Health information custodians and network providers within the circle of care for a patient must meet certain legal obligations regarding the collection, access and disclosure of personal health information. We present a framework for consent and risk management that can be used to help manage a patient’s consent for releasing personal health information, and analyze the risk involved in handling this type of data. A patient’s preferences for specific privacy policies (expressed in P3P) are elicited through querying, and extra information is inferred using a Bayesian network. A risk analysis is performed to help a custodian to make informed decisions when handling personal health information. Thus the custodian and provider can help each other meet their respective legal obligations, and patients are more easily able to exercise their privacy rights.
[1]
Lorrie Faith Cranor,et al.
The platform for privacy preferences
,
1999,
CACM.
[2]
Daphne Koller,et al.
Making Rational Decisions Using Adaptive Utility Elicitation
,
2000,
AAAI/IAAI.
[3]
Bruce Spencer,et al.
MONOLOGUE: A Tool for Negotiating Exchanges of Private Information in E-Commerce
,
2005,
PST.
[4]
Fang Wang,et al.
Negotiating Exchanges of P3p‐Labeled Information for Compensation
,
2004,
Comput. Intell..
[5]
Sabah S. Al-Fedaghi.
How to Calculate the Information Privacy
,
2005,
PST.
[6]
Michael Richter,et al.
Determining Internet Users' Values for Private Information
,
2004,
PST.