The implications of the California Consumer Privacy Act (CCPA) on healthcare organizations: Lessons learned from early compliance experiences

Mulgund, Pavankumar; Mulgund, Banashri Pavankumar; Sharman, Raj; Singh, Raghvendra K.

doi:10.1016/j.hlpt.2021.100543

Cited by 24 publications

(12 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Different laws define categories differently. For example, what is considered “sensitive” data under the California Consumer Privacy Act and California Privacy Rights Act might be different from what is considered “special category” data under the European Union’s General Data Protection Regulation or considered “personal health information” under HIPAA [ 47 ]. In setting up the research design, the research team may need to enlist institutional or external expertise to help understand and comply with these statutes.…”

Section: The Ethics Checklist In Actionmentioning

confidence: 99%

An Ethics Checklist for Digital Health Research in Psychiatry: Viewpoint

Shen¹,

Silverman²,

Monette³

et al. 2022

J Med Internet Res

View full text Add to dashboard Cite

Background Psychiatry has long needed a better and more scalable way to capture the dynamics of behavior and its disturbances, quantitatively across multiple data channels, at high temporal resolution in real time. By combining 24/7 data—on location, movement, email and text communications, and social media—with brain scans, genetics, genomics, neuropsychological batteries, and clinical interviews, researchers will have an unprecedented amount of objective, individual-level data. Analyzing these data with ever-evolving artificial intelligence could one day include bringing interventions to patients where they are in the real world in a convenient, efficient, effective, and timely way. Yet, the road to this innovative future is fraught with ethical dilemmas as well as ethical, legal, and social implications (ELSI). Objective The goal of the Ethics Checklist is to promote careful design and execution of research. It is not meant to mandate particular research designs; indeed, at this early stage and without consensus guidance, there are a range of reasonable choices researchers may make. However, the checklist is meant to make those ethical choices explicit, and to require researchers to give reasons for their decisions related to ELSI issues. The Ethics Checklist is primarily focused on procedural safeguards, such as consulting with experts outside the research group and documenting standard operating procedures for clearly actionable data (eg, expressed suicidality) within written research protocols. Methods We explored the ELSI of digital health research in psychiatry, with a particular focus on what we label “deep phenotyping” psychiatric research, which combines the potential for virtually boundless data collection and increasingly sophisticated techniques to analyze those data. We convened an interdisciplinary expert stakeholder workshop in May 2020, and this checklist emerges out of that dialogue. Results Consistent with recent ELSI analyses, we find that existing ethical guidance and legal regulations are not sufficient for deep phenotyping research in psychiatry. At present, there are regulatory gaps, inconsistencies across research teams in ethics protocols, and a lack of consensus among institutional review boards on when and how deep phenotyping research should proceed. We thus developed a new instrument, an Ethics Checklist for Digital Health Research in Psychiatry (“the Ethics Checklist”). The Ethics Checklist is composed of 20 key questions, subdivided into 6 interrelated domains: (1) informed consent; (2) equity, diversity, and access; (3) privacy and partnerships; (4) regulation and law; (5) return of results; and (6) duty to warn and duty to report. Conclusions Deep phenotyping research offers a vision for vastly more effective care for people with, or at risk for, psychiatric disease. The potential perils en route to realizing this vision are significant; however, and researchers must be willing to address the questions in the Ethics Checklist before embarking on each leg of the journey.

show abstract

Section: The Ethics Checklist In Actionmentioning

confidence: 99%

An Ethics Checklist for Digital Health Research in Psychiatry: Viewpoint

Shen¹,

Silverman²,

Monette³

et al. 2022

J Med Internet Res

View full text Add to dashboard Cite

show abstract

“…Some aspects may have affected organizations ' LGPD requirement specification in the Brazilian environment. Moreover, The California Consumer Privacy Act (CCPA) [35], a digital privacy regulation that offers consumers more control over their online personal information, was approved by California lawmakers in 2018. In the United States, the CCPA is a major rule that regulates how technology firms acquire and use data.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Alkubaisy

Piras

Al-Obeidallah

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts 1 .

show abstract

“…The participants highlighted the three aspects of big data management that were subject to regulatory compliance, namely data collection, data injection, and secondary use. From the telecommunication providers' perspectives, the challenge is whether they can provide an adequate level of data security and privacy that meets business needs and profits while adhering to the law, making them especially vulnerable to data breaches [22]. Therefore, the security and privacy of big data must be addressed not just in terms of static regulatory requirements, but also in terms of developing best practices for the industry [23].…”

Section: Technological Challengesmentioning

confidence: 99%

Security and Privacy Challenges of Big Data Adoption: A Qualitative Study in Telecommunication Industry

Anawar

Othman²,

Selamat³

et al. 2022

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

The telecommunication industry is the leading industry in big data trends as this industry has the most capable infrastructure for big data. However, the adoption of big data in telecommunication services also raises important security and privacy challenges due to the high volume, velocity, and variety of big data characteristics. To address the issue, this study shed light on the security and privacy challenges of big data adoption in the telecommunication industry. This study focuses on investigating the security and privacy challenges for data users in telecommunication services from the lens of the TOE framework and examines the mitigation strategies to address the privacy and security challenges. This study is conducted using qualitative methodology. From the perspectives of data users (telecommunication providers), it could be concluded that data management, data privacy, data compliance, and regulatory orchestration challenges are the most pressing concerns in big data adoption. This study offers contributions in presenting a thematic classification of security and privacy challenges and their mitigation strategies for big data adoption in the telecommunication industry. The thematic classification highlights potential gaps for future research in the big data security domain. This study is significant in that it provides empirical evidence for the perspectives of telecommunication data users in addressing privacy and security issues that are related to big data adoption.

show abstract

The implications of the California Consumer Privacy Act (CCPA) on healthcare organizations: Lessons learned from early compliance experiences

Cited by 24 publications

References 11 publications

An Ethics Checklist for Digital Health Research in Psychiatry: Viewpoint

An Ethics Checklist for Digital Health Research in Psychiatry: Viewpoint

A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Security and Privacy Challenges of Big Data Adoption: A Qualitative Study in Telecommunication Industry

Contact Info

Product

Resources

About