Notice and Invitation
Oral Defense of Doctoral Dissertation
The Volgenau School of Engineering, George Mason University

Ahmed A. Al-Faresi
Bachelor of Science, Seattle University, 2002
Master of Science, Oregon State University, 2005

Risk-based Models for Managing Data Privacy in Healthcare

Thursday, December 8, 2011, 1:00pm – 3:00pm
Engineering Bldg., Room 3507
All are invited to attend.

Duminda Wijesekera, Chair
Edgar H. Sibley
Paulo Cesar G. Costa
Jeremy E. Allnutt


Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step towards identifying and classifying privacy threats from a selection of health data exchange scenarios. Specifically I investigate data sharing scenarios that occur within a health care organization, between a health organization and a research group, and between patients and online social networks. I first derive the privacy requirements from legislative laws for protecting patient privacy in the U.S., namely the Health Insurance Portability and Accountability Act (HIPAA). Using the derived requirements I develop methods to enforce them in the data sharing scenarios specified. I use risk modeling to quantify the privacy threat in each sharing scenario and I incorporate that risk intelligence to develop security solutions to counteract the vulnerabilities found.



A copy of this doctoral dissertation is on reserve at the Johnson Center Library.