Yunan Chen
ABSTRACT
Recent wide adoption of Electronic Medical Record (EMR) systems provides health practitioners with easy access to patient private information. However, there is a dilemma between the easy access to patient information and the potential privacy infringement brought by such easy access. This paper elaborates three types of group dynamics that identify challenges of privacy management in medical practices: team members, temporal involvement, and different levels of information sensitivity. Drawing on the theory of contextual integrity, this work identifies the appropriate actors, information access, and information transmission principles for understanding the norms of information flows. The findings of the study shed lights on the design insights that privacy enhancing features should be appropriately aligned with the dynamic group behaviors of medical practices.
- Agrawal, R. and Johnson, C. Securing Electronic Health Records without Impeding the Flow of Information. International Journal of Medical Informatics 76, 5--6 (2007), 471--479.Google Scholar
Cross Ref
- Aronsky, D., Jones, I., Lanaghan, K., and Slovis, C.M. Supporting Patient Care in the Emergency Department with a Computerized Whiteboard System. Journal of the American Medical Informatics Association 15, 2 (2007), 184--194.Google Scholar
- Bardram, J.E. and Bossen, C. Mobility Work: The Spatial Dimension of Collaboration at a Hospital. Computer Supported Cooperative Work (CSCW) 14, 2 (2005), 131--160. Google ScholarDigital Library
- Barkhuus, L. The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI. Proceedings of the CHI 2012, 367--376. Google ScholarDigital Library
- Bauer, L., Cranor, L.F., Reeder, R.W., Reiter, M.K., and Vaniea, K. Real life challenges in access-control management. Proceedings of CHI 2009, 899--908. Google ScholarDigital Library
- Bélanger, F. and Crossler, R.E. Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly. 35, 4 (2011), 1017--1042. Google ScholarDigital Library
- Berg, M. Accumulating and Coordinating: Occasions for Information Technologies in Medical Work. Computer Supported Cooperative Work (CSCW) 8, 4 (1999), 373--401. Google ScholarDigital Library
- Bulgurcu, B., Cavusoglu, H., and Benbasat, I. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly 34, 3 (2010), 523--54 Google ScholarDigital Library
- Cavoukian, A. and Prosch, M. Privacy by ReDesign: Building a Better Legacy. 2011. http://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1070.Google Scholar
- Chen, Y. Documenting transitional information in EMR. Proceedings of CHI 2010, 1787--1796. Google ScholarDigital Library
- Choi, Y.B., Capitan, K.E., Krause, J.S., and Streeper, M.M. Challenges Associated with Privacy in Health care Industry: Implementation of HIPAA and the Security Rules. Journal of Medical Systems 30, 1 (2006), 57--64. Google ScholarDigital Library
- Coiera, E. and Clarke, R. E-Consent: The Design and Implementation of Consumer Consent Mechanisms in an Electronic Environment. Journal of the American Medical Informatics Association 11, 2 (2004), 129--140.Google Scholar
- Culnan, M.J. and Williams, C.C. How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches. MIS Quarterly. 33, 4 (2009), 673--687. Google ScholarDigital Library
- Dmitrienko, A., Sadeghi, A.-R., Tamrakar, S., and Wachsmann, C. SmartTokens: Delegable Access Control with NFC-enabled Smartphones. Proceedings of the 5th International Conference on Trust & Trustworthy Computing (TRUST), Springer, 325--339. Google ScholarDigital Library
- Earp, J.B. and Payton, F.C. Information privacy in the service sector: An exploratory study of health care and banking professionals. J. Organ. Comp. Electron. Commer. 16, 2 (2006), 105--122.Google ScholarCross Ref
- Ferreira, A., Cruz-Correia, R., Antunes, L., et al. How to break access control in a controlled manner. Proceedings of the IEEE International Symposium on Computer-Based Medical Systems, (2006), 847--854. Google ScholarDigital Library
- Fitzpatrick, G. and Ellingsen, G. A Review of 25 Years of CSCW Research in Healthcare: Contributions, Challenges and Future Agendas. Computer Supported Cooperative Work. (2012). 1--57.Google Scholar
- Glaser, B.G. and Strauss, A.L. The discovery of grounded theory: Strategies for qualitative research. Aldine de Gruyter, Hawthorne, NY, 1967.Google Scholar
- Grudin, J. Why CSCW applications fail: problems in the design and evaluationof organizational interfaces. Proceedings of CSCW 1988, 85--93. Google ScholarDigital Library
- Gunter, C.A., Liebovitz, D.M., and Malin, B. Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems. IEEE Security and Privacy 9, 5 (2011), 48--55. Google ScholarDigital Library
- Heckle, R., Lutters, W.G., and Gurzick, D. Network authentication using single sign-on: the challenge of aligning mental models. Proceedings of the Symposium on Computer Human Interaction for Management of Information Technology (2008), 6:1--10. Google ScholarDigital Library
