Privacy and Security Concerns with Healthcare Data and Social Media Usage

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

International Journal of Information Security and Privacy Pub Date : 2017-04-03 DOI:10.1080/15536548.2017.1322413

Chuleeporn Changchit, K. Bagchi

{"title":"Privacy and Security Concerns with Healthcare Data and Social Media Usage","authors":"Chuleeporn Changchit, K. Bagchi","doi":"10.1080/15536548.2017.1322413","DOIUrl":null,"url":null,"abstract":"First of all, I’m glad to be back on board and allow Dr. Bagchi to take a good break for a while. It is nice to be in touch with everyone again. The second issue of the Journal of Information Privacy & Security (JIPS) for 2017 contains three articles, one expert opinion, and one book review. The first two articles focus on the importance of protecting personal information and securing data in the healthcare industries. The third article discusses the influence of consumers’ security perception on their social advertising usage. In the Expert Opinion section, Mr. Lionel Cassin, an information security officer at Texas A&M University–Corpus Christi, discusses the major issues of security and privacy that the university is facing, and points out that it is crucial to improve awareness of information security and privacy on campus. In the Book Review section, Dr. Arslan reviews the book titled Security and Privacy in Social Networks by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, and Alex Pentland. More details are as follows: The first article is titled “Handling Confidentiality and Privacy on Cloud-based Health Information Systems.” The authors Carlos Serrao and Elsa Cardoso propose an approach to minimize the security risks in health-related data based on rights management technologies. Based on a trend that the health-related data may be migrated into the cloud, opportunities are increasing for cybercriminals to commit fraud or other similar criminal schemes after directing their attacks towards health and medical data of patients. To prevent organizations from financial and reputational losses, several initiatives have been created to improve the confidentiality and privacy requirements of the health and medical information. In this article, the authors propose the usage of the rights management systems as this approach can offer a governed environment and enables critical privacy and security mechanism. Although the system will not solve all the problems, it can help reducing the impact of large data breaches, making it more difficult for potential attacker to access unprotected information. The second article, “The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data,” authored by Wachiraporn Arunothong and Derek L. Nazareth, discusses the healthcare providers’ concern about the threat to misuse of medical data by internal users such as their employees. Even though the use of electronic medical records (EMRs) and electronic health records (EHRs) can help increase the efficiency and effectiveness of healthcare services, it is crucial to cultivate the awareness of security and to ensure that the employees follow the policy measures to avoid misuse. The results from conducting an online survey with physicians, nurses, medical students, and nursing students revealed that the healthcare providers who have more conscious of institutional security policy were less likely to engage in misuse. It is thus necessary for healthcare organizations to provide some training, such as robust training, coupled with periodic refresher training to educate their employees about the importance of HIPAA compliance and to inform them about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. The study concluded that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse. The last article in this issue titled “What Affects Users to Click on Display Ads on Social Media? The Roles of Message Values, Involvement, and Security” is authored by En Mao and Jing Zhang. These authors examined the three major communication components—message, channel/media, and receiver/audience—on advertising clicks, which impact the effectiveness of social media advertising. They then proposed a research model and tested it with online-survey data from 572 social JOURNAL OF INFORMATION PRIVACY AND SECURITY 2017, VOL. 13, NO. 2, 49–50 https://doi.org/10.1080/15536548.2017.1322413","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"23 1","pages":"49 - 50"},"PeriodicalIF":0.5000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15536548.2017.1322413","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 2

