Mingyue Shi,Rong Jiang,Xiaohan Hu,Jingwei Shang

DOI: https://doi.org/10.1007/s10729-019-09490-4

2019-07-23

Health Care Management Science

Abstract:With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

health policy & services

Rong Jiang,Yang Xin,Zhenxing Chen,Ying Zhang

DOI: https://doi.org/10.1016/j.asoc.2022.108423

IF: 8.7

2022-03-01

Applied Soft Computing

Abstract:One of the important issues facing HIS (Hospital Information System) in the context of big data is how to ensure that massive data and resources are protected from internal attacks and reduce the abuse of medical information. However, the existing single-value quantitative access control model based on trust or risk may not well reflect the true trust or risk situation because it cannot describe the timeliness and trend of the quantitative value. In response to this problem, we propose an access control model based on the credibility of the requesting user. Quantify the trust based on the user’s historical visit records on the HIS, and introduce the user’s historical behavior trend into the trust evaluation model through the corresponding regression analysis model. Comparative experiments show that in predicting linear, geometric, exponential, and mixed trends, the regression model in this paper is better than existing methods in predicting trust accuracy and predicting trust trends. Different from the working system of trusted access control model proposed in the existing literature, the model in this paper adds “Behavior warning module (BWM)”. The working mode that “User-visit, Early-warning, Trust-evaluation, Access-control” is very effective in reducing information leakage caused by visitors with non-profit purposes (such as curiosity) and purposeless (such as habitual browsing). And this also has a positive effect on improving the overall behavior level of users in the system.

computer science, artificial intelligence, interdisciplinary applications

Rong Jiang,Rui Liu,Tao Zhang,Weiping Ding,Shenghu Tian

DOI: https://doi.org/10.1016/j.ins.2023.120054

IF: 8.1

2023-01-01

Information Sciences

Abstract:Electronic Medical Records (EMR), as the core data of medical big data, has improved the efficiency of medical services in the process of sharing and use, but a series of data privacy leakage problems have emerged. Access control technology can ensure users' legitimate and appropriate access to data resources, but traditional access control has many limitations such as static and coarse-grained, which is difficult to meet in the dynamic and complex healthcare environment. We create a model to solve the privacy leakage problem of healthcare big data. The model utilizes the Latent Delicacy Allocation (LDA) topic model to quickly search documents and extract the topic probability distributions between the target patient and other patients' electronic medical records, which improves the efficiency of medical record document analysis; Calculating physician access similarity, we quantify physician access behavior to more accurately describe physician access behavior in the form of data. We combined the intuitionistic fuzzy theory with the trust evaluation method to create a novel trust evaluation method-- Intuitionistic Fuzzy Trust Evaluation Method, which can reflect the uncertainty characteristics that exist in the physician's diagnostic and treatment process when quantifying the trust of the access by using this method, and it is more flexible and practical, which enhances the accuracy of the quantification of the trust. Improving the traditional trust aggregation method by adding a time window and time decay function, the optimized method improves the accuracy of trust aggregation, and the experimental results are more in line with the actual law. We created a new intuitionistic fuzzy trust access control model using a relative entropy-based intuitionistic fuzzy clustering algorithm and a reward and punishment mechanism to achieve adaptive and dynamic access control for physician access behavior. Experiments show that the access control model based on intuitionistic fuzzy trust proposed in this article achieves 95% correctness in identifying user access behaviors and 94.29% correctness in identifying excessive user access behaviors. Experiments have proved that this model has obvious advantages over other models in the process of privacy protection of electronic medical record systems and has certain control effects.

Jianhong Li,An Pan,Tongxing Zheng

DOI: https://doi.org/10.4018/ijdwm.325222

2023-06-27

International Journal of Data Warehousing and Mining

Abstract:Big data brings new opportunities to discover the new value of healthcare industry, since it can help us understand the hidden value of data deeply. This also brings new challenges: how to effectively manage and organize these datasets. Throughout the whole life cycle of publishing, storing, mining, and using big data in health care, different users are involved, so there are corresponding privacy protection methods and technologies for different life cycles. Data usage is the last and most important part of the whole life cycle. Therefore, this article proposes a privacy protection method for large medical data: an access control based on credibility of the requesting user. This model evaluates and quantifies doctors' credibility from the perspective of behavioral trust. Comparative experiments show that under the background of linear, geometric and exponential distribution trends and mixed trends, the regression model in this article is better than the existing methods in predicting trust accuracy and trust trends.

