Journal articles on the topic 'Privacy policy compliance'
To see the other types of publications on this topic, follow the link: Privacy policy compliance.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Privacy policy compliance.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Mazmudar, Miti, and Ian Goldberg. "Mitigator: Privacy policy compliance using trusted hardware." Proceedings on Privacy Enhancing Technologies 2020, no. 3 (July 1, 2020): 204–21. http://dx.doi.org/10.2478/popets-2020-0049.
Full textAbstract:
AbstractThrough recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website’s data processing code does not match the privacy policy. Although systems have been proposed to achieve compliance of internal software to access control policies, they assume a large trusted computing base and are not designed to provide a proof of compliance to an end user. We design Mitigator, a system to enforce compliance of a website’s source code with a privacy policy model that addresses these two drawbacks of previous work. We use trusted hardware platforms to provide a guarantee to an end user that their data is only handled by code that is compliant with the privacy policy. Such an end user only needs to trust a small module in the hardware of the remote back-end machine and related libraries but not the entire OS. We also provide a proof-of-concept implementation of Mitigator and evaluate it for its latency. We conclude that it incurs only a small overhead with respect to an unmodified system that does not provide a guarantee of privacy policy compliance to the end user.
2
Javed, Yousra, Elham Al Qahtani, and Mohamed Shehab. "Privacy Policy Analysis of Banks and Mobile Money Services in the Middle East." Future Internet 13, no. 1 (January 3, 2021): 10. http://dx.doi.org/10.3390/fi13010010.
Full textAbstract:
Privacy compliance of the Middle East’s financial sector has been relatively unexplored. This paper evaluates the privacy compliance and readability of privacy statements for top banks and mobile money services in the Middle East. Our analysis shows that, overall, Middle Eastern banks have better privacy policy availability and language distribution, and are more privacy compliant compared to mobile money services. However, both the banks and mobile money services need to improve (1) compliance with the principles of children/adolescent’s data protection, accountability and enforcement, and data minimization/retention, and (2) privacy statement texts to be comprehensible for a reader with ~8 years of education or less.
3
Joshi, Karuna Pande, and Agniva Banerjee. "Automating Privacy Compliance Using Policy Integrated Blockchain." Cryptography 3, no. 1 (February 5, 2019): 7. http://dx.doi.org/10.3390/cryptography3010007.
Full textAbstract:
An essential requirement of any information management system is to protect data and resources against breach or improper modifications, while at the same time ensuring data access to legitimate users. Systems handling personal data are mandated to track its flow to comply with data protection regulations. We have built a novel framework that integrates semantically rich data privacy knowledge graph with Hyperledger Fabric blockchain technology, to develop an automated access-control and audit mechanism that enforces users' data privacy policies while sharing their data with third parties. Our blockchain based data-sharing solution addresses two of the most critical challenges: transaction verification and permissioned data obfuscation. Our solution ensures accountability for data sharing in the cloud by incorporating a secure and efficient system for End-to-End provenance. In this paper, we describe this framework along with the comprehensive semantically rich knowledge graph that we have developed to capture rules embedded in data privacy policy documents. Our framework can be used by organizations to automate compliance of their Cloud datasets.
4
Fernald, Frances R. "HIPAA Patient Privacy Compliance Guide." Journal For Healthcare Quality 24, no. 6 (November 2002): 52. http://dx.doi.org/10.1097/01445442-200211000-00017.
Full text
5
Liu, Kaijun, Guoai Xu, Xiaomei Zhang, Guosheng Xu, and Zhangjie Zhao. "Evaluating the Privacy Policy of Android Apps: A Privacy Policy Compliance Study for Popular Apps in China and Europe." Scientific Programming 2022 (August 23, 2022): 1–15. http://dx.doi.org/10.1155/2022/2508690.
Full textAbstract:
Recently, with the increase in the market share of the Android system and the sharp increase in the number of Android mobile apps, many countries and regions have successively launched laws and regulations related to data security. The EU’s GDPR and China’s Information Security Technology-Personal Information Security Specification are two of the most important bills, affecting vast areas and large populations. Both regulations impose requirements on privacy policy specifications for Android apps. With these requirements, however, apps’ privacy policies have become larger. Researchers have conducted studies on whether the actual privacy behavior of apps conforms to their privacy policy description but have not focused on compliance with the privacy policy itself. In this paper, we propose evaluation metrics for privacy policy compliance and evaluate popular apps by analyzing privacy policies and apps. We applied our method to 1,000 apps from the Google Play Store in Europe and 1,000 apps from the Tencent Appstore in China. We detected a number of app privacy policy noncompliance issues and discovered a number of privacy issues with third-party services and third-party libraries.
6
Valentine, Greta, and Kate Barron. "An Examination of Academic Library Privacy Policy Compliance with Professional Guidelines." Evidence Based Library and Information Practice 17, no. 3 (September 19, 2022): 77–96. http://dx.doi.org/10.18438/eblip30122.
Full textAbstract:
Objective – The tension between upholding privacy as a professional value and the ubiquity of collecting patrons’ data to provide online services is now common in libraries. Privacy policies that explain how the library collects and uses patron records are one way libraries can provide transparency around this issue. This study examines 78 policies collected from the public websites of U.S. Association of Research Libraries’ (ARL) members and examines these policies for compliance with American Library Association (ALA) guidelines on privacy policy content. This overview can provide library policy makers with a sense of trends in the privacy policies of research-intensive academic libraries, and a sense of the gaps where current policies (and guidelines) may not adequately address current privacy concerns. Methods – Content analysis was applied to analyze all privacy policies. A deductive codebook based on ALA privacy policy guidelines was first used to code all policies. The authors used consensus coding to arrive at agreement about where codes were present. An inductive codebook was then developed to address themes present in the text that remained uncoded after initial deductive coding. Results – Deductive coding indicated low policy compliance with ALA guidelines. None of the 78 policies contained all 20 codes derived from the guidelines, and only 6% contained more than half. No individual policy contained more than 75% of the content recommended by ALA. Inductive coding revealed themes that expanded on the ALA guidelines or addressed emerging privacy concerns such as library-initiated data collection and sharing patron data with institutional partners. No single inductive code appeared in more than 63% of policies. Conclusion – Academic library privacy policies appear to be evolving to address emerging concerns such as library-initiated data collection, invisible data collection via vendor platforms, and data sharing with institutional partners. However, this study indicates that most libraries do not provide patrons with a policy that comprehensively addresses how patrons’ data are obtained, used, and shared by the library.
