SPIMACS - An ACM CCS Workshop http://www.infosecon.net/SPIMACS pronounced spy-max Security and Privacy in Medical and Home-Care Systems (SPIMACS) November 13, 2009 Hyatt Recency Hotel Chicago, IL, USA Security and Privacy in Medical and Home-Care Systems (SPIMACS) Medical information is moving online. Simultaneously, ubiquitous and medical technologies are making homes aware, active, responsive, and thus vulnerable. Examples of unique security challenges include defense against traffic analysis with medium latency requirements for physical security or some cases of medical monitoring, or sensor networks that need to be managed (and be made trustworthy) by na•ve users. These challenges are compounded when the technology in the home is for the purpose of monitoring for medical purposes. Medical monitoring and home monitoring of vulnerable populations create unique security and privacy risks in design and application. SPIMACS (pronounced spy-max) seeks to bring together the computer and social scientists that will be required to address the challenges of securing the intimate digital spaces of the most vulnerable. Keynote: Latanya Sweeney Director of the Data Privacy Lab at Carnegie Mellon University, Appointed to the Federal Health IT Policy Committee The Call for Innovative Privacy Technology for the New National Health Information Infrastructure The accepted papers for this workshop include: Fabio Massacci, Viet Hung Nguyen and Ayda Saidane. Security and Privacy for Ambient Assisted Living an Organizational perspective Lars E. Olson, Carl A. Gunter and Sarah Peterson Olson, M.D.. A Medical Database Case Study for Reflective Database Access Control Sasikanth Avancha, Amit Baxi and David Kotz. A privacy framework for mobile health and home-care systems Ajit Appari, Eric Johnson and Denise Anthony. HIPAA Compliance in Home Health: A Neo-Institutional Theoretic Perspective Andres Molina, Mastooreh Salajegheh and Kevin Fu. HICCUPS: Health Information Collaborative Collection Using Privacy and Security Ryan W. Gardner, Sujata Garera, Matthew W. Pagano, Matthew Green and Aviel Rubin. Securing Medical Records on Smart Phones Panel: Authentication in iHealth Care moderator: Kevin Fu Charles Horowitz (MITRE), Jim O'Leary (Microsoft), Avi Rubin (Johns Hopkins), Umesh Shankar (Google) Please see http://www.infosecon.net/SPIMACS for details. Chair: Jean Camp Program Committee Steve Bellovin Thomas S. Heydt-Benjamin Pam Briggs Jon Callas Piotr Cofta Kay Connelly Elena Ferrari Allan Friedman Kevin Fu Ben Greenstein Jeffrey Hunker Harry Hochheiser Eric Johnson Adam Joinson Javed Mostafa Helen Nissenbaum David Phillips Avi Rubin Angela Sasse Umesh Shankar Wook Shin Sean Smith Haixu Tang XiaoFeng Wang