Privacy-preserving audit for broker-based health information exchange

Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta

Research output: Contribution to conferencePaperpeer-review


Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.

Original languageEnglish (US)
Number of pages8
StatePublished - 2014
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: Mar 3 2014Mar 5 2014


Other4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
Country/TerritoryUnited States
CitySan Antonio, TX


  • Audit
  • Formal logic
  • Health information technology
  • Hierarchical identity based encryption

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Privacy-preserving audit for broker-based health information exchange'. Together they form a unique fingerprint.

Cite this