Tamá ás s Kifor Kifor, , Tam Lá ászl szló ó Z. Z. Varga Varga, , L Sergio Á Álvarez lvarez, , Sergio Javier V Vá ázquez zquez- -Salceda Salceda, , Javier Steven Willmott Willmott Steven Privacy Issues of Privacy Issues of Provenance in Provenance in Electronic Healthcare Electronic Healthcare Record Systems Record Systems 1
Privacy Issues of Provenance in Electronic Introduction (1) (1) Introduction Healthcare Record Systems l advantages advantages of of agent based techniques agent based techniques in in l healthcare information systems: : coordination coordination, , healthcare information systems personalization, , dynamic dynamic, , decentralized decentralized, , etc etc. . personalization l but but: : indivisible healthcare history and therapy indivisible healthcare history and therapy l of the patient is allocated to independent and of the patient is allocated to independent and autonomous healthcare institutions autonomous healthcare institutions l reunification of the different pieces of the reunification of the different pieces of the l therapy of a single patient executed at therapy of a single patient executed at different places is is based on ad based on ad- -hoc methods hoc methods different places and the information provided by the patient and the information provided by the patient 2
Privacy Issues of Provenance in Electronic Introduction (2) (2) Introduction Healthcare Record Systems l provenance of electronic data in service oriented provenance of electronic data in service oriented l architectures: : enable users to trace how a particular enable users to trace how a particular architectures result has been produced by identifying the result has been produced by identifying the individual and aggregated services that produced a individual and aggregated services that produced a particular output particular output l organ transplant application of the Provenance organ transplant application of the Provenance l project: : we propose the usage of provenance we propose the usage of provenance project techniques to provide better healthcare services for techniques to provide better healthcare services for patients by providing a unified view of the whole patients by providing a unified view of the whole health treatment history health treatment history 3
Privacy Issues of Provenance in Electronic Introduction (3) (3) Introduction Healthcare Record Systems l As long as the treatment and the data are As long as the treatment and the data are l distributed among the agents of the healthcare distributed among the agents of the healthcare information system, privacy protection is focused on information system, privacy protection is focused on the protection of partial information pieces the protection of partial information pieces l with the introduction of provenance into the system with the introduction of provenance into the system l we re- -integrate the different pieces integrate the different pieces we re l our our goals goals: : l investigate the the privacy aspects of introducing provenance privacy aspects of introducing provenance investigate l l into healthcare information systems into healthcare information systems propose methods against the new types of risks propose methods against the new types of risks l l 4
Privacy Distributed and Heterogeneous Distributed and Heterogeneous Issues of Provenance in Electronic EHCR Applications (1) (1) EHCR Applications Healthcare Record Systems l fragmented and heterogeneous data fragmented and heterogeneous data l resources and services forming islands of resources and services forming islands of information information l the corresponding workflow chunks are the corresponding workflow chunks are l distributed among these islands of distributed among these islands of information information l the treatment of the patient might require the treatment of the patient might require l viewing these pieces of workflow and data as viewing these pieces of workflow and data as a whole a whole 5
Privacy Distributed and Heterogeneous Distributed and Heterogeneous Issues of Provenance in Electronic EHCR Applications (2) (2) EHCR Applications Healthcare Record Systems l ENV 13606 pre ENV 13606 pre- -standard developed by CEN/TC251 standard developed by CEN/TC251 l (European Committee of Normalisation, Technical (European Committee of Normalisation, Technical Committee 251) is vital for the exchange of clinical Committee 251) is vital for the exchange of clinical data data l EHCR architecture defines how to exchange data, EHCR architecture defines how to exchange data, l but the linking of the workflow pieces which the linking of the workflow pieces which but generated the data is not discussed in EHCR generated the data is not discussed in EHCR standards standards l provenance architecture helps to document the way provenance architecture helps to document the way l the data was created and link the workflow pieces the data was created and link the workflow pieces together together 6
Privacy Electronic Healthcare Records Electronic Healthcare Records Issues of Provenance in Electronic and Case Antecedents and Case Antecedents Healthcare Record Systems l In order to pull together the medical history of a In order to pull together the medical history of a l patient we have essentially three options: patient we have essentially three options: Build a system mirroring the current one based on Build a system mirroring the current one based on l l fragments of records in different places which can be fragments of records in different places which can be pulled together to produce a unified view on demand pulled together to produce a unified view on demand (depending on the permissions of the viewer). (depending on the permissions of the viewer). Build a system of a more centralised nature with a master Build a system of a more centralised nature with a master l l record which can be read and written to by authorised record which can be read and written to by authorised healthcare providers (in a controlled fashion) and possible healthcare providers (in a controlled fashion) and possible cached at a particular healthcare provider. cached at a particular healthcare provider. Build a hybrid system which stores fragments of data with Build a hybrid system which stores fragments of data with l l providers but records high level events in a central master providers but records high level events in a central master record. record. 7
Privacy Provenance in Service Provenance in Service Issues of Provenance in Electronic Oriented Architectures Oriented Architectures Healthcare Record Systems : “ “the provenance of a piece of data is the provenance of a piece of data is provenance : l provenance l the process that led to the data” ” the process that led to the data l provenance of a piece of data will be represented in provenance of a piece of data will be represented in l a computer system by some suitable documentation a computer system by some suitable documentation (a set of a set of p ) ( assertions ) p- -assertions l provenance lifecycle provenance lifecycle: : l actors create p- -assertions assertions actors create p l l p- -assertions are stored in a provenance store assertions are stored in a provenance store p l l users or applications can query the provenance store users or applications can query the provenance store l l the provenance store and its contents can be managed the provenance store and its contents can be managed l l 8
Privacy Organ Transplant Management Organ Transplant Management Issues of Provenance in Electronic Application Application Healthcare Record Systems 9
Privacy Issues of Provenance in Electronic Privacy Issues Privacy Issues Healthcare Record Systems l disclosures are necessary to treat patients, disclosures are necessary to treat patients, l process claims, measure outcomes, and fight process claims, measure outcomes, and fight disease disease l privacy protection should not privacy protection should not be be focused on focused on l nondisclosure, but on controlled and nondisclosure, but on controlled and irreversible disclosure irreversible disclosure l which mainly means the protection of the which mainly means the protection of the l identity of the patient identity of the patient 10
Recommend
More recommend
