Privacy Goals and Settings Mediator Model for PHRs

Personal Health Record (PHR) platforms support an extensible ecosystem of third party applications that share health data. Still, support for self-management of privacy in PHR platforms remains primitive and insufficient. Privacy experts can offer users advice to help configure their privacy settings, but there is a lack of tools to support this activity. Our research proposes a model (and the associated tooling) that fills the gap between the end-user privacy intentions and what PHR systems offer as privacy features. We develop a privacy goals and settings mediator model based on an existing agent and goal-oriented modeling approach. Our proposed model is capable of encoding the accumulated privacy knowledge of the privacy experts during design-time, and offers privacy setting options that best match the users' intentions during run-time. We demonstrate the effectiveness of the model through an example scenario. We also report on qualitative evidence of the acceptance of the model by practitioners, based on interviews with health care privacy experts.

[1]  Laurent Bussard,et al.  S4P: A Generic Language for Specifying Privacy Preferences and Policies , 2010 .

[2]  Lois W. Sayrs Interviews : an introduction to qualitative research interviewing , 1996 .

[3]  Lillian Røstad,et al.  An Initial Model and a Discussion of Access Control in Patient Controlled Health Records , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4]  Eric Yu,et al.  Social Modeling for Requirements Engineering , 2011, Cooperative information systems.

[5]  Reza Samavi,et al.  Towards Smart Privacy on the Personal Web , 2010 .

[6]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[7]  John Mylopoulos,et al.  Simple and Minimum-Cost Satisfiability for Goal Models , 2004, CAiSE.

[8]  David W. Bates,et al.  Viewpoint Paper: A Research Agenda for Personal Health Records (PHRs) , 2008, J. Am. Medical Informatics Assoc..

[9]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[10]  I. Kohane,et al.  No small change for the health information economy. , 2009, The New England journal of medicine.

[11]  John Mylopoulos,et al.  Reasoning with Goal Models , 2002, ER.

[12]  Reza Samavi,et al.  Designing Privacy-Aware Personal Health Record Systems , 2008, ER Workshops.

[13]  Adam Barth,et al.  Design and analysis of privacy policies , 2008 .

[14]  Yijun Yu,et al.  Configuring common personal software: a requirements-driven approach , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[15]  M. Wynia,et al.  Dreams and Nightmares: Practical and Ethical Issues for Patients and Physicians Using Personal Health Records , 2010, Journal of Law, Medicine & Ethics.

[16]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .