Enhanced Architecture for Privacy Preserving Data Integration in a Medical Research Environment

Recent advancement in digital and communication technologies has brought privacy aspects to the forefront. Although e-health has many advantages and it facilitates the patients and health service providers significantly, the possibility of privacy breaches can allow sensitive health care information to move into the wrong hands. Designing robust privacy preserving policies to strengthen the trust of patients in electronic health records is imperative for its wide spread acceptance and success. In this paper, we propose, a framework to solve the privacy problem in a heterogeneous network of many clinical institutions while preserving data utility and patients’ privacy. The contributions of this paper include: (1) scalable privacy-enabled architecture supporting re-identification of patient identity, and (2) context-aware privacy-preserving scheme supporting named and anonymous linked access to medical data stored at one or more health service providers. Moreover, to demonstrate the correctness of proposed privacy-aware scheme, we performed formal modeling and verification using high-level Petri nets and Z3 Solver.

[1]  Ling Liu,et al.  Role-based and time-bound access and management of EHR data , 2014, Secur. Commun. Networks.

[2]  Linda F. Samson,et al.  Barriers of HIPAA Regulation to Implementation of Health Services Research , 2006, Journal of Medical Systems.

[3]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[4]  Jean-Pierre Corriveau,et al.  A globally optimal k-anonymity method for the de-identification of health data. , 2009, Journal of the American Medical Informatics Association : JAMIA.

[5]  Bart Preneel,et al.  Towards a cross-context identity management framework in e-health , 2009, Online Inf. Rev..

[6]  Reihaneh Safavi-Naini,et al.  A rights management approach to protection of privacy in a cloud of electronic health records , 2011, DRM '11.

[7]  Rita Noumeir,et al.  Pseudonymization of Radiology Data for Research Purposes , 2007, Journal of Digital Imaging.

[8]  Peter Szolovits,et al.  Automated de-identification of free-text medical records , 2008, BMC Medical Informatics Decis. Mak..

[9]  Ekkart Kindler,et al.  The Petri Net Markup Language , 2003, Petri Net Technology for Communication-Based Systems.

[10]  Michael J. Ackerman,et al.  Chapter 6: Telemedicine Technology , 2002 .

[11]  Johan Montagnat,et al.  Medical Images Simulation, Storage, and Processing on the European DataGrid Testbed , 2004, Journal of Grid Computing.

[12]  Anish Mathuria,et al.  Security Weaknesses of an "Anonymous Attribute Based Encryption" appeared in ASIACCS'13 , 2014, IACR Cryptol. ePrint Arch..

[13]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[14]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[15]  C. Fidge,et al.  Privacy-preserving electronic health record linkage using pseudonym identifiers , 2008, HealthCom 2008 - 10th International Conference on e-health Networking, Applications and Services.

[16]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[17]  Angus Roberts,et al.  The CLEF Corpus: Semantic Annotation of Clinical Text , 2007, AMIA.

[18]  Helena Handschuh,et al.  Security Analysis of SHA-256 and Sisters , 2003, Selected Areas in Cryptography.

[19]  Ning Zhang,et al.  A Linkable Identity Privacy Algorithm for HealthGrid , 2005, HealthGrid.

[20]  Roberta B. Ness,et al.  Influence of the HIPAA privacy rule on health research , 2008 .

[21]  P. Leitao,et al.  High-Level Petri Nets control modules for service-oriented devices: A case study , 2008, 2008 34th Annual Conference of IEEE Industrial Electronics.

[22]  T. Stevens,et al.  Telemedicine technology. , 1994, Alaska medicine.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  M.K. Ganai,et al.  Accelerating High-level Bounded Model Checking , 2006, 2006 IEEE/ACM International Conference on Computer Aided Design.

[25]  Nikolaj Bjørner,et al.  νZ - Maximal Satisfaction with Z3 , 2014, SCSS.

[26]  Marcos Da Silveira,et al.  Protecting Patient Privacy when Sharing Medical Data , 2011, eTELEMED 2011.

[27]  K. Pommerening,et al.  Secondary use of the EHR via pseudonymisation. , 2004, Studies in health technology and informatics.

[28]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[29]  Hesham F. A. Hamed,et al.  Advanced Encryption Standard Algorithm: Issues and Implementation Aspects , 2012, AMLTA.

[30]  Ning Zhang,et al.  Support Access to Distributed EPRs with Three Levels of Identity Privacy Preservation , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[31]  Luigi Lo Iacono Multi-centric Universal Pseudonymisation for Secondary Use of the EHR , 2007, HealthGrid.

[32]  David F. Ferraiolo,et al.  Assessment of Access Control Systems , 2006 .

[33]  B. Malin,et al.  Anonymization of electronic medical records for validating genome-wide association studies , 2010, Proceedings of the National Academy of Sciences.

[34]  Hua Wang,et al.  Purpose Based Access Control for Privacy Protection in E-Healthcare Services , 2012, J. Softw..

[35]  Stefan Fenz,et al.  Pseudonymization for improving the Privacy in E-Health Applications , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[36]  Samee Ullah Khan,et al.  Modeling and Analysis of State-of-the-art VM-based Cloud Management Platforms , 2013, IEEE Transactions on Cloud Computing.

[37]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyberphysical Data Centers , 2017, IEEE Systems Journal.

[38]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[39]  Daniel Slamanig,et al.  Privacy Aspects of eHealth , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[40]  Peter R. Croll,et al.  Consumer-Centric and Privacy-Preserving Identity Management for Distributed E-Health Systems , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[41]  Avinash Kumar Singh,et al.  A Review of Privacy Preservation Technique , 2014 .

[42]  Ning Zhang,et al.  Formal Security Analysis and Performance Evaluation of the Linkable Anonymous Access Protocol , 2014, ICT-EurAsia.

[43]  Henning Müller,et al.  Strategies for health data exchange for secondary, cross-institutional clinical research , 2010, Comput. Methods Programs Biomed..

[44]  Rajendra K. Raj,et al.  Designing a Secure Cloud-Based EHR System using Ciphertext-Policy Attribute-Based Encryption , 2011 .

[45]  G De Moor,et al.  Privacy Protection through pseudonymisation in eHealth. , 2008, Studies in health technology and informatics.

[46]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.