Abstract

First of all, I’m glad to be back on board and allow Dr. Bagchi to take a good break for a while. It is nice to be in touch with everyone again. The second issue of the Journal of Information Privacy & Security (JIPS) for 2017 contains three articles, one expert opinion, and one book review. The first two articles focus on the importance of protecting personal information and securing data in the healthcare industries. The third article discusses the influence of consumers’ security perception on their social advertising usage. In the Expert Opinion section, Mr. Lionel Cassin, an information security officer at Texas A&M University–Corpus Christi, discusses the major issues of security and privacy that the university is facing, and points out that it is crucial to improve awareness of information security and privacy on campus. In the Book Review section, Dr. Arslan reviews the book titled Security and Privacy in Social Networks by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, and Alex Pentland. More details are as follows: The first article is titled “Handling Confidentiality and Privacy on Cloud-based Health Information Systems.” The authors Carlos Serrao and Elsa Cardoso propose an approach to minimize the security risks in health-related data based on rights management technologies. Based on a trend that the health-related data may be migrated into the cloud, opportunities are increasing for cybercriminals to commit fraud or other similar criminal schemes after directing their attacks towards health and medical data of patients. To prevent organizations from financial and reputational losses, several initiatives have been created to improve the confidentiality and privacy requirements of the health and medical information. In this article, the authors propose the usage of the rights management systems as this approach can offer a governed environment and enables critical privacy and security mechanism. Although the system will not solve all the problems, it can help reducing the impact of large data breaches, making it more difficult for potential attacker to access unprotected information. The second article, “The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data,” authored by Wachiraporn Arunothong and Derek L. Nazareth, discusses the healthcare providers’ concern about the threat to misuse of medical data by internal users such as their employees. Even though the use of electronic medical records (EMRs) and electronic health records (EHRs) can help increase the efficiency and effectiveness of healthcare services, it is crucial to cultivate the awareness of security and to ensure that the employees follow the policy measures to avoid misuse. The results from conducting an online survey with physicians, nurses, medical students, and nursing students revealed that the healthcare providers who have more conscious of institutional security policy were less likely to engage in misuse. It is thus necessary for healthcare organizations to provide some training, such as robust training, coupled with periodic refresher training to educate their employees about the importance of HIPAA compliance and to inform them about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. The study concluded that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse. The last article in this issue titled “What Affects Users to Click on Display Ads on Social Media? The Roles of Message Values, Involvement, and Security” is authored by En Mao and Jing Zhang. These authors examined the three major communication components—message, channel/media, and receiver/audience—on advertising clicks, which impact the effectiveness of social media advertising. They then proposed a research model and tested it with online-survey data from 572 social JOURNAL OF INFORMATION PRIVACY AND SECURITY 2017, VOL. 13, NO. 2, 49–50 https://doi.org/10.1080/15536548.2017.1322413

查看原文本刊更多论文

医疗保健数据和社交媒体使用的隐私和安全问题

首先，我很高兴能回到船上让巴奇博士好好休息一会儿。能和大家再次联系真是太好了。《信息隐私与安全杂志》2017年第二期包含三篇文章、一篇专家意见和一篇书评。前两篇文章重点介绍了在医疗保健行业中保护个人信息和保护数据的重要性。第三篇文章探讨了消费者安全感知对其社交广告使用的影响。在专家意见部分，德克萨斯A&M大学科珀斯克里斯蒂分校的信息安全官员Lionel Cassin先生讨论了该大学面临的主要安全和隐私问题，并指出提高校园信息安全和隐私意识至关重要。在书评部分，Arslan博士评论了Yaniv Altshuler、Yuval Elovici、Armin B. Cremers、Nadav Aharony和Alex Pentland合著的《社交网络中的安全和隐私》一书。更多细节如下:第一篇文章的标题是“处理基于云的医疗信息系统的机密性和隐私”。作者Carlos Serrao和Elsa Cardoso提出了一种基于权限管理技术的最小化健康相关数据安全风险的方法。基于与健康相关的数据可能迁移到云的趋势，网络犯罪分子在将攻击指向患者的健康和医疗数据后实施欺诈或其他类似犯罪计划的机会正在增加。为防止各组织遭受财务和声誉损失，已制定了若干举措，以改进对健康和医疗信息的保密和隐私要求。在本文中，作者建议使用权限管理系统，因为这种方法可以提供受治理的环境，并启用关键的隐私和安全机制。虽然该系统不会解决所有问题，但它可以帮助减少大型数据泄露的影响，使潜在的攻击者更难以访问未受保护的信息。第二篇文章，“程序和技术安全对策对滥用医疗数据倾向的影响”，由Wachiraporn Arunothong和Derek L. Nazareth撰写，讨论了医疗服务提供者对内部用户(如员工)滥用医疗数据威胁的担忧。尽管电子医疗记录(emr)和电子健康记录(EHRs)的使用有助于提高医疗保健服务的效率和有效性，但培养安全意识并确保员工遵守政策措施以避免滥用至关重要。对医生、护士、医学生和护理专业学生进行的在线调查结果显示，更了解机构安全政策的医疗保健提供者不太可能滥用。因此，医疗保健组织有必要提供一些培训，例如强大的培训，并定期进行进修培训，以教育员工了解HIPAA合规性的重要性，并从程序和技术的角度告知他们机构为保持合规性所采取的步骤。该研究的结论是，提高员工对安全和政策措施的认识是防止滥用的重要组成部分。本期最后一篇文章题为“是什么影响用户点击社交媒体上的展示广告?”《信息价值、参与和安全的角色》由毛恩和张静合著。这些作者研究了影响社交媒体广告效果的广告点击的三个主要传播成分——信息、渠道/媒体和接收者/受众。然后，他们提出了一个研究模型，并使用来自572社会杂志的在线调查数据进行了测试。2,49 - 50 https://doi.org/10.1080/15536548.2017.1322413

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.50

自引率

0.00%

发文量

期刊介绍： As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.