computer science, software engineering

Rong Jiang,Shanshan Han,Yimin Yu,Weiping Ding

DOI: https://doi.org/10.1016/j.ins.2022.11.102

IF: 8.1

2022-11-25

Information Sciences

Abstract:Access control has been widely adopted by distributed platforms, and its effectiveness is of great importance to the quality of services provided by such platforms. However, traditional access control is difficult to apply to scenarios where authorization changes frequently and to extremely large-scale datasets with limited resources. This paper proposes an access control model based on spectral clustering (SC) and risk (SC-RBAC), which is more suitable for big data medical scenarios. Based on user history access data, an improved SC algorithm is used to cluster doctor users. Then, the user classification is introduced as a parameter into the information entropy to improve the accuracy of quantifying the user's access behavior risk. Finally, based on the accurate risk value of access behavior, we assign access rights to users through the access control function constructed in the paper. Experimental results show that in three different situations, the model proposed in this paper can distinguish the two types of doctors well, the accuracy of the model can reach more than 90%, and it outperforms other access control models.

computer science, information systems

Rong Jiang,Shanshan Han,Mingyue Shi,Tilei Gao,Xusheng Zhao

DOI: https://doi.org/10.1155/2022/3086516

IF: 1.968

2022-03-15

Security and Communication Networks

Abstract:Edge computing is playing an increasingly important role in the field of health care. Edge computing provides high-quality personalized services to patients based on user and device data information. However, edge nodes will collect a large amount of sensitive patient information, and patients will also bear the risk of privacy disclosure while enjoying personalized services. How to reduce the risk of privacy disclosure while ensuring that patients enjoy personalized services brought by edge computing is the research content of this paper. In this paper, the work flow and management mode of Hospital Information System (HIS) are investigated on the spot, and the risk-adaptive access control model based on entropy is established. First, we use International Classification of Diseases, Tenth Revision (ICD-10) to mark the information resources accessed by users and use information entropy to measure the correlation “α” between medical information accessed by users and work tasks. Finally, we analyze the relationship between correlation “α” and risk through an example. The results show that users with high correlation α have low risk of access behavior, and users with low risk have high correlation α of access information resources and work goals. This discovery can help managers predict users’ access behavior in the Big Data environment, so as to dynamically formulate access control policies according to the actual access situation of users and then realize the privacy protection of medical big health data.

computer science, information systems,telecommunications

Pei Yin,Jun Zhang,Han Yan,Jun Zhao,Jing Wang,Chunmei Liang

DOI: https://doi.org/10.3389/fpsyg.2022.914164

IF: 3.8

2022-06-15

Frontiers in Psychology

Abstract:This paper studies the privacy risk perception of online medical community users based on deep neural network. Firstly, this paper introduces privacy protection based on deep neural network and users’ privacy risk perception in online medical community. Then, using the fuzzy neural network to deal with highly complex and nonlinear data, we can better obtain the accurate evaluation value, and use the improved gravity search optimization algorithm to optimize the fuzzy neural network evaluation model and improve the convergence puzzle of the model. Finally, using the experimental method of questionnaire survey, and the questionnaire is composed of three parts. The first part investigates the basic personal information of the subjects, including gender, age, educational background, physical condition, physical examination frequency, Internet use experience, long-term residence, etc.; The second part is the measurement items of each variable in the theoretical model, including nine variables: service quality, personalized service, reciprocal norms, result expectation, material reward, perceived risk, trust in doctors, trust in websites, and willingness to disclose health privacy information. The experimental results show that the correlation coefficient between the interaction items of personalized service and reciprocal norms on material reward is positive (β = 0.072, P < 0.01), and the correlation coefficient between sexual service and material reward was positive (β = 0.202, P < 0.01), then reciprocal norms positively regulate the relationship between personalized service and material reward.

psychology, multidisciplinary

Liqiang Jia,Wei Fan

DOI: https://doi.org/10.1155/2021/6630429

2021-05-08

Abstract:With the continuous development of computer and network technology, the amount of information storage in medical information system is more and more large, which is prone to the problem of privacy information leakage, resulting in irreparable harm. In order to solve the problem of privacy leakage in the medical environment, a new privacy rating method is proposed according to the actual situation of the medical environment. The big data technology is used to effectively mine, analyze, integrate, and reuse medical data, and a new improved model is proposed. At the same time, the medical information system applying the improved model is designed according to the complex actual needs. The purpose of this paper is to correctly understand the positive role of medical sports big data (BD) research in the medical field and standardize the behavior of medical staff. On the one hand, it can improve the safety awareness of patients and enhance the standardization of medical treatment environment. This paper will analyze the meaning and research status of medical data from the perspective of legal risk control, focus on the status quo and existing problems of medical sports data privacy protection, and put forward positive countermeasures and some practical solutions. The results show that the medical sports information data has certain regularity and particularity, ease to spread, and mining. Hospitals and medical staff should make the areas and items restricted by law clear, standardize their own behaviors, constantly sum up experience, and actively improve and modify relevant measures.

