Private Disclosure of Information in Health Tele-monitoring

We present a novel framework, called Private Disclosure of Information (PDI), which is aimed to prevent an adversary from inferring certain sensitive information about subjects using the data that they disclosed during communication with an intended recipient. We show cases where it is possible to achieve perfect privacy regardless of the adversary's auxiliary knowledge while preserving full utility of the information to the intended recipient and provide sufficient conditions for such cases. We also demonstrate the applicability of PDI on a real-world data set that simulates a health tele-monitoring scenario.

[1]  E. Hing,et al.  Use and characteristics of electronic health record systems among office-based physician practices: United States, 2001-2013. , 2014, NCHS data brief.

[2]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[3]  Graham Cormode,et al.  Personal privacy vs population privacy: learning to attack anonymization , 2011, KDD.

[4]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[5]  Ling Huang,et al.  I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis , 2014, Privacy Enhancing Technologies.

[6]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[7]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[9]  Jimeng Sun,et al.  Publishing data from electronic health records while preserving privacy: A survey of algorithms , 2014, J. Biomed. Informatics.

[10]  E. Hing,et al.  Use and characteristics of electronic health record systems among office-based physician practices: United States, 2001-2012. , 2012, NCHS data brief.

[11]  H. Krumholz,et al.  Telemonitoring in patients with heart failure. , 2010, The New England journal of medicine.

[12]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[13]  George T. Duncan,et al.  Disclosure-Limited Data Dissemination , 1986 .

[14]  Fabian Monrose,et al.  Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks , 2011, 2011 IEEE Symposium on Security and Privacy.

[15]  Dimos Mastrogiannis,et al.  Telemonitoring in Chronic Heart Failure: A Systematic Review , 2012, Cardiology research and practice.

[16]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[17]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[18]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[19]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[20]  Ruzena Bajcsy,et al.  Continuous, Real-Time, Tele-monitoring of Patients with Chronic Heart-Failure - Lessons Learned From a Pilot Study , 2014, BODYNETS.

[21]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[22]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[23]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[24]  J. Cleland,et al.  Telemonitoring or structured telephone support programmes for patients with chronic heart failure: systematic review and meta-analysis , 2007, BMJ : British Medical Journal.

[25]  D. Lambert,et al.  The Risk of Disclosure for Microdata , 1989 .

[26]  C. Holly Structured telephone support or telemonitoring programmes for patients with chronic heart failure , 2011 .

[27]  Simon Stewart,et al.  Structured telephone support or telemonitoring programmes for patients with chronic heart failure , 2010, The Cochrane database of systematic reviews.