- Kluge, E.H.W. Secure e-Health: Managing Risks to Patient Health Data. International Journal of Medical Informatics 76, 5--6 (2007), 402--406.Google ScholarCross Ref
- Lee, S., Tang, C., Park, S.Y., and Chen, Y. Loosely formed patient care teams: communication challenges and technology design. Proceedings of CSCW 2012, 867--876. Google ScholarDigital Library
- Luff, P. and Heath, C. Mobility in collaboration. Proceedings of CSCW 1998, 305--314. Google ScholarDigital Library
- Murphy, A., Xu, H., Reddy, M., and Ringel, B. Exploring Collaborative Privacy Practices. CHI 2011 Workshop on Privacy for a Networked World: Bridging Theory and Design.Google Scholar
- Nissenbaum, H. Privacy as Contextual Integrity. Washington Law Review 79, 1 (2004). 101--139.Google Scholar
- Nissenbaum, H. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford Law Books, 2009. Google ScholarDigital Library
- Ohno-Machado, L., Silveira, P.S.P., and Vinterbo, S. Protecting Patient Privacy by Quantifiable Control of Disclosures in Disseminated Databases. International Journal of Medical Informatics 73, 7--8 (2004), 599--606.Google ScholarCross Ref
- Palen, L. and Dourish, P. Unpacking "privacy" for a networked world. Proceedings of CHI 2003, 129--136. Google ScholarDigital Library
- Parks, R., Chu, C.-H., Xu, H., and Adams, L. Understanding the Drivers and Outcomes of Healthcare Organizational Privacy Responses. Proceedings of 32nd Annual International Conference on Information Systems (ICIS), (2011).Google Scholar
- Parks, R., Chu, C.-H., and Xu, H. Healthcare Information Privacy Research: Issues, Gaps and What Next. Proceedings of the 17th Americas Conference on Information Systems (AMCIS), (2011).Google Scholar
- Patel, V.L., Arocha, J.F., and Shortliffe, E.H. Cognitive Models in Training Health Professionals to Protect Patients' Confidential Information. International Journal of Medical Informatics 60, 2 (2000), 143--150.Google ScholarCross Ref
- Peleg, M., Beimel, D., Dori, D., and Denekamp, Y. Situation-Based Access Control: Privacy Management via Modeling of Patient Data Access Scenarios. Journal of Biomedical Informatics 41, 6 (2008), 1028--1040. Google ScholarDigital Library
- PRC. http://www.privacyrights.org/data-breach. 2012.Google Scholar
- Reddy, M. and Dourish, P. A finger on the pulse: temporal rhythms and information seeking in medical work. Proceedings of CSCW 2002. 344--353. Google ScholarDigital Library
- Siponen, M. and Vance, A. Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly 34, 3 (2010), 487--502. Google ScholarDigital Library
- Smith, H.J., Dinev, T., and Xu, H. Information Privacy Research: An Interdisciplinary Review. MIS Quarterly 35, 4 (2011), 989--1015. Google ScholarDigital Library
- Steinbrook, R. Health Care and the American Recovery and Reinvestment Act. New England Journal of Medicine 360, 11 (2009), 1057--1060.Google ScholarCross Ref
- Strauss, A., Fagerhaugh, S., Suczek, B., and Wiener, C. Social Organization of Medical Work. University of Chicago, Chicago, 1985.Google Scholar
- Zhang, W., Gunter, C., Liebovitz, D., Tian, J., and Malin, B. Role Prediction using Electronic Medical Record System Audits. Proceedings of the 2011 American Medical Informatics Association Annual Symposium (2011), 858--867.Google Scholar
- Hospital personnel fired for accessing records of Tucson victims. CNN. http://articles.cnn.com/2011-01--12/us/arizona.hospital.records_1_patient-hospital-personnel-medical-records?_s=PM:US.Google Scholar
Index Terms
- Privacy management in dynamic groups: understanding information privacy in medical practices
Recommendations
Privacy as Articulation Work in HIV Health Services
CSCW '15: Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social ComputingNormative accounts on health information privacy often highlight the importance of regulating data sharing. Yet, little attention has been paid to how health professionals perform and negotiate privacy practices in highly multidisciplinary, ...
Health privacy as sociotechnical capital
This article identified sociodemographic factors affecting privacy surrounding health data and explored the impact of health privacy capital on the use of health-related digital technologies and related perceptions. To do so, we adopted two perspectives,...
Research on Medical Information Privacy and Security Legal Issues in China-Take Electronic Medical Record as an Example
BDIOT '17: Proceedings of the International Conference on Big Data and Internet of ThingAs the main carrier of health care information, electronic medical record contains the medical information produced by individuals in the process of medical treatment complete and detailed.It has many advantages of traditional paper-based medical ...
Comments