A Pseudonymisation Protocol With Implicit and Explicit Consent Routes for Health Records in Federated Ledgers

Healthcare data for primary use (diagnosis) may be encrypted for confidentiality purposes; however, secondary uses such as feeding machine learning algorithms requires open access. Full anonymity has no traceable identifiers to report diagnosis results. Moreover, implicit and explicit consent routes are of practical importance under recent data protection regulations (GDPR), translating directly into break-the-glass requirements. Pseudonymisation is an acceptable compromise when dealing with such orthogonal requirements and is an advisable measure to protect data. Our work presents a pseudonymisation protocol that is compliant with implicit and explicit consent routes. The protocol is constructed on a (t,n)-threshold secret sharing scheme and public key cryptography. The pseudonym is safely derived from a fragment of public information without requiring any data-subject's secret. The method is proven secure under reasonable cryptographic assumptions and scalable from the experimental results.

[1]  Daniela Richter,et al.  Pseudonymization of patient identifiers for translational research , 2013, BMC Medical Informatics and Decision Making.

[2]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[3]  Henning Müller,et al.  Strategies for health data exchange for secondary, cross-institutional clinical research , 2010, Comput. Methods Programs Biomed..

[4]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[5]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[6]  Matthias Mettler,et al.  Blockchain technology in healthcare: The revolution starts here , 2016, 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom).

[7]  Xiaojiang Du,et al.  Biometric-based authentication scheme for Implantable Medical Devices during emergency situations , 2019, Future Gener. Comput. Syst..

[8]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[9]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[10]  Dima Alhadidi,et al.  Secure Similar Patients Query on Encrypted Genomic Data , 2019, IEEE Journal of Biomedical and Health Informatics.

[11]  Alptekin Küpçü,et al.  Research issues for privacy and security of electronic health services , 2017, Future Gener. Comput. Syst..

[12]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[13]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[14]  Thomas Neubauer,et al.  A secure architecture for the pseudonymization of medical data , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[15]  Rui Zhang,et al.  Anonymization of DICOM electronic medical records for radiation therapy , 2014, Comput. Biol. Medicine.

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[18]  Carlos Costa,et al.  A Cloud Architecture for Teleradiology-as-a-Service , 2016, Methods of Information in Medicine.

[19]  Cord Spreckelsen,et al.  Privacy-Preserving Record Grouping and Consent Management Based on a Public-Private Key Signature Scheme: Theoretical Analysis and Feasibility Study , 2019, Journal of medical Internet research.

[20]  Spiros Skiadopoulos,et al.  Anonymizing datasets with demographics and diagnosis codes in the presence of utility constraints , 2017, J. Biomed. Informatics.

[21]  Lillian Røstad,et al.  A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[22]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[23]  Federico Chesani,et al.  Risk Prediction Model for Late Life Depression: Development and Validation on Three Large European Datasets , 2019, IEEE Journal of Biomedical and Health Informatics.

[24]  Hossein Ghodosi,et al.  Comments on Harn–Lin’s cheating detection scheme , 2011, Des. Codes Cryptogr..

[25]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[26]  Vassilya Uzun,et al.  Evaluation and implementation of QR Code Identity Tag system for Healthcare in Turkey , 2016, SpringerPlus.

[27]  Robert H. Deng,et al.  Lightweight Break-Glass Access Control System for Healthcare Internet-of-Things , 2018, IEEE Transactions on Industrial Informatics.

[28]  André Zúquete,et al.  Pseudonymisation with Break-the-Glass Compatibility for Health Records in Federated Services , 2019, 2019 IEEE 19th International Conference on Bioinformatics and Bioengineering (BIBE).

[29]  Mehdi Tibouchi,et al.  Improved elliptic curve hashing and point representation , 2017, Des. Codes Cryptogr..

[30]  Mauro Conti,et al.  A Survey on Security and Privacy Issues of Bitcoin , 2017, IEEE Communications Surveys & Tutorials.

[31]  Qiong Huang,et al.  A Joint Random Secret Sharing Scheme with Public Verifiability , 2016, Int. J. Netw. Secur..

[32]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[33]  Marjorie A. Bowman,et al.  A beginner's guide to avoiding Protected Health Information (PHI) issues in clinical research - With how-to's in REDCap Data Management Software , 2018, J. Biomed. Informatics.

[34]  Herve Aubert,et al.  RFID technology for human implant devices , 2011 .

[35]  D. Baars Towards self-sovereign identity using blockchain technology , 2016 .

[36]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[37]  Jinjun Chen,et al.  Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions , 2019, Future Gener. Comput. Syst..

[38]  Lein Harn,et al.  Detection and identification of cheaters in (t, n) secret sharing scheme , 2009, Des. Codes Cryptogr..

[39]  Marie-Sarah Lacharité,et al.  Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[40]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[41]  R. Joe Stanley,et al.  Deep Learning and Handcrafted Method Fusion: Higher Diagnostic Accuracy for Melanoma Dermoscopy Images , 2019, IEEE Journal of Biomedical and Health Informatics.

[42]  Stefan Fenz,et al.  Pseudonymization for improving the Privacy in E-Health Applications , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[43]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[44]  K. Pommerening,et al.  Secondary use of the EHR via pseudonymisation. , 2004, Studies in health technology and informatics.

[45]  Ian Goldberg,et al.  Distributed Key Generation for the Internet , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[46]  José Luís Oliveira,et al.  Towards an EHR Architecture for Mobile Citizens , 2010, HEALTHINF.

[47]  Sérgio Matos,et al.  SCREEN-DR: Collaborative platform for diabetic retinopathy , 2018, Int. J. Medical Informatics.

[48]  José Luís Oliveira,et al.  A PACS archive architecture supported on cloud services , 2012, International Journal of Computer Assisted Radiology and Surgery.

[49]  Yi Mu,et al.  Witness-based searchable encryption , 2018, Inf. Sci..

[50]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[51]  José Luís Oliveira,et al.  Dicoogle - an Open Source Peer-to-Peer PACS , 2011, Journal of Digital Imaging.

[52]  Rita Noumeir,et al.  Pseudonymization of Radiology Data for Research Purposes , 2007, Journal of Digital Imaging.

[53]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[54]  Kim-Kwang Raymond Choo,et al.  Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? , 2018, IEEE Cloud Computing.

[55]  L. H. Encinas,et al.  A Survey of the Elliptic Curve Integrated Encryption Scheme , 2010 .

[56]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[57]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[58]  Raylin Tso,et al.  Witness-based searchable encryption with optimal overhead for cloud-edge computing , 2019, Future Gener. Comput. Syst..