7
Linden, Thomas, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. "The Privacy Policy Landscape After the GDPR." Proceedings on Privacy Enhancing Technologies 2020, no. 1 (January 1, 2020): 47–64. http://dx.doi.org/10.2478/popets-2020-0004.
Full textAbstract:
AbstractThe EU General Data Protection Regulation (GDPR) is one of the most demanding and comprehensive privacy regulations of all time. A year after it went into effect, we study its impact on the landscape of privacy policies online. We conduct the first longitudinal, in-depth, and at-scale assessment of privacy policies before and after the GDPR. We gauge the complete consumption cycle of these policies, from the first user impressions until the compliance assessment. We create a diverse corpus of two sets of 6,278 unique English-language privacy policies from inside and outside the EU, covering their pre-GDPR and the post-GDPR versions. The results of our tests and analyses suggest that the GDPR has been a catalyst for a major overhaul of the privacy policies inside and outside the EU. This overhaul of the policies, manifesting in extensive textual changes, especially for the EU-based websites, comes at mixed benefits to the users.While the privacy policies have become considerably longer, our user study with 470 participants on Amazon MTurk indicates a significant improvement in the visual representation of privacy policies from the users’ perspective for the EU websites. We further develop a new workflow for the automated assessment of requirements in privacy policies. Using this workflow, we show that privacy policies cover more data practices and are more consistent with seven compliance requirements post the GDPR. We also assess how transparent the organizations are with their privacy practices by performing specificity analysis. In this analysis, we find evidence for positive changes triggered by the GDPR, with the specificity level improving on average. Still, we find the landscape of privacy policies to be in a transitional phase; many policies still do not meet several key GDPR requirements or their improved coverage comes with reduced specificity.
8
Halder, Suhasish, V. S. Prakash Attili, and Vivek Gupta. "Information Privacy Assimilation." International Journal of Digital Strategy, Governance, and Business Transformation 12, no. 1 (January 1, 2022): 1–17. http://dx.doi.org/10.4018/ijdsgbt.313954.
Full textAbstract:
This paper proposes a framework to understand organizations' perspectives while safeguarding customers' information privacy. Following a detailed literature review, a broad conceptual model was developed to build a theory based on a multi-site, multi-case study approach. The current manuscript treats information privacy as distinct from information security. From an organizational standpoint, this research reveals that legal policy, technology, and industry standards drive privacy assimilation. At a detailed level, adherence to compliance, competitive best practices, and data management controls significantly impact an organization's opportunistic perspective, resulting in higher-order assimilation (infusion) of organizational privacy practices. Resistance to compliance, investment cost, and reactive approach results in lower-order assimilation (adaptation) of organizational privacy practices. This study delivers practical implications related to how businesses perceive privacy practices while maintaining the right balance of privacy risks and opportunities.
9
Costante, Elisa, Federica Paci, and Nicola Zannone. "Privacy-Aware Web Service Composition and Ranking." International Journal of Web Services Research 10, no. 3 (July 2013): 1–23. http://dx.doi.org/10.4018/ijwsr.2013070101.
Full textAbstract:
Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers’ privacy preferences is largely ignored. In this paper, the authors propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between users’ privacy requirements and providers’ privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. The authors illustrate their approach using an eCommerce Web service as an example of service composition. Moreover, the authors present a possible Java-based implementation of the proposed approach and present an extension to WS-Policy standard to specify privacy related assertions.
10
Brothers, Kyle Bertram, and Ellen Wright Clayton. "“Human Non-Subjects Research”: Privacy and Compliance." American Journal of Bioethics 10, no. 9 (September 9, 2010): 15–17. http://dx.doi.org/10.1080/15265161.2010.492891.
Full text
11
Grandison, Tyrone, and Rafae Bhatti. "Regulatory Compliance and the Correlation to Privacy Protection in Healthcare." International Journal of Computational Models and Algorithms in Medicine 1, no. 2 (April 2010): 37–52. http://dx.doi.org/10.4018/jcmam.2010040103.
Full textAbstract:
Recent government-led efforts and industry-sponsored privacy initiatives in the healthcare sector have received heightened publicity. The current set of privacy legislation mandates that all parties involved in the delivery of care specify and publish privacy policies regarding the use and disclosure of personal health information. The authors’ study of actual healthcare privacy policies indicates that the vague representations in published privacy policies are not strongly correlated with adequate privacy protection for the patient. This phenomenon is not due to a lack of available technology to enforce privacy policies, but rather to the will of the healthcare entities to enforce strong privacy protections and their interpretation of minimum compliance obligations. Using available information systems and data mining techniques, this article describes an infrastructure for privacy protection based on the idea of policy refinement to allow the transition from the current state of perceived to be privacy-preserving systems to actually privacy-preserving systems.
12
Choi, Youngkeun. "Human Resource Management and Security Policy Compliance." International Journal of Human Capital and Information Technology Professionals 8, no. 3 (July 2017): 68–81. http://dx.doi.org/10.4018/ijhcitp.2017070105.
Full textAbstract:
Given the regulatory requirements imposed on organizations within numerous industries, research in the area of employee compliance with organizational security and privacy regulations remains necessary and highly desirable. Therefore, the objective of this study provides a unique framework for understanding the influence of HRM practices on individual security policy compliance outcomes. The unit of analysis for this research project is the individual employee of a bank organization. With the survey of 257 bank employees, a components-based approach to structural equation modeling was taken. The results of this study indicate that developmental-oriented appraisal, externally or internally equitable reward, selective staffing and training for career development are positively associated with employees' behavioral intent to comply security policy through their affective commitment.
13
Zimmeck, Sebastian, Peter Story, Daniel Smullen, Abhilasha Ravichander, Ziqi Wang, Joel Reidenberg, N. Cameron Russell, and Norman Sadeh. "MAPS: Scaling Privacy Compliance Analysis to a Million Apps." Proceedings on Privacy Enhancing Technologies 2019, no. 3 (July 1, 2019): 66–86. http://dx.doi.org/10.2478/popets-2019-0037.
Full textAbstract:
Abstract The app economy is largely reliant on data collection as its primary revenue model. To comply with legal requirements, app developers are often obligated to notify users of their privacy practices in privacy policies. However, prior research has suggested that many developers are not accurately disclosing their apps’ privacy practices. Evaluating discrepancies between apps’ code and privacy policies enables the identification of potential compliance issues. In this study, we introduce the Mobile App Privacy System (MAPS) for conducting an extensive privacy census of Android apps. We designed a pipeline for retrieving and analyzing large app populations based on code analysis and machine learning techniques. In its first application, we conduct a privacy evaluation for a set of 1,035,853 Android apps from the Google Play Store. We find broad evidence of potential non-compliance. Many apps do not have a privacy policy to begin with. Policies that do exist are often silent on the practices performed by apps. For example, 12.1% of apps have at least one location-related potential compliance issue. We hope that our extensive analysis will motivate app stores, government regulators, and app developers to more effectively review apps for potential compliance issues.
14
LePar, Kathleen. "Quality Consciousness … Auditing for HIPAA Privacy Compliance." Lippincott's Case Management 9, no. 6 (November 2004): 257–64. http://dx.doi.org/10.1097/00129234-200411000-00004.
Full text
15
&NA;. "Quality Consciousness … Auditing for HIPAA Privacy Compliance." Lippincott's Case Management 9, no. 6 (November 2004): 265–66. http://dx.doi.org/10.1097/00129234-200411000-00005.
Full text
16
Sher, Ming-Ling, Paul C. Talley, Ching-Wen Yang, and Kuang-Ming Kuo. "Compliance With Electronic Medical Records Privacy Policy: An Empirical Investigation of Hospital Information Technology Staff." INQUIRY: The Journal of Health Care Organization, Provision, and Financing 54 (January 1, 2017): 004695801771175. http://dx.doi.org/10.1177/0046958017711759.
Full textAbstract:
The employment of Electronic Medical Records is expected to better enhance health care quality and to relieve increased financial pressure. Electronic Medical Records are, however, potentially vulnerable to security breaches that may result in a rise of patients’ privacy concerns. The purpose of our study was to explore the factors that motivate hospital information technology staff’s compliance with Electronic Medical Records privacy policy from the theoretical lenses of protection motivation theory and the theory of reasoned action. The study collected data using survey methodology. A total of 310 responses from information technology staff of 7 medical centers in Taiwan was analyzed using the Structural Equation Modeling technique. The results revealed that perceived vulnerability and perceived severity of threats from Electronic Medical Records breaches may be used to predict the information technology staff’s fear arousal level. And factors including fear arousal, response efficacy, self-efficacy, and subjective norm, in their turn, significantly predicted IT staff’s behavioral intention to comply with privacy policy. Response cost was not found to have any relationship with behavioral intention. Based on the findings, we suggest that hospitals could plan and design effective strategies such as initiating privacy-protection awareness and skills training programs to improve information technology staff member’s adherence to privacy policy. Furthermore, enhancing the privacy-protection climate in hospitals is also a viable means to the end. Further practical and research implications are also discussed.
17
O’Neill, Allen. "An action framework for compliance and governance." Clinical Governance: An International Journal 19, no. 4 (September 30, 2014): 342–59. http://dx.doi.org/10.1108/cgij-07-2014-0022.
Full textAbstract:
Purpose – The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation. Design/methodology/approach – The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes. Findings – There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a “compliance action framework” which builds on work existing in other domains in relation to education, process control and governance. Research limitations/implications – The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field. Originality/value – The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection.
18
Rothstein, Mark A. "HIPAA Privacy Rule 2.0." Journal of Law, Medicine & Ethics 41, no. 2 (2013): 525–28. http://dx.doi.org/10.1111/jlme.12060.
Full textAbstract:
On January 25, 2013, the Federal Register published the Department of Health and Human Services (HHS) omnibus amendments to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Enforcement, and Breach Notification Rules. These modifications also include the final versions of the HIPAA regulation amendments mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and the Genetic Information Nondiscrimination Act (GINA). Although the amended rules were effective on March 26, 2013, covered entities and their business associates (which now have direct liability for violations of the regulations) have a compliance date of September 23, 2013.It has been 10 years since the April 14, 2003 compliance date for the original HIPAA Privacy Rule. Despite HHS’ clarification of some issues by posting answers to frequently asked questions (FAQs), there have been no significant amendments to the Privacy Rule since 2003.
19
Crossler, Robert E., James H. Long, Tina M. Loraas, and Brad S. Trinkle. "The Impact of Moral Intensity and Ethical Tone Consistency on Policy Compliance." Journal of Information Systems 31, no. 2 (October 1, 2016): 49–64. http://dx.doi.org/10.2308/isys-51623.
Full textAbstract:
ABSTRACT This study examines the impact of moral intensity and inconsistent ethical tone on Bring Your Own Device (BYOD) policy compliance. Organizations use BYOD policies to address the heightened risks of data and privacy breaches that arise when employees use their personal devices to access or store company data. These policies are a key part of an organization's system of internal controls that protect organizational assets by prescribing appropriate behavior for individuals who have access to them. We conducted an online experiment to evaluate (1) how the moral intensity of a policy compliance decision influences policy compliance behavior, (2) the efficacy of an intervention designed to increase moral intensity and thus foster compliance, and (3) how an inconsistent ethical tone affects both the perceived ethicality of a policy compliance decision and individuals' intentions to comply with the policy. We find that moral intensity is positively related to policy compliance, and that a simple intervention effectively fosters policy compliance through its impact on moral intensity. Furthermore, we provide evidence that an inconsistent ethical tone erodes policy compliance intentions, and can spill over to affect another work-related behavior. These findings have important theoretical and practical implications.
20
Diamantopoulou, Vasiliki, Aggeliki Androutsopoulou, Stefanos Gritzalis, and Yannis Charalabidis. "Preserving Digital Privacy in e-Participation Environments: Towards GDPR Compliance." Information 11, no. 2 (February 20, 2020): 117. http://dx.doi.org/10.3390/info11020117.
Full textAbstract:
The application of the General Data Protection Regulation (GDPR) 2016/679/EC, the Regulation for the protection of personal data, is a challenge and must be seen as an opportunity for the redesign of the systems that are being used for the processing of personal data. An unexplored area where systems are being used to collect and process personal data are the e-Participation environment. The latest generations of such environments refer to sociotechnical systems based on the exploitation of the increasing use of Social Media, by using them as valuable tools, able to provide answers and decision support in public policy formulation. This work explores the privacy requirements that GDPR imposes in such environments, contributing to the identification of challenges that e-Participation approaches have to deal with, with regard to privacy protection.