Yijun Cai,Dian Li,Yuyue Wang

DOI: https://doi.org/10.1007/s13198-021-01279-5

2021-08-25

International Journal of System Assurance Engineering and Management

Abstract:Medical information system is a comprehensive system which integrates the application of medicine, information, management, computer and other disciplines. It has been widely used in the social medical security system. But with the rapid development of Internet plus medical technology, the risk of malicious invasion has increased dramatically, which gradually exposes the problem of inadequate medical information security. Therefore, effective detection of medical information system network intrusion and timely prevention of network threats have become the focus of attention and research in this field. Intrusion detection is a common detection method in network security, it plays a very important role in network security. Traditional intrusion detection is mostly based on rule matching, statistics and other methods. With the advent of the era of big data, traditional intrusion detection can not play a good performance, especially in the face of massive, complex and unbalanced intrusion data. The privacy data access monitoring system based on virtual computing environment can monitor the access of privacy data in two levels, namely, tracking the flow of privacy data within the host and tracking the propagation of privacy data between hosts. In the host, we can customize the taint propagation rules to achieve fine-grained capture of privacy data violations in the virtual computing environment. Hence, this paper studies the medical data intrusion detection technology based on virtual data pipeline from the assurance perspectives. The model is designed and implemented with the discussions of the performance. The experimental results have proven that the proposed model is efficient.

YANG Haifang,ZHANG Lingling,WANG Mingzheng,HU Xiangpei

DOI: https://doi.org/10.13587/j.cnki.jieem.2023.05.012

2023-01-01

Abstract:In the era of big data,personal data has become one of the important resources in every field of scientific research,business analysis,medical services,social computing and so on.The sharing and application of personal data can produce great economic or social value.However,the improper use of personal data is easy to disclose personal privacy information.How to solve the contradiction between data application and personal privacy has become one of the current research hotspots.When personal data is shared and used,it is necessary to delete the explicit identifier attributes like name of the individuals in advance,but the attacker can still reveal the identity privacy or some sensitive information of individuals,through one or more non-sensitive values of the quasiidentifier attributes（QI）,such as gender,age,and region,or some values of the sensitive attributes（SA）,such as salary and disease,in this data set.Most current data privacy studies often assume that the data set has simply one-to-one relationship between individuals and records,which is called single-record data.In order to protect personal privacy in single-record data,scholars have come up with a variety of typical privacy anonymous models,such as k-anonymity,l-diversity,（α,k）-anonymity,t-closeness andβ-likelihood,etc.But in practice,there are a large number of data sets in which one individual may correspond to multiple records,short for multi-record data.If these above privacy models are directly applied on the multi-record data,it may cause some new privacy risks.To protect the privacy of Individuals in multi-record data,several scholars have proposed Identity-reversed（IR） privacy models like IR k-anonymity,IR l-diversity and IR（α,β）-anonymity,as well as enhanced privacy models such as EIR（α,β）-diversity and EIR l-diversity,when considering that the background knowledge related to only QI information is known to the attacker;and a few numbers of scholars have developed（k,k m ）-anonymity and（k,l）-diversity models,supposing that the attacker may know the background knowledge of either QI information or SA information.However,all of these models cannot provide adequate protection for the privacy of individuals in multi-record data.This research analyzes the privacy disclosure problem in the situation of multi-record data when an attacker has more stronger background knowledge,and proposes a new privacy-preserving model as well as the corresponding algorithm to satisfy the stricter privacy needs in applications of multi-record data.In the first part,it discusses all kinds of the privacy risks in the situations that an attacker knows the background knowledge related to either one of and both of the QI and SA information and indicates the defects of the current privacy models.Also,it presents a new privacy disclosure problem named unclosed itemset fingerprint attack（UCIFA）,which is based on the attacking by using strong background knowledge.In the second part,to overcome the UCIFA problem,it requires each person’ s whole sensitive values expressed as the form of an itemset should be closed.If an individual’s SA itemset cannot satisfy the closure constraint by partitioning the records of individuals into several groups,then this itemset should be further processed by the mean of cracking.Based on these,a new privacy model named closure and enhanced identity-reserved l-diversity（CEIR l-diversity） is present,which requires that the QI values and the SA values of each individual should satisfy EIR l-diversity and the closure constraint respectively.In the third part,it develops an algorithm called data anonymization based on closure and enhanced l-diversity（DACEL） to make the multi-record data satisfy CEIR l-diversity.It consists of three core steps:firstly,dividing the records in a multi-record dataset into several QI-groups,so that the records of individuals in each group have similar QI-values and satisfy the constraint of EIR l-diversity;secondly,in each QI-group,cracking the sensitive itemset of each individual that contains non-closed subsets into several small itemsets,each of which must satisfy the closure constraint;finally,in each QI-group,generalizing the QI-values of all records to make the anonymized data table satisfy CEIR l-diversity.In the fourth part,the proposed privacy model and its corresponding algorithm,referring as CEL-method,is compared with two kinds of leading-edge methods on two public multi-record data sets.The results show that the CEL-method has robust performance on efficiently achieving the highest level of privacy protection for multi-record data at the cost of small information loss.In summary,in the practice of personal data application,attackers may have different levels of background knowledge to disclose personal privacy information.The privacy-preserving method proposed in this research is of universal significance for the application of multi-record data privacy protection in practice.

