Free Web-based Personal Health Records: An Assessment of Security and Privacy

Inma Carrión, José-Luis Fernández-Alemán, Ambrosio Toval

2012

Abstract

Several obstacles prevent the adoption and use of Personal Health Record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. The purpose of this study is to examine current PHR systems in order to verify what privacy and security characteristics are deployed in them, in an American context. The strengths and weaknesses of the PHRs identified will be useful for PHR users, healthcare professionals, decision makers and builders. The myPHR website was reviewed since it contains relevant information related to PHRs. For this end, the Privacy Policy of each PHR selected was reviewed in order to extract the main characteristics of privacy and security. The results show that the Privacy Policies of PHR systems do not provide an in-depth description of the security measures that they use. This may be a problem because users might not believe that their data are really protected. The designs of Privacy Policies should be improved to include more detailed information related to security measures, and this may be one of the reasons why users do not trust in PHR systems.

References

  1. 2. Liu, L.S., Shih, P. C., Hayes, G. R.: Barriers to the adoption and use of personal health record systems. In: Proceedings of the 2011 iConference. iConference 7811, New York, NY, USA, ACM (2011) 363-370
  2. 3. Kaelber, D. C., Jha, A. K., Johnston, D., Middleton, B., Bates, D. W.: A research agenda for personal health records (phrs). J Am Med Inform Assoc 15 (2008) 729-736
  3. 4. Mellado, D., Fernández-Medina, E., Piattini, M.: Security requirements engineering framework for software product lines. Information & Software Technology 52 (2010) 1094-1117
  4. 5. Liberati, A., Altman, D. G., Tetzlaff, J., Mulrow, C., G¸tzsche, P. C., Ioannidis, J. P., Clarke, M., Devereaux, P., Kleijnen, J., Moher, D.: The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate health care interventions: explanation and elaboration. Journal of Clinical Epidemiology 62 (2009) e1-e34
  5. 6. Hulse, N. C., Wood, G. M., Haug, P.J., Williams, M. S.: Deriving consumer-facing disease concepts for family health histories using multi-source sampling. J Biomed Inform 43 (2010) 716-724
  6. 7. Yee, G., Korba, L.: Personal Privacy Policies. Computer and Information Security Handbook. (2009)
  7. 8. ISO: Norma ISO/CEN 13606. Available from: www.aenor.es (2010)
  8. 9. Westin, A.: Privacy and Freedom. Atheneum, Ed. NY (1967)
  9. 10. Landis, J. R., Koch, G. G.: The measurement of observer agreement for categorical data. Biometrics 33 (1977) 159-174
  10. 11. Greenhalgh, T., Hinder, S., Stramer, K., Bratan, T., Russell, J.: Adoption, non-adoption, and abandonment of a personal electronic health record: case study of healthspace. BMJ 341 (2010) c5814
  11. 12. UK industria & academia: EnCoRe. Ensuring Consent and Revocation. http://www.encoreproject.info/index.html (2010)
  12. 13. Lesemann, D.: Once more unto the breach: An analysis of legal, technological and policy issues involving data breach notification statutes. Akron Intellectual Property Journal 4 (2010) 203
  13. 14. Brigade, T.: The new threat: Attackers that target healthcare (and what you can do about it). Technical report, http://www.infosecwriters.com/text resources/pdf/ New Threat Brigade.pdf (2006)
  14. 15. Greenhalgh, T., Stramer, K., Bratan, T., Byrne, E., Russell, J., Hinder, S., Potts, H.: The devil's in the detail: Final report of the independent evaluation of the summary care record and healthspace programmes. Technical report, University College London (2010)
  15. 16. Huynh, T., Miller, J.: An empirical investigation into open source web applications' implementation vulnerabilities. Empirical Software Engineering 15 (2010) 556-576
  16. 17. NIST Vulnerabilities Database: CWE - Common Weakness Enumeration. http://nvd.nist.gov/cwe.cfm. archived at: http://www.webcitation.org/60iaz4jzw (2011)
  17. 18. Park, M. A.: Embedding security into visual programming courses. In: Proceedings of the 2011 Information Security Curriculum Development Conference. InfoSecCD 7811, New York, NY, USA, ACM (2011) 84-93
  18. 19. Fernandez-Medina, E., Piattini, M.: Designing secure databases. Information & Software Technology 47 (2005) 463-477
  19. 20. Carrión, I., Fernández Alemán, J. L., Toval, A.: Personal Health Records: New Means to Safely Handle our Health Data? Computer (2012)
  20. 21. Rebollo, O., Mellado, D., Fernández-Medina, E.: A Comparative Review of Cloud Security Proposals. In: WOSIS. (2011) 3-12
Download


Paper Citation


in Harvard Style

Carrión I., Fernández-Alemán J. and Toval A. (2012). Free Web-based Personal Health Records: An Assessment of Security and Privacy . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 61-68. DOI: 10.5220/0004090800610068


in Bibtex Style

@conference{wosis12,
author={Inma Carrión and José-Luis Fernández-Alemán and Ambrosio Toval},
title={Free Web-based Personal Health Records: An Assessment of Security and Privacy},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={61-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004090800610068},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - Free Web-based Personal Health Records: An Assessment of Security and Privacy
SN - 978-989-8565-15-0
AU - Carrión I.
AU - Fernández-Alemán J.
AU - Toval A.
PY - 2012
SP - 61
EP - 68
DO - 10.5220/0004090800610068