Abstract
PHRs (Personal Health Records) store individuals’ personal health information. Access to this data is controlled by the patient, rather than by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. In this context, the need for psychological acceptability in privacy and security protection mechanisms is essential. Any privacy and security mechanism must be acceptable from a usability perspective. This paper presents a study of the privacy policies of 22 free web-based PHRs. Security and privacy characteristics have been extracted according to the ISO/TS 13606-4 standard. In general, quite a good level was observed in the characteristics analyzed. Nevertheless, some improvements could be made to current PHR privacy policies to enhance the management of other users’ data, the notification of changes to the privacy policy to users and the audit of accesses to users’ PHRs.
Chapter PDF
Similar content being viewed by others
References
Sood, S.P., Nwabueze, S.N., Mbarika, V.W.A., Prakash, N., Chatterjee, S., Ray, P., Mishra, S.: Electronic Medical Records: A Review Comparing the Challenges in Developed and Developing Countries. In: HICSS 2008. IEEE Computer Society, Washington, DC (2008)
Connecting for health personal health working group. connecting for health. the personal health working group final report (2003), http://www.providersedge.com/ehdocs/ehr_articles/The_Personal_Health_Working_Group_Final_Report.pdf
myMediConnect Personal Health Records, http://www.mymediconnect.net/phr.php
Tang, P.C., Ash, J.S., Bates, D.W., Overhage, J.M., Sands, D.Z.: Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inform. Assoc. 13(2), 121–126 (2006)
Farzandipour, M., Sadoughi, F., Ahmadi, M., Karimi, I.: Security requirements and solutions in electronic health records: Lessons learned from a comparative study. Journal of Medical Systems 34(4), 629–642 (2010)
ISO/TS 13606-4. Health informatics Electronic health record communication part 4: Security (2010), http://www.iso.org/
Birge, C.: Enhancing research into usable privacy and security. In: Proc. of the 27th ACM International Conference on Design of Communication, SIGDOC 2009, pp. 221–226. ACM, New York (2009)
Martino, L., Ahuja, S.: Privacy policies of personal health records: an evaluation of their effectiveness in protecting patient information. In: Proc. of the 1st ACM International Health Informatics Symposium, IHI 2010, pp. 191–200. ACM, New York (2010)
Review of the Personal Health Record (PHR) service provider market: Privacy and security. ALTARUM Research (January 2007), http://www.hhs.gov/healthit/ahic/materials/01_07/ce/PrivacyReview.pdf
Detailed PHR privacy report cards. Patient Privacy Rights Foundation (2010), http://patientprivacyrights.org/detailed-phr-privacy-report-cards
User Centric (2010), http://www.usercentric.com/publications/2009/02/02/googlehealth-vs-microsoft-healthvault-consumers-compare-onlinepersonal-hea
Kotz, D., Avancha, S., Baxi, A.: A privacy framework for mobile health and home-care systems. In: Proc. of the First ACM Workshop on Security and Privacy in Medical and Home-care Systems, SPIMACS 2009, pp. 1–12. ACM, New York (2009)
Mohan, A., Blough, D.M.: An attribute-based authorization policy framework with dynamic conflict resolution. In: Proc. of IDTRUST 2010, pp. 37–50. ACM, New York (2010)
Williams, J.: Social networking applications in health care: threats to the privacy and security of health information. In: Proc. of the 2010 ICSE Workshop on Software Engineering in Health Care, SEHC 2010, pp. 39–49. ACM, New York (2010)
Huang, L.C., Chu, H.C., Lien, C.Y., Hsiao, C.H., Kao, T.: Privacy preservation and information security protection for patients’ portable electronic health records. Comput. Biol. Med. 39, 743–750 (2009)
Carrión, I., Fernández Alemán, J.L., Toval, A.: Assessing HIPAA standard in practice: PHRs Privacy Policies., In: Proc. of IEEE EMBC 2011 (accepted for publication, 2011)
Sunyaev, A., Chornyi, D., Mauro, C., Krcmar, H.: Evaluation framework for personal health records: Microsoft healthvault vs. google health. In: Proc. of the 2010 43rd Hawaii International Conference on System Sciences, HICSS 2010, pp. 1–10. IEEE, Los Alamitos (2010)
Sunyaev, A., Kaletsch, A., Krcmar, H.: Comparative evaluation of Google Health API vs. Microsoft Healthvault API. In: Proc. of the Third International Conference on Health Informatics, pp. 195–201 (2010)
Cushman, R., Froomkin, A.M., Cava, A., Abril, P., Goodman, K.W.: Ethical, legal and social issues for personal health records and applications. J. of Biomedical Informatics 43, S51–S55 (2010)
Hulse, N.C., Wood, G.M., Haug, P.J., Williams, M.S.: Deriving consumer-facing disease concepts for family health histories using multi-source sampling. Journal of Biomedical Informatics 43(5), 716–724 (2010)
HIPAA (2010), http://www.cms.gov/HIPAAGenInfo
Boyer, C., Selby, M., Scherrer, J.R., Appel, R.D.: The health on the net code of conduct for medical and health websites. Computers in Biology and Medicine 28(5), 603–610 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Carrión, I., Fernández-Alemán, J.L., Toval, A. (2011). Usable Privacy and Security in Personal Health Records. In: Campos, P., Graham, N., Jorge, J., Nunes, N., Palanque, P., Winckler, M. (eds) Human-Computer Interaction – INTERACT 2011. INTERACT 2011. Lecture Notes in Computer Science, vol 6949. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23768-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-23768-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23767-6
Online ISBN: 978-3-642-23768-3
eBook Packages: Computer ScienceComputer Science (R0)