Xuetao Pu,Rong Jiang,Zhiming Song,Zhihong Liang,Liang Yang

DOI: https://doi.org/10.3389/fpubh.2024.1358184

IF: 5.2

2024-03-29

Frontiers in Public Health

Abstract:The rapid development of the Hospital Information System has significantly enhanced the convenience of medical research and the management of medical information. However, the internal misuse and privacy leakage of medical big data are critical issues that need to be addressed in the process of medical research and information management. Access control serves as a method to prevent data misuse and privacy leakage. Nevertheless, traditional access control methods, limited by their single usage scenario and susceptibility to single point failures, fail to adapt to the polymorphic, real-time, and sensitive characteristics of medical big data scenarios. This paper proposes a smart contracts and risk-based access control model (SCR-BAC). This model integrates smart contracts with traditional risk-based access control and deploys risk-based access control policies in the form of smart contracts into the blockchain, thereby ensuring the protection of medical data. The model categorizes risk into historical and current risk, quantifies the historical risk based on the time decay factor and the doctor's historical behavior, and updates the doctor's composite risk value in real time. The access control policy, based on the comprehensive risk, is deployed into the blockchain in the form of a smart contract. The distributed nature of the blockchain is utilized to automatically enforce access control, thereby resolving the issue of single point failures. Simulation experiments demonstrate that the access control model proposed in this paper effectively curbs the access behavior of malicious doctors to a certain extent and imposes a limiting effect on the internal abuse and privacy leakage of medical big data.

public, environmental & occupational health

Chunpeng Ge,Changchun Yin,Zhe Liu,Liming Fang,Juncen Zhu,Huading Ling

DOI: https://doi.org/10.1016/j.cose.2020.101887

2020-09-01

Abstract:<p>Big data and artificial intelligence develop rapidly. Big data analysis has been applied in many fields of smart healthcare. Once these data are leaked or modified during transmission, it will not only invade the privacy of patients, but also endanger their lives. Many researchers worked on encrypted personal health records (PHR). However, there are still some challenges, such as data leakage during deep learning and leakage of training models, and some users do not want their data to be leaked to the analysis organization. How to protect privacy while leveraging deep learning is a pressing issue. In this paper, we present a system for predicting disease and timely alarms by collecting data from sensors and using deep learning to analyze and monitor patient health data. In order to protect the privacy of health data, we adopt an assured data deletion approach which the data owner can choose to revoke some users' access to their health data. Extensive analysis and experimental results are presented that demonstrate the security, and efficiency of our proposed approach.</p>

