FLBP: A Federated Learning-enabled and Blockchain-supported Privacy-Preserving of Electronic Patient Records for the Internet of Medical Things

The evolution of the computing paradigms and the Internet of Medical Things (IoMT) have transfigured the healthcare sector with an alarming rise of privacy issues in healthcare records. The rapid growth of medical data leads to privacy and security concerns to protect the confidentiality and integrity of the data in the feature-loaded infrastructure and applications. Moreover, the sharing of medical records of a patient among hospitals rises security and interoperability issues. This article, therefore, proposes a Federated Learning-and-Blockchain-enabled framework to protect electronic medical records from unauthorized access using a deep learning technique called Artificial Neural Network (ANN) for a collaborative IoMT-Fog-Cloud environment. ANN is used to identify insiders and intruders. An Elliptical Curve Digital Signature (ECDS) algorithm is adopted to devise a secured Blockchain-based validation method. To process the anti-malicious propagation method, a Blockchain-based Health Record Sharing (BHRS) is implemented. In addition, an FL approach is integrated into Blockchain for scalable applications to form a global model without the need of sharing and storing the raw data in the Cloud. The proposed model is evident from the simulations that it improves the operational cost and communication (latency) overhead with a percentage of 85.2% and 62.76%, respectively. The results showcase the utility and efficacy of the proposed model

Protecting Patient Privacy: Strategies for Regulating Electronic Health Records Exchange

The report offers policymakers 10 recommendations to protect patient privacy as New York state develops a centralized system for sharing electronic medical records. Those recommendations include:Require that the electronic systems employed by HIEs have the capability to sort and segregate medical information in order to comply with guaranteed privacy protections of New York and federal law. Presently, they do not.Offer patients the right to opt-out of the system altogether. Currently, people's records can be uploaded to the system without their consent.Require that patient consent forms offer clear information-sharing options. The forms should give patients three options: to opt-in and allow providers access to their electronic medical records, to opt-out except in the event of a medical emergency, or to opt-out altogether.Prohibit and sanction the misuse of medical information. New York must protect patients from potential bad actors--that small minority of providers who may abuse information out of fear, prejudice or malice.Prohibit the health information-sharing networks from selling data. The State Legislature should pass legislation prohibiting the networks from selling patients' private health information

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

Patient privacy protection using anonymous access control techniques

Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records

Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule

In this Article, we discuss how these principles for balancing apply in a number of important contexts where individually identifiable health data are shared. In Part I, we analyze the modern view favoring autonomy and privacy. In the last several decades, individual autonomy has been used as a justification for preventing sharing of information irrespective of the good to be achieved. Although respect for privacy can sometimes be important for achieving public purposes (e.g., fostering the physician/patient relationship), it can also impair the achievement of goals that are necessary for any healthy and prosperous society. A framework for balancing that strictly favors privacy can lead to reduced efficiencies in clinical care, research, and public health. We reason that society would be better served, and individuals would be only marginally less protected, if privacy rules permitted exchange of data for important public benefits. In Part II, we explain the national health information privacy regulations: (1) what do they cover?; (2) to whom do they apply?; and (3) how do they safeguard personal privacy? Parts III and IV focus on whether the standards adhere, or fail to adhere, to the privacy principles discussed in Part I. In Part III, we examine two autonomy rules established in the national privacy regulations: informed consent (for uses or disclosures of identifiable health data for health-care related purposes) and written authorization (for uses or disclosures of health data for non-health care related purposes). We observe that the informed consent rule is neither informed nor consensual. The rule is likely to thwart the effective management of health organizations without benefiting the individual. Requiring written authorization, on the other hand, protects individual privacy to prevent disclosures to entities that do not perform health-related functions, such as employers and life insurers. In Part IV, we examine various contexts in which data can be shared for public purposes under the national privacy rule: public health, research, law enforcement, familial notification, and commercial marketing. We apply our framework for balancing in each context and observe the relative strengths and weaknesses of the privacy regulations in achieving a fair balance of private and public interests

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

Semantic processing of EHR data for clinical research

There is a growing need to semantically process and integrate clinical data from different sources for clinical research. This paper presents an approach to integrate EHRs from heterogeneous resources and generate integrated data in different data formats or semantics to support various clinical research applications. The proposed approach builds semantic data virtualization layers on top of data sources, which generate data in the requested semantics or formats on demand. This approach avoids upfront dumping to and synchronizing of the data with various representations. Data from different EHR systems are first mapped to RDF data with source semantics, and then converted to representations with harmonized domain semantics where domain ontologies and terminologies are used to improve reusability. It is also possible to further convert data to application semantics and store the converted results in clinical research databases, e.g. i2b2, OMOP, to support different clinical research settings. Semantic conversions between different representations are explicitly expressed using N3 rules and executed by an N3 Reasoner (EYE), which can also generate proofs of the conversion processes. The solution presented in this paper has been applied to real-world applications that process large scale EHR data.Comment: Accepted for publication in Journal of Biomedical Informatics, 2015, preprint versio