Electronic health records have the potential to vastly improve health care; however, they also introduce new and severe security and privacy concerns. We explore the challenge of preserving patients’ privacy in electronic health record systems.
Patient Controlled Encryption
In this paper we argue that privacy in Electronic Medical Records systems should be enforced via encryption as well as access control. Furthermore, we argue for approaches that enable patients to generate and store their own encryption keys, so that the patients’ privacy is protected should the host data center be compromised. We call this approach Patient Controlled Encryption (PCE). We show that we can build an efficient system within this framework that preserves basic functionalities, including allowing patients both to share partial access rights with others and to perform searches over their records.
Patient Controlled Encryption: patient privacy in electronic medical records by Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, ACM Cloud Computing Security Workshop 2009.
Press:
Technology Review magazine
AAPA's PA Professional Magazine article, August 2010 issue
Talks:
- ACM Cloud Computing Security Workshop 2009, "Patient Controlled Encryption: Patient privacy in electronic medical records," November 2009
- Grace Hopper 2009, "A Cryptographic Solution for Patient Privacy in Electronic Health Records", September 2009
- MSR talk: Patient Controlled Encryption, September 23, 2009
- Presentation at TAB meeting: November 10, 2009
Anonymous Healthcare
When patients participate in today’s healthcare system, insurance companies and pharmacies have access to the sensitive patient care information, including medical conditions, diagnosis and treatment. We have designed an anonymous system in which patients can receive care from their physicians and the care providers can receive payment for their services, without the insurance companies and pharmacies learning which patients are being treated for which conditions.
Our design principal is that a health record system should reveal as little as possible to various parties such as insurers and pharmacies, while allowing the system to work. One technique is to use Anonymous Credentials, which ensures that the service cannot identify the user.
- “An Anonymous Health Care System” by Melissa Chase, Kristin Lauter, 19th USENIX Security Symposium Workshop HealthSec 2010, video
- Panel discussion at HealthSec
- HealthSec Workshop report
- MSR lecture on Anonymous Credentials: October, 2010
Medical device security
Visiting Research Kevin Fu MSR lecture series:
- Trustworthy Medical Device Software, Institute of Medicine talk, July, 2010
- Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare September 29, 2008
Events/Initiatives
-
mHealth Summit 2009: Panel Discussion - Ethics, Privacy and Security Challenges of Using Mobile Technologies in Health and Health Research
- Moderator: Ezekiel Emanuel, Ph.D., M.D., NIH - Bioethics Department
Panelist: Kristin Lauter, Principal Researcher, Microsoft Research
- Moderator: Ezekiel Emanuel, Ph.D., M.D., NIH - Bioethics Department
- Indiana University Center for Applied Cybersecurity Research (CACR), Workshop on Privacy and Security of Healthcare Technologies, October 2009
- SHARPS Project Advisory Committee: Strategic Healthcare IT Advanced Research Projects on Security http://sharps.org/people.html
- HealthSec program committee
- Health Records Privacy Panel, UW, February 10, 2011
- Melissa Chase and Kristin Lauter, An Anonymous Health Care System, USENIX, August 2010
- Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, Patient Controlled Encryption: patient privacy in electronic medical records, in The ACM Cloud Computing Security Workshop, Association for Computing Machinery, Inc., November 2009
- Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan, Can Homomorphic Encryption be Practical?, no. MSR-TR-2011-61, 6 May 2011
