*_Notice and Invitation_*
Oral Defense of Doctoral Dissertation
The Volgenau School of Engineering, George Mason University

Ahmed A. Al-Faresi
Bachelor of Science, Seattle University, 2002
Master of Science, Oregon State University, 2005

*Risk-based Models for Managing Data Privacy in Healthcare *

Thursday, December 8, 2011, 1:00pm -- 3:00pm
Engineering Bldg., Room 3507
All are invited to attend.

Duminda Wijesekera, Chair
Edgar H. Sibley
Paulo Cesar G. Costa
Jeremy E. Allnutt


Current research in health care lacks a systematic investigation to 
identify and classify various sources of threats to information privacy 
when sharing health data. Identifying and classifying such threats would 
enable the development of effective information security risk monitoring 
and management policies. In this research I put the first step towards 
identifying and classifying privacy threats from a selection of health 
data exchange scenarios. Specifically I investigate data sharing 
scenarios that occur within a health care organization, between a health 
organization and a research group, and between patients and online 
social networks. I first derive the privacy requirements from 
legislative laws for protecting patient privacy in the U.S., namely the 
Health Insurance Portability and Accountability Act (HIPAA). Using the 
derived requirements I develop methods to enforce them in the data 
sharing scenarios specified. I use risk modeling to quantify the privacy 
threat in each sharing scenario and I incorporate that risk intelligence 
to develop security solutions to counteract the vulnerabilities found.

A copy of this doctoral dissertation is on reserve at the Johnson Center