Applying a Threshold Scheme to the Pseudonymization of Health Data

Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such a system, legitimate concerns about the privacy of the stored data occur, as the lifelong storage of medical data is a promising target for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces PIPE (Pseudonymization of Information for Privacy in e-Health), a new EHR architecture for primary and secondary usage of health data. PIPE's security model is based on pseudonymization instead of encryption.

[1]  Klaus Pommerening Medical Requirements for Data Protection , 1994, IFIP Congress.

[2]  Heinz U. Lemke,et al.  The PREPaRe system - patient-oriented access to the "personal electronic medical record" , 2001, CARS.

[3]  Thomas Neubauer,et al.  A secure architecture for the pseudonymization of medical data , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  A. Grizzle,et al.  Drug-related morbidity and mortality: updating the cost-of-illness model. , 2001, Journal of the American Pharmaceutical Association.

[5]  Michael Mitzenmacher,et al.  Digital fountains: a survey and look forward , 2004, Information Theory Workshop.

[6]  Nandamudi Lankalapalli Vijaykumar,et al.  A Practical Approach for Automated Test Case Generation using Statecharts , 2006, 30th Annual International Computer Software and Applications Conference (COMPSAC'06).

[7]  Don E Detmer,et al.  Research challenges for electronic health records. , 2007, American journal of preventive medicine.

[8]  J. Arlat,et al.  Assessment of COTS microkernels by fault injection , 1999, Dependable Computing for Critical Applications 7.

[9]  Algirdas A. Avi The Methodology of N-Version Programming , 1995 .

[10]  Nuno Laranjeiro,et al.  Assessing Robustness of Web-Services Infrastructures , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[11]  David Powell,et al.  Security Rationale for a Cooperative Backup Service for Mobile Devices , 2007, LADC.

[12]  Ravishankar K. Iyer,et al.  Software Dependability in the Tandem GUARDIAN System , 1995, IEEE Trans. Software Eng..

[13]  Hui Shi,et al.  Web Services Wind Tunnel: On Performance Testing Large-Scale Stateful Web Services , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[14]  Philip Koopman,et al.  Comparing the robustness of POSIX operating systems , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[15]  James Pope,et al.  Implementing EHRs requires a shift in thinking. PHRs--the building blocks of EHRs--may be the quickest path to the fulfillment of disease management. , 2006, Health management technology.

[16]  Jean Arlat,et al.  MAFALDA: Microkernel Assessment by Fault Injection and Design Aid , 1999, EDCC.

[17]  Koen Maris The Human Factor , 2005 .

[18]  Henning Schulzrinne,et al.  Seven degrees of separation in mobile ad hoc networks , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).

[19]  Spyros Lalis,et al.  OmniStore: a system for ubiquitous personal storage management , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[20]  Bernd Blobel,et al.  Medical and Care Compunetics 2 , 2005 .

[21]  Valérie Issarny,et al.  AdHocFS: sharing files in WLANs , 2003, Second IEEE International Symposium on Network Computing and Applications, 2003. NCA 2003..

[22]  Jehoshua Bruck,et al.  Low density MDS codes and factors of complete graphs , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[23]  Lihao Xu,et al.  Hydra: a platform for survivable and secure data storage systems , 2005, StorageSS '05.

[24]  Michel Banâtre,et al.  Collaborative backup for dependable mobile applications , 2004, MPAC '04.

[25]  Guohong Cao,et al.  Supporting Cooperative Caching in Ad Hoc Networks , 2006, IEEE Trans. Mob. Comput..

[26]  Craig A. N. Soules,et al.  Survivable storage systems , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[27]  Daniel P. Siewiorek,et al.  Comparing operating systems using robustness benchmarks , 1997, Proceedings of SRDS'97: 16th IEEE Symposium on Reliable Distributed Systems.

[28]  Zhensheng Zhang,et al.  Routing in intermittently connected mobile ad hoc networks and delay tolerant networks: overview and challenges , 2006, IEEE Communications Surveys & Tutorials.

[29]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Ravishankar K. Iyer,et al.  Failure data analysis of a LAN of Windows NT based computers , 1999, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems.

[31]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[32]  Daniel P. Siewiorek,et al.  Measuring Software Dependability by Robustness Benchmarking , 1997, IEEE Trans. Software Eng..

[33]  David Powell,et al.  Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices , 2006, 2006 Sixth European Dependable Computing Conference.

[34]  Kavitha Ranganathan,et al.  Improving Data Availability through Dynamic Model-Driven Replication in Large Peer-to-Peer Communities , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).