Data Privacy Protection of Medical Data in a National Context
|
|
- Willa Gilbert
- 8 years ago
- Views:
Transcription
1 Data Privacy Protection of in a National Context Dr. Uwe Roth Heiko Zimmermann, Dr. Stefan Benzschawel Friday, 20 April 2012 Version v1.0 r
2 in a National Context Data Privacy and Data Security Medical data must be protected against Unauthorized access Misuse Encryption of medical data ensures confidentiality Additional plaintext metadata is needed to query for documents, e.g. Document type Circumstances of creation Author
3 in a National Context Data Privacy and Data Security Fine-grained queries requires more metadata But: Further metadata opens the risk to disclose sensitive information De-Identification of metadata as a minimal demand Replacing of demographics by pseudonyms Data sets with the same pseudonym belong to the same person (no anonymisation) Demographics must not be calculated out of the pseudonym
4 Storage and Querying of Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 6
5 Demographic Data and Pseudonyms Demographic Data Pseudonym Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 7
6 De-Identification Trusted Third Party Demographic Data Trusted Third Party De-Identification Pseudonym Hospitals Laboratories Doctors Offices Data Source Data Consumer Metadata Query for National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 8
7 De-Identification Handshaking Protocol Demo graphic Data Pseudonym Pick-Up-Ticket Demographic Data Pick-Up Ticket Trusted Third Party De-Identification Pseudonym Pick-Up Ticket Hospitals Laboratories Doctors Offices Data Source Data Consumer Query for Pick-Up Ticket National ehealth Platform Data Repository Encrypted Data Storage Data Registry Metadata List of Medical Documents Uwe Roth Data Privacy Protection of in a National Context 9
8 Trusted Third Party Organizational and Legal Only place where demographics and their pseudonyms are known Organizational and legal independent from data sources data users data registry data repositories No pass-through of medical data No de-identification/modification of medical data (integrity of signed documents) Can be put in the Internet, while users of the service stay behind firewalls Uwe Roth Data Privacy Protection of in a National Context 11
9 Trusted Third Party Identification of Patients Identifies persons by given demographics Normalization step of demographics is needed Correction of typographic errors Phonetic reduction or names Align to official addresses Weighting of attributes with respect to entropy Distance calculation to existing identities If distance closer than a certain threshold: identity matches Uwe Roth Data Privacy Protection of in a National Context 12
10 Trusted Third Party Matching and Pseudonym Creation Matching decision: Definite positive match: Take existing pseudonym Definite no match: Create new pseudonym Unclear match: Create new pseudonym for the time being Requires manual intervention to take decision Creation of source-depending pseudonyms allows later correction of matching decisions Trusted Third Party will provide all pseudonyms of the same persons on request Uwe Roth Data Privacy Protection of in a National Context 13
11 Trusted Third Party Authentication and Access Control Allows de-identification requests only for data sources and data users Allows retrieval of pseudonym only for data registry and data repositories Guaranteed by Security Token service Security Token Service provides security tokens after authentication with role information Uwe Roth Data Privacy Protection of in a National Context 15
12 Secondary Use Statistics Demo graphic Data Trusted Third Party 1 st Level De-Identification Pseudonym National ehealth Platform 2 nd Level De-Identification Patient ID Hospitals Laboratories Doctors Offices Data Source Statistical Extract National ehealth Platform Statistical Database Query for Statistics Statistics or Statistical Extract Statistics Office Researcher Data Consumer Uwe Roth Data Privacy Protection of in a National Context 18
13 Conclusion Data sources and data users never get in touch with the pseudonym Data repositories and data storage never get in touch with demographics Enforced by the use of a security token service and role based access Identity vigilance to monitor matching decisions Correction of matching decision possible Trusted third party provides data privacy for unencrypted meta data and statistical extracts Uwe Roth Data Privacy Protection of in a National Context 20
14 Data Privacy Protection of in a National Context Dr. Uwe Roth (uwe.roth@tudor.lu) Heiko Zimmermann, Dr. Stefan Benzschawel Friday, 20 April 2012 Version v1.0 r
IT infrastructure for National Electronic Health Records
IT infrastructure for National Electronic Health Records CRP Henri Tudor CR SANTEC Stefan BENZSCHAWEL, Heiko ZIMMERMANN, Marcos DA SILVEIRA, Uwe ROTH, Andreas JAHNEN Public: Med e Tel Date: 16 April 2010
More informationPROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES
M-FILES CORPORATION PROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES VERSION 8 24 SEPTEMBER 2014 Page 1 of 8 CONTENTS 1. Overview... 3 2. Encryption of Data in Transit in M-Files... 4 HTTPS... 4 RPC
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More information1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2.
1.2: DATA SHARING POLICY PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance 1.2.1 Introduction Consistent with its international counterparts, OBI recognizes
More informationCall Center and Clearing System. ID Technologies Inc
Call Center and Clearing System ID Technologies Inc Features Enterprise level ticket generation, clearing and tracking system GIS based integrated graphical information. Multi-format map integration Real
More informationDesignation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving
PRIVACY & DATA SECURITY LAW JOURNAL MASSACHUSETTS On September 22, 2008, Massachusetts adopted regulations that will require businesses, wherever located, that own, license, store, or maintain information
More informationRFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]
RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS] 1 Document information... 2 1.1 Date of Last Update... 2 1.2 Distribution List for Notifications... 2 1.3 Locations where this Document May Be Found... 2 1.4 Authenticating
More informationRowan University Data Governance Policy
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
More informationStrategy for Email Management in Canadian Jurisdictions
Strategy for Email Management in Canadian Jurisdictions Email is a fundamental part of doing business today, and the management of email has become a critical issue across all jurisdictions. All governments
More informationPublic Health and the Learning Health Care System Lessons from Two Distributed Networks for Public Health
Public Health and the Learning Health Care System Lessons from Two Distributed Networks for Public Health Jeffrey Brown, PhD Assistant Professor Department of Population Medicine Harvard Medical School
More informationWHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE
WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationIndex. Registry Report
2013.1-12 Registry Report 01 02 03 06 19 21 22 23 24 25 26 27 28 29 31 34 35 Index Registry Report 02 Registry Report Registry Report 03 04 Registry Report Registry Report 05 06 Registry Report Registry
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationOverview of Information Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Information Security Murat Kantarcioglu Pag. 1 Purdue University Outline Information Security: basic concepts Privacy: basic
More informationJoint Position on the Disclosure of Clinical Trial Information via Clinical Trial Registries and Databases 1 Updated November 10, 2009
Joint Position on the Disclosure of Clinical Trial Information via Clinical Trial Registries and Databases 1 Updated November 10, 2009 The innovative pharmaceutical industry 2 is committed to the transparency
More informationDe-identification of Data using Pseudonyms (Pseudonymisation) Policy
De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission
More information1. The records have been created, sent or received in connection with the compilation.
Record Retention & Destruction Policy Bradley Kirschner PC recognizes that the firm s engagement and administrative files are critical assets. As such, the firm has established this formal written policy
More informationPrivacy Policies Notice Hutchins Systems, Inc. Dated: September 1 st 2009
1 Privacy Policies Notice Hutchins Systems, Inc. Dated: September 1 st 2009 Please print this Privacy Policies Notice for your records. Hutchins Systems, Inc. encourages our client s to review this Privacy
More informationPerformance Characteristics of Data Security. Fabasoft Cloud
Performance Characteristics of Data Security Valid from October 13 th, 2014 Copyright GmbH, A-4020 Linz, 2014. All rights reserved. All hardware and software names used are registered trade names and/or
More informationCONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE. Version: August 2015
CONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE Version: August 2015 Introduction The Consumer Data Research Centre (CDRC or Centre) is an academic led, multi-institution laboratory which discovers,
More informationHIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist
HIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist Individual Authentication of Users Unique individual identifier for each user Automatic logoff after specified time Change
More informationPrivacy and Identity Management for Europe
Privacy and Identity Management for Europe Pierangela Samarati Università degli Studi di Milano Milan, Italy samarati@dti.unimi.it Page 1 Vision and Objectives Users disclose vast amounts of personal information
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationOIOSAML Rich Client to Browser Scenario Version 1.0
> OIOSAML Rich Client to Browser Scenario Version 1.0 Danish Agency for Digitization December 2011 Contents > 1 Introduction 4 1.1 Purpose 1.2 Background 4 4 2 Goals and Assumptions 5 3 Scenario Details
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background
More informationSynapse Privacy Policy
Synapse Privacy Policy Last updated: April 10, 2014 Introduction Sage Bionetworks is driving a systems change in data-intensive healthcare research by enabling a collective approach to information sharing
More informationRemote Access Procedure. e-governance
for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document
More informationHarmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006
Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006 Office of the National Coordinator for Health Information Technology (ONC) Table of Contents American Health
More informationmercoledì 21 marzo 2012 Eliot Salant- salant@il.ibm.com
Eliot Salant- salant@il.ibm.com Eliot Salant- salant@il.ibm.com IBM Haifa Research Eliot Salant- salant@il.ibm.com IBM Haifa Research Eliot Salant- salant@il.ibm.com IBM Haifa Research Project Coordinator,
More informationCollection and Use of Information
AVO Privacy Policy AVOapp, Inc. treat with responsibility for the safety of your personal data. Please read the following to be informed about our Privacy Policy ("Policy"). This Policy details how we
More informationBig Data and Big Data Governance
The First Step in Information Big Data and Big Data Governance Kelle O Neal kelle@firstsanfranciscopartners.com 15-25- 9661 @1stsanfrancisco www.firstsanfranciscopartners.com Table of Contents Big Data
More informationAUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM
GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups
More informationInteragency Science Working Group. National Archives and Records Administration
Interagency Science Working Group 1 National Archives and Records Administration Establishing Trustworthy Digital Repositories: A Discussion Guide Based on the ISO Open Archival Information System (OAIS)
More informationData Sharing. Matching and Routing THOUGHT LEADERSHIP. Delivering Transformation. Together.