computer science, information systems

Abdullah Alabdulatif,Navod Neranjan Thilakarathne,Kassim Kalinaki

DOI: https://doi.org/10.3390/electronics12122646

IF: 2.9

2023-06-13

Electronics

Abstract:In the context of healthcare, big data refers to a complex compilation of digital medical data collected from many sources that are difficult to manage with normal technology and software due to its size and complexity. These big data are useful in various aspects of healthcare, such as disease diagnosis, early prevention of diseases, and predicting epidemics. Even though medical big data has many advantages and a lot of potential for revolutionizing healthcare, it also has a lot of drawbacks and problems, of which security and privacy are of the utmost concern, owing to the severity of the complications once the medical data is compromised. On the other hand, it is evident that existing security and privacy safeguards in healthcare organizations are insufficient to protect their massive, big data repositories and ubiquitous environment. Thus, motivated by the synthesizing of the current knowledge pertaining to the security and privacy of medical big data, including the countermeasures, in the study, firstly, we provide a comprehensive review of the security and privacy of medical big data, including countermeasures. Secondly, we propose a novel cloud-enabled hybrid access control framework for securing the medical big data in healthcare organizations, and the result of this research indicates that the proposed access control model can withstand most cyber-attacks, and it is also proven that the proposed framework can be utilized as a primary base to build secure and safe medical big data solutions. Thus, we believe this research would be useful for future researchers to comprehend the knowledge on the security and privacy of medical big data and the development of countermeasures.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jie LI,Qiao-ling LAN,Shi-hao MA

DOI: https://doi.org/10.3969/j.issn.1674-2982.2018.10.006

2018-01-01

Abstract:Objectives:To construct a fraud risk prediction model for basic medical insurance holders, discover the main characteristics of fraud,and then establish a risk assessment index system to provide decision support for an apposite supervision of medical insurance funds. Methods : Using the large-scale real data including more than 183 million records of basic medical insurance diagnosis and treatment in China,the integrated risk assessment model for basic medical insurance holders is constructed using XGBoost algorithm and EasyEnsemble method. On this basis, this paper further identifies and quantifies the potential characteristics of fraud enforcement, and thus constructs a fraud risk assessment index system. Results : The proposed integrated model predicted the fraud risk with the accuracy of 83％,balance predictive value of 95％,and the balance sensitivity was 85％,respectively. Most importantly, the probability of the insured fraud being correctly evaluated was 82％ in this fraud risk assessment model. Besides, the amount of various expenses incurred at each stage of assessment,and the number of various types of projects are important indicators to distinguish the fraud from the normal insurance holders. Conclusions : The fraud risk assessment index system constructed based on the XGBoost integrated model is effective for the identification of potential fraudsters among the basic medical insurance holders. Establishing a risk assessment index system and developing an apposite supervision system based on big data of medical insurance play an essential role in improving the level of medical insurance management services,which ensures the safety of medical insurance funds,and safeguards the social health insurance fairness.

Yi Bu

DOI: https://doi.org/10.56028/aetr.11.1.768.2024

2024-07-18

Abstract:The rapid development of big data, cloud computing, and artificial intelligence has brought new opportunities to the development of the medical field. The emergence of electronic medical records and medical information systems has provided great convenience for people's medical treatment. However, the arrival of the big data era also poses new challenges to the protection of human medical privacy. The development and application of medical big data have led to explosive growth of data in the medical field, putting pressure on the management of medical institutions. The sharing of medical data between medical institutions and between medical institutions and third parties also poses significant security risks. Moreover, medical data leakage incidents have been continuously exposed in recent years, seriously infringing on the identity and privacy rights of patients. This article aims to explore the research on personal medical information protection based on big data. Firstly, the importance and necessity of protecting personal medical information were analyzed, as well as the current application status and existing problems of big data in medical information management. Secondly, a comparative analysis of domestic and international research on medical privacy protection was elaborated, including the analysis of medical information privacy protection standards in the United States, Europe, and Asia, and the differences and commonalities of international medical information privacy protection standards were compared and analyzed. Then, the theoretical basis of medical information privacy protection was summarized. Then, the application methods and technologies of big data in personal medical information protection were discussed. Finally, relevant countermeasures and suggestions for the protection of personal medical information in big data were discussed, including privacy protection technologies and policy recommendations, as well as ethical issues and norms for the protection of medical information privacy. Through this study, it is hoped that it can provide reference and inspiration for the protection of personal medical information in big data, and provide ideas and suggestions for future development directions.

Yuxue Li,Lijun Song,Yucheng Zeng

DOI: https://doi.org/10.1002/cpe.4881

2018-10-03

Concurrency and Computation: Practice and Experience

Abstract:Summary In the big data era, information security is becoming more and more important. The recent scandal of the data privacy on Facebook sounded the warning bell for us. Based on the utility theory, this paper proposes that the disclosure behavior of consumer personal information is mainly influenced by two factors, which are perceived risk and perceived benefit, respectively. When consumers make decisions, they weigh the risks and benefits. If the income is greater than the risk, the consumer is willing to provide the information on the website and vice versa. This paper analyzes the serious threats to the safety and privacy of commercial big data and proposes a multi‐level security protection theoretical model for business information security and privacy protection from the perspective of business big data security. The security functions and core technologies of each layer are described in detail, which provide a useful and in‐depth theoretical exploration for practical engineering. Finally, based on the privacy protection of large data and the principle of RBAC, a model of user privacy information security system is proposed.

