Privacy-preserving audit for broker-based health information exchange

Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl Gunter, Anupam Datta

Research output: Contribution to conferencePaper

Abstract

Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.

Original languageEnglish (US)
Pages313-320
Number of pages8
DOIs
StatePublished - Jan 1 2014
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: Mar 3 2014Mar 5 2014

Other

Other4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
CountryUnited States
CitySan Antonio, TX
Period3/3/143/5/14

Fingerprint

Health
Authentication
Cryptography
Information technology

Keywords

  • Audit
  • Formal logic
  • Health information technology
  • Hierarchical identity based encryption

ASJC Scopus subject areas

  • Software

Cite this

Oh, S. E., Chun, J. Y., Jia, L., Garg, D., Gunter, C., & Datta, A. (2014). Privacy-preserving audit for broker-based health information exchange. 313-320. Paper presented at 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States. https://doi.org/10.1145/2557547.2557576

Privacy-preserving audit for broker-based health information exchange. / Oh, Se Eun; Chun, Ji Young; Jia, Limin; Garg, Deepak; Gunter, Carl; Datta, Anupam.

2014. 313-320 Paper presented at 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States.

Research output: Contribution to conferencePaper

Oh, SE, Chun, JY, Jia, L, Garg, D, Gunter, C & Datta, A 2014, 'Privacy-preserving audit for broker-based health information exchange' Paper presented at 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States, 3/3/14 - 3/5/14, pp. 313-320. https://doi.org/10.1145/2557547.2557576
Oh SE, Chun JY, Jia L, Garg D, Gunter C, Datta A. Privacy-preserving audit for broker-based health information exchange. 2014. Paper presented at 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States. https://doi.org/10.1145/2557547.2557576
Oh, Se Eun ; Chun, Ji Young ; Jia, Limin ; Garg, Deepak ; Gunter, Carl ; Datta, Anupam. / Privacy-preserving audit for broker-based health information exchange. Paper presented at 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States.8 p.
@conference{7b17e2fc355e4faa947c3e1d9fbb084a,
title = "Privacy-preserving audit for broker-based health information exchange",
abstract = "Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.",
keywords = "Audit, Formal logic, Health information technology, Hierarchical identity based encryption",
author = "Oh, {Se Eun} and Chun, {Ji Young} and Limin Jia and Deepak Garg and Carl Gunter and Anupam Datta",
year = "2014",
month = "1",
day = "1",
doi = "10.1145/2557547.2557576",
language = "English (US)",
pages = "313--320",
note = "4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 ; Conference date: 03-03-2014 Through 05-03-2014",

}

TY - CONF

T1 - Privacy-preserving audit for broker-based health information exchange

AU - Oh, Se Eun

AU - Chun, Ji Young

AU - Jia, Limin

AU - Garg, Deepak

AU - Gunter, Carl

AU - Datta, Anupam

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.

AB - Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.

KW - Audit

KW - Formal logic

KW - Health information technology

KW - Hierarchical identity based encryption

UR - http://www.scopus.com/inward/record.url?scp=84898969001&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84898969001&partnerID=8YFLogxK

U2 - 10.1145/2557547.2557576

DO - 10.1145/2557547.2557576

M3 - Paper

AN - SCOPUS:84898969001

SP - 313

EP - 320

ER -