21
Pasquier, Thomas, Jatinder Singh, Julia Powles, David Eyers, Margo Seltzer, and Jean Bacon. "Data provenance to audit compliance with privacy policy in the Internet of Things." Personal and Ubiquitous Computing 22, no. 2 (August 15, 2017): 333–44. http://dx.doi.org/10.1007/s00779-017-1067-4.
Full text
22
Alshare, Khaled A., Peggy L. Lane, and Michael R. Lane. "Information security policy compliance: a higher education case study." Information & Computer Security 26, no. 1 (March 12, 2018): 91–108. http://dx.doi.org/10.1108/ics-09-2016-0073.
Full textAbstract:
Purpose The purpose of this case study is to examine the factors that impact higher education employees’ violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory. Design/methodology/approach The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression. Findings The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant. Research limitations/implications As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this case study. Practical implications The findings validate past research and should encourage managers to ensure employees are involved with developing and implementing information security measures. Additionally, the information security measures should be applied consistently and in a timely manner. Past research has focused more on the certainty and severity of sanctions and not as much on the celerity or swiftness of applying sanctions. The results of this research indicate there is a need to be timely (swift) in applying sanctions. The importance of information security should be grounded in company culture. Employees should have a strong sense of treating company data as they would want their own data to be treated. Social implications Engaging employees in developing and implementing information security measures will reduce employees’ violations. Additionally, giving employees the assurance that all are given the same treatment when it comes to applying sanctions will reduce the violations. Originality/value Setting and enforcing in a timely manner a solid sanction system will help in preventing information security violations. Moreover, creating a culture that fosters information security will help in positively affecting the employees’ perceptions toward privacy and responsibility, which in turn, impacts information security violations. This case study applies some existing theories in the context of the US higher education environment. The results of this case study contributed to the extension of existing theories by including new factors, on one hand, and confirming previous findings, on the other hand.
23
Chimakurthi, VNS Surendra. "Cloud Security - A Semantic Approach in End to End Security Compliance." Engineering International 5, no. 2 (December 31, 2017): 97–106. http://dx.doi.org/10.18034/ei.v5i2.586.
Full textAbstract:
Many firms are seeing the benefits of moving to the cloud. For the sake of their customers' data, cloud service providers are required by law to maintain the highest levels of data security and privacy. Most cloud service providers employ a patchwork of security and privacy safeguards while industry standards are being created. The upshot is that customers of cloud services are unsure whether or not the security protections supplied by these services are enough to meet their specific security and compliance requirements. In this article, we have discussed the many threats cloud users face and emphasized the compliance frameworks and security processes that should be in place to minimize the risk. To categorize cloud security measures, risks, and compliance requirements, we developed an ontology. We needed to design software to identify the high-level policy rules that must be applied in response to each danger as part of this initiative. Additionally, the program provides a list of cloud service providers that now satisfy specific security requirements. Even if they aren't familiar with the underlying technology, cloud users may utilize our system to build up their security policy and identify compatible providers.
24
Kelly, Curly. "HIPAA Compliance: Lessons from the Repeal of Hawaii's Patient Privacy Law." Journal of Law, Medicine & Ethics 30, no. 2 (2002): 309–12. http://dx.doi.org/10.1111/j.1748-720x.2002.tb00399.x.
Full textAbstract:
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which required the enactment of new regulations to protect confidential patient health information. In December 2000, the U.S. Department of Health and Human Services (DHHS) published the agency's final rule on patient privacy and the proper use of privileged health information. The HIPAA privacy regulations cover all health-care providers that handle medical records or other identifiable patient health information. Most health-care organizations have until April 14,2003, to comply with HIPPA.
25
Chua, Hui Na, Anthony Herbland, Siew Fan Wong, and Younghoon Chang. "Compliance to personal data protection principles: A study of how organizations frame privacy policy notices." Telematics and Informatics 34, no. 4 (July 2017): 157–70. http://dx.doi.org/10.1016/j.tele.2017.01.008.
Full text
26
Agris, Julie L., and John M. Spandorfer. "HIPAA Compliance and Training: A Perfect Storm for Professionalism Education?" Journal of Law, Medicine & Ethics 44, no. 4 (2016): 652–56. http://dx.doi.org/10.1177/1073110516684812.
Full textAbstract:
The HIPAA Rules continue to support and bolster the importance of protecting the privacy and security of patients' protected health information. The HIPAA training requirements are at the cornerstone of meaningful implementation and provide a ripe opportunity for critical education.
27
Sánchez, David, Alexandre Viejo, and Montserrat Batet. "Automatic Assessment of Privacy Policies under the GDPR." Applied Sciences 11, no. 4 (February 17, 2021): 1762. http://dx.doi.org/10.3390/app11041762.
Full textAbstract:
To comply with the EU General Data Protection Regulation (GDPR), companies managing personal data have been forced to review their privacy policies. However, privacy policies will not solve any problems as long as users do not read or are not able to understand them. In order to assist users in both issues, we present a system that automatically assesses privacy policies. Our proposal quantifies the degree of policy compliance with respect to the data protection goals stated by the GPDR and presents clear and intuitive privacy scores to the user. In this way, users will become immediately aware of the risks associated with the services and their severity; this will empower them to take informed decisions when accepting (or not) the terms of a service. We leverage manual annotations and machine learning to train a model that automatically tags privacy policies according to their compliance (or not) with the data protection goals of the GDPR. In contrast with related works, we define clear annotation criteria consistent with the GDPR, and this enables us not only to provide aggregated scores, but also fine-grained ratings that help to understand the reasons of the assessment. The latter is aligned with the concept of explainable artificial intelligence. We have applied our method to the policies of 10 well-known internet services. Our scores are sound and consistent with the results reported in related works.
28
Al-Abdullah, Muhammad, Izzat Alsmadi, Ruwaida AlAbdullah, and Bernie Farkas. "Designing privacy-friendly data repositories: a framework for a blockchain that follows the GDPR." Digital Policy, Regulation and Governance 22, no. 5/6 (November 26, 2020): 389–411. http://dx.doi.org/10.1108/dprg-04-2020-0050.
Full textAbstract:
Purpose The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR. Design/methodology/approach The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework. Findings The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access. Research limitations/implications The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains. Practical implications The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain. Originality/value With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.
29
Murray, Suellen. "Compassion and Compliance: Releasing Records to Care-Leavers under Privacy and Freedom of Information Legislation." Social Policy and Society 13, no. 4 (July 22, 2013): 493–503. http://dx.doi.org/10.1017/s1474746413000328.
