Towards Privacy by Design in Personal e-Health Systems George - - PowerPoint PPT Presentation

towards privacy by design in personal e health systems
SMART_READER_LITE
LIVE PREVIEW

Towards Privacy by Design in Personal e-Health Systems George - - PowerPoint PPT Presentation

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi School of Medicine Dept. of Electric and Computer Engineering Democritus University of Thrace This work was


slide-1
SLIDE 1

This work was supported by the FP7-ICT project CARRE (No. 611140), co-funded by the European Commission.

Towards Privacy by Design in Personal e-Health Systems

George Drosatos

Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi

School of Medicine

  • Dept. of Electric and Computer Engineering

Democritus University of Thrace

slide-2
SLIDE 2

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 2

First step towards privacy by design

‒ Analyze the personal e-Health systems  Modeling their functionalities ‒ Identify the arising privacy issues  Based on modeled system’s functionality ‒ Present some possible privacy-enhancing techniques  e.g. encryption, anonymization, pseudonyms … Next steps:  Develop a methodology for engineering privacy  Organize practical guidelines

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-3
SLIDE 3

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 3

CARRE Project

https://www.carre-project.eu

‒ It is a EU co-funded project in the area of cardiorenal with focus to provide personalized health ‒ Personal data: Sensor data (e.g. activity and blood pressure), PHR and patient’s intentions (travel, diet, diseases, etc)

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-4
SLIDE 4

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 4

Privacy principles and concerns

Privacy principles:  Data minimization  Data protection by design  Data protection by default Privacy concerns:  User identification  Personal data leakage

  • 1. Directive 95/46/EC. In Official Journal L 281, 0031-0050 (1995)
  • 2. Green Paper on Mobile Health (“mHealth”) (SWD(2014) 135 Final)

 Individual consent  Individual control Privacy ≡ The right to informational self-determination

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-5
SLIDE 5

Data requirements for a personal e-Health system

personal e-health system

intentions, plans, etc.

cognitive

personal health records quantified self

medical

electronic health records health insurance financial

personal data in personal systems

environmental sensors

environmental

geolocation data

personal data in institutional systems educational resources for patients medical evidence public data on the web

slide-6
SLIDE 6

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 6

Basic personal e-Health systems functionalities

personal data storage personal data processing

basic e-health system

user interface

personal data from personal systems institutional systems public data from public online databases private announcements to third parties private responses to anonymous individual ‘bulletin’ board personal data to external services and data bases (e.g. registries or statistical pooling)

  • G. Drosatos, Privacy by Design in Personal e-Health:

1 2 3 4 5

slide-7
SLIDE 7

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 7

(1) Personal data storage and processing

Privacy issues arise when these operations happens on remote service ‒ Countermeasures of data storage:  Cryptographic techniques ‒ Countermeasures of processing:  There is not general solution  Processing in encrypted data require a lot of assumptions

 Pre-processing before encryption  Computational cost  Not possible to be applied to all cases

personal data storage personal data processing

basic e-Health system

user interface

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-8
SLIDE 8

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 8

(2) Personal data exchange with 3rd party systems

‒ Privacy issues:  Linkability among the different user’s accounts  Linkability with the physical person (in case of interaction with institutional systems)  Increase privacy concerns when combine partial personal data together ‒ Countermeasures:  There is not direct measures to this problem  An obvious solution involves building dedicated middleware in the user-side that will act as a proxy for all personal systems

personal data storage personal data processing

basic e-Health system

user interface personal data from personal systems institutional systems

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-9
SLIDE 9

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 9

(3) Integration of personalized public data

‒ Privacy issues:  Linking particular public data to specific user  Revealing the user’s needs to public service ‒ Countermeasures:  Altering (expanding or generalizing) the initial request  Cooperation of a group of users in the system to conceal one another’s requests  Using anonymous network technologies (such as TOR)

personal data storage personal data processing

basic e-Health system

user interface public data from public online databases

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-10
SLIDE 10

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 10

(4) Exporting personal data for public use

‒ Privacy issues:  Medical registries: User identification of ‘critical mass’ of pooled anonymized personal data  Statistical data pooling: User identification if number of participants is small ‒ Countermeasures:  Medical registries: Minimizing and stripping all the identifiable parts  Statistical data pooling:

 Privacy preserving cryptographic techniques  The appropriate technique depends on the location of

storage and the form of statistical processing

personal data storage personal data processing

basic e-Health system

user interface personal data to external services and data bases (e.g. registries or statistical pooling)

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-11
SLIDE 11

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 11

(5) Exchange of private personal data messages

‒ Privacy issues:  Conceal the user’s identity from the system and (selectively) from the receiver of the message  Conceal the actual message from the system ‒ Countermeasures:  Anonymous credential techniques  Cryptographic techniques  Unlinkably exchanging messages

personal data storage personal data processing

basic e-Health system

user interface

‘bulletin’ board

private announcements to third parties private responses to anonymous individual

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-12
SLIDE 12

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 12

Conclusions & Next steps

‒ Analyze the personal e-Health systems, identify the arising privacy issues and present some possible privacy-enhancing techniques ‒ Based on the arising privacy issues and propose possible countermeasures  Develop a methodology for engineering privacy and present practical guidelines  Apply the developed methodology to CARRE

  • G. Drosatos, Privacy by Design in Personal e-Health:
slide-13
SLIDE 13

THANK YOU

Any questions?

slide-14
SLIDE 14

HEALTHINF 2016, part of BIOSTEC, 21-23 Feb 2016 14

This work was supported by the FP7-ICT project CARRE (No. 611140), co-funded by the European Commission. CARRE Project: Personalized patient empowerment and shared decision support for cardiorenal disease and comorbidities.

Acknowledgement

  • G. Drosatos, Privacy by Design in Personal e-Health: