Analysis of An Online Health Social Network. Ma, Chen, G., & Xiao, J. 1st ACM International Health Informatics Symposium.
Analysis of An Online Health Social Network [pdf]Website  abstract   bibtex   
In recent years, there has been growing demand by patients for access to their own health information via tools like Personal Health Records [1]. The Markle Foundation [2] defines the Personal Health Record (PHR) as an electronic application through which individuals can access, manage and share their health information in a secure and confidential environment. PHRs are emerging and consolidating as an effective tool for patients to maintain their own health-related information. Healthcare Organizations (HCOs) and e-health services covered by HIPAA face the problem of implementing effective and cost- efficient security and privacy policies, while constantly demonstrating compliance with HIPAA regulations. To this end, HCOs must implement system-wide policies, standards, guidelines and procedures for safeguarding the organization's information including Electronic Medical Records (EMR) and Electronic Health Records (EHR), in conjunction with HIPAA mandates [3]. Similar security and privacy issues also apply to PHRs, as patient information must be protected under HIPAA regulatory requirements. PHR applications were initially provided by single vendors as a module (with limited functionality) within a Hospital Information System (HIS). But with growing use of Web 2.0 technologies, PHRs have also evolved as web-based solutions provided by business parties, leveraging "anywhere anytime" accessibility made possible by the internet. Although business third parties providing PHR solutions are not subject to HIPAA regulations, nonetheless security and privacy for PHRs are critical issues - both for the patients using the PHR and for the providers themselves. In this context, this paper focuses on existing PHR applications and functions, classification of PHRs based on their business and technical environments, privacy features, privacy policies and coverage, and privacy policy notification issues. Furthermore, in order to verify privacy policy coverage and notifications offered by web-based PHRs, an evaluation of such privacy policies against already established and well-researched evaluation criteria was conducted.

Downloads: 0