Towards the Preservation of Privacy and Legal Compliance in Healthcare Systems
| dc.contributor.advisor | Annie Antón, Committee Chair | en_US |
| dc.contributor.advisor | Julia Earp, Committee Member | en_US |
| dc.contributor.advisor | Ting Yu, Committee Member | en_US |
| dc.contributor.author | Vail, Matthew | en_US |
| dc.date.accessioned | 2010-04-02T18:14:53Z | |
| dc.date.available | 2010-04-02T18:14:53Z | |
| dc.date.issued | 2006-05-04 | en_US |
| dc.degree.discipline | Computer Science | en_US |
| dc.degree.level | thesis | en_US |
| dc.degree.name | MS | en_US |
| dc.description.abstract | Given the introduction of United States legislation that governs the collection, use, and disclosure of sensitive patient information, there is a need for mechanisms to preserve the privacy of sensitive information in software systems and to ensure these systems comply with law. One such piece of legislation is the Health and Human Services' (HHS) Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The introductions of such legislation poses many challenges to organizations seeking to comply with the law, and thereby avoid severe penalties. A study was conduct by Antón et. al, prior to the enactment of the HIPAA (pre-HIPAA), to examine the content of online privacy policies. This thesis expounds upon this work by replicating the analysis, after the enactment of the HIPAA (post-HIPAA), in order to evaluate the evolution of privacy policies in the presence of legislation. We discovered that since the introduction of HIPAA, the privacy policies of healthcare organizations have evolved significantly. One of the most noteworthy discoveries made during this post-HIPAA study was the lack of clarity and readability of healthcare enterprises' privacy policies. To address the need for more clear and concise privacy policies, we conducted an experiment using an empirical survey instrument that we developed to investigate user perception and comprehension of alternatives to natural language privacy policies. Some of the more compelling observations we made were: • Users felt more secure and protected by natural language privacy policies. • Users comprehend alternatives to natural language policies better than the original natural language privacy policies. • User perception and comprehension of privacy policies are not in alignment with one another. • Human Computer Interaction (HCI) factors play a significant role in the perception and comprehension of privacy policies. In addition to evaluating how privacy policies evolve with the introduction of legislation, we attempted to explore whether organizations were actually in compliance with legislation. We developed a methodology for extracting rights and obligations from regulatory texts in order to determine stakeholder obligations. This information can be used to perform a comparative analysis by the organization to ensure compliance, or by external parties to detect potential non-compliance. | en_US |
| dc.identifier.other | etd-03202006-200041 | en_US |
| dc.identifier.uri | http://www.lib.ncsu.edu/resolver/1840.16/2534 | |
| dc.rights | I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. | en_US |
| dc.subject | compliance | en_US |
| dc.subject | law | en_US |
| dc.subject | legal | en_US |
| dc.subject | privacy | en_US |
| dc.subject | healthcare | en_US |
| dc.subject | HIPAA | en_US |
| dc.title | Towards the Preservation of Privacy and Legal Compliance in Healthcare Systems | en_US |
Files
Original bundle
1 - 1 of 1
