towards privacy by design in personal e health systems
play

Towards Privacy by Design in Personal e-Health Systems George - PowerPoint PPT Presentation

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi School of Medicine Dept. of Electric and Computer Engineering Democritus University of Thrace This work was


  1. Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi School of Medicine Dept. of Electric and Computer Engineering Democritus University of Thrace This work was supported by the FP7-ICT project CARRE (No. 611140), co-funded by the European Commission.

  2. First step towards privacy by design ‒ Analyze the personal e-Health systems  Modeling their functionalities ‒ Identify the arising privacy issues  Based on modeled system’s functionality ‒ Present some possible privacy-enhancing techniques  e.g. encryption, anonymization, pseudonyms … Next steps:  Develop a methodology for engineering privacy  Organize practical guidelines HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 2

  3. CARRE Project https://www.carre-project.eu ‒ It is a EU co-funded project in the area of cardiorenal with focus to provide personalized health ‒ Personal data: Sensor data (e.g. activity and blood pressure), PHR and patient’s intentions (travel, diet, diseases, etc) HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 3

  4. Privacy principles and concerns Privacy concerns: Privacy ≡ The right to  User identification informational self-determination  Personal data leakage  Individual consent Privacy principles:  Individual control  Data minimization  Data protection by design  Data protection by default 1. Directive 95/46/EC. In Official Journal L 281, 0031-0050 (1995) 2. Green Paper on Mobile Health (“mHealth”) (SWD(2014) 135 Final) HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 4

  5. Data requirements for a personal e-Health system public data on the web educational resources for patients medical evidence quantified self personal health records electronic personal health medical records e-health system intentions, environmental plans, etc. sensors cognitive health geolocation insurance data environmental financial personal data in personal data in personal systems institutional systems

  6. Basic personal e-Health systems functionalities personal data from basic e-health system ‘bulletin’ board 2 5 1 personal systems private personal institutional announcements interface data storage systems user to third parties private public data responses to personal data from 3 processing anonymous individual public online databases personal data 4 to external services and data bases (e.g. registries or statistical pooling) HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 6

  7. (1) Personal data storage and processing Privacy issues arise when these operations happens on remote service ‒ Countermeasures of data storage:  Cryptographic techniques basic e-Health system ‒ Countermeasures of processing: personal data storage  There is not general solution interface user  Processing in encrypted data personal data require a lot of assumptions processing  Pre-processing before encryption  Computational cost  Not possible to be applied to all cases HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 7

  8. (2) Personal data exchange with 3 rd party systems ‒ Privacy issues:  Linkability among the different user’s accounts  Linkability with the physical person (in case of personal data from interaction with institutional systems) personal systems  Increase privacy concerns when combine institutional systems partial personal data together basic e-Health system ‒ Countermeasures: personal  There is not direct measures to this problem interface data storage user  An obvious solution involves building personal dedicated middleware in the user-side that data processing will act as a proxy for all personal systems HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 8

  9. (3) Integration of personalized public data ‒ Privacy issues :  Linking particular public data to specific user  Revealing the user’s needs to public service public data from ‒ Countermeasures: public online  Altering (expanding or generalizing) the databases initial request  Cooperation of a group of users in the basic e-Health system system to conceal one another’s requests personal interface data storage  Using anonymous network technologies user (such as TOR) personal data processing HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 9

  10. (4) Exporting personal data for public use ‒ Privacy issues:  Medical registries: User identification of ‘critical mass’ of pooled anonymized personal data  Statistical data pooling: User identification if number of participants is small basic e-Health system personal ‒ Countermeasures: interface data storage user  Medical registries: Minimizing and stripping all personal the identifiable parts data processing  Statistical data pooling:  Privacy preserving cryptographic techniques personal data to  The appropriate technique depends on the location of external services and data bases storage and the form of statistical processing (e.g. registries or statistical pooling) HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 10

  11. (5) Exchange of private personal data messages ‒ Privacy issues: ‘bulletin’ board  Conceal the user’s identity from the system and private (selectively) from the receiver of the message announcements to third parties  Conceal the actual message from the system private responses to anonymous ‒ Countermeasures: individual  Anonymous credential techniques  Cryptographic techniques basic e-Health system  Unlinkably exchanging messages personal interface data storage user personal data processing HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 11

  12. Conclusions & Next steps ‒ Analyze the personal e-Health systems, identify the arising privacy issues and present some possible privacy-enhancing techniques ‒ Based on the arising privacy issues and propose possible countermeasures  Develop a methodology for engineering privacy and present practical guidelines  Apply the developed methodology to CARRE HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 12

  13. Any questions? THANK YOU

  14. Acknowledgement This work was supported by the FP7-ICT project CARRE (No. 611140 ), co-funded by the European Commission . CARRE Project: Personalized patient empowerment and shared decision support for cardiorenal disease and comorbidities. HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 G. Drosatos, Privacy by Design in Personal e-Health: 14

Recommend


More recommend