User-centric distributed solutions for privacy-preserving analytics

How can cryptography empower users with sensitive data to access large-scale computing platforms in a privacy-preserving manner?</jats:p

Secure and scalable deduplication of horizontally partitioned health data for privacy-preserving distributed statistical computation

Background Techniques have been developed to compute statistics on distributed datasets without revealing private information except the statistical results. However, duplicate records in a distributed dataset may lead to incorrect statistical results. Therefore, to increase the accuracy of the statistical analysis of a distributed dataset, secure deduplication is an important preprocessing step. Methods We designed a secure protocol for the deduplication of horizontally partitioned datasets with deterministic record linkage algorithms. We provided a formal security analysis of the protocol in the presence of semi-honest adversaries. The protocol was implemented and deployed across three microbiology laboratories located in Norway, and we ran experiments on the datasets in which the number of records for each laboratory varied. Experiments were also performed on simulated microbiology datasets and data custodians connected through a local area network. Results The security analysis demonstrated that the protocol protects the privacy of individuals and data custodians under a semi-honest adversarial model. More precisely, the protocol remains secure with the collusion of up to N − 2 corrupt data custodians. The total runtime for the protocol scales linearly with the addition of data custodians and records. One million simulated records distributed across 20 data custodians were deduplicated within 45 s. The experimental results showed that the protocol is more efficient and scalable than previous protocols for the same problem. Conclusions The proposed deduplication protocol is efficient and scalable for practical uses while protecting the privacy of patients and data custodians

Physician privacy concerns when disclosing patient data for public health purposes during a pandemic influenza outbreak

Background: Privacy concerns by providers have been a barrier to disclosing patient information for public health\ud purposes. This is the case even for mandated notifiable disease reporting. In the context of a pandemic it has been\ud argued that the public good should supersede an individual’s right to privacy. The precise nature of these provider\ud privacy concerns, and whether they are diluted in the context of a pandemic are not known. Our objective was to\ud understand the privacy barriers which could potentially influence family physicians’ reporting of patient-level\ud surveillance data to public health agencies during the Fall 2009 pandemic H1N1 influenza outbreak.\ud Methods: Thirty seven family doctors participated in a series of five focus groups between October 29-31 2009.\ud They also completed a survey about the data they were willing to disclose to public health units. Descriptive\ud statistics were used to summarize the amount of patient detail the participants were willing to disclose, factors that\ud would facilitate data disclosure, and the consensus on those factors. The analysis of the qualitative data was based\ud on grounded theory.\ud Results: The family doctors were reluctant to disclose patient data to public health units. This was due to concerns\ud about the extent to which public health agencies are dependable to protect health information (trusting beliefs),\ud and the possibility of loss due to disclosing health information (risk beliefs). We identified six specific actions that\ud public health units can take which would affect these beliefs, and potentially increase the willingness to disclose\ud patient information for public health purposes.\ud Conclusions: The uncertainty surrounding a pandemic of a new strain of influenza has not changed the privacy\ud concerns of physicians about disclosing patient data. It is important to address these concerns to ensure reliable\ud reporting during future outbreaks.University of Ottawa Open Access Author Fun

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

Protecting the privacy of individual general practice patient electronic records for geospatial epidemiology research

Background: General practitioner (GP) practices in Australia are increasingly storing patient information in electronic databases. These practice databases can be accessed by clinical audit software to generate reports that inform clinical or population health decision making and public health surveillance. Many audit software applications also have the capacity to generate de-identified patient unit record data. However, the de-identified nature of the extracted data means that these records often lack geographic information. Without spatial references, it is impossible to build maps reflecting the spatial distribution of patients with particular conditions and needs. Links to socioeconomic, demographic, environmental or other geographically based information are also not possible. In some cases, relatively coarse geographies such as postcode are available, but these are of limited use and researchers cannot undertake precision spatial analyses such as calculating travel times. Methods: We describe a method that allows researchers to implement meaningful mapping and spatial epidemiological analyses of practice level patient data while preserving privacy. Results: This solution has been piloted in a diabetes risk research project in the patient population of a practice in Adelaide. Conclusions and Implications: The method offers researchers a powerful means of analysing geographic clinic data in a privacy-protected manner

A Protocol for the Secure Linking of Registries for HPV Surveillance

In order to monitor the effectiveness of HPV vaccination in Canada the linkage of multiple data registries may be required. These registries may not always be managed by the same organization and, furthermore, privacy legislation or practices may restrict any data linkages of records that can actually be done among registries. The objective of this study was to develop a secure protocol for linking data from different registries and to allow on-going monitoring of HPV vaccine effectiveness.A secure linking protocol, using commutative hash functions and secure multi-party computation techniques was developed. This protocol allows for the exact matching of records among registries and the computation of statistics on the linked data while meeting five practical requirements to ensure patient confidentiality and privacy. The statistics considered were: odds ratio and its confidence interval, chi-square test, and relative risk and its confidence interval. Additional statistics on contingency tables, such as other measures of association, can be added using the same principles presented. The computation time performance of this protocol was evaluated.The protocol has acceptable computation time and scales linearly with the size of the data set and the size of the contingency table. The worse case computation time for up to 100,000 patients returned by each query and a 16 cell contingency table is less than 4 hours for basic statistics, and the best case is under 3 hours.A computationally practical protocol for the secure linking of data from multiple registries has been demonstrated in the context of HPV vaccine initiative impact assessment. The basic protocol can be generalized to the surveillance of other conditions, diseases, or vaccination programs

Flattening the Curve While Protecting Our Right to Privacy: How the United States Can Implement the Digital Contract Tracing Efforts Used in East Asia

This paper looks at the digital contact tracing efforts implemented by other nations and assesses how similar measures could operate under enacted and proposed United States laws. Part I overviews the history of contact tracing and its effectiveness in prior disease outbreaks. Part II delves into the digital contact tracing efforts implemented by South Korea and Singapore. These summaries include: the digital contact tracing efforts taken, the laws that authorize these efforts, the public’s reception, and the overall effectiveness of the efforts. Part III overviews the digital contact tracing efforts in the United States, including proposed legislation aimed at user privacy. This part focuses on two proposed legislations: the Exposure Notification Privacy Act and the Public Health Emergency Privacy Act. Part IV analyzes which provisions of the ENPA and the PHEPA would best restrain the digital contact tracing efforts used in South Korea and Singapore if they were to be implemented in United States. Part V concludes with a final recommendation and recap of the following analysis