The Need for Machine-Processable Agreements in Health Data Management

Data processing agreements in health data management are laid out by organisations in monolithic “Terms and Conditions” documents written in natural legal language. These top-down policies usually protect the interest of the service providers, rather than the data owners. They are coarse-grained and do not allow for more than a few opt-in or opt-out options for individuals to express their consent on personal data processing, and these options often do not transfer to software as they were intended to. In this paper, we study the problem of health data sharing and we advocate the need for individuals to describe their personal contract of data usage in a formal, machine-processable language. We develop an application for sharing patient genomic information and test results, and use interactions with patients and clinicians in order to identify the particular peculiarities a privacy/policy/consent language should offer in this complicated domain. We present how Semantic Web technologies can have a central role in this approach by providing the formal tools and features required in such a language. We present our ongoing approach to construct an ontology-based framework and a policy language that allows patients and clinicians to express fine-grained consent, preferences or suggestions on sharing medical information. Our language offers unique features such as multi-party ownership of data or data sharing dependencies. We evaluate the landscape of policy languages from different areas, and show how they are lacking major requirements needed in health data management. In addition to enabling patients, our approach helps organisations increase technological capabilities, abide by legal requirements, and save resources.

[1]  Evren Sirin,et al.  Evaluation of Query Rewriting Approaches for OWL 2 , 2012, SSWS+HPCSW@ISWC.

[2]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[3]  José Luis Ambite,et al.  Scalable query rewriting: a graph-based approach , 2011, SIGMOD '11.

[4]  Muhammad Awais Shibli,et al.  Usage Control Model Specification in XACML Policy Language - XACML Policy Engine of UCON , 2012, CISIM.

[5]  Karin Bernsmed,et al.  A-PPL: An Accountability Policy Language , 2014, DPM/SETOP/QASA.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  Satoshi Hada,et al.  XML Access Control Language : Provisional Authorization for XML Documents , 2000 .

[9]  Elisa Bertino,et al.  Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[10]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[11]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[12]  Stephan Reiff-Marganiec,et al.  APPEL: An Adaptable and Programmable Policy Environment and Language , 2009 .

[13]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[14]  Chris Hanson,et al.  Using Dependency Tracking to Provide Explanations for Policy Management , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[15]  L. Salberg,et al.  Family Communication in a Population at Risk for Hypertrophic Cardiomyopathy , 2015, Journal of Genetic Counseling.

[16]  Alun D. Preece,et al.  Enhancing Workflow with a Semantic Description of Scientific Intent , 2008, ESWC.

[17]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[18]  Anneke Lucassen,et al.  Alerting relatives about heritable risks: the limits of confidentiality , 2018, British Medical Journal.

[19]  George Konstantinidis The Need for Data Sharing Agreements in Data Management , 2019, SWH@ISWC.

[20]  Reza Samavi,et al.  DSAP: Data Sharing Agreement Privacy Ontology , 2018, SWAT4LS.

[21]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[22]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[23]  A. Godwin,et al.  Communication of BRCA1 and BRCA2 results to at‐risk relatives: A cancer risk assessment program's experience , 2003, American journal of medical genetics. Part C, Seminars in medical genetics.

[24]  P. Samarati,et al.  PrimeLife Policy Language , 2010 .

[25]  Beatriz Sousa Santos,et al.  Using Ontologies and Semantic Web Technology on a Clinical Pedigree Information System , 2014, HCI.

[26]  D. Stoppa-Lyonnet,et al.  Testing participation in BRCA1/2-positive families: initiator role of index cases. , 2003, Genetic testing.

[27]  Moritz Y. Becker,et al.  A Framework for Privacy Preferences and Data-Handling Policies , 2009 .

[28]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[29]  Amanda P Hafertepen,et al.  Family communication about positive BRCA1 and BRCA2 genetic test results , 2004, Genetics in Medicine.

[30]  D. L. Doyle,et al.  Standardized Human Pedigree Nomenclature: Update and Assessment of the Recommendations of the National Society of Genetic Counselors , 2008, Journal of Genetic Counseling.

[31]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[32]  Luca Trevisan,et al.  Theory and Applications of Models of Computation , 2013, Lecture Notes in Computer Science.

[33]  Joaquin Garcia-Alfaro,et al.  Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance , 2015, Lecture Notes in Computer Science.

[34]  Julita Vassileva,et al.  P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage , 2014, 2014 IEEE Security and Privacy Workshops.

[35]  Edoardo Pignotti,et al.  Enhancing workflow with a semantic description of scientific intent , 2011, J. Web Semant..

[36]  T. Rebbeck,et al.  Factors determining dissemination of results and uptake of genetic testing in families with known BRCA1/2 mutations. , 2008, Genetic testing.

[37]  D. Stoppa-Lyonnet,et al.  Disclosure to the family of breast/ovarian cancer genetic test results: patient's willingness and associated factors. , 2000, American journal of medical genetics.

[38]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[39]  Slim Trabelsi,et al.  Data Usage Control in the Future Internet Cloud , 2011, Future Internet Assembly.

[40]  Wendy S. Rubinstein,et al.  The genetic family history as a risk assessment tool in internal medicine. , 2003 .

[41]  Catherine Dolbear,et al.  Supporting domain experts to construct conceptual ontologies: A holistic approach , 2011, J. Web Semant..

[42]  Ramakrishnan Srikant,et al.  XPref: a preference language for P3P , 2005, Comput. Networks.

[43]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[44]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .