ABSTRACT
A recent national survey suggests that the HIPAA privacy rule has not only failed to preserve patient privacy adequately, but also has had a negative impact on clinical research. Our work suggests that researchers revisit the possibilities of homomorphic encryption and apply the techniques to secure aggregation of medical telemetry. A primary goal is to maintain the privacy of individual patient records while also allowing clinical researchers to have flexible access to aggregated information.
We discuss the preliminary design of HICCUPS, a distributed system that uses homomorphic encryption to allow only the caregivers to have unrestricted access to patients' records and at the same time enable researchers to compute statistical values and aggregation functions across different patients and caregivers. In the context of processing medical telemetry, we advocate expressibility of aggregation functions more than fast computation as a primary metric of system quality.
- R. Au and P. Croll. Consumer-centric and privacy-preserving identity management for distributed e-health systems. In Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, pages 234--234, Jan. 2008. Google ScholarDigital Library
- M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption scheme. Lecture Notes in Computer Science, 1462, 1998. Google ScholarDigital Library
- L. Biel, O. Pettersson, L. Philipson, and P.Wide. ECG Analysis: A New Approach in Human Identification. In IEEE Transaction on Instrumentation and Measurement, pages 808--812, June 2001.Google ScholarCross Ref
- D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-DNF formulas on ciphertexts. Lecture Notes in Computer Science, 3378:325--341, 2005. Google ScholarDigital Library
- D. Boneh and R. Lipton. Algorithms for black box fields and their applications to cryptography. Advances in Cryptology, 1109 of Lecture Notes in Computer Science:223--238, 1996. Google ScholarDigital Library
- C. Castelluccia, E. Mykletun, and G. Tsudik. Efficient aggregation of encrypted data in wireless sensor networks. IEEE Mobiquitous, 2005. Google ScholarDigital Library
- H. Cohen, A. Miyaji, and T. Ono. Efficient elliptic curve exponentiation using mixed coordinates. In ASIACRYPT '98: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security, pages 51--65, London, UK, 1998. Springer-Verlag. Google ScholarDigital Library
- D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. Proceedings of the 23rd Annual ACM Sympusium on the Theory of Computing, pages 542--552, 1991. Google ScholarDigital Library
- D. Dolev, C. Dwork, and M.Naor. Non-malleable cryptography. SIAM Journal of Computing, 30(2):391--437, 2000. Google ScholarDigital Library
- E. A. DeFranco, M. Lian, L. A. Muglia, and M. Schootman. Area-level poverty and preterm birth risk: A population-based multilevel analysis. BioMed Central Public Health, 8(316):doi:10.1186/1471-2458-8-316, 2008.Google Scholar
- T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. Information Theory, IEEE Transactions on, 31(4):469--472, Jul 1985.Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC '09: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pages 169--178, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- S. Goldwasser and S. Micali. Probabilistic encryption & how to play mental poker keeping secret all partial information. Proceedings of the 14th Annual ACM Symposium on the Theory of Computing, pages 365--377, 1982. Google ScholarDigital Library
- S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270--299, 1984.Google ScholarCross Ref
- P. Golle, M. Jakobson, A. Juels, and P. Syverson. Universal re-encryption for mixnets. Lecture Notes in Computer Science, 2964:1988, 2004.Google Scholar
- L. O. Gostin and S. Nass. Reforming the HIPAA privacy rule: Safeguarding privacy and promoting research. JAMA, 13(301):1373--1375, 2009.Google ScholarCross Ref
- V. Gupta, D. Stebila, and S. C. Shantz. Integrating elliptic curve cryptography into the web's security infrastructure. pages 402--403, 2004.Google Scholar
- Y. Ishai, M. Prabhakaran, and A. Sahai. Secure arithmetic computation with no honest majority. Cryptology ePrint Archive, Report 2008/465, 2008. http://eprint.iacr.org.Google Scholar
- D. Jefferson, A. Rubin, B. Simons, and D. A. Wagner. Security analysis of the secure electronic registration and voting experiment (SERVE). Technical report, 2004. www.servesecurityreport.org.Google Scholar
- D. Jefferson, A. D. Rubin, B. Simons, and D. Wagner. Analyzing internet voting security. Commun. ACM, 47(10):59--64, 2004. Google ScholarDigital Library
- B. Kapron, D. Kempe, V. King, J. Saia, and V. Sanwalani. Fast asynchronous byzantine agreement and leader election with full information. In SODA '08: Proceedings of the nineteenth annual ACM-SIAM Symposium on Discrete Algorithms, pages 1038--1047, Philadelphia, PA, USA, 2008. Society for Industrial and Applied Mathematics. Google ScholarDigital Library
- W. H. Maisel. Pacemaker and ICD Generator Reliability: Meta-analysis of Device Registries. JAMA, 295(16):1929--1934, 2006.Google ScholarCross Ref
- W. H. Maisel, M. Moynahan, B. D. Zuckerman, T. P. Gross, O. H. Tovar, D.-B. Tillman, and D. B. Schultz. Pacemaker and ICD Generator Malfunctions: Analysis of Food and Drug Administration Annual Reports. JAMA, 295(16):1901--1906, 2006.Google ScholarCross Ref
- R. B. Ness. Influence of the HIPAA privacy rule on health research. JAMA, 18(298):2164--2170, 2007.Google ScholarCross Ref
- P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. Lecture Notes in Computer Science, EUROCRYPT'99: Proceedings of Advances in Cryptology, 1592:223--238, 1999. Google ScholarDigital Library
- M. D. R. Rivest, L. Adleman. On data banks and privacy homomorphisms. Foundations of Secure Computation, 1978.Google Scholar
- L. Ricciardi and A. Rubel. Encouraging the use of, and rethinking protections for de-identified (and "anonymized") health data.Google Scholar
- A. Sahai. Computing on encrypted data. ICISS, (5352):148--153, 2008. Google ScholarDigital Library
- E. Shi, J. Bethencourt, T.-H. H. Chan, D. Song, and A. Perrig. Multi-dimensional range query over encrypted data. IEEE Symposium on Security and Privacy, pages 350--364, 2007. Google ScholarDigital Library
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. IEEE Symposium on Security and Privacy, pages 44--55, 2000. Google ScholarDigital Library
- Z. Xia, S. A. Schneider, J. Heather, and J. Traoré. Analysis, improvement and simplification of prêt à voter with paillier encryption. In EVT'08: Proceedings of the conference on Electronic voting technology, pages 1--15, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
Index Terms
- HICCUPS: health information collaborative collection using privacy and security
Recommendations
Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data
Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but ...
A Homomorphic Encryption Approach for Privacy-Preserving Deep Learning in Digital Health Care Service
Intelligent Information and Database SystemsAbstractApplied deep learning technology in digital health care service is a potential way to tackle many issues that hospitals face, such as over health care requests, lack of doctors, and patient overload. But a conventional deep learning model needs to ...
Implementation and Analysis of Homomorphic Facial Image Encryption and Manipulation
ICMSSP '19: Proceedings of the 2019 4th International Conference on Multimedia Systems and Signal ProcessingHomomorphic cryptography allows for encrypted data to be operated on securely without requiring decryption. Current homomorphic cryptosystems are either limited in their permitted operations or are significantly more time-intensive than standard non-...
Comments