Your browser doesn't support javascript.
loading
Mostrar: 20 | 50 | 100
Resultados 1 - 20 de 780
Filtrar
2.
Am J Nurs ; 120(4): 19-20, 2020 04.
Artigo em Inglês | MEDLINE | ID: mdl-32218037

RESUMO

Partnerships between tech companies and health systems challenge privacy expectations and laws.


Assuntos
Confidencialidade/normas , Registros de Saúde Pessoal/ética , Privacidade/legislação & jurisprudência , Confidencialidade/legislação & jurisprudência , Humanos , Governo Estadual
3.
PLoS One ; 15(2): e0228439, 2020.
Artigo em Inglês | MEDLINE | ID: mdl-32027693

RESUMO

In recent years, the number of vulnerabilities discovered and publicly disclosed has shown a sharp upward trend. However, the value of exploitation of vulnerabilities varies for attackers, considering that only a small fraction of vulnerabilities are exploited. Therefore, the realization of quick exclusion of the non-exploitable vulnerabilities and optimal patch prioritization on limited resources has become imperative for organizations. Recent works using machine learning techniques predict exploited vulnerabilities by extracting features from open-source intelligence (OSINT). However, in the face of explosive growth of vulnerability information, there is room for improvement in the application of past methods to multiple threat intelligence. A more general method is needed to deal with various threat intelligence sources. Moreover, in previous methods, traditional text processing methods were used to deal with vulnerability related descriptions, which only grasped the static statistical characteristics but ignored the context and the meaning of the words of the text. To address these challenges, we propose an exploit prediction model, which is based on a combination of fastText and LightGBM algorithm and called fastEmbed. We replicate key portions of the state-of-the-art work of exploit prediction and use them as benchmark models. Our model outperforms the baseline model whether in terms of the generalization ability or the prediction ability without temporal intermixing with an average overall improvement of 6.283% by learning the embedding of vulnerability-related text on extremely imbalanced data sets. Besides, in terms of predicting the exploits in the wild, our model also outperforms the baseline model with an F1 measure of 0.586 on the minority class (33.577% improvement over the work using features from darkweb/deepweb). The results demonstrate that the model can improve the ability to describe the exploitability of vulnerabilities and predict exploits in the wild effectively.


Assuntos
Algoritmos , Segurança Computacional/normas , Aprendizado de Máquina , Segurança Computacional/estatística & dados numéricos , Confidencialidade/normas , Coleta de Dados/normas , Previsões , Sistemas de Informação/normas , Estudo de Prova de Conceito , Assunção de Riscos
5.
PLoS One ; 15(2): e0228418, 2020.
Artigo em Inglês | MEDLINE | ID: mdl-32012189

RESUMO

As eBook readers have expanded on the market, various online eBook markets have arisen as well. Currently, the online eBook market consists of at least publishers and online platform providers and authors, and these actors inevitably incur intermediate costs between them. In this paper, we introduce a blockchain-based eBook market system that enables self-published eBook trading and direct payments from readers to authors without any trusted party; because authors publish themselves and readers purchase directly from authors, neither actor incurs any intermediate costs. However, because of this trustless environment, the validity, ownership and intellectual property of digital contents cannot be verified and protected, and the safety of purchase transactions cannot be ensured. To address these shortcomings, we propose a secure and reliable eBook transaction system that satisfies the following security requirements: (1) verification of the ownership of each eBook, (2) confidentiality of eBook contents, (3) authorization of a right to read a book, (4) authentication of a legitimate purchaser, (5) verification of the validity and integrity of eBook contents, (6) safety of direct purchase transactions, and (7) preventing eBook piracy and illegal distribution. We provide practical cryptographic protocols for the proposed system and analyze the security and simulated performance of the proposed schemes.


Assuntos
Blockchain/estatística & dados numéricos , Livros , Segurança Computacional , Confidencialidade/normas , Internet/normas , Editoração/economia , Editoração/normas , Algoritmos , Humanos
6.
PLoS One ; 15(2): e0228495, 2020.
Artigo em Inglês | MEDLINE | ID: mdl-32074113

RESUMO

Our objective was to quantify the impact on the use of zolpidem of the obligation implemented in France in 2017 to use secure prescription pads to prescribe it. We conducted a cohort study within the French SNDS healthcare database. Patients aged over 18 years of age were considered for inclusion. The number of prevalent users and incident episodes of zolpidem use were compared before the change in law (July 1, 2016 to January 1, 2017) and after (July 1, 2017 to January 1, 2018). A prevalent user was a patient who has been reimbursed for zolpidem at least once. An incident episode of zolpidem use was defined by a first administration of zolpidem without any prior administration within the previous six months. Regarding prevalence of zolpidem users, we observed a decrease from 2.79% (CI95%:2.75-2.83) to 1.48% (1.44-1.51), with a number of patients who stopped taking it after the change in law being approximately 4.3 times higher than the number of patients who started. We observed a negative association between the post-law change period (OR = 0.52 (0.51-0.53)) and the probability of receiving zolpidem, adjusting for sex, aging, low income and chronic disease. We observed a decrease from 183 treatment episodes per 100,000 insured months on average to 79 episodes per 100,000 insured months, with an incidence rate ratio (IRR) equal to 0.43 (0.38-0.49). The use of secure prescription pads seems to have reduced the exposure of the French population to zolpidem.


Assuntos
Implementação de Plano de Saúde , Padrões de Prática Médica/estatística & dados numéricos , Programas de Monitoramento de Prescrição de Medicamentos , Medidas de Segurança , Transtornos Relacionados ao Uso de Substâncias/prevenção & controle , Zolpidem/uso terapêutico , Adulto , Idoso , Estudos de Coortes , Confidencialidade/legislação & jurisprudência , Confidencialidade/normas , Bases de Dados Factuais , Registros Eletrônicos de Saúde/estatística & dados numéricos , Feminino , França/epidemiologia , Implementação de Plano de Saúde/legislação & jurisprudência , Implementação de Plano de Saúde/normas , Humanos , Hipnóticos e Sedativos/uso terapêutico , Masculino , Pessoa de Meia-Idade , Padrões de Prática Médica/legislação & jurisprudência , Padrões de Prática Médica/normas , Padrões de Prática Médica/tendências , Programas de Monitoramento de Prescrição de Medicamentos/legislação & jurisprudência , Programas de Monitoramento de Prescrição de Medicamentos/organização & administração , Programas de Monitoramento de Prescrição de Medicamentos/normas , Prescrições/normas , Prescrições/estatística & dados numéricos , Prevalência , Vigilância de Produtos Comercializados/métodos , Vigilância de Produtos Comercializados/normas , Medidas de Segurança/legislação & jurisprudência , Medidas de Segurança/normas , Transtornos Relacionados ao Uso de Substâncias/epidemiologia , Fatores de Tempo
8.
Int J Health Geogr ; 18(1): 30, 2019 12 21.
Artigo em Inglês | MEDLINE | ID: mdl-31864350

RESUMO

BACKGROUND: The utility of being able to spatially analyze health care data in near-real time is a growing need. However, this potential is often limited by the level of in-house geospatial expertise. One solution is to form collaborative partnerships between the health and geoscience sectors. A challenge in achieving this is how to share data outside of a host institution's protection protocols without violating patient confidentiality, and while still maintaining locational geographic integrity. Geomasking techniques have been previously championed as a solution, though these still largely remain an unavailable option to institutions with limited geospatial expertise. This paper elaborates on the design, implementation, and testing of a new geomasking tool Privy, which is designed to be a simple yet efficient mechanism for health practitioners to share health data with geospatial scientists while maintaining an acceptable level of confidentiality. The basic premise of Privy is to move the important coordinates to a different geography, perform the analysis, and then return the resulting hotspot outputs to the original landscape. RESULTS: We show that by transporting coordinates through a combination of random translations and rotations, Privy is able to preserve location connectivity among spatial point data. Our experiments with typical analytical scenarios including spatial point pattern analysis and density analysis shows that, along with protecting spatial privacy, Privy maintains the spatial integrity of data which reduces information loss created due to data augmentation. CONCLUSION: The results from this study suggests that along with developing new mathematical techniques to augment geospatial health data for preserving confidentiality, simple yet efficient software solutions can be developed to enable collaborative research among custodians of medical and health data records and GIS experts. We have achieved this by developing Privy, a tool which is already being used in real-world situations to address the spatial confidentiality dilemma.


