Project Description

Medical institutions generate massive amounts of clinical data. Such data is needed by scientists and medical practitioners for research purposes and also to provide better care to the patients. Inadvertent or malicious disclosure of such data to unauthorized individuals or organizations may have catastrophic consequences. Consequently, medical institutions must comply with federal and state policies when they release sensitive medical data to others. The institutes are responsible for interpreting these rules and developing their own data release procedures. In addition, the institutes often have their own operational protocol and may provide additional security policies. Moreover, for reasons of security and privacy, the patients should have control over what data is released to individuals and also should be aware of how this data is going to be used by the data requesters. Access control and sharing of medical data thus poses unique challenges.

We are investigating how the various policies imposed by the different stakeholders can be specified and enforced, keeping in mind that the policies by the various agencies or the preferences of the patient may change any time. Traditionally, role-based access control has been used to model the security policies of commercial organizations. Although clinical data may be released to the health care providers on the basis of roles, such a model is inadequate for disseminating data to the researchers where the disclosure is dependent on the attributes of the researcher. Moreover, it fails to provide a flexible mechanism through which patients as well as institutes can express their requirements. It also fails to capture the purpose for which data will be released to the various stakeholders. Patients may be unwilling to disclose their data unless they know why the data requesters need access to the data. The project looks at how attribute-based access control can address such challenges.

Another orthogonal problem arises when researchers need access to data coming from various autonomous healthcare providers having a subset of common patients. Traditionally, such sharing is performed by sanitizing the identifying information from individual records. However, removing identifying information prevents sanitized records belonging to the same patient to be linked together or prevents any updates to the source information to be easily propagated to the sanitized records. We are investigating solutions to this problem by utilizing the services of a third party, which is of very limited capabilities in terms of its abilities to keep a secret, secret and by encrypting the identification part used to link individual records with different keys. The schemes we are developing are based on strong security primitives that don't require shared encryption keys.




A prototype of the project - Privacy Preserving Record Matching Using Automated Semi-trusted Broker is available at its GitHub repository.