audit mechanisms for privacy protection in healthcare
play

Audit Mechanisms for Privacy Protection in Healthcare Environments - PowerPoint PPT Presentation

Nov 18, 2023 •253 likes •337 views

Audit Mechanisms for Privacy Protection in Healthcare Environments Anupam Datta Joint work with Jeremiah Blocki, Nicolas Christin and Arunesh Sinha Carnegie Mellon University Position } Audit mechanisms are essential for privacy protection

  1. Audit Mechanisms for Privacy Protection in Healthcare Environments Anupam Datta Joint work with Jeremiah Blocki, Nicolas Christin and Arunesh Sinha Carnegie Mellon University

  2. Position } Audit mechanisms are essential for privacy protection in healthcare environments } Guided by comprehensive study of HIPAA Privacy Rule (WPES’10, CCS’11) } Principled audit mechanisms based on machine learning and economics can be used to provide operational guidance to organizations on how to conduct audits } For “grey” policy concepts: was access for purpose of treatment or curiosity, financial gain etc.?

  3. Learning to Audit Auditing budget: $3000/ cycle Cost for one inspection: $ 1 00 Only 30 inspections per cycle Auditor Loss from 1 violation Access divided (internal, external) into 2 types $500, $ 1 000 30 accesses 1 00 accesses $250, $500 70 accesses

  4. Audit Mechanism Choices Only 30 inspections Consider 4 possible allocations of the available 30 inspections 0 1 0 20 30 30 20 1 0 0 Weights 1.0 1.0 1.0 1.0 Choose allocation probabilistically based on weights 4

  5. Audit Mechanism Run No. of Actual Access Violation 0 1 0 20 30 30 2 70 4 30 20 1 0 0 Estimated Observed Loss Loss Int. Ext. Caught Caught $2000 $ 1 500 $ 1 000 $ 1 000 1 1 1 2 $750 $ 1 250 $ 1 250 $ 1 500 Updated weights 0.5 0.5 2.0 1.5 Learning from experience: weights updated using observed and estimated loss 5

  6. Regret Minimizing Audits } Learns from experience to recommend budget allocation for audit in each audit cycle } Observed loss used to estimate loss for each action and update probabilities for actions } Budget allocation is provably close to optimal fixed strategy in hindsight (e.g., budget allocation) } Technical approach: New regret minimization algorithm for repeated games of imperfect information (Online learning-theoretic technique) J. Blocki, N. Christin, A. Datta, A. Sinha, Regret Minimizing Audits: A Learning- Theoretic Basis for Privacy Protection, CSF , June 2011.

  7. Future Work } Alternative adversary models } Worst-case, rational, well-behaved } Alternative audit mechanisms } Incorporating incentives } Identifying experts } Can experts be learned from logs? } Experimental evaluation } Real hospital logs, user studies

Recommend

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Protection Webinar Case Studies 19 April 2018 INTRODUCTION Overview 1. GDPR Audit

Data Protection Webinar Case Studies 19 April 2018 INTRODUCTION Overview 1. GDPR Audit

Data Protection Webinar Case Studies 19 April 2018 INTRODUCTION Overview 1. GDPR Audit Approach 2. Consent 3. Dealing with Subject Access Requests (SAR) 4. Data Privacy Impact Assessments (DPIA) 2 Case Study: GDPR Audit

526 views • 29 slides
Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C Workshop on Privacy and User Centric Controls 20 21 November 2014, Berlin, Germany Dipl.-Inf.

829 views • 15 slides
Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

International Workshop on Spatial and Temporal Modeling from Statistical, Machine Learning and Engineering perspectives:STM2016 23 July 2016 Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy Protection

1.35k views • 79 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
iDASH Healthcare Privacy Protection Challenge Fei Yu feiy@stat.cmu.edu Carnegie Mellon

iDASH Healthcare Privacy Protection Challenge Fei Yu feiy@stat.cmu.edu Carnegie Mellon

Overview Method Scoring functions Summary iDASH Healthcare Privacy Protection Challenge Fei Yu feiy@stat.cmu.edu Carnegie Mellon University 24 March 2014 Overview Method Scoring functions Summary Overview Task Select the K most

400 views • 23 slides
Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions

Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions

Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions Chien-Lun Chen Joint work with Ranjan Pal and Leana Golubchik 1 5/27/2016 Quantitative Evaluation & Design (QED) Research Group Privacy Issues in

438 views • 15 slides
An Auditors Perspective on Healthcare Sergei Pekh MBA, CPA, CMA Audit Principal Doug McKenzie

An Auditors Perspective on Healthcare Sergei Pekh MBA, CPA, CMA Audit Principal Doug McKenzie

An Auditors Perspective on Healthcare Sergei Pekh MBA, CPA, CMA Audit Principal Doug McKenzie CA, LLB Audit Principal Who Are We Alberta legislatures independent audit office audit provincial departments and crown corps

705 views • 34 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

455 views • 10 slides
Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

The Automotive Network Threats Protection mechanisms Conclusion Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan Studnia Vincent Nicomette Eric Alata Yves Deswarte Mohamed Ka aniche Renault

752 views • 40 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Alternative Titles: What are the practical implications of the HIPAA privacy rules for

Alternative Titles: What are the practical implications of the HIPAA privacy rules for

Protecting the Privacy of Healthcare Data While Preserving the Utility of Geographic Location Information for Epidemiologic Research Daniel C. Barth-Jones, M.P.H., Ph.D. Center for Healthcare Effectiveness Research Wayne State University (

448 views • 31 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides
Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Introduction Syntax Semantics Example Outlook Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection Schleswig-Holstein 26th of July 2010 www.ietf.org/id/draft-koenig-privicons-00.txt Ulrich

225 views • 10 slides
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16,

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16,

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16, 2016 OVERVIEW: Freedom of Information and Protection of Privacy 1. Legislation Freedom of Information and Protection of Privacy Act (FIPPA) ;

379 views • 17 slides

More recommend