Assuntos
Confidencialidade/normas , Registros Eletrônicos de Saúde/normas , Sistemas de Informação Geográfica/normas , Disseminação de Informação , Análise Espacial , Humanos , Disseminação de Informação/métodos
9.
Artigo em Inglês | MEDLINE | ID: mdl-31731730

RESUMO

Patient data or information collected from public health and health care surveys are of great research value. Usually, the data contain sensitive personal information. Doctors, nurses, or researchers in the public health and health care sector do not analyze the available datasets or survey data on their own, and may outsource the tasks to third parties. Even though all identifiers such as names and ID card numbers are removed, there may still be some occasions in which an individual can be re-identified via the demographic or particular information provided in the datasets. Such data privacy issues can become an obstacle in health-related research. Statistical disclosure control (SDC) is a useful technique used to resolve this problem by masking and designing released data based on the original data. Whilst ensuring the released data can satisfy the needs of researchers for data analysis, there is high protection of the original data from disclosure. In this research, we discuss the statistical properties of two SDC methods: the General Additive Data Perturbation (GADP) method and the Gaussian Copula General Additive Data Perturbation (CGADP) method. An empirical study is provided to demonstrate how we can apply these two SDC methods in public health research.


Assuntos
Confidencialidade/normas , Interpretação Estatística de Dados , Saúde Pública , Projetos de Pesquisa , Pesquisa Empírica , Humanos
10.
East Mediterr Health J ; 25(9): 656-659, 2019 Oct 13.
Artigo em Inglês | MEDLINE | ID: mdl-31625591

RESUMO

Background: In countries that have not implemented Electronic Health Records (EHR) comprehensively, international organizations are important steps in the development of EHR. Aims: The objective of this study was to compare different dimensions of privacy in the EHR systems in terms of the following standards organizations: ASTM, Health Level Seven (HL7), and International Organization for Standardization (ISO), in order to create a security and privacy model for EHR. Methods: This study was done in two steps: 1) survey of standards organizations, and 2) compare standards in comparative tables. Results: Standards 12, 1 and 5 were extracted from the ASTM, HL7 and ISO respectively. Conclusions: Evidence shows that the goal of standards was to create EHR systems that identified not only the access level of users, but taking consent for reveal information of people and also approved data by authorized persons in a secure framework. In this regard, ASTM looks comprehensive for privacy issues, while ISO18308 focuses on security issues and data interoperability simultaneously, while Hl7 has emphasized access.


Assuntos
Segurança Computacional/normas , Confidencialidade/normas , Registros Eletrônicos de Saúde/normas , Nível Sete de Saúde/normas , Humanos , Consentimento Livre e Esclarecido/normas , Irã (Geográfico)
11.
J Med Syst ; 43(11): 324, 2019 Oct 16.
Artigo em Inglês | MEDLINE | ID: mdl-31620895

RESUMO

Real-time and ubiquitous patient monitoring demands the use of wireless data acquisition through resource constrained medical sensors, mostly configured with No-input No-output (NiNo) capabilities. Bluetooth is one of the most popular and widely adopted means of communicating this sensed information to a mobile terminal. However, over simplified implementations of Bluetooth low energy (BLE) protocol in eHealth sector is susceptible to several wireless attacks, in particular the Man-in-the-Middle (MITM) attack. The issue arises due to a lack of mutual authentication and integrity protection between the communicating devices, which may lead to compromise of confidentiality, availability and even the integrity of this safety-critical information. This research paper presents a novel framework named MARC to detect, analyze, and mitigate Bluetooth security flaws while focusing upon MITM attack against NiNo devices. For this purpose, a comprehensive solution has been proposed, which can detect MITM signatures based upon four novel anomaly detection metrics: analyzing Malicious scan requests, Advertisement intervals, RSSI levels, and Cloned node addresses. The proposed solution has been evaluated through practical implementation and demonstration of different attack scenarios, which show promising results concerning accurate and efficient detection of MITM attacks.


Assuntos
Redes de Comunicação de Computadores/organização & administração , Segurança Computacional/normas , Telemedicina/organização & administração , Tecnologia sem Fio/organização & administração , Redes de Comunicação de Computadores/normas , Confidencialidade/normas , Humanos , Telemedicina/normas , Tecnologia sem Fio/normas
12.
J Med Syst ; 43(11): 321, 2019 Oct 07.
Artigo em Inglês | MEDLINE | ID: mdl-31591653

RESUMO

The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.