Full textAbstract:
This article discusses the use of privacy and freedom of information legislation in relation to the release of care-leavers’ records in the Australian state of Victoria. First, it explains the relevance of privacy and freedom of information legislation to care-leavers’ access to records, that is that the subject of a record is entitled to access information held about them, subject to certain exemptions. Second, based on research interviews with care-leavers and record-holders, the article then discusses how the legislation is understood in practice and the difficulties that arise in determining what information can be released, particularly in relation to ‘third party data’ and ‘unreasonable disclosure’. Finally, the article considers how policy in this area could be improved to enhance the release of records.
30
Choi, Youngkeun, and Taejong Yoo. "Influence of HRM Practices on Privacy Policy Compliance Intention: A Study among Bank Employees in Korea." International Journal of Security and Its Applications 8, no. 1 (January 31, 2014): 9–18. http://dx.doi.org/10.14257/ijsia.2014.8.1.02.
Full text
31
Warkentin, Merrill, Allen C. Johnston, and Jordan Shropshire. "The influence of the informal social learning environment on information privacy policy compliance efficacy and intention." European Journal of Information Systems 20, no. 3 (May 2011): 267–84. http://dx.doi.org/10.1057/ejis.2010.72.
Full text
32
Kotut, Lindah, and D. Scott McCrickard. "The TL;DR Charter: Speculatively Demystifying Privacy Policy Documents and Terms Agreements." Proceedings of the ACM on Human-Computer Interaction 6, GROUP (January 14, 2022): 1–14. http://dx.doi.org/10.1145/3492842.
Full textAbstract:
Privacy policy and term agreement documents are considered the gateway for software adoption and use. The documents provide a means for the provider to outline expectations of the software use, and also provide an often-separate document outlining how user data is collected, stored, and used--including if it is shared with other parties. A user agreeing with the terms, assumes that they have a full understanding the terms of the agreement and have provided consent. Often however, users do not read the documents because they are long and full of legalistic and inconsistent language, are regularly amended, and may not disclose all the details on what is done to the user data. Enforcing compliance and ensuring user consent have been persistent challenges to policy makers and privacy researchers. This design fiction puts forward an alternate reality and presents a policy-based approach to fording the consent gap with the TL;DR Charter: an agreement governing the parties involved by harnessing the power of formal governments, industry, and other stakeholders, and taking users expectation of privacy into account. The Charter allows us as researchers to examine the implications on trust, decision-making, consent, accountability and the impact of future technologies.
33
Yang, Lu, Xingshu Chen, Yonggang Luo, Xiao Lan, and Li Chen. "PurExt: Automated Extraction of the Purpose-Aware Rule from the Natural Language Privacy Policy in IoT." Security and Communication Networks 2021 (May 7, 2021): 1–11. http://dx.doi.org/10.1155/2021/5552501.
Full textAbstract:
The extensive data collection performed by the Internet of Things (IoT) devices can put users at risk of data leakage. Consequently, IoT vendors are legally obliged to provide privacy policies to declare the scope and purpose of the data collection. However, complex and lengthy privacy policies are unfriendly to users, and the lack of a machine-readable format makes it difficult to check policy compliance automatically. To solve these problems, we first put forward a purpose-aware rule to formalize the purpose-driven data collection or use statement. Then, a novel approach to identify the rule from natural language privacy policies is proposed. To address the issue of diversity of purpose expression, we present the concepts of explicit and implicit purpose, which enable using the syntactic and semantic analyses to extract purposes in different sentences. Finally, the domain adaption method is applied to the semantic role labeling (SRL) model to improve the efficiency of purpose extraction. The experiments that are conducted on the manually annotated dataset demonstrate that this approach can extract purpose-aware rules from the privacy policies with a high recall rate of 91%. The implicit purpose extraction of the adapted model significantly improves the F1-score by 11%.
34
Rothstein, Mark A. "Currents in Contemporary Ethics." Journal of Law, Medicine & Ethics 33, no. 1 (2005): 154–59. http://dx.doi.org/10.1111/j.1748-720x.2005.tb00217.x.
Full textAbstract:
For nearly twenty-five years, federal regulation of privacy issues in research involving human subjects was the primary province of the federal rule for Protection of Human Subjects (Common Rule). As of April 14, 2003, the compliance date for the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA), however, the Common Rule and the Privacy Rule jointly regulate research privacy. Although, in theory, the Privacy Rule is intended to complement the Common Rule, there are several areas in which the rules diverge. In some instances the inconsistencies result in gaps in privacy protection; in other instances the inconsistencies result in added burdens on researchers without additional privacy protections. In all instances, the lack of harmonization of these rules has created confusion, frustration, and misunderstanding by researchers, research subjects, and institutional review boards (IRBs). In this article, I review the major provisions of the Privacy Rule for research, explain the areas in which the Privacy Rule and Common Rule differ, and conclude that the two rules should be revised to promote consistency and maximize privacy protections while minimizing the burdens on research.
35
Sheehan, Kim Bartel. "In Poor Health: An Assessment of Privacy Policies at Direct-to-Consumer Web Sites." Journal of Public Policy & Marketing 24, no. 2 (September 2005): 273–83. http://dx.doi.org/10.1509/jppm.2005.24.2.273.
Full textAbstract:
Overall, consumers are concerned about the privacy of their personal health information. However, they are also active seekers of health care information online. Many of these information searches lead consumers to Web sites sponsored by pharmaceutical companies that provide information about drugs that are available only through prescription. Many of these Web sites collect personalized information about site visitors to facilitate information exchanges between visitors and site sponsors. This study examines the types of information collected at Web sites that promote product-claim drugs and studies the privacy notices that such sites provide. The author evaluates the degree to which such notices comply with Federal Trade Commission Fair Information Practices. Drug Web sites collect a range of information through a variety of interactive methods. The Web sites have relatively high compliance with two of the Fair Information Practices, notice and choice, but they have poor compliance with the access and security Fair Information Practices. In addition, readability of the policies is low. The author discusses implications for the industry and public policy.
36
Fu, Yang, Weihong Ma, and Jinjin Wu. "Fostering Voluntary Compliance in the COVID-19 Pandemic: An Analytical Framework of Information Disclosure." American Review of Public Administration 50, no. 6-7 (July 17, 2020): 685–91. http://dx.doi.org/10.1177/0275074020942102.
Full textAbstract:
Although there have been studies investigating the relationship between information disclosure and voluntary compliance behaviors, the terrain of such research is largely fragmented and has been rarely tested empirically in the pandemic contexts. This article reviewed the intervention and control of the pandemic from the perspective of information disclosure with reflections on the experience in China. Furthermore, the authors propose a comprehensive framework demonstrating the overall landscape of information disclosure and voluntary compliance behaviors with highlights on (a) the tensions between privacy and information transparency; (b) the trade-offs between policy rigorousness and compliance behaviors; (c) different sources of information and how they influence public behaviors differently; and most importantly, (d) how the variegated configurations and contextualization of factors result in different influencing and moderating mechanisms between information disclosure and voluntary compliance behaviors. In the end, the authors call for future research and reforms in pandemic control practice to focus on the dynamics of information disclosure, government actions, and public compliance behaviors, which has been largely neglected so far.
37
Nuradiansyah, Adrian. "Reasoning in Description Logic Ontologies for Privacy Management." KI - Künstliche Intelligenz 34, no. 3 (July 4, 2020): 411–15. http://dx.doi.org/10.1007/s13218-020-00681-8.
Full textAbstract:
Abstract This work is initially motivated by a privacy scenario in which the confidential information about persons or its properties formulated in description logic (DL) ontologies should be kept hidden. We investigate procedures to detect whether this confidential information can be disclosed in a certain situation by using DL formalisms. If it is the case that this information can be deduced from the ontologies, which implies certain privacy policies are not fulfilled, then one needs to consider methods to repair these ontologies in a minimal way such that the modified ontologies complies with the policies. However, privacy compliance itself is not enough if a possible attacker can also obtain relevant information from other sources, which together with the modified ontologies might violate the privacy policy. This article provides a summary of studies and results from Adrian Nuradiansyah’s Ph.D. dissertation that are corresponding to the addressed problem above with a special emphasis on the investigations on the worst-case complexities of those problems as well as the complexity of the procedures and algorithms solving the problems.
38
Kutkat, Lora, James G. Hodge, Thomas Jeffry, and Diana M. Bontá. "The HIPAA Privacy Rule: Reviewing the Post-Compliance Impact on Public Health Practice and Research." Journal of Law, Medicine & Ethics 31, S4 (2003): 70–72. http://dx.doi.org/10.1111/j.1748-720x.2003.tb00758.x.
Full textAbstract:
Current economic conditions have coincided with the implementation of the Health Insurance Portability and Accountability Act (HIPAA) and forced public health officials to consider how to ethically incorporate compliance into their already strained budgets, while maintaining the integrity and intent of the legislation.As of April 14, 2003, the HIPAA Privacy Rule provides a new federal floor of protections for personal health information. The Privacy Rule establishes standards for the protection of health information held by many physicians’ offices, health plans, and health care clearinghouses. The Rule protects personal health information by establishing conditions regulating the use and disclosure of individually identifiable health information by these entities, also referred to as covered entities. The Rule does not prevent the daily operations of health care establishments (i.e., the treatment of patients and the collection of payment).
39
Chang, Shuchih Ernest, Anne Yenching Liu, and Sungmin Lin. "Exploring privacy and trust for employee monitoring." Industrial Management & Data Systems 115, no. 1 (February 2, 2015): 88–106. http://dx.doi.org/10.1108/imds-07-2014-0197.
Full textAbstract:
Purpose – The purpose of this paper is to evaluate privacy boundaries and explores employees’ reactions in employee monitoring. Design/methodology/approach – The research used the metaphor of boundary turbulence in the Communication Privacy Management (CPM) theory to demonstrate the psychological effect on employees. The model comprised organizational culture, CPM, trust, and employee performance in employee monitoring to further investigated the influence exerted by organizational culture and how employees viewed their trust within the organization when implementing employee monitoring. Variables were measured empirically by administrating questionnaires to full-time employees in organizations that currently practice employee monitoring. Findings – The findings showed that a control-oriented organizational culture raised communication privacy turbulence in CPM. The communication privacy turbulence in CPM mostly had negative effects on trust in employee monitoring policy, but not on trust in employee monitoring members. Both trust in employee monitoring policy and trust in employee monitoring members had positive effects on employee commitment and compliance to employee monitoring. Research limitations/implications – This research applied the CPM theory in workplace privacy to explore the relationship between employees’ privacy and trust. The results provide insights of why employees feel psychological resistance when they are forced to accept the practice of employee monitoring. In addition, this study explored the relationship between CPM and trust, and offer support and verification to prior studies. Practical implications – For practitioners, the findings help organizations to improve the performance of their employees and to design a more effective environment for employee monitoring. Originality/value – A research model was proposed to study the impacts of CPM on employee monitoring, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by organization managers and decision makers to make favorable tactics for achieving their goals of implementing employee monitoring.
40
Mulgund, Pavankumar, Banashri Pavankumar Mulgund, Raj Sharman, and Raghvendra Singh. "The implications of the California Consumer Privacy Act (CCPA) on healthcare organizations: Lessons learned from early compliance experiences." Health Policy and Technology 10, no. 3 (September 2021): 100543. http://dx.doi.org/10.1016/j.hlpt.2021.100543.
Full text
41
Garrett, Paul M., Yu-Wen Wang, Joshua P. White, Yoshihsa Kashima, Simon Dennis, and Cheng-Ta Yang. "High Acceptance of COVID-19 Tracing Technologies in Taiwan: A Nationally Representative Survey Analysis." International Journal of Environmental Research and Public Health 19, no. 6 (March 11, 2022): 3323. http://dx.doi.org/10.3390/ijerph19063323.
Full textAbstract:
Taiwan has been a world leader in controlling the spread of SARS-CoV-2 during the COVID-19 pandemic. Recently, the Taiwan Government launched its COVID-19 tracing app, ‘Taiwan Social Distancing App’; however, the effectiveness of this tracing app depends on its acceptance and uptake among the general population. We measured the acceptance of three hypothetical tracing technologies (telecommunication network tracing, a government app, and the Apple and Google Bluetooth exposure notification system) in four nationally representative Taiwanese samples. Using Bayesian methods, we found a high acceptance of all three tracking technologies, with acceptance increasing with the inclusion of additional privacy measures. Modeling revealed that acceptance increased with the perceived technology benefits, trust in the providers’ intent, data security and privacy measures, the level of ongoing control, and one’s level of education. Acceptance decreased with data sensitivity perceptions and a perceived low policy compliance by others among the general public. We consider the policy implications of these results for Taiwan during the COVID-19 pandemic and in the future.
