A Review of Privacy and Consent Management in Healthcare: A Focus on Emerging Data Sources

The emergence of New Data Sources (NDS) in healthcare is revolutionising traditional electronic health records in terms of data availability, storage, and access. Increasingly, clinicians are using NDS to build a virtual holistic image of a patients health condition. This research is focused on a review and analysis of the current legislation and privacy rules available for healthcare professionals. NDS in this project refers to and includes patient-generated health data, consumer device data, wearable health and fitness data, and data from social media. This project reviewed legal and regulatory requirements for New Zealand, Australia, the European Union, and the United States to establish the ground reality of existing mechanisms in place concerning the use of NDS. The outcome of our research is to recommend changes and enhancements required to better prepare for the ’tsunami’ of NDS and applications in the currently evolving data-driven healthcare area and precision or personalised health initiatives such as Precision Driven Health (PDH) in New Zealand.

[1]  Jiankun Hu,et al.  Corresponding author’s address: , 2022 .

[2]  Arshdeep Bahga,et al.  A Cloud-based Approach for Interoperable Electronic Health Records (EHRs) , 2013, IEEE Journal of Biomedical and Health Informatics.

[3]  Chien-Ding Lee,et al.  A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations , 2008, IEEE Transactions on Information Technology in Biomedicine.

[4]  Rebecca Herold,et al.  HIPAA Privacy Rule , 2014 .

[5]  Robert Yates,et al.  A Web 2.0 Model for Patient-Centered Health Informatics Applications , 2010, Computer.

[6]  Sead Muftic,et al.  SAMSON: Secure access for medical smart cards over networks , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[7]  Zheng-Yun Zhuang,et al.  A Trusted and Efficient Cloud Computing Service with Personal Health Record , 2013, 2013 International Conference on Information Science and Applications (ICISA).

[8]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Thomas Neubauer,et al.  Privacy-Preserving Storage and Access of Medical Data through Pseudonymization and Encryption , 2011, TrustBus.

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[13]  Wouter Joosen,et al.  Integrating Patient Consent in e-Health Access Control , 2011, Int. J. Secur. Softw. Eng..

[14]  Hal Hodson,et al.  Google DeepMind and healthcare in an age of algorithms , 2017, Health and Technology.

[15]  Aiqing Zhang,et al.  Consent-based access control for secure and privacy-preserving health information exchange , 2016, Secur. Commun. Networks.

[16]  Giovanni Russello,et al.  Flexible and Dynamic Consent-Capturing , 2011, iNetSeC.

[17]  Christine M OˈKeefe,et al.  Privacy and the use of health data for research , 2010, The Medical journal of Australia.

[18]  Kamran Sartipi,et al.  An Agent-Based Infrastructure for Secure Medical Imaging System Integration , 2014, 2014 IEEE 27th International Symposium on Computer-Based Medical Systems.

[19]  Mark Dredze,et al.  Quantifying Mental Health Signals in Twitter , 2014, CLPsych@ACL.

[20]  Manisha Mantri,et al.  Electronic Health Record: Standards, Coding Systems, Frameworks, and Infrastructures , 2012 .