An Activity Theory Approach to Leak Detection and Mitigation in Patient Health Information (PHI)

Author
Rohit Valecha
Shambhu Upadhyaya
H. Rao
Abstract

The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.

Year of Publication
2021
Journal
Journal of the Association for Information Systems
Volume
22
Start Page
1007
Issue
4
Number of Pages
30
Date Published
01
ISSN Number
1536-9323
URL
https://par.nsf.gov/biblio/10356072
DOI
10.17705/1jais.00687
Google Scholar | BibTeX | DOI