42
Worobiec, Michele, and Kelly C. Firesheets. "Compliance Is Doable! A Framework for Navigating Privacy Regulations in Public Health and Public Safety Partnerships." Journal of Public Health Management and Practice 28, Supplement 6 (November 2022): S367—S371. http://dx.doi.org/10.1097/phh.0000000000001572.
Full text
43
Verhage, Antoinette. "Great expectations but little evidence: policing money laundering." International Journal of Sociology and Social Policy 37, no. 7/8 (July 11, 2017): 477–90. http://dx.doi.org/10.1108/ijssp-06-2016-0076.
Full textAbstract:
Purpose The purpose of this paper is to map anti-money laundering policy and its impact on money laundering. The AML system is discussed from the perspective of the compliance officer, who is responsible for translating AML law into practice in Belgian banks. Design/methodology/approach Literature review, based largely on a PhD study (2009) that involved a survey and interviews. Additionally, 12 compliance officers were interviewed in 2015. Findings The global AML system impacts significantly on issues of privacy and due process but has not yet been evaluated. The system’s preventive effect is difficult to measure because of a lack of (cross-border) information. The way in which Risks are currently managed in diverse ways. Research limitations/implications Results from the first study in 2009 (based on interviews in 2007-2008) were potentially outdated. This recent update (2015) confirms that compliance officers are still dealing with the same issues. Practical implications The study clarifies the ways in which compliance and AML is dealt with and mapped, providing insights into an often closed setting. Social implications The battle against money laundering is very costly and intrusive, making the need for stringent evaluation more pressing. Originality/value The study is both original and valuable because compliance officers have rarely been the subject of research. The study discloses useful information about their role.
44
Anthony, Denise L., and Timothy Stablein. "Privacy in practice: professional discourse about information control in health care." Journal of Health Organization and Management 30, no. 2 (April 11, 2016): 207–26. http://dx.doi.org/10.1108/jhom-12-2014-0220.
Full textAbstract:
Purpose – The purpose of this paper is to explore different health care professionals’ discourse about privacy – its definition and importance in health care, and its role in their day-to-day work. Professionals’ discourse about privacy reveals how new technologies and laws challenge existing practices of information control within and between professional groups in health care, with implications not only for patient privacy, but also for the role of information control in professions more generally. Design/methodology/approach – The authors conducted in-depth, semi-structured interviews with n=83 doctors, nurses, and health information professionals in two academic medical centers and one veteran’s administration hospital/clinic in the Northeastern USA. Interview responses were qualitatively coded for themes and patterns across groups were identified. Findings – The health care providers and the authors studied actively sought to uphold the protection (and control) of patient information through professional ethics and practices, as well as through the use of technologies and compliance with legal regulations. They used discourses of professionalism, as well as of law and technology, to sometimes accept and sometimes resist changes to practice required in the changing technological and legal context of health care. The authors found differences across professional groups; for some, protection of patient information is part of core professional ethics, while for others it is simply part of their occupational work, aligned with organizational interests. Research limitations/implications – This qualitative study of physicians, nurses, and health information professionals revealed some differences in views and practices for protecting patient information in the changing technological and legal context of health care that suggest some professional groups (doctors) may be more likely to resist such changes and others (health information professionals) will actively adopt them. Practical implications – New technologies and regulations are changing how information is used in health care delivery, challenging professional practices for the control of patient information that may change the value or meaning of medical records for different professional groups. Originality/value – Qualitative findings suggest that professional groups in health care vary in the extent of information control they have, as well in how they view such control. Some groups may be more likely to (be able to) resist changes in the professional control of information that stem from new technologies or regulatory policies. Some professionals recognize that new IT systems and regulations challenge existing social control of information in health care, with the potential to undermine (or possibly bolster) professional self-control for some but not necessarily all occupational groups.
45
Abdul Halim, Noursilawati, Zawiyah M.Yusof, and Nor Azan M. Zin. "The Requirement for Information Governance Policy Framework in Malaysian Public Sector." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 235. http://dx.doi.org/10.14419/ijet.v7i4.15.22996.
Full textAbstract:
The Information Governance (IG) Policy Framework sets out the standard to be applied for managing information including the principle, standard, procedure and guideline. This study seeks to identify the significant and appropriate factors underlying the IG policy in common. The identified factors are then verified for their appropriateness to be practiced in the public sector in Malaysia. The literature suggests that control, quality, compliance, transparency, value, accessibility, security, sharing, accountability, and privacy are the core factors essential for the IG policy framework. A survey method, using qualitative approach with interview, observation, and document content analysis are used as the data collection techniques. The sample is determined by purposive sampling and snowball and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) was chosen as a case study. Findings show that there is as yet no appropriate IG policy framework which can be referred to by the public sector in executing information governance initiative. The proposed framework is of help especially to MAMPU in getting a guide for the execution the IG initiative in the Malaysian public sector.
46
Li, Szu-Chuang, Yi-Wen Chen, and Yennun Huang. "Examining Compliance with Personal Data Protection Regulations in Interorganizational Data Analysis." Sustainability 13, no. 20 (October 16, 2021): 11459. http://dx.doi.org/10.3390/su132011459.
Full textAbstract:
The development of big data analysis technologies has changed how organizations work. Tech giants, such as Google and Facebook, are well positioned because they possess not only big data sets but also the in-house capability to analyze them. For small and medium-sized enterprises (SMEs), which have limited resources, capacity, and a relatively small collection of data, the ability to conduct data analysis collaboratively is key. Personal data protection regulations have become stricter due to incidents of private data being leaked, making it more difficult for SMEs to perform interorganizational data analysis. This problem can be resolved by anonymizing the data such that reidentifying an individual is no longer a concern or by deploying technical procedures that enable interorganizational data analysis without the exchange of actual data, such as data deidentification, data synthesis, and federated learning. Herein, we compared the technical options and their compliance with personal data protection regulations from several countries and regions. Using the EU’s GDPR (General Data Protection Regulation) as the main point of reference, technical studies, legislative studies, related regulations, and government-sponsored reports from various countries and regions were also reviewed. Alignment of the technical description with the government regulations and guidelines revealed that the solutions are compliant with the personal data protection regulations. Current regulations require “reasonable” privacy preservation efforts from data controllers; potential attackers are not assumed to be experts with knowledge of the target data set. This means that relevant requirements can be fulfilled without considerably sacrificing data utility. However, the potential existence of an extremely knowledgeable adversary when the stakes of data leakage are high still needs to be considered carefully.
