Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Healthcare Privacy

Electronic health records have the potential to vastly improve health care; however, they also introduce new and severe security and privacy concerns. We explore the challenge of preserving patients’ privacy in electronic health record systems.

Patient Controlled Encryption

In this paper we argue that privacy in Electronic Medical Records systems should be enforced via encryption as well as access control. Furthermore, we argue for approaches that enable patients to generate and store their own encryption keys, so that the patients’ privacy is protected should the host data center be compromised. We call this approach Patient Controlled Encryption (PCE). We show that we can build an efficient system within this framework that preserves basic functionalities, including allowing patients both to share partial access rights with others and to perform searches over their records.

Patient Controlled Encryption: patient privacy in electronic medical records by Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, ACM Cloud Computing Security Workshop 2009.

Press: 

Technology Review magazine

AAPA's PA Professional Magazine article, August 2010 issue

Talks:

Anonymous Healthcare

When patients participate in today’s healthcare system, insurance companies and pharmacies have access to the sensitive patient care information, including medical conditions, diagnosis and treatment. We have designed an anonymous system in which patients can receive care from their physicians and the care providers can receive payment for their services, without the insurance companies and pharmacies learning which patients are being treated for which conditions.

Our design principal is that a health record system should reveal as little as pos­sible to various parties such as insurers and pharmacies, while allowing the system to work.  One technique is to use Anonymous Credentials, which ensures that the service cannot identify the user.

Medical device security

Visiting Research Kevin Fu MSR lecture series:

Events/Initiatives

Publications