Given the introduction of United States legislation that governs the collection, use, and disclosure of sensitive patient information, there is a need for mechanisms to preserve the privacy of sensitive information in software systems and to ensure these systems comply with law.One such piece of legislation is the Health and Human Services' (HHS) Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.The introductions of such legislation poses many challenges to organizations seeking to comply with the law, and thereby avoid severe penalties.A study was conduct by Antón et. al, prior to the enactment of the HIPAA (pre-HIPAA), to examine the content of online privacy policies.This thesis expounds upon this work by replicating the analysis, after the enactment of the HIPAA (post-HIPAA), in order to evaluate the evolution of privacy policies in the presence of legislation.We discovered that since the introduction of HIPAA, the privacy policies of healthcare organizations have evolved significantly.One of the most noteworthy discoveries made during this post-HIPAA study was the lack of clarity and readability of healthcare enterprises' privacy policies.To address the need for more clear and concise privacy policies, we conducted an experiment using an empirical survey instrument that we developed to investigate user perception and comprehension of alternatives to natural language privacy policies.Some of the more compelling observations we made were:•Users felt more secure and protected by natural language privacy policies.•Users comprehend alternatives to natural language policies better than the original natural language privacy policies.•User perception and comprehension of privacy policies are not in alignment with one another.•Human Computer Interaction (HCI) factors play a significant role in the perception and comprehension of privacy policies.In addition to evaluating how privacy policies evolve with the introduction of legislation, we attempted to explore whether organizations were actually in compliance with legislation.We developed a methodology for extracting rights and obligations from regulatory texts in order to determine stakeholder obligations.This information can be used to perform a comparative analysis by the organization to ensure compliance, or by external parties to detect potential non-compliance.
【 预 览 】
附件列表
Files
Size
Format
View
Towards the Preservation of Privacy and Legal Compliance in Healthcare Systems
PDF
download
878987797
028-85220240
