TY - GEN
T1 - User-Centered Differential Privacy Mechanisms for Electronic Medical Records
AU - Gutierrez, Omar
AU - Saavedra, Jeffreys J.
AU - Zurbaran, Mayra
AU - Salazar, Augusto
AU - Wightman, Pedro M.
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/21
Y1 - 2018/12/21
N2 - Electronic Medical Records-EMR has been an increasingly major area of research in order to improve quality of health services, by reducing attention time, probability of errors and helping all the actors in the ecosystem for accountability and traceability. However, patients are probably one of the actors that, despite being the main actor to be protected by regulations, have the least access to its information and control over what, who, when, how and why other actors in the healthcare system are doing with their information, especially in cases where just the existence of some tests may reveal an illness or a condition that should remain private. There is existing work and regulations on defining user-centered access control to the data, but the options are usually focused on defining policies on who has access to the information. This work introduces an incremental data access options in order to increase privacy over the data by considering the possibility of offering slightly altered or obfuscated data as an option to protect the original information, revealing just enough to enable the desired services. A differential privacy classification of access is presented, tested on lab data and evaluated, showing that different levels of privacy protection can be used in certain cases and for a limited number of services, while preserving privacy of the data. In addition, this technique can be integrated with other access-control techniques in literature.
AB - Electronic Medical Records-EMR has been an increasingly major area of research in order to improve quality of health services, by reducing attention time, probability of errors and helping all the actors in the ecosystem for accountability and traceability. However, patients are probably one of the actors that, despite being the main actor to be protected by regulations, have the least access to its information and control over what, who, when, how and why other actors in the healthcare system are doing with their information, especially in cases where just the existence of some tests may reveal an illness or a condition that should remain private. There is existing work and regulations on defining user-centered access control to the data, but the options are usually focused on defining policies on who has access to the information. This work introduces an incremental data access options in order to increase privacy over the data by considering the possibility of offering slightly altered or obfuscated data as an option to protect the original information, revealing just enough to enable the desired services. A differential privacy classification of access is presented, tested on lab data and evaluated, showing that different levels of privacy protection can be used in certain cases and for a limited number of services, while preserving privacy of the data. In addition, this technique can be integrated with other access-control techniques in literature.
UR - http://www.scopus.com/inward/record.url?scp=85060721781&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85060721781&partnerID=8YFLogxK
U2 - 10.1109/CCST.2018.8585555
DO - 10.1109/CCST.2018.8585555
M3 - Conference contribution
AN - SCOPUS:85060721781
T3 - Proceedings - International Carnahan Conference on Security Technology
BT - 52nd Annual 2018 IEEE International Carnahan Conference on Security Technology, ICCST 2018 - Proceedings
A2 - Rich, Brian G.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 52nd Annual IEEE International Carnahan Conference on Security Technology, ICCST 2018
Y2 - 22 October 2018 through 25 October 2018
ER -