THOUGHT LEADERSHIP Data Sharing Matching and Routing Delivering Transformation. Together. Introduction There are many reasons why data needs to be shared in the public sector, and in reality there are
More informationAPPMACHINE MOBILE PRIVACY STATEMENT. Version, May 29, 2015
APPMACHINE MOBILE PRIVACY STATEMENT Version, May 29, 2015 The privacy of all of our Users is very important to AppMachine and the AppMachine App-builders (hereto referred to as App-owner). When you, as
More informationBuilding Regional and National Health Information Systems. Mike LaRocca
Building Regional and National Health Information Systems Mike LaRocca Agenda What are the key use cases driving New York? What is the SHIN-NY NY and its architecture? What standards and protocols were
More informationConcept Proposal. A standards based SOA Framework for Interoperable Enterprise Content Management
Concept Proposal A standards based SOA Framework for Interoperable Enterprise Content Management Mike Connor miconnor@adobe.com Paul Fontaine Paul.Fontaine@ost.dot.gov What is it? IECM Framework Vision:
More informationHealth Care Provider Guide
Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced
More informationehealth Information Exchange
GE Healthcare IHE Integration Statement ehealth Information Exchange ehealth Information Exchange Version 2.0 INTRODUCTION OVERVIEW This IHE Integration Statement describes the intended conformance of
More informationPrivacy Policy. The Read Privacy Policy was created on June 11, 2015
Legal Privacy Policy The Read Privacy Policy was created on June 11, 2015 Your privacy is important to Read and always will be. So we ve developed a Privacy Policy that covers how we collect, use, disclose,
More informationEfficient Similarity Search over Encrypted Data
UT DALLAS Erik Jonsson School of Engineering & Computer Science Efficient Similarity Search over Encrypted Data Mehmet Kuzu, Saiful Islam, Murat Kantarcioglu Introduction Client Untrusted Server Similarity
More informationData Sharing Protocol
Data Sharing Protocol Agreement for Sharing Data Between Partners of the South Dublin Childrens Services Committee Version 0.4 Final Draft June 2009 Contents 1 Preface...3 2 Introduction & Overview...3
More informationPseudonymization for Secondary Use of Cloud Based Electronic Health Records
Pseudonymization for Secondary Use of Cloud Based Electronic Health Records Liangyu Xu 1, Armin B. Cremers 2 and Tobias Wilken 3 Institute of Computer Science III University of Bonn, 53117 Bonn, Germany
More informationThe MDPHnetDistributed Querying Approach for Public Health. Jeffrey Brown, PhD MichealKlompas, MD, MPH MDPHnet Research Team October 18, 2012
The MDPHnetDistributed Querying Approach for Public Health Jeffrey Brown, PhD MichealKlompas, MD, MPH MDPHnet Research Team October 18, 2012 1 Approach to Distributed Querying 2 Distributed Querying Guiding
More informationGeneral Statement and Verification of Standards
Privacy Statement General Statement and Verification of Standards HealthHighway.com has adopted this privacy statement in order to demonstrate our firm commitment to Provider and Patient privacy. This
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationGAO ELECTRONIC PERSONAL HEALTH INFORMATION EXCHANGE. Health Care Entities Reported Disclosure Practices and Effects on Quality of Care
GAO United States Government Accountability Office Report to Congressional Committees February 2010 ELECTRONIC PERSONAL HEALTH INFORMATION EXCHANGE Health Care Entities Reported Disclosure Practices and
More informationFederated Identity & Access Mgmt for Higher Education
Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationPRIVACY POLICY. Last Revised: June 23, 2014 1. About this Privacy Policy.
