Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption

Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. However, there have been serious privacy concerns about outsourcing PHR data to cloud servers, not only because cloud providers are generally not covered entities under HIPAA, but also due to an increasing number of cloud data breach incidents happened in recent years. In this thesis, we propose a privacy-preserving PHR system using attribute-based encryption (ABE). In this system, patients can encrypt their PHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive PHR contexts. Meanwhile patients maintain full control over access to their PHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their PHR. Our system also provides extra features such as populating PHR from professional electronic health record (EHR) using ABE. In order to evaluate our proposal, we create a Linux library that implement primitive of key-policy attribute-based encryption (KP-ABE) algorithms. We also build a PHR application based on Indivo PCHR system that allow doctors to encrypt and submit their prescription and diagnostic note to PHR servers using KP-ABE. We evaluate the performance efficiency of different ABE schemes as well as the data query time of Indivo PCHR system when PHR data are encrypted under ABE scheme

Blockchain for Healthcare: Securing Patient Data and Enabling Trusted Artificial Intelligence

Advances in information technology are digitizing the healthcare domain with the aim of improved medical services, diagnostics, continuous monitoring using wearables, etc., at reduced costs. This digitization improves the ease of computation, storage and access of medical records which enables better treatment experiences for patients. However, it comes with a risk of cyber attacks and security and privacy concerns on this digital data. In this work, we propose a Blockchain based solution for healthcare records to address the security and privacy concerns which are currently not present in existing e-Health systems. This work also explores the potential of building trusted Artificial Intelligence models over Blockchain in e-Health, where a transparent platform for consent-based data sharing is designed. Provenance of the consent of individuals and traceability of data sources used for building and training the AI model is captured in an immutable distributed data store. The audit trail of the data access captured using Blockchain provides the data owner to understand the exposure of the data. It also helps the user to understand the revenue models that could be built on top of this framework for commercial data sharing to build trusted AI models

Building patient trust in electronic health records

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been as straight forward, holistic or as uniform as in the European countries’ studied. This has meant that issues around personal privacy and security have not been addressed in an effective and functional manner. Surprisingly, the researchers found that the patient is absent in the PCEHR privacy and security discussion; and their perceptions of, and requirements for privacy and secure management of their medical information is absent. The concept of personal privacy and security has yet to be fully explored from the patient’s perspective, despite it being a Personally Controlled Health Record

Building patient trust in electronic health records

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been as straight forward, holistic or as uniform as in the European countries’ studied. This has meant that issues around personal privacy and security have not been addressed in an effective and functional manner. Surprisingly, the researchers found that the patient is absent in the PCEHR privacy and security discussion; and their perceptions of, and requirements for privacy and secure management of their medical information is absent. The concept of personal privacy and security has yet to be fully explored from the patient’s perspective, despite it being a Personally Controlled Health Record

Privacy and Accountability in Black-Box Medicine

Black-box medicine—the use of big data and sophisticated machine learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, but this means giving outsiders access to this health information. This article examines the tension between the twin goals of privacy and accountability and develops a framework for balancing that tension. It proposes three pillars for an effective system of privacy-preserving accountability: substantive limitations on the collection, use, and disclosure of patient information; independent gatekeepers regulating information sharing between those developing and verifying black-box algorithms; and information-security requirements to prevent unintentional disclosures of patient information. The article examines and draws on a similar debate in the field of clinical trials, where disclosing information from past trials can lead to new treatments but also threatens patient privacy