Searching {HIE} with Differentiated Privacy Preservation

In emerging Health Information Exchange systems (or HIE), a search facility, such as record locator service, is critically important for data sharing across autonomous hospitals. An understudied problem for searching HIE is the privacy preservation – how to protect the patient’s private visit-history data in the search process and how to address innately different privacy and sensitivity for different patients and hospitals. For instance, knowing that a patient visited a specialty hospital (e.g. a women’s health center) may leak more privacy than knowing that the patient visited a general hospital. In this work we proposed a differentiated privacy preservation technique for searching in HIE, coined PPLS. Given hospitals with different specialties, PPLS attempts to cluster them in order to hide among other hospitals their specialties linked to a patient, so that an attacker can not infer the patient’s medical condition based on the specialties of the hospitals she visited.

[1]  Shicong Meng,et al.  Privacy preserving indexing for eHealth information networks , 2011, CIKM '11.

[2]  Qi Zhang,et al.  e-PPI: Locator Service in Information Networks with Personalized Privacy Preservation , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[3]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[4]  Yuzhe Tang,et al.  Privacy-Preserving Multi-Keyword Search in Information Networks , 2015, IEEE Transactions on Knowledge and Data Engineering.

[5]  Jaideep Vaidya,et al.  Privacy-preserving indexing of documents on the network , 2003, The VLDB Journal.

[6]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.