Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Zhou Tian-shu,Li Peng-fei,Li Jing-song

DOI: https://doi.org/10.2991/ccis-13.2013.56

2013-01-01

Abstract:Since the health information exchange (HIE) becomes more and more important and numerous systems have been implemented among medical institutions and regions, there also grows the concern of data security and privacy protection. In the prior work, we have designed and developed an international clinical data exchange system named Global Dolphin, technically achieving the goal of health information exchange between China and Japan. However, to put the system into practical use, we have to take the different privacy protection rules into account. In the clinical data exchange implementation, we tried to conform to the stricter privacy protection standards and designed a protected health information (PHI) de-identification system to keep the personal information secure from third parties. Since China and Japan do not yet have detailed rules and guidelines such as the safe harbor method in Health Insurance Portability and Accountability Act (HIPAA), thus we have referenced some of the HIPAA rules and guidelines about PHI, and used a dictionary and regular expressions pattern matching de-identification means to protect personal privacy.

Tian-shu ZHOU,Xing-hua ZHU,Jing-song LI

DOI: https://doi.org/10.3969/j.issn.1673-7571.2015.06.025

2015-01-01

Abstract:To meet the demand of big data sharing and communication in regional medical systems in a secure manner, we designed and developed a security system within HIE-oriented EMR, including identity authentication, privilege management, access log, and data encryption modules. The establish and deployment of the system could prevent access from the illegal users, keep EMR system accessibility while controllability, record the modification traces and make it undeniability, protect the medical data from intercepted by intruders, keep the data confidentiality from none stakeholders, and finally construct a complete security system in EMR.

Bruno Rodrigues,Ivone Amorim,Ivan Costa,Alexandra Mendes

2023-07-04

Abstract:The exponential growth in the digitisation of services implies the handling and storage of large volumes of data. Businesses and services see data sharing and crossing as an opportunity to improve and produce new business opportunities. The health sector is one area where this proves to be true, enabling better and more innovative treatments. Notwithstanding, this raises concerns regarding personal data being treated and processed. In this paper, we present a patient-centric platform for the secure sharing of health records by shifting the control over the data to the patient, therefore, providing a step further towards data sovereignty. Data sharing is performed only with the consent of the patient, allowing it to revoke access at any given time. Furthermore, we also provide a break-glass approach, resorting to Proxy Re-encryption (PRE) and the concept of a centralised trusted entity that possesses instant access to patients' medical records. Lastly, an analysis is made to assess the performance of the platform's key operations, and the impact that a PRE scheme has on those operations.

Cryptography and Security

Ivan Costa,Ivone Amorim,Eva Maia,Pedro Barbosa,Isabel Praca

2024-04-17

Abstract:Healthcare data contains some of the most sensitive information about an individual, yet sharing this data with healthcare practitioners can significantly enhance patient care and support research efforts. However, current systems for sharing health data between patients and caregivers do not fully address the critical security requirements of privacy, confidentiality, and consent management. Furthermore, compliance with regulatory laws such as GDPR and HIPAA is often deficient, largely because patients typically are asked to provide general consent for healthcare entities to access their data. Recognizing the limitations of existing systems, we present S3PHER, a novel approach to sharing health data that provides patients with control over who accesses their data, what data is accessed, and when. Our system ensures end to end privacy by integrating a Proxy ReEncryption Scheme with a Searchable Encryption Scheme, utilizing Homomorphic Encryption to enable healthcare practitioners to privately search and access patients' documents. The practicality and benefits of S3PHER are further validated through end to end deployment and use case analyses, with tests on real datasets demonstrating promising execution times.

Cryptography and Security

James Scheibner,Jean Louis Raisaro,Juan Ramón Troncoso-Pastoriza,Marcello Ienca,Jacques Fellay,Effy Vayena,Jean-Pierre Hubaux

DOI: https://doi.org/10.48550/arXiv.2010.14445

2020-10-28

Abstract:Multisite medical data sharing is critical in modern clinical practice and medical research. The challenge is to conduct data sharing that preserves individual privacy and data usability. The shortcomings of traditional privacy-enhancing technologies mean that institutions rely on bespoke data sharing contracts. These contracts increase the inefficiency of data sharing and may disincentivize important clinical treatment and medical research. This paper provides a synthesis between two novel advanced privacy enhancing technologies (PETs): Homomorphic Encryption and Secure Multiparty Computation (defined together as Multiparty Homomorphic Encryption or MHE). These PETs provide a mathematical guarantee of privacy, with MHE providing a performance advantage over separately using HE or SMC. We argue MHE fulfills legal requirements for medical data sharing under the General Data Protection Regulation (GDPR) which has set a global benchmark for data protection. Specifically, the data processed and shared using MHE can be considered anonymized data. We explain how MHE can reduce the reliance on customized contractual measures between institutions. The proposed approach can accelerate the pace of medical research whilst offering additional incentives for healthcare and research institutes to employ common data interoperability standards.

Cryptography and Security,Computers and Society

Han Qiu,Meikang Qiu,Meiqin Liu,Gerard Memmi

DOI: https://doi.org/10.48550/arXiv.1904.08270

2019-04-17

Cryptography and Security

Abstract:The recent spades of cyber security attacks have compromised end users' data safety and privacy in Medical Cyber-Physical Systems (MCPS). Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted by a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as end user's smartphone and lets the end user to control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove the efficiency.

Xiang Wu,Yongting Zhang,Aming Wang,Minyu Shi,Huanhuan Wang,Lian Liu

DOI: https://doi.org/10.1007/s00521-020-04873-z

2020-05-23

Neural Computing and Applications

Abstract:How to transform the growing medical big data into medical knowledge is a global topic. However, medical data contains a large amount of personal privacy information, especially electronic medical records, gene data and electroencephalography data; the current methods and tools for data sharing are not efficient or cannot be applied in real-life applications. Privacy disclosure has become the bottleneck of medical big data sharing. In this context, we conducted research of medical data from the data collection, data transport and data sharing to solve the key problems of privacy protection and put forward a privacy protection sharing platform called MNSSp3 (medical big data privacy protection platform based on Internet of things), which attempts to provide an effective medical data sharing solution with the privacy protection algorithms for different data types and support for data analytics. The platform focuses on the transmission and sharing security of medical big data to provide users with mining methods and realizes the separation of data and users to ensure the security of medical data. Moreover, the platform also provides users with the capacity to upload privacy algorithms independently. We discussed the requirements and the design components of the platform, then three case studies were presented to verify the functionality of the platform, and the results of the experiments show clearly the benefit and practicality of the proposed platform.

computer science, artificial intelligence

YeHong Yao,Chenghao Zhang,Jianyong Sun,Jin Jin,Jianguo Zhang

DOI: https://doi.org/10.1117/12.709156

2007-01-01

Abstract:The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-1 profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Emmanouil G Spanakis,Stelios Sfakianakis,Silvia Bonomi,Claudio Ciccotelli,Sabina Magalini,Vangelis Sakkalis

DOI: https://doi.org/10.3389/fdgth.2021.636082

2021-04-09

Abstract:This work aims to provide information, guidelines, established practices and standards, and an extensive evaluation on new and promising technologies for the implementation of a secure information sharing platform for health-related data. We focus strictly on the technical aspects and specifically on the sharing of health information, studying innovative techniques for secure information sharing within the health-care domain, and we describe our solution and evaluate the use of blockchain methodologically for integrating within our implementation. To do so, we analyze health information sharing within the concept of the PANACEA project that facilitates the design, implementation, and deployment of a relevant platform. The research presented in this paper provides evidence and argumentation toward advanced and novel implementation strategies for a state-of-the-art information sharing environment; a description of high-level requirements for the transfer of data between different health-care organizations or cross-border; technologies to support the secure interconnectivity and trust between information technology (IT) systems participating in a sharing-data "community"; standards, guidelines, and interoperability specifications for implementing a common understanding and integration in the sharing of clinical information; and the use of cloud computing and prospectively more advanced technologies such as blockchain. The technologies described and the possible implementation approaches are presented in the design of an innovative secure information sharing platform in the health-care domain.

Kambombo Mtonga,Haomiao Yang,Eunjun Yoon,Hyunsung Kim

DOI: https://doi.org/10.1007/978-94-007-6738-6_26

2013-01-01

Abstract:The digitization of patient health information has brought many benefits and challenges for both the patient and doctor. But security and privacy preservation have remained important challenges for wireless health monitoring systems. Such concerns may result in reluctance and skepticism towards health systems by patients. The reason for this skepticism is mainly attributed to the lack of assurances about the way patient health information is handled and the implications that may result from it on patients' privacy. This paper proposes an identity-based privacy preservation framework over u-healthcare systems. Our framework is based on the concepts of identity-based cryptography and non-interactive key agreement scheme using bilinear pairing. The proposed framework achieves authentication, patient anonymity, un-traceability, patient data privacy and session key secrecy, and resistance against impersonation and replay attacks. © 2013 Springer Science+Business Media Dordrecht(Outside the USA).

Jinyuan Sun,Xiaoyan Zhu,Chi Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2011.83

2011-01-01

Abstract:Privacy concern is arguably the major barrier that hinders the deployment of electronic health record (EHR) systems which are considered more efficient, less error-prone, and of higher availability compared to traditional paper record systems. Patients are unwilling to accept the EHR system unless their protected health information (PHI) containing highly confidential data is guaranteed proper use and disclosure, which cannot be easily achieved without patients' control over their own PHI. However, cautions must be taken to handle emergencies in which the patient may be physically incompetent to retrieve the controlled PHI for emergency treatment. In this paper, we propose a secure EHR system, HCPP (Healthcare system for Patient Privacy), based on cryptographic constructions and existing wireless network infrastructures, to provide privacy protection to patients under any circumstances while enabling timely PHI retrieval for life-saving treatment in emergency situations. Furthermore, our HCPP system restricts PHI access to authorized (not arbitrary) physicians, who can be traced and held accountable if the accessed PHI is found improperly disclosed. Last but not least, HCPP leverages wireless network access to support efficient and private storage/retrieval of PHI, which underlies a secure and feasible EHR system.

Luis B Elvas,Carlos Serrão,Joao C Ferreira

DOI: https://doi.org/10.3390/healthcare11020170

2023-01-05

Abstract:Data sharing in the health sector represents a big problem due to privacy and security issues. Health data have tremendous value for organisations and criminals. The European Commission has classified health data as a unique resource owing to their ability to enable both retrospective and prospective research at a low cost. Similarly, the Organisation for Economic Co-operation and Development (OECD) encourages member nations to create and implement health data governance systems that protect individual privacy while allowing data sharing. This paper proposes adopting a blockchain framework to enable the transparent sharing of medical information among health entities in a secure environment. We develop a laboratory-based prototype using a design science research methodology (DSRM). This approach has its roots in the sciences of engineering and artificial intelligence, and its primary goal is to create relevant artefacts that add value to the fields in which they are used. We adopt a patient-centric approach, according to which a patient is the owner of their data and may allow hospitals and health professionals access to their data.

Stefanos Gritzalis,Costas Lambrinoudakis,Dimitrios Lekkas,Spyros Deftereos

DOI: https://doi.org/10.1109/titb.2005.847498

Abstract:Raising awareness and providing guidance to on-line data protection is undoubtedly a crucial issue worldwide. Equally important is the issue of applying privacy-related legislation in a coherent and coordinated way. Both these topics gain extra attention when referring to medical environments and, thus, to the protection of patients' privacy and medical data. Electronic medical transactions require the transmission of personal and medical information over insecure communication channels like the Internet. It is, therefore, a rather straightforward task to capture the electronic medical behavior of a patient, thus constructing "patient profiles," or reveal sensitive information related to a patient's medical history. The consequence is clearly a potential violation of the patient's privacy. We performed a risk analysis study for a Greek shared care environment for the treatment of patients suffering from beta-thalassemia, an empirically embedded scenario that is representative of many other electronic medical environments; we capitalized on its results to provide an assessment of the associated risks, focusing on the description of countermeasures, in the form of technical guidelines that can be employed in such medical environments for protecting the privacy of personal and medical information.

Shengmin Xu,Jianting Ning,Xinyi Huang,Yingjiu Li,Guowen Xu

DOI: https://doi.org/10.1109/tdsc.2021.3106393

2022-01-01

Abstract:Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Han Qiu,Meikang Qiu,Meiqin Liu,Gerard Memmi

DOI: https://doi.org/10.1109/jbhi.2020.2973467

IF: 7.7

2020-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The recent spades of cyber attacks have compromised end-users' data security and privacy in Medical Cyber-Physical Systems (MCPS) in the era of Health 4.0. Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end-users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety, and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted of a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as the end-users' smartphone and lets the end-user control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove efficiency.

Rajesh Sharma,Deepak Subramanian,Satish N. Srirama

DOI: https://doi.org/10.48550/arXiv.1410.5696

2014-10-21

Abstract:The digitization of the medical data has been a sensitive topic. In modern times laws such as the HIPAA provide some guidelines for electronic transactions in medical data to prevent attacks and fraudulent usage of private information. In our paper, we explore an architecture that uses hybrid computing with decentralized key management and show how it is suitable in preventing a special form of re-identification attack that we name as the re-assembly attack. This architecture would be able to use current infrastructure from mobile phones to server certificates and cloud based decentralized storage models in an efficient way to provide a reliable model for communication of medical data. We encompass entities including patients, doctors, insurance agents, emergency contacts, researchers, medical test laboratories and technicians. This is a complete architecture that provides patients with a good level of privacy, secure communication and more direct control.

