Find us on
 |
 |
 |
 |
 |
Past Programs
 |
Keynote: Securing IT in Healthcare: Part III |
 |
Keynote: SITH3, Technology-Enabled Remote Monitoring and Support |
 |
Intersection of mHealth and Behavioral Health |
Newsletter
ISTS Information Pamphlet
Conference Information |
Keynote: "The ACO Model and Health Care Reform"
Presented by: Dr. Elliott Fisher, The Dartmouth Institute for Health Policy and Clinical Practice
Session 1: Security/usability of mobile, sensor and implantable technologies that monitor patient health
Moderated by: David Kotz
Panelists: Mustaque Ahamad, Tanzeem Choudhury, Sunny Consolvo, and Carl Gunter
There is potential for mobile computing and communications technologies -- “mHealth” technologies -- to improve quality of healthcare and to improve quality of life, but they also generate new security and privacy issues. For example, millions of patients benefit from programmable, implantable medical devices (IMDs) that treat chronic ailments such as cardiac arrhythmia, diabetes, and Parkinson's disease with various combinations of electrical therapy and drug infusion. Similarly, body-area networks of wearable sensors can collect continuous data about both physiological and activity data, providing the person detailed information about their health in support of various wellness applications. IMDs and wearable sensors rely on radio communication--- exposing these devices not only to safety and effectiveness risks, but also to security and privacy risks. In addition, exciting new persuasive technologies that use sensing (and sometimes activity inference) to help people self-manage aspects of their health (physical activity, nutrition, weight, sleep) increasingly are being used. However, the privacy and security implications of these devices and services are unclear—especially given that private details about one’s health and potentially mental state as well are being archived, often by providers who do not have to abide by HIPAA. How can we develop usable devices that respect patient privacy while also retaining the data quality, transmissibility and accessibility required for the health-related uses of the data?
Session 2: Security/usability of electronic health records (EHRs)
Moderated by: Sean Smith
Panelists: Doug Blough, Mark Frisse, Andrew Gettinger, and Avi Rubin
Advocates of electronic health records (EHRs) tout features such as easily sharing information between and among providers, patients and families. One necessary factor for achieving this vision is that EHR systems provide sufficient security for the information and processes involved. However, another factor, just as important, is that EHRs (with these security features) are actually usable by the practitioners, patients, managers, and other stakeholders involved – if people can't use it (or can't use it correctly), then the security (and perhaps the EHR itself) doesn't matter.
What does security MEAN in EHR? Does the traditional C-I-A rubric apply, or do we need to change priorities or add new items? Is policy as static as in traditional views of infosec? What about the costs of making the wrong security decision?
Do the security technologists really understand the domain problem – and if not, what can we do to improve communication channels? (One study of computerized HR criticized it for being designed for accountants, not for medical clinicians. The JAMA had a fascinating article on a computerized prescription-dispensing system which seemed like a great idea in the lab but failed in real medical settings; we all hear stories of enterprises with passwords written under keyboards, because that's how the end users tune the security system to make it usable. How can we avoid these problems?)
A range of EHR models are being considered (e.g., Personally Controlled Health Records from major companies such as Google, Microsoft and Walmart, versus provider-centric electronic medical records, versus hybrid systems). How does the choice of model affect security and usability?
Similarly, a range of technology solutions are being proposed (such as mobile and wireless devices exploiting Automated Identification and Data Capture and radio-frequency identification). How do these choices affect the picture?
Session 3: HIT Security and Privacy: Understanding the clinical context and stakeholder perceptions
Moderated by: Denise Anthony
Panelists: Khaled El Emam, Ross Koppel, and Helen Nissenbaum
IT not adequately designed for or implemented in the specific clinical context of its multiple users and stakeholders may be not only ineffective, but can cause unintended errors and create security and privacy risks. Indeed, concerns about security and privacy are among key barriers to the adoption and use of IT in healthcare. Despite significant technological advances in HIT there is still too little understanding of the practices and concerns of various stakeholders, or of the specific clinical contexts in which HIT is used. This panel will discuss the clinical context of use and perceptions of stakeholders, and describe the implications of both for securing health information, as well as for the successful development, deployment and use of HIT overall.
This workshop is hosted by the Institute for Security, Technology, and Society (ISTS) at Dartmouth College.
The Institute for Security, Technology, and Society (ISTS) at Dartmouth College is dedicated to pursuing research and education to advance information security and privacy throughout society.
ISTS engages in interdisciplinary research, education and outreach programs that focus on information technology (IT) and its role in society, particularly the impact of IT in security and privacy broadly conceived. ISTS nurtures leaders and scholars, educates students and the community, and collaborates with its partners to develop and deploy IT, and to better understand how IT relates to socio-economic forces, cultural values and political influences. ISTS research improves our ability to:
The Institute manages the Trustworthy Information Systems for Healthcare (TISH) project funded by the National Science Foundation. Dartmouth's press release on the award is available here.
