An activity theory approach to leak detection and mitigation in patient health information (Phi)

Rohit Valecha; Shambhu Upadhyaya; H. Raghav Rao

doi:10.17705/1jais.00687

An activity theory approach to leak detection and mitigation in patient health information (Phi)

University of Texas at San Antonio

Research output: Contribution to journal › Article › peer-review

12 Scopus citations

Abstract

The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.

Original language	English
Pages (from-to)	1007-1036
Number of pages	30
Journal	Journal of the Association for Information Systems
Volume	22
Issue number	4
DOIs	https://doi.org/10.17705/1jais.00687
State	Published - 2021

Keywords

Access Control Model
Activity Theory
Crisis Management
Design Science
Patient Health Information (PHI)
PHI Leak Detection and Mitigation

Access to Document

10.17705/1jais.00687

Cite this

@article{98f861084ba5456d8354c63a42ebc5c5,

title = "An activity theory approach to leak detection and mitigation in patient health information (Phi)",

abstract = "The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals{\textquoteright} identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.",

keywords = "Access Control Model, Activity Theory, Crisis Management, Design Science, Patient Health Information (PHI), PHI Leak Detection and Mitigation",

author = "Rohit Valecha and Shambhu Upadhyaya and \{Raghav Rao\}, H.",

note = "Publisher Copyright: {\textcopyright} 2021 by the Association for Information Systems.",

year = "2021",

doi = "10.17705/1jais.00687",

language = "English",

volume = "22",

pages = "1007--1036",

journal = "Journal of the Association for Information Systems",

issn = "1536-9323",

publisher = "Association for Information Systems",

number = "4",

}

TY - JOUR

T1 - An activity theory approach to leak detection and mitigation in patient health information (Phi)

AU - Valecha, Rohit

AU - Upadhyaya, Shambhu

AU - Raghav Rao, H.

PY - 2021

Y1 - 2021

N2 - The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.

AB - The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.

KW - Access Control Model

KW - Activity Theory

KW - Crisis Management

KW - Design Science

KW - Patient Health Information (PHI)

KW - PHI Leak Detection and Mitigation

UR - https://www.scopus.com/pages/publications/85111053568

U2 - 10.17705/1jais.00687

DO - 10.17705/1jais.00687

M3 - Article

AN - SCOPUS:85111053568

SN - 1536-9323

VL - 22

SP - 1007

EP - 1036

JO - Journal of the Association for Information Systems

JF - Journal of the Association for Information Systems

IS - 4

ER -

An activity theory approach to leak detection and mitigation in patient health information (Phi)

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this