Related papers: A Comparative Audit of Privacy Policies from Healthcare Organizations in USA, UK and India

A Comparative Audit of Privacy Policies from Healthcare Organizations in USA, UK and India

URL: http://arxiv.org/abs/2306.11557v1
Date: Tue, 20 Jun 2023 14:21:37 GMT
Title: A Comparative Audit of Privacy Policies from Healthcare Organizations in USA, UK and India
Authors: Gunjan Balde, Aryendra Singh, Niloy Ganguly, Mainack Mondal
Abstract summary: This paper presents a large-scale data-driven study to audit privacy policies from healthcare organizations in USA, UK, and India. First, we collected the privacy policies of thousands of healthcare organizations in these countries and cleaned this privacy policy data using a clustering-based mixed-method technique. Second, we adopted a summarization-based technique to uncover exact broad data practices across countries and notice important differences.
Score: 19.45392112573428
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Data privacy in healthcare is of paramount importance (and thus regulated using laws like HIPAA) due to the highly sensitive nature of patient data. To that end, healthcare organizations mention how they collect/process/store/share this data (i.e., data practices) via their privacy policies. Thus there is a need to audit these policies and check compliance with respective laws. This paper addresses this need and presents a large-scale data-driven study to audit privacy policies from healthcare organizations in three countries -- USA, UK, and India. We developed a three-stage novel \textit{workflow} for our audit. First, we collected the privacy policies of thousands of healthcare organizations in these countries and cleaned this privacy policy data using a clustering-based mixed-method technique. We identified data practices regarding users' private medical data (medical history) and site privacy (cookie, logs) in these policies. Second, we adopted a summarization-based technique to uncover exact broad data practices across countries and notice important differences. Finally, we evaluated the cross-country data practices using the lens of legal compliance (with legal expert feedback) and grounded in the theory of Contextual Integrity (CI). Alarmingly, we identified six themes of non-alignment (observed in 21.8\% of data practices studied in India) pointed out by our legal experts. Furthermore, there are four \textit{potential violations} according to case verdicts from Indian Courts as pointed out by our legal experts. We conclude this paper by discussing the utility of our auditing workflow and the implication of our findings for different stakeholders.

Related papers

S3PHER: Secure and Searchable System for Patient-driven HEalth data shaRing [0.0]
Current systems for sharing health data between patients and caregivers do not fully address the critical security requirements of privacy, confidentiality, and consent management. We present S3PHER, a novel approach to sharing health data that provides patients with control over who accesses their data, what data is accessed, and when.
arXiv Detail & Related papers (2024-04-17T13:31:50Z)
Legally Binding but Unfair? Towards Assessing Fairness of Privacy Policies [0.0]
Privacy policies are expected to inform data subjects about their data protection rights and explain data management practices. This implies that a privacy policy is written in a fair way, e.g., it does not use polarizing terms, does not require a certain education, or does not assume a particular social background. We identify from fundamental legal sources and fairness research, how the dimensions informational fairness, representational fairness and ethics / morality are related to privacy policies. We propose options to automatically assess policies in these fairness dimensions, based on text statistics, linguistic methods and artificial intelligence.
arXiv Detail & Related papers (2024-03-12T22:53:32Z)
SoK: The Gap Between Data Rights Ideals and Reality [46.14715472341707]
Do rights-based privacy laws effectively empower individuals over their data? This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
arXiv Detail & Related papers (2023-12-03T21:52:51Z)
The Design and Implementation of a National AI Platform for Public Healthcare in Italy: Implications for Semantics and Interoperability [62.997667081978825]
The Italian National Health Service is adopting Artificial Intelligence through its technical agencies. Such a vast programme requires special care in formalising the knowledge domain. Questions have been raised about the impact that AI could have on patients, practitioners, and health systems.
arXiv Detail & Related papers (2023-04-24T08:00:02Z)
DeID-GPT: Zero-shot Medical Text De-Identification by GPT-4 [80.36535668574804]
We develop a novel GPT4-enabled de-identification framework (DeID-GPT") Our developed DeID-GPT showed the highest accuracy and remarkable reliability in masking private information from the unstructured medical text. This study is one of the earliest to utilize ChatGPT and GPT-4 for medical text data processing and de-identification.
arXiv Detail & Related papers (2023-03-20T11:34:37Z)
PLUE: Language Understanding Evaluation Benchmark for Privacy Policies in English [77.79102359580702]
We introduce the Privacy Policy Language Understanding Evaluation benchmark, a multi-task benchmark for evaluating the privacy policy language understanding. We also collect a large corpus of privacy policies to enable privacy policy domain-specific language model pre-training. We demonstrate that domain-specific continual pre-training offers performance improvements across all tasks.
arXiv Detail & Related papers (2022-12-20T05:58:32Z)
Location Data and COVID-19 Contact Tracing: How Data Privacy Regulations and Cell Service Providers Work In Tandem [1.1470070927586016]
Cellphone Service Providers (CSPs) enable the spatial and temporal real-time user tracking. Three of the regulations analyzed analyzed defined mobile location data as private information. Two of the five CSPs that were analyzed did not comply with the COPPA regulation.
arXiv Detail & Related papers (2021-03-25T22:13:50Z)
Detecting Compliance of Privacy Policies with Data Protection Laws [0.0]
Privacy policies are often written in extensive legal jargon that is difficult to understand. We aim to bridge that gap by providing a framework that analyzes privacy policies in light of various data protection laws. By using such a tool, users would be better equipped to understand how their personal data is managed.
arXiv Detail & Related papers (2021-02-21T09:15:15Z)
Second layer data governance for permissioned blockchains: the privacy management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths. In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z)
A vision for global privacy bridges: Technical and legal measures for international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil" An open conflict is arising between business demands for data and a desire for privacy. We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.