Last Revised: June 23, 2014 1. About this Privacy Policy. PRIVACY POLICY This Privacy Policy is a statement by Active Data, Inc. ( Active Data ) that describes how we collect, store, process, and share
More informationThe privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:
Privacy Policy DataLogic CRM, Inc. is committed to the security and privacy of our customer s data. This Privacy Policy explains our commitment to safeguarding our customers data and serves as our agreement
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationEarth-Life Science Institute Tokyo Institute of Technology. Operating Guidelines for Information Security
Earth-Life Science Institute Tokyo Institute of Technology Operating Guidelines for Information Security 2013 1. Purpose The Operating Guidelines for Information Security (hereinafter, the Operating Guidelines
More informationEmpower TM 2 Software
Empower TM 2 Software 21 CFR PART 11 COMPLIANCE ASSESSMENT Revision A, December, 2005 1 of 14 Waters Corporation Note: Information presented in this document assumes that the appropriate Empower 2 System
More informationOffice of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug
More informationFor ONC S&I DS4P. Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012
For ONC S&I DS4P Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012 1 Outline EHR Business Architecture EHR Solution Blueprint EHR Privacy and Security Summary & Conclusion
More informationIMPROPER USE OF MEDICAL INFORMATION
IMPROPER USE OF MEDICAL INFORMATION ehealth PRIVACY & SECURITY Presented at 5th Annual National Conference on Healthcare Leadership INNOVATION 2011, Bangalore 26th Jan 2011 Dr Pankaj Gupta ehealth Business
More informationPrivacy and Security within an Interoperable EHR
1 Privacy and Security within an Interoperable EHR Stan Ratajczak Director Privacy and Security Solutions Architecture Group November 30, 2005 Electronic Health Information and Privacy Conference Ottawa
More informationElectronic Statement Disclosure
Electronic Statement Disclosure Electronic Delivery of Statements and Notices By accepting the Cornerstone Bank Electronic Statement Disclosure, you consent and agree that Cornerstone Bank may provide
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationOIO SAML Profile for Identity Tokens
> OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6
More informationEnd-to-End Security for Personal Telehealth
End-to-End Security for Personal Telehealth Paul KOSTER a,1, Muhammad ASIM a, Milan PETKOVIC a, b a Philips Research, b TU/e, Eindhoven, The Netherlands Abstract. Personal telehealth is in rapid development
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV Tyrone Grandison, PhD Manager, Privacy Research, IBM TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008
More informationSmokey: A User-Based Distributed Firewall System
Smokey: A User-Based Distributed Firewall System Rachel Rubin Department of Computer Science University of California, Berkeley Berkeley, CA 94704 rrubin@cs.berkeley.edu Abstract Traditional intranets
More informationSecurity in the PEPPOL
Security in the PEPPOL infrastructure Presentation for OASIS BUSDOX TC, March 2011 Thomas Gundel, IT Crew Agenda PART I Security goals in PEPPOL Scope and requirements Security overview PART II Trust models
More informationBank of Hawaii Protecting Confidential Email
1 Bank of Hawaii Protecting Confidential Email Email is commonly used to transmit confidential information such as operational data, legal documents, or financial information. By default emails are sent
More informationDigital Certificate Infrastructure
Digital Certificate Infrastructure Frequently Asked Questions Providing secure, low cost, and easy access to distributed instructional and research resources is a growing problem for campus library and
More informationSecTor 2009 October 6, 2009. Tracy Ann Kosa
SecTor 2009 October 6, 2009 Tracy Ann Kosa Privacy versus Security Un enforced Privacy Privacy Requirements that Work People Process Technology Territorial Privacy Setting boundaries on intrusion into
More informationIntroduction to Directory Services
Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory
More informationDatabase Security. The Need for Database Security
Database Security Public domain NASA image L-1957-00989 of people working with an IBM type 704 electronic data processing machine. 1 The Need for Database Security Because databases play such an important
More informationData Security and Privacy Policy
Data Security and Privacy Policy Overview TRG is a data-driven consulting company that provides arts, cultural and entertainment organizations guidance and solutions for patron-based, sustainable income.
More informationARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS
ARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS LIBBY BISHOP. RESEARCHER LIAISON UNIVERSITY OF ESSEX TCRU/NOVELLA SPECIAL SEMINAR - LONDON 29 MAY 2012 THE & ESDS QUALIDATA forty years experience
More informationINFORMATION FLOW CONTROL FOR A MEDICAL RECORDS WEB PORTAL
INFORMATION FLOW CONTROL FOR A MEDICAL RECORDS WEB PORTAL Thomas F. J.-M. Pasquier University of Cambridge tfjmp2@cl.cam.ac.uk Brian Shand Eastern Cancer Registry and Information Centre brian.shand@cbcu.nhs.uk
More informationDatabase Forensics. www.securityresearch.at. 2004-2009 Secure Business Austria
Database Forensics Edgar Weippl eweippl@securityresearch.at Presented by Johannes Heurix jheurix@securityresearch.at Secure Business Austria ISSI2009, NII Introduction [2] Importance of database forensics
More informationKey Management Issues in the Cloud Infrastructure
Key Management Issues in the Cloud Infrastructure Dr. R. Chandramouli (Mouli) mouli@nist.gov Dr. Michaela Iorga michaela.iorga@nist.gov (Information Technology Lab, NIST, USA) ARO Workshop on Cloud Computing
More informationECRIN (European Clinical Research Infrastructures Network)
ECRIN (European Clinical Research Infrastructures Network) Wolfgang Kuchinke University of Duesseldorf (HHU) and ECRIN EUDAT 1st User Forum 7 March 2012 8 March 2012, Barcelona 1 What is ECRIN? European
More informationDepartment of State SharePoint Server PIA
1. Contact Information A/GIS/IPS Director Department of State SharePoint Server PIA Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
More informationFILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER
FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER Copyright 2012 FileHold Systems Inc. All rights reserved. For further information about this manual or other FileHold Systems products,
More informationForward proxy server vs reverse proxy server
Using a reverse proxy server for TAD4D/LMT Intended audience The intended recipient of this document is a TAD4D/LMT administrator and the staff responsible for the configuration of TAD4D/LMT agents. Purpose
More informationAutomated Regional Justice Information System (ARJIS) Acceptable Use Policy for Facial Recognition
Automated Regional Justice Information System (ARJIS) Acceptable Use Policy for Facial Recognition Revised: 02/13/2015 A. STATEMENT OF PURPOSE The purpose of this document is to outline the responsibilities
More informationEmerging Trends in Health Information Technology: Personal Health Record(PHR) uphr. Nazir Ahmed Vaid ehealth Services (Pvt) Ltd.
Emerging Trends in Health Information Technology: Personal Health Record(PHR) uphr Nazir Ahmed Vaid ehealth Services (Pvt) Ltd. April 26 2012 PROJECT GOALS Design universal health data accessibility on
More informationClinical Document Exchange Integration Guide - Outbound
Clinical Document Exchange Integration Guide - Outbound Integrate your healthcare IT system with Practice Fusion s Electronic Health Record (EHR) System Table of Contents 1 Introduction... 2 2 Integration
More informationElectronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security
Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile
More informationSecurity and Privacy Challenges of Biometric Authentication for Online Transactions
Security and Privacy Challenges of Biometric Authentication for Online Transactions Elaine Newton, PhD NIST Information Technology Laboratory, Computer Security Division elaine.newton@nist.gov 1-301-975-2532
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationAT&T Healthcare Community Online - Enabling Greater Access with Stronger Security
AT&T Healthcare Community Online: Enabling Greater Access with Stronger Security Overview/Executive Summary With a nationwide move to electronic health record (EHR) systems, healthcare organizations and
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the SAF/FM Customer Relationship Management/CRM SAF/FM CRM 1.1 SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information system or electronic
More informationKRS Chapter 61. Personal Information Security and Breach Investigations
KRS Chapter 61 Personal Information Security and Breach Investigations.931 Definitions for KRS 61.931 to 61.934. (Effective January 1, 2015).932 Personal information security and breach investigation procedures
More informationRELATIONSHIP TO PREVIOUS AGREEMENT(S) / PREVIOUS REQUESTS
HEALTH DATA REQUEST Submit this completed form to the email address: healthdatacentral@gov.bc.ca Questions about the request process or any part of this application may be directed to the email address
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: McGill University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationEnforcement Integrated Database (EID) Criminal History Information Sharing (CHIS) Program
for the Enforcement Integrated Database (EID) Criminal History Information Sharing (CHIS) Program DHS/ICE/PIA-015(h) January 15, 2016 Contact Point Peter Edge Executive Associate Director, Homeland Security
More informationGuidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
More informationSINTERO SERVER. Simplifying interoperability for distributed collaborative health care
SINTERO SERVER Simplifying interoperability for distributed collaborative health care Tim Benson, Ed Conley, Andrew Harrison, Ian Taylor COMSCI, Cardiff University What is Sintero? Sintero Server is a
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationOracle WebCenter Content
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was
More information