Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Towards Privacy by Design in Personal e-Health Systems

247 views

Published on

G. Drosatos, P. S. Efraimidis, G. Williams, E. Kaldoudi. Towards Privacy by Design in Personal e-Health Systems. In Proc. of the 9th International Conference on Health Informatics (HealthInf 2016), part of BIOSTEC, pp. 472-477, Rome, Italy, 21-23 Feb. 2016

Published in: Science
  • Be the first to comment

  • Be the first to like this

Towards Privacy by Design in Personal e-Health Systems

  1. 1. This work was supported by the FP7-ICT project CARRE (No. 611140), co-funded by the European Commission. Towards Privacy by Design in Personal e-Health Systems George Drosatos1, Pavlos S. Efraimidis2, Garrath Williams3 and Eleni Kaldoudi1 1School of Medicine, Democritus University of Thrace, Greece 2Dept. of Electric and Computer Engineering, Democritus University of Thrace, Greece 3University of Lancaster, UK
  2. 2. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 2 First step towards privacy by design ‒ Analyze the personal e-Health systems  Modeling their functionalities ‒ Identify the arising privacy issues  Based on modeled system’s functionality ‒ Present some possible privacy-enhancing techniques  e.g. encryption, anonymization, pseudonyms … Next steps:  Develop a methodology for engineering privacy  Organize practical guidelines G. Drosatos, Privacy by Design in Personal e-Health:
  3. 3. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 3 CARRE Project https://www.carre-project.eu ‒ It is a EU co-funded project in the area of cardiorenal with focus to provide personalized health ‒ Personal data: Sensor data (e.g. activity and blood pressure), PHR and patient’s intentions (travel, diet, diseases, etc) G. Drosatos, Privacy by Design in Personal e-Health:
  4. 4. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 4 Privacy principles and concerns Privacy principles:  Data minimization  Data protection by design  Data protection by default Privacy concerns:  User identification  Personal data leakage 1. Directive 95/46/EC. In Official Journal L 281, 0031-0050 (1995) 2. Green Paper on Mobile Health (“mHealth”) (SWD(2014) 135 Final)  Individual consent  Individual control Privacy  The right to informational self-determination G. Drosatos, Privacy by Design in Personal e-Health:
  5. 5. Data requirements for a personal e-Health system personal e-health system intentions, plans, etc. cognitive personal health records quantified self medical electronic health records health insurance financial personal data in personal systems environmental sensors environmental geolocation data personal data in institutional systems educational resources for patients medical evidence public data on the web
  6. 6. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 6 Basic personal e-Health systems functionalities personal data storage personal data processing basic e-health system user interface personal data from personal systems institutional systems public data from public online databases private announcements to third parties private responses to anonymous individual ‘bulletin’ board personal data to external services and data bases (e.g. registries or statistical pooling) G. Drosatos, Privacy by Design in Personal e-Health: 1 2 3 4 5
  7. 7. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 7 (1) Personal data storage and processing Privacy issues arise when these operations happens on remote service ‒ Countermeasures of data storage:  Cryptographic techniques ‒ Countermeasures of processing:  There is not general solution  Processing in encrypted data require a lot of assumptions  Pre-processing before encryption  Computational cost  Not possible to be applied to all cases personal data storage personal data processing basic e-Health system user interfaceG. Drosatos, Privacy by Design in Personal e-Health:
  8. 8. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 8 (2) Personal data exchange with 3rd party systems ‒ Privacy issues:  Linkability among the different user’s accounts  Linkability with the physical person (in case of interaction with institutional systems)  Increase privacy concerns when combine partial personal data together ‒ Countermeasures:  There is not direct measures to this problem  An obvious solution involves building dedicated middleware in the user-side that will act as a proxy for all personal systems personal data storage personal data processing basic e-Health system user interface personal data from personal systems institutional systems G. Drosatos, Privacy by Design in Personal e-Health:
  9. 9. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 9 (3) Integration of personalized public data ‒ Privacy issues:  Linking particular public data to specific user  Revealing the user’s needs to public service ‒ Countermeasures:  Altering (expanding or generalizing) the initial request  Cooperation of a group of users in the system to conceal one another’s requests  Using anonymous network technologies (such as TOR) personal data storage personal data processing basic e-Health system user interface public data from public online databases G. Drosatos, Privacy by Design in Personal e-Health:
  10. 10. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 10 (4) Exporting personal data for public use ‒ Privacy issues:  Medical registries: User identification of ‘critical mass’ of pooled anonymized personal data  Statistical data pooling: User identification if number of participants is small ‒ Countermeasures:  Medical registries: Minimizing and stripping all the identifiable parts  Statistical data pooling:  Privacy preserving cryptographic techniques  The appropriate technique depends on the location of storage and the form of statistical processing personal data storage personal data processing basic e-Health system user interface personal data to external services and data bases (e.g. registries or statistical pooling) G. Drosatos, Privacy by Design in Personal e-Health:
  11. 11. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 11 (5) Exchange of private personal data messages ‒ Privacy issues:  Conceal the user’s identity from the system and (selectively) from the receiver of the message  Conceal the actual message from the system ‒ Countermeasures:  Anonymous credential techniques  Cryptographic techniques  Unlinkably exchanging messages personal data storage personal data processing basic e-Health system user interface ‘bulletin’ board private announcements to third parties private responses to anonymous individual G. Drosatos, Privacy by Design in Personal e-Health:
  12. 12. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 12 Conclusions & Next steps ‒ Analyze the personal e-Health systems, identify the arising privacy issues and present some possible privacy-enhancing techniques ‒ Based on the arising privacy issues and propose possible countermeasures  Develop a methodology for engineering privacy and present practical guidelines  Apply the developed methodology to CARRE G. Drosatos, Privacy by Design in Personal e-Health:
  13. 13. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 13 This work was supported by the FP7-ICT project CARRE (No. 611140), co-funded by the European Commission. CARRE Project: Personalized patient empowerment and shared decision support for cardiorenal disease and comorbidities. Acknowledgement G. Drosatos, Privacy by Design in Personal e-Health:

×