A recent ComputerWorld article discusses the outcome of an audit of a US Hospital and the implications this might have in the Health Care industry: “An audit of Atlanta’s Piedmont Hospital that was quietly initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of further enforcement actions related to the federal HIPAA law’s data security requirements …”.
Not a surprise … I have always supported the notion that when dealing with personal data, proper privacy policy enforcement must be in place. However, I don’t believe this can just be addressed with data encryption and/or traditional security mechanisms. When dealing with personal data in organisations, it is important to keep into account basic privacy principles, such as users’ consent, clearly state purposes for collecting data, enforce related constraints at the access time and fulfil any pending obligation. Privacy-aware access control and privacy-aware identity lifecycle management are key requirements.
Two HP Labs’ R&D projects have been focusing on this space for a while and suggest approaches and solutions to deal with (some) related issues:
Privacy-aware Access Control
Privacy-aware Identity Lifecycle Management
I am interested in exploring opportunities for technology trials in this space and/or getting further input/requirements/feedback from the field.
No comments:
Post a Comment