This course will cover topics in security and privacy of medical information. The course will discuss existing practices as well as recent research. Topics will include security and access control with respect to medical records (EPR, PHR), securing communication standards (HL7, DICOM), recent attacks on patient monitoring systems, security architectures for portable patient records, break the glass systems, privacy, anonymity and medical identity theft. Lectures will be based on recent research papers both in the security and medical community. Lectures will follow an online teaching format and will be delivered via Adobe Connect. The instructor will also be available for online office hours and discussions outside of class room hours.
There are no text books for this course. Lecture materials will be based of research papers which will be posted online.
Lecture slides can be found here
Assignments : 30%
Project : 30%
Participation : 40%
-- Discussion sessions
-- General Participation
Assignments are due at the beginning of class via email on the stated due date. Late submissions will not be accepted. No collaboration is allowed on assignments unless stated otherwise.
Assignment 1 is available here. It is due on 2/18/2010. The paper associated with this assignment can be found here.
Assignment 2 is available here. It is due on 3/9/2010.
Assignment 3 is available here. It is due on 4/27/2010.
Project description can be found here. Students may collaborate on the class project in groups of two to three students (project teams can be formed by the students choice). The code for the project may be downloaded from this link here. (Note that this version corresponds to version 10938 in the openmrs SVN repository).
Class participation in online class discussions is important for a sucessful online class experience and will provide students with a broader perspective of the topics being discussed. Class participation forms a significant part of the grade and is graded on the quality of discussion sessions and debates as well general participation in class.
Discussion sessions will be lead students. There will be approximately 6-7 such sessions during the semester. These discussion leads will be assigned by the instructor. During the discussion session the leads should identify 1-2 papers which are related to the unit assigned to that session and propose them to the instructor atleast a week in advance. The instructor may also assign papers to the discussion team. These papers will be posted on the website and the class is responsible for reading them before the session. The discussion leads will present the papers and related/prior work during part of the class and lead an active discussion pertaining to these papers. Creativity during these sessions is encouraged. Discussion notes should also be kept and sent to the instructor afterwords. Discussion sessions will be evaluated based on the following aspects:
--- Creativity in managing the discussion session
--- Quality of presentation
--- Participation of discussion leads
--- Effort in raising important and relevent discussion questions related to topic
--- Effective use of class time
--- Participation by class
--- Quality of notes maintained
Academic Integrity and Ethical behavior are required in this course, as it is in all courses at Johns Hopkins University. Academic integrity code for the Department of Computer Science can be found here.
These topics may be subject to change as the course proceeds
| Date | Lecture Slides | Comments |
|---|---|---|
| 1/26 | Lecture 1 | Course outline, project, security requirements in EPR systems |
| 1/28 | Lecture 2 | Access control systems |
| 2/2 | Lecture 3 | Audit based access control systems |
| 2/4 | Lecture 3 part B | Audit based access control systems |
| 2/9 | Class canceled due to snow | jhu emergency notice |
| 2/11 | Class canceled due to snow | jhu emergency notice |
| 2/16 | Access control Discussion (lead by John) | Cassandra Cassandra (wrt health) Slides |
| 2/18 | Lecture 4 | Medical device security Assignment 1 due via email |
| 2/23 | Lecture 4 part B | Medical device security Project Part 1 due via email |
| 2/25 | Lecture 5 | Medical device security |
| 3/1 | IMD Discussion (lead by Ryan) | Proximity-based Access control for IMDs here Slides |
| 3/9 | Lecture 6 | Assignment 2 due, DICOM and DICOM security |
| 3/10 | Lecture 7 | DE and Watermarking |
| 3/16, 3/18 | Spring Break | No class |
| 3/23 | Lecture 8 | Medical networks and grids | 3/25 | Discussion (Lead by John) | Project Part 2 Due, MANTIS grid available here Slides |
| 3/30 | Project Part 2 Presentation | |
| 4/1 | Lecture 9 | USB PHR , PHR on Smart phones |
| 4/6 | Lecture 10 | AMON, WAITER |
| 4/8 | Lecture 11 | BSNs |
| 4/20 | Discussion (lead by Ryan) | MEDISN here
Slides |
| 4/22 | Lecture 12 | HIPAA, Scrub, Datafly |
| 4/27 | Lecture 13 | Assignment 3 due, Hippocratic databases |
| 4/29 | Discussion (lead by Ryan and John) | Project part 3 due, Limited Disclosure in Hippocratic Databases available here |
| 5/4 | Final project presentation |