Assuntos
Segurança Computacional/normas , Confidencialidade/normas , Telemedicina/métodos , Cartões Inteligentes de Saúde , Humanos , Sistemas de Informação/organização & administração , Internet das Coisas/organização & administração , Telemedicina/normas
13.
Am J Public Health ; 109(11): 1576-1579, 2019 11.
Artigo em Inglês | MEDLINE | ID: mdl-31536402

RESUMO

In November 2018, the Centers for Disease Control and Prevention distributed guidance to funded agencies under its Integrated HIV Surveillance and Prevention Programs Initiative to support the implementation of the program's third strategy: HIV transmission cluster investigation and outbreak response efforts. Cluster detection seeks to identify persons infected with HIV (diagnosed and undiagnosed) who are linked to infections in single or related sexual and injection drug networks. Identifying expanding clusters allows public health personnel to intervene directly where active HIV transmissions occur.However, in the context of HIV infection where most US states have enacted criminal exposure laws, these efforts have sparked concerns about the protection of HIV surveillance data from court order or subpoena for law enforcement purposes. The Centers for Disease Control and Prevention calls for funded agencies to evaluate relevant confidentiality laws to ensure that these are sufficient to protect the confidentiality of HIV surveillance data from use by law enforcement.We present four often overlooked factors about the criminalization of HIV exposure and HIV surveillance data protections that should be considered in statutory assessments.


Assuntos
Busca de Comunicante/legislação & jurisprudência , Infecções por HIV/epidemiologia , Infecções por HIV/transmissão , Centers for Disease Control and Prevention, U.S. , Confidencialidade/legislação & jurisprudência , Confidencialidade/normas , Direito Penal , Infecções por HIV/prevenção & controle , Humanos , Aplicação da Lei/ética , Política , Estados Unidos
14.
J Med Syst ; 43(10): 318, 2019 Sep 14.
Artigo em Inglês | MEDLINE | ID: mdl-31522286

RESUMO

Mobile Edge-Cloud Network is a new network structure after fog-cloud computing, where service and data computing are scattered in the most logical, nearby and efficient place. It provides better services than fog-cloud computing with better performance in reasonably low cost way and allows users to eliminate numerous limitations inherent in fog-cloud computing, although it inherits those security-privacy issues from fog-cloud computing. A novel privacy-preserving mutual authentication in TMIS for mobile Edge-Cloud architecture (abbreviated to NPMA) is constructed in this paper. NPMA scheme not only mitigates some weaknesses of fog-cloud computing, but has other advantages. First, NPMA scheme supports patients(edge-servers) anonymity and forward-backward untraceability (traceability, when needed), since their identities are hidden in two distinct dynamic anonyms and a static one and only the trusted center can recover their real identities, when needed. Second, each edge-server shares a secret value, which realizes authentication with extremely low computional cost in authentication phase. Finally, NPMA scheme is proven safely against passive and active attacks under elliptic curve computable Diffie-Hellman problem (ECDHP) assumption in random oracle model. Hence, it achieves the required security properties and outperforms prior approaches in terms of energy and computational costs.


Assuntos
Computação em Nuvem/normas , Segurança Computacional , Confidencialidade/normas , Telemedicina/organização & administração , Humanos , Telemedicina/normas
15.
Health Serv Res ; 54(5): 971-980, 2019 10.
Artigo em Inglês | MEDLINE | ID: mdl-31506956

RESUMO

OBJECTIVE: To estimate the relationship between breach remediation efforts and hospital care quality. DATA SOURCES: Department of Health and Human Services' (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. MATERIALS AND METHODS: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. STUDY DESIGN: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. PRINCIPAL FINDINGS: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. CONCLUSION: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.


Assuntos
Segurança Computacional/estatística & dados numéricos , Segurança Computacional/normas , Confidencialidade/normas , Registros Eletrônicos de Saúde/normas , Hospitais/normas , Medicare/normas , Qualidade da Assistência à Saúde/normas , Registros Eletrônicos de Saúde/estatística & dados numéricos , Hospitais/estatística & dados numéricos , Humanos , Medicare/estatística & dados numéricos , Qualidade da Assistência à Saúde/estatística & dados numéricos , Estados Unidos
17.
Nurse Res ; 27(1): 45-49, 2019 Mar 18.
Artigo em Inglês | MEDLINE | ID: mdl-31468836

RESUMO

BACKGROUND: The European Union's general data protection regulation (GDPR) came into effect in May 2018. It is intended to prevent the unwanted sharing of private data and it has significant implications for healthcare research. A well-established research methodology that GDPR is likely to affect is the retrospective reviewing of patients' data. This has been used widely in healthcare research and commonly involves examining patients' medical records. AIM: To examine GDPR and its potential effects on the use of patients' data in healthcare research. DISCUSSION: Previous misuse of patients' data has affected public confidence in healthcare research. GDPR is intended to improve the public's confidence in the handling of their data, but it may negatively impact healthcare research. Researchers who want to review patients' data will need to consider consent issues carefully. GDPR does include exceptions to the rules of consent, but there is uncertainty about this process. CONCLUSION: If GDPR results in stricter requirements to achieve patients' consent in research, the validity of some studies may be affected. Nurse researchers and organisations may need to consider innovative ways of engaging patients in research. IMPLICATIONS FOR PRACTICE: Research using patients' data has played an important role in shaping nursing and healthcare policy and practice. Imminent Europe-wide changes prompted by GDPR could affect how patients' data are used in research.


Assuntos
Segurança Computacional/normas , Confidencialidade/normas , Coleta de Dados/normas , Pesquisa sobre Serviços de Saúde/normas , Consentimento Livre e Esclarecido/normas , Registros Médicos/normas , Projetos de Pesquisa/normas , União Europeia , Guias como Assunto , Humanos , Estudos Retrospectivos
18.
Int J Equity Health ; 18(1): 112, 2019 07 23.
Artigo em Inglês | MEDLINE | ID: mdl-31337403

RESUMO

BACKGROUND: People's social and economic circumstances are important determinants of their health, health experiences, healthcare access, and healthcare outcomes. However, patients' socioeconomic circumstances are rarely asked about or documented in healthcare settings. We conducted a systematic review of published reasons for why patients' socioeconomic contexts (including education, employment, occupation, housing, income, or wealth) should, or should not, be enquired about. METHODS: Systematic review of literature published up to and including 2016. A structured literature search using databases of medicine and nursing (pubmed, embase, global health), ethics (Ethicsweb), social sciences (Web of Science), and psychology (PsychINFO) was followed by a 'snowball' search. Eligible publications contained one or more reasons for: asking patients about socioeconomic circumstances; collecting patients' socioeconomic information; 'screening' patients for adverse socioeconomic circumstances; or linking other sources of individual socioeconomic data to patients' healthcare records. Two authors conducted the screening: the first screened all references, the second author screened a 20% sample with inter-rater reliability statistically confirmed. 'Reason data' was extracted from eligible publications by two authors, then analysed and organised. RESULTS: We identified 138 eligible publications. Most offered reasons for why patients' should be asked about their socioeconomic circumstances. Reasons included potential improvements in: individual healthcare outcomes; healthcare service monitoring and provision; population health research and policies. Many authors also expressed concerns for improving equity in health. Eight publications suggested patients should not be asked about their socioeconomic circumstances, due to: potential harms; professional boundaries; and the information obtained being inaccurate or unnecessary. CONCLUSIONS: This first summary of literature on the subject found many published reasons for why patients' social and economic circumstances should be enquired about in healthcare settings. These reasons include potential benefits at the levels of individuals, health service provision, and population, as well as the potential to improve healthcare equity. Cautions and caveats include concerns about the clinician's role in responding to patients' social problems; the perceived importance of social health determinants compared with biomedical factors; the use of average population data from geographic areas to infer the socioeconomic experience of individuals. Actual evidence of outcomes is lacking: our review suggests hypotheses that can be tested in future research.


Assuntos
Confidencialidade/normas , Revelação/normas , Relações Profissional-Paciente/ética , Fatores Socioeconômicos , Assistência à Saúde/organização & administração , Serviços de Saúde , Acesso aos Serviços de Saúde/estatística & dados numéricos , Humanos , Reprodutibilidade dos Testes
SELEÇÃO DE REFERÊNCIAS
DETALHE DA PESQUISA