Shaden S. Al Aqeeli,Mznah A. Al-Rodhaan,Yuan Tian,Abdullah M. Al-Dhelaan

DOI: https://doi.org/10.4236/etsn.2018.71001

2018-01-01

E-Health Telecommunication Systems and Networks

Abstract:In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient’s medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI0 and RIMIDI1, which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient’s data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.

Jung-Jin Kim,

DOI: https://doi.org/10.22397/bml.2022.28.177

2022-12-31

Wonkwang University Legal Research Institute

Abstract:A recent development of information technology (IT) has brought many changes to hospital treatment and medical administrative services. Healthcare using clinical data accumulated by electronic medical records is changing the industry paradigm. In addition, with the spread of mobile internet and wearable health devices, it has been possible to build an infrastructure for health data that can converge ‘health’ and ‘medical.’ It provides convenience and speed not experienced in traditional healthcare through medical institutions such as hospitals. On the other hand, the collection and utilization of medical big data in medicine and electronic medical records have brought about many changes in privacy projection. The privacy of patients is used in hospitals and other institutions in a way called ‘information privacy.’ In other words, privacy is used as a piece of ‘information’ and is used for disease treatment, medical research, and insurance product development. As medical big data is collected from various devices and reprocessed in various ways, however, the risk of personal privacy rights being infringed has increased. Although these risks are inherent, a legal basis is not perfectly established yet. Therefore, this study reviews the current status of medical big data utilization in China and analyzes various legal issues related to the privacy information of medical big data. Besides, the study examines the civil legal status and protection measureless of privacy inflammation on medical big data and then proposes legislative improvement measures.

Yuqi Dong,Jianhong Zhai

DOI: https://doi.org/10.1145/3207677.3277929

2018-01-01

Abstract:With(1) the development of online social media platform, people are gaining more opportunities to show themselves, meanwhile, more personal information will be exposed to the public. This paper proposes a user's privacy risk assessment model based on the Trust-Aware framework, which introduces two parameters-privacy awareness and trust- awareness. And the model also integrates the needs of users in the actual application situation, quantitatively assessing the risk of privacy leakage that may be caused by users' online social behavior in three aspects: user's privacy awareness, social risk and content risk. The assessment model also generates a visual assessment report in forms of charts to help users fully and objectively recognize the potential privacy leakage in the OSNs, and establish the right sense of privacy. Tests result shows that the assessment model can accurately and comprehensively summarizes the full online social behavior of users, and assesses the probability of privacy leakage. Practical operation shows that the system has good stability. The assessment model provides a new idea for online social platform service providers to protect their users' data, which has practical and promotional value.

DOI: https://doi.org/10.1186/s40537-023-00783-8

2023-06-17

Journal Of Big Data

Abstract:The rapid development of healthcare big data has brought certain convenience to medical research and health management, but privacy protection of healthcare big data is an issue that must be considered in the process of data application. Access control is one of the methods for privacy protection, but traditional access control models cannot adapt to the dynamic, continuous, and real-time characteristics of healthcare big data scenarios. In this paper, we propose an access control model based on risk quantification and usage control (RQ-UCON). The model adds a risk quantification module to the traditional UCON model to achieve privacy protection of medical data. This module classifies risks into direct and indirect risks and quantifies them based on the physician's visit history. The model stores the quantified risk values as subject attributes. The RQ-UCON model uses an improved Exponentially Weighted Moving Average (EWMA) and penalty factors to predict risk value and to update the risk values of the subject attributes in real-time. The RQ-UCON model uses agglomerative hierarchical clustering to cluster the risk values of physicians within the department, resulting in risk intervals for each physician's operational behavior. Each risk interval is stored as a condition in the RQ-UCON model. Finally, according to the model whether the subject attributes meet the model conditions to determine whether the subject has the corresponding access rights, and according to the risk interval to grant the subject the corresponding access rights. Through the final experiment, it can be seen that the access control model proposed in this paper has a certain control on the excessive access behavior of doctors and has a certain limitation on the privacy leakage of healthcare big data.