The SERUMS tool-chain: Ensuring Security and Privacy of Medical Data in Smart Patient-Centric Healthcare Systems

Future-generation healthcare systems will be highly distributed, combining centralised hospital systems with decentralised home-, work-and environment-based monitoring and diagnostics systems. These will reduce costs and injury-related risks whilst both improving quality of service, and reducing the response time for diagnostics and treatments made available to patients. To make this vision possible, medical data must be accessed and shared over a variety of mediums including untrusted networks. In this paper, we present the design and initial implementation of the SERUMS tool-chain for accessing, storing, communicating and analysing highly confidential medical data in a safe, secure and privacy-preserving way. In addition, we describe a data fabrication framework for generating large volumes of synthetic but realistic data, that is used in the design and evaluation of the tool-chain. We demonstrate the present version of our technique on a use case derived from the Edinburgh Cancer Centre, NHS Lothian, where information about the effects of chemotherapy treatments on cancer patients is collected from different distributed databases, analysed and adapted to improve ongoing treatments.

[1]  Carsten Binnig,et al.  QAGen: generating query-aware test databases , 2007, SIGMOD '07.

[2]  Panagiotis Germanakos,et al.  The interplay between humans, technology and user authentication: A cognitive processing perspective , 2017, Comput. Hum. Behav..

[3]  Lalana Kagal,et al.  Shade: A differentially-private wrapper for enterprise big data , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[4]  James Nicholson,et al.  Age-related performance issues for PIN and face-based authentication systems , 2013, CHI.

[5]  Dejing Dou,et al.  Differential Privacy Preservation for Deep Auto-Encoders: an Application of Human Behavior Prediction , 2016, AAAI.

[6]  Rupak Majumdar,et al.  Dynamic test input generation for database applications , 2007, ISSTA '07.

[7]  Yao Ma,et al.  Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users , 2013, TACC.

[8]  Marios Belk,et al.  Picture Passwords in Mixed Reality: Implementation and Evaluation , 2019, CHI Extended Abstracts.

[9]  Javier Tuya,et al.  Constraint-based test database generation for SQL queries , 2010, AST '10.

[10]  Mohit Kumar,et al.  Deriving an Optimal Noise Adding Mechanism for Privacy-Preserving Machine Learning , 2019, DEXA Workshops.

[11]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[12]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[13]  S. Silow-Carroll,et al.  Using electronic health records to improve quality and efficiency: the experiences of leading hospitals. , 2012, Issue brief.

[14]  Olivier Bodenreider,et al.  The Unified Medical Language System (UMLS): integrating biomedical terminology , 2004, Nucleic Acids Res..

[15]  W. H. Inmon,et al.  Introduction to Data Vault , 2015 .

[16]  Hans-Martin Adorf,et al.  Constraint-Based Automated Generation of Test Data , 2014, SWQD.

[17]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[18]  Daniel Linstedt,et al.  Scalable Data Warehouse Architecture , 2015 .

[19]  Heinrich Hußmann,et al.  Honey, I shrunk the keys: influences of mobile devices on password composition and authentication performance , 2014, NordiCHI.

[20]  Marios Belk,et al.  FlexPass: Symbiosis of Seamless User Authentication Schemes in IoT , 2019, CHI Extended Abstracts.

[21]  Marios Belk,et al.  On the Accuracy of Eye Gaze-driven Classifiers for Predicting Image Content Familiarity in Graphical Passwords , 2019, UMAP.