Cryptography and Security,Computers and Society

Ji-Jiang Yang,Jian-Qiang Li,Yu Niu

DOI: https://doi.org/10.1016/j.future.2014.06.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Storing and sharing of medical data in the cloud environment, where computing resources including storage is provided by a third party service provider, raise serious concern of individual privacy for the adoption of cloud computing technologies. Existing privacy protection researches can be classified into three categories, i.e., privacy by policy, privacy by statistics, and privacy by cryptography. However, the privacy concerns and data utilization requirements on different parts of the medical data may be quite different. The solution for medical dataset sharing in the cloud should support multiple data accessing paradigms with different privacy strengths. The statistics or cryptography technology alone cannot enforce the multiple privacy demands, which blocks their application in the real-world cloud. This paper proposes a practical solution for privacy preserving medical record sharing for cloud computing. Based on the classification of the attributes of medical records, we use vertical partition of medical dataset to achieve the consideration of different parts of medical data with different privacy concerns. It mainly includes four components, i.e., (1) vertical data partition for medical data publishing, (2) data merging for medical dataset accessing, (3) integrity checking, and (4) hybrid search across plaintext and ciphertext, where the statistical analysis and cryptography are innovatively combined together to provide multiple paradigms of balance between medical data utilization and privacy protection. A prototype system for the large scale medical data access and sharing is implemented. Extensive experiments show the effectiveness of our proposed solution.

Felix Nikolaus Wirth,Thierry Meurers,Marco Johns,Fabian Prasser

DOI: https://doi.org/10.1186/s12911-021-01602-x

IF: 3.298

2021-08-12

BMC Medical Informatics and Decision Making

Abstract:Abstract Background Data sharing is considered a crucial part of modern medical research. Unfortunately, despite its advantages, it often faces obstacles, especially data privacy challenges. As a result, various approaches and infrastructures have been developed that aim to ensure that patients and research participants remain anonymous when data is shared. However, privacy protection typically comes at a cost, e.g. restrictions regarding the types of analyses that can be performed on shared data. What is lacking is a systematization making the trade-offs taken by different approaches transparent. The aim of the work described in this paper was to develop a systematization for the degree of privacy protection provided and the trade-offs taken by different data sharing methods. Based on this contribution, we categorized popular data sharing approaches and identified research gaps by analyzing combinations of promising properties and features that are not yet supported by existing approaches. Methods The systematization consists of different axes. Three axes relate to privacy protection aspects and were adopted from the popular Five Safes Framework: (1) safe data, addressing privacy at the input level, (2) safe settings, addressing privacy during shared processing, and (3) safe outputs, addressing privacy protection of analysis results. Three additional axes address the usefulness of approaches: (4) support for de-duplication, to enable the reconciliation of data belonging to the same individuals, (5) flexibility, to be able to adapt to different data analysis requirements, and (6) scalability, to maintain performance with increasing complexity of shared data or common analysis processes. Results Using the systematization, we identified three different categories of approaches: distributed data analyses, which exchange anonymous aggregated data, secure multi-party computation protocols, which exchange encrypted data, and data enclaves, which store pooled individual-level data in secure environments for access for analysis purposes. We identified important research gaps, including a lack of approaches enabling the de-duplication of horizontally distributed data or providing a high degree of flexibility. Conclusions There are fundamental differences between different data sharing approaches and several gaps in their functionality that may be interesting to investigate in future work. Our systematization can make the properties of privacy-preserving data sharing infrastructures more transparent and support decision makers and regulatory authorities with a better understanding of the trade-offs taken.

medical informatics

Vinaytosh Mishra,Kishu Gupta,Deepika Saxena,Ashutosh Kumar Singh

DOI: https://doi.org/10.1109/TCE.2024.3373912

2024-10-05

Abstract:Electronic Health Records (EHR) are crucial for the success of digital healthcare, with a focus on putting consumers at the center of this transformation. However, the digitalization of healthcare records brings along security and privacy risks for personal data. The major concern is that different countries have varying standards for the security and privacy of medical data. This paper proposed a novel and comprehensive framework to standardize these rules globally, bringing them together on a common platform. To support this proposal, the study reviews existing literature to understand the research interest in this issue. It also examines six key laws and standards related to security and privacy, identifying twenty concepts. The proposed framework utilized K-means clustering to categorize these concepts and identify five key factors. Finally, an Ordinal Priority Approach is applied to determine the preferred implementation of these factors in the context of EHRs. The proposed study provides a descriptive then prescriptive framework for the implementation of privacy and security in the context of electronic health records. Therefore, the findings of the proposed framework are useful for professionals and policymakers in improving the security and privacy associated with EHRs.

Machine Learning