Patient Privacy Protection Using Anonymous Access Control Techniques

 

 Buy Article Permissions and Reprints

Summary

Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity.

Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations.

Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity.

Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

• References

• 1 Wang J, Du H. Setting up a wireless local area network (WLAN) for a healthcare system. International Journal of Electronic Healthcare 2005; 1 (03) 335-348.
  CrossrefPubMedGoogle Scholar
• 2 Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V. Xml security based access control for healthcare information in mobile environment. Proceedings of the Pervasive Health Conference and Workshops, 2006; 2006 Nov 29; Innsbruck, Austria.: IEEE Explore; 2006. pp 1-6.
  Google Scholar
• 3 Gritzalis S, Lambrinoudakis C, Lekkas D, Deftereos S. Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Transactions on Information Technology in Biomedicine 2005; 9 (03) 413-423.
  CrossrefPubMedGoogle Scholar
• 4 Rindfleisch TC. Privacy, information technology, and healthcare. Commun. ACM 1997; 40 (08) 92-100.
  PubMedGoogle Scholar
• 5 Data Protection & Medical Research, Parliamentary POSTnote, Parliamentary Office of Science and technology, January 2005 (cited 2007 Nov 10); 235.Available from: www.parliament.uk documents/upload/POSTpn235.pdf.
  PubMed
• 6 Kerkri EM, Quantin C, Allaert FA, Cottin Y. et al. An approach for integrating heterogeneous information sources in a medical data warehouse. Journal of Medical Systems 2001; 25 (03) 167-176.
  CrossrefPubMedGoogle Scholar
• 7 Christen P. Privacy-preserving data linkage and geocoding: Current approaches and research directions. Proceedings of the Sixth IEEE International Conference on Data Mining. Hong Kong: 2006
  Google Scholar
• 8 Quantin C, Binquet C, Allaert FA, Gouyon B, Pattisina R, Le Teuff G, Ferdynus C, Gouyon JB. Decision analysis for the assessment of a record linkage procedure. Methods Inf Med 2005; 44: 72-79.
  Article in Thieme ConnectPubMedGoogle Scholar
• 9 Geller LN, Alper JS, Billings PR, Barash CI, Beckwith J, Natowicz MR. Individual, family, and societal dimensions of genetic discrimination: A case study analysis. Science and Engineering Ethics 1996; 2 (01) 71-88.
  CrossrefPubMedGoogle Scholar
• 10 Alan WM. Buying prescription drugs on the internet: Promises and pitfalls. Clevel Clin j med 2006; 73 (03) 282-288.
  CrossrefPubMedGoogle Scholar
• 11 Eysenbach G, Diepgen TL. Patients looking for information on the Internet and seeking tele-advice: motivation, expectations, and misconceptions as expressed in e-mails sent to physicians. Arch Dermatol 1999; 135: 151-156.
  PubMedGoogle Scholar
• 12 Eysenbach G, Diepgen T. Responses to unsolicited patient email requests for medical advice on the World Wide Web. JAMA 1998; 280 (15) 1333-1335.
  CrossrefPubMedGoogle Scholar
• 13 Kakizaki Y, Yamamoto H, Tsuji H. A method of an anonymous authentication for flat-rate service. Journal of Computers 2006; 1 (08) 36-42.
  PubMedGoogle Scholar
• 14 Leszczyna R. The solution for anonymous access of IT services and its application to e-health counselling. Proceedings of the 1st IEEE International Conference on Technologies for Homeland Security and Safety (TEHOSS ’05), September 2005.
  PubMedGoogle Scholar
• 15 Kelman CW, Bass AJ, Holman CD. Research use of linked health data – a best practice protocol. Aust N Z J Public Health 2002; 26: 251-255.
  CrossrefPubMedGoogle Scholar
• 16 Quantin C, Bouzelat H, Allaert FA, Benhamiche AM, Faivre J, Dusserre L. How to ensure data security of an epidemiological followup: quality assessment of an anonymous record linkage procedure. Int J Med Inf 1998; 49 (01) 117-122.
  CrossrefPubMedGoogle Scholar
• 17 Quantin C, Bouzelat H, Allaert FA, Benhamiche AM, Faivre J, Dusserre L. Automatic record hash coding and linkage for epidemiological follow-up data confidentiality. Methods Inf Med 1998; 37: 271-277.
  Article in Thieme ConnectPubMedGoogle Scholar
• 18 Oberaigner W. Errors in Survival Rates Caused by Routinely Used Deterministic Record Linkage Methods. Methods Inf Med 2007; 46 (04) 420-424.
  Article in Thieme ConnectPubMedGoogle Scholar
• 19 Churches T. A proposed architecture and method of operation for improving the protection of privacy and confidentiality in disease registers. BMC Medical Research Methodology 2003; 3 (01) 1-13.
  CrossrefPubMedGoogle Scholar
• 20 Galanti MR, Siliquini R, Cuomo L, Melero JC, Panella M, Faggiano F. Testing anonymous link procedures for follow-up of adolescents in a school-based trial: The EU-DAP pilot study. Prev Med 2007; 44 (02) 174-177.
  CrossrefPubMedGoogle Scholar
• 21 Quantin C, Allaert FA, Dussere L. Anonymous statistical methods versus cryptographic methods in epidemiology. Int J Med Inf 2000; 60: 177-183.
  CrossrefPubMedGoogle Scholar
• 22 Mitseva A, Imine M, Prasad NR. Contextaware privacy protection with profile management. Proceedings of the 4th international workshop on Wireless mobile applications and services on WLAN hotspots New York, NY, USA: ACM Press; 2006. pp 53-62.
  Google Scholar
• 23 Elmufti K, Weerasinghe D, Rajarajan M, Rakocevic V, Khan S. Privacy in mobile web services ehealth. Proceedings of the Pervasive Health Conference and Workshops, 2006; 2006 Nov 29; Inns-bruck, Austria: IEEE Explore; 2006 pp 1-6.
  PubMedGoogle Scholar
• 24 Hillenbrand M, Gotze J, Muller J, Mullar P. A Single Sign-On Framework for Web-Services-based Distributed Applications. Proceedings of the 8th International Conference on Telecommunications ConTEL; 2005 June 15-17; Zagreb, Croatia: IEEE Explore; 2005 pp 273-279.
  PubMedGoogle Scholar
• 25 Liberty id-ff architecture overview.. Technical report. Liberty Alliance. April 2003
  PubMedGoogle Scholar