47
Kornhauser, Marjorie E. "Doing the Full Monty: Will Publicizing Tax Information Increase Compliance?" Canadian Journal of Law & Jurisprudence 18, no. 1 (January 2005): 95–117. http://dx.doi.org/10.1017/s0841820900005518.
Full textAbstract:
Publicity of information is a fundamental principle of American democracy. Not only is it instrumental in increasing compliance with the laws, a necessity of any government, but also it is an essential element of the right to know-which itself is an aspect of the first amendment right to free speech. Unfortunately, publicity often conflicts with another fundamental right-the right to privacy. In regards to taxes, citizens essentially have two rights to know: a right to know what the tax laws are, and a right to know that these laws are being administered fairly. Publicity in the tax context traditionally means making tax return information public records in an attempt to ensure the fair administration of the tax laws. This type of publicity, however, generates intense hostility because taxpayers perceive it as a huge invasion of their privacy.After examining the pros and cons of traditional publicity of tax information, this Essay suggests that tax publicity be reconceived more broadly. Redefined in the dictionary sense of simply the transmission of information, tax publicity can include a wide array of communications, varying as to content and audience, which can better achieve publicity’s underlying goals with minimal invasions of privacy. A large portion of publicity in this broad sense can be-and should be-educational.The Essay outlines four publicity proposals to stimulate discussion. Three use the expanded definition of publicity and focus on individual taxpayers: an annual tax statement, a short booklet to accompany the 1040, called Know Your Taxes, and an annual W-4. These essentially educational programs should deliver tax information to taxpayers more effectively than currently occurs. The fourth, more controversial, proposal suggests partial publicity-in the traditional sense. It attempts, however, to minimize the customary objections to publicizing tax return information by reducing invasions of privacy.All the proposals will cost money, but probably less than the costs of enforcing compliance only through increased audits and litigation. They may also have psychic and political costs. Although recent studies show that more informed taxpayers are often more compliant, some of the information may trigger negative attitudes which would decrease compliance and/or create pressure for lower taxes.Regardless of whether taxpayer reactions to the increased information are positive or negative, the greater publicity proposed in the Essay could have salutary effects, especially if it occurred in the context of a rational debate by elected officials about tax policy (instead of the current inflammatory rhetorical sound bites). On the one hand, if taxpayers respond positively to publicity, compliance will increase. If they act negatively, and their hostility to taxes increase, at least the publicity will arm them with more precise information that will allow them to focus their objections to the income tax and thereby lobby more effectively for real tax reform.
48
Yaakov, Raphael A., Özgür Güler, Tim Mayhugh, and Thomas E. Serena. "Enhancing Patient Centricity and Advancing Innovation in Clinical Research with Virtual Randomized Clinical Trials (vRCTs)." Diagnostics 11, no. 2 (January 21, 2021): 151. http://dx.doi.org/10.3390/diagnostics11020151.
Full textAbstract:
The current public health crisis has highlighted the need to accelerate healthcare innovation. Despite unwavering levels of cooperation among academia, industry, and policy makers, it can still take years to bring a life-saving product to market. There are some obvious limitations, including lack of blinding or masking and small sample size, which render the results less applicable to the real world. Traditional randomized controlled trials (RCTs) are lengthy, expensive, and have a low success rate. There is a growing acknowledgement that the current process no longer fully meets the growing healthcare needs. Advances in technology coupled with proliferation of telehealth modalities, sensors, wearable and connected devices have paved the way for a new paradigm. Virtual randomized controlled trials (vRCTs) have the potential to drastically shorten the clinical trial cycle while maximizing patient-centricity, compliance, and recruitment. This new approach can inform clinical trials in real time and with a holistic view of a patient’s health. This paper provides an overview of virtual clinical trials, addressing critical issues, including regulatory compliance, data security, privacy, and ownership.
49
Ko, Hoon, Libor Mesicek, Jongsun Choi, Junho Choi, and Seogchan Hwang. "A Study on Secure Contents Strategies for Applications With DRM on Cloud Computing." International Journal of Cloud Applications and Computing 8, no. 1 (January 2018): 143–53. http://dx.doi.org/10.4018/ijcac.2018010107.
Full textAbstract:
Many hospitals have been built for people in silver age and these hospitals want to set various remote health care systems for the old people who are living in a place far from these hospitals. The systems processes are connected with each other and with networks as well. These systems handle many sensitive medical records and therefore the security of the health care systems has to be improved to protect these systems from cyber-attacks. Any penetration of these systems could cause serious privacy problem. To protect these systems security programs have to be used. Therefore, this paper suggests security policy compliance of medical contents which should be followed to improve level of security including DRM to protect against illegal alteration by an attacker.
50
Chiu, Dickson K. W., Yuexuan Wang, Patrick Hung, Vivying S. Y. Cheng, Kai-Kin Chan, Eleanna Kafeza, and Tung. "Governance of Cross-Organizational Healthcare Document Exchange through Watermarking Services and Alerts." International Journal of Systems and Service-Oriented Engineering 2, no. 4 (October 2011): 83–108. http://dx.doi.org/10.4018/jssoe.2011100105.
Full textAbstract:
There is an increasing demand for sharing documents for process integration among organizations. Web services technology has recently been widely proposed and gradually adopted as a platform for supporting such an integration. There are no holistic solutions thus far that are able to tackle the various protection issues, specifically regarding the security and privacy protection requirements in cross-organizational progress integration. This paper proposes the exchange of documents through a Document / Image Exchange Platform (DIEP), replacing traditional ad-hoc and manual exchange practices. The authors show how the contemporary technologies of Web services under a Service-Oriented Architecture (SOA), together with watermarking, can help protect document exchanges with layered implementation architecture. Furthermore, to facilitate governance and regulation compliance against protection policy violation attempts, the management and the affected parties are notified with alerts for warning and possible handling. The authors discuss the applicability of the proposed platform with a physician towards security and privacy protection requirements based on the Health Insurance Portability and Accountability Act (HIPAA) in the United States, which imposes national regulations to protect individuals’ healthcare information. The proposed approach aims at facilitating the whole governance process from technical to management level with a single unified platform.