationPrivacy & Security Standards to Protect Patient Information
Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationUC PRIVACY AND INFORMATION SECURITY STEERING COMMITTEE OCTOBER 25, 2010
UC PRIVACY AND INFORMATION SECURITY STEERING COMMITTEE OCTOBER 25, 2010 Agenda 1:00 pm Welcome Introductions Review of the Committee s Charge A Provisional 18-Month Plan 1:30 Setting the Stage Privacy
More informationSTATEMENT OF PRIVACY PRACTICES
STATEMENT OF PRIVACY PRACTICES We, at Seattle Smile Works, are dedicated to protect the privacy rights of our patients and the confidential information entrusted to us. The commitment of each employee
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. A federal regulation,
More informationSection 160.310 Responsibilities of Covered Entities
Implementing an Audit Program for HIPAA Compliance Mike Lynch HIPAA Summit West March 14, 2002 Why Audit? Both the Security NPRM and the Final Privacy rule require access on a minimum need-to-know basis.
More informationApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Carol Woody, Ph.D. April 21, 2015 Copyright 2015 Carnegie Mellon University
More information9/30/2013. What is Cloud Computing? Benefits of Cloud Computing
The Continued Evolution of Mobile, Wireless and Cloud Technologies in the Healthcare Industry Health Care Compliance Association Regional Conference October 11, 2013 Pittsburgh, PA Michael A. Cassidy Copyright
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More informationCoastal Radiology Associates
Coastal Radiology Associates Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review
More informationSecuring Big Data Learning and Differences from Cloud Security
Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities
More informationOrganizational Impact of Big Data on Privacy & Security
Organizational Impact of Big Data on Privacy & Security Marijn Janssen, Agung Wahyudi Delft University of Technology EdCon Puerto Rico, 12 August 2015 OUTLINE 01 Privacy & Security in Organization 02 Big
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationHIPAA Security Rule Changes and Impacts
HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.
More informationThe Challenge of Implementing Interoperable Electronic Medical Records
Annals of Health Law Volume 19 Issue 1 Special Edition 2010 Article 37 2010 The Challenge of Implementing Interoperable Electronic Medical Records James C. Dechene Follow this and additional works at:
More informationOnline Lead Generation: Data Security Best Practices
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
More informationPRIVACY + SECURITY TRAINING PROGRAM CATALOG
PRIVACY + SECURITY TRAINING PROGRAM CATALOG TeachPrivacy 261 Old York Rd., Suite 518 P.O. Box 706 Jenkintown, PA 19046 Phone: Fax: (215) 886-1909 DATA ABOUT TEACHPRIVACY The TeachPrivacy Advantage Expertise
More informationlsh!urology ASSOCIATES OF HOUSTON, P.A.
, Gary lsh!urology ASSOCIATES OF HOUSTON, P.A. S. Hurwitz, M.D., F.A.C.S. Douglas S. Dow, M.D., F.A.C.S. Nathaniel L. Barnes, M.D., F.A.C.S. Thanh A. Nguyen, M.D., F.A.C.S. Matthew D. Hoggatt, M.D. Notice
More informationResearch Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on
Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Lucila Ohno-Machado, MD, PhD Division of Biomedical Informatics University of California San Diego PCORI Workshop 7/2/12
More informationSOCIAL MEDIA AND EMAIL POLICY FOR SCHOOL OF MEDICINE AND HEALTH SCIENCES
Responsible University Official: Senior Associate Dean, MD Programs Senior Associate Dean, HS Programs Responsible Office: Office of the Dean, SMHS Most Recent Revision: 07/23/2015 SOCIAL MEDIA AND EMAIL
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationHIPAA Employee Compliance Program TRAINING MANUAL
HIPAA Employee Compliance Program TRAINING MANUAL Training Manual to Assist Employees in HIPAA Compliance January 2013 Program For HIPAA Compliance Plan Goal The purpose of this manual is to instruct our
More informationNOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019
Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationKiran Mishra, Ph.D. Licensed Clinical Psychologist. Sugar Land, TX 77478 (832) 876-3232 TEXAS NOTICE FORM
Kiran Mishra, Ph.D. Licensed Clinical Psychologist 1111 Highway 6, Suite 235 Sugar Land, TX 77478 (832) 876-3232 TEXAS NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy
More information[ 2014 Privacy & Security Update ].
U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.
More informationDeliverable D7.2: Dissemination Plan
Deliverable D7.2: Dissemination Plan FET Open project NADINE Grant Agreement Number 288956 Authors: D.Shepelyansky, N.Litvak, A.Benczur, S.Vigna Date of preparation: 31 Oct 22 Nov 2013 Contents Deliverable
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationThe Role of Standards in Medical Information Security: An Opportunity for Improvement.
The Role of Standards in Medical Information Security: An Opportunity for Improvement. P. A. H. Williams School of Computer and Information Science Edith Cowan University Joondalup, Western Australia Abstract
More informationAnalysis of an Artificial Hormone System (Extended abstract)
c 2013. This is the author s version of the work. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purpose or for creating
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More information