Secure Teleassistance towards endless medical litigations: identification of liabilities through a protocol using Joint Watermarking-Encryption Evidences

Teleassistance is defined by the help provided through a telemedicine network by a medical practitioner to one other medical practitioner faced to a difficult case. One of the main limiting factors of its development is the fear of the practitioners to be involved in a litigation. In such a situation, the main issue is to determine as quick and as certain as possible if the damage is in relation with the tort of negligence and the liabilities of each involved physician. After a brief summary of the legal context, we present a protocol combining joint watermarking-encryption and a third party to enforce exchange traceability and therefore to bring valuable electronic evidence in case of teleassistance litigations.

Physical security, HIPPA, and the HHS wall of shame

In this article, the author a healthcare IT expert, reveals what experts have discovered in analyzing HIPPA data breaches. Most are the result of theft or loss. She explains why this is so, and offers a solution--improved physical security.

Privacy and Security in Mobile Health (mHealth) Research

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

[Current legal framework conditions for running and utilization of biobanks. Part 2: data protection and informed consent]

Informed consent of donors of biomaterials represents an essential pillar of legal conformity of business organizations even for biobanks. For the assessment of self-determination of donors and freedom of research for users of biobanks there is a general consensus on the necessity for a social and individual agreement for the participation of donors in research projects. However, demands are often made for which the legal implementation is at least contentious and can be considered as excessive and biased. In part 2 of this review series the current legal foundation of data protection and informed consent is summarized on the basis of normative and ethical principles. With respect to appropriation of data and biosamples it can be deduced that by conformation to corresponding framework conditions the informed consent of donors in particular can be constructed independent of the project.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

BACKGROUND

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform.

METHODS

Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management.

RESULTS

A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring.

CONCLUSIONS

Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

Ethical and legal implications of whole genome and whole exome sequencing in African populations

BACKGROUND

Rapid advances in high throughput genomic technologies and next generation sequencing are making medical genomic research more readily accessible and affordable, including the sequencing of patient and control whole genomes and exomes in order to elucidate genetic factors underlying disease. Over the next five years, the Human Heredity and Health in Africa (H3Africa) Initiative, funded by the Wellcome Trust (United Kingdom) and the National Institutes of Health (United States of America), will contribute greatly towards sequencing of numerous African samples for biomedical research.

DISCUSSION

Funding agencies and journals often require submission of genomic data from research participants to databases that allow open or controlled data access for all investigators. Access to such genotype-phenotype and pedigree data, however, needs careful control in order to prevent identification of individuals or families. This is particularly the case in Africa, where many researchers and their patients are inexperienced in the ethical issues accompanying whole genome and exome research; and where an historical unidirectional flow of samples and data out of Africa has created a sense of exploitation and distrust. In the current study, we analysed the implications of the anticipated surge of next generation sequencing data in Africa and the subsequent data sharing concepts on the protection of privacy of research subjects. We performed a retrospective analysis of the informed consent process for the continent and the rest-of-the-world and examined relevant legislation, both current and proposed. We investigated the following issues: (i) informed consent, including guidelines for performing culturally-sensitive next generation sequencing research in Africa and availability of suitable informed consent documents; (ii) data security and subject privacy whilst practicing data sharing; (iii) conveying the implications of such concepts to research participants in resource limited settings.

SUMMARY

We conclude that, in order to meet the unique requirements of performing next generation sequencing-related research in African populations, novel approaches to the informed consent process are required. This will help to avoid infringement of privacy of individual subjects as well as to ensure that informed consent adheres to acceptable data protection levels with regard to use and transfer of such information.

The data protection and medical device frameworks - obstacles to the deployment of mHealth across Europe?

This article examines the receptivity of the current EU legal regime towards innovative mHealth technologies and their deployment on a pan-European basis. At present, a coherent legal strategy towards the development of mHealth technologies does not exist. The deployment of such technologies is influenced in an uncoordinated way by various disparate European legislative initiatives. This article focuses on problems that may be encountered by mHealth platforms through application of the Medical Device and Data Protection Frameworks. Theses frameworks are analysed in this article through the lens of a pan-European deployment of mHealth technologies. The aim throughout is to look for potential problems for the deployment of such technologies posed by these frameworks and, where possible, to suggest improvements.

Understanding health care providers' reluctance to adopt a national electronic patient record: an empirical and legal analysis

BACKGROUND

Several countries are implementing a national electronic patient record (n-EPR). Despite the assumed positive effects of n-EPRs on the efficiency, continuity, safety and quality of care, their overall adoption remains low and meets resistance from involved parties. The implementation of the Dutch n-EPR also raised considerable controversy, which eventually caused the Dutch government to stop its contribution to the national infrastructure.

AIM

To explain Dutch health care providers' reluctance in adopting the n-EPR, we investigated their perceptions of problems associated with the n-EPR and their legal position regarding then-EPR. We hereby aim to provide suggestions about approaches that could promote successful implementation.

METHODS

The study consisted of two parts. The empirical part of the study was conducted in three health care settings: acute care, diabetes care, and ambulatory mental health care. Two health care organisations were included per setting. Between January and June 2010, 17 stakeholders working in these organisations were interviewed to investigate health care providers' perceptions of problems associated with the n-EPR. In the legal part of the study, legal documents were analysed to study health care providers' legal position regarding the n-EPR and any associated problems.

RESULTS

The respondents expressed concerns about the confidentiality and safety of information exchange and the reliability and quality of patient data in the n-EPR, and indicated that their liability in case of medical errors was not sufficiently clear. The perceived problems could partly be attributed to legal uncertainties.

CONCLUSIONS

It is recommended to start the implementation of an n-EPR in limited geographical areas. This will allow health care providers to experience benefits of electronic information exchange before being asked to participate in information exchange at a larger scale. The problems that health care providers perceive in the n-EPR should be minimised. Legislation underlying the n-EPR should provide sufficient clarity about health care professionals' responsibilities and liabilities.

The law of unintended (financial) consequences: the expansion of HIPAA business associate liability

The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.