Abstract
Patient Electronic Health Records (EHRs) contain valuable clinical data that is useful for medical research and public health inquires. However, patient privacy regulation and improper resource sharing risks limit access to EHR medical data for research and public health purposes. In this paper, we introduce an end-to-end security solution that addresses both concerns and facilitates the sharing of patient EHR data over an unsecured third-party server using a leveled homomorphic encryption (LHE) scheme. Time testing for aggregating queries and linear computations was carried out using an HPE ProLiant DL580 Gen 10 server with an Intel Xeon Platinum 8280 Processor.
Similar content being viewed by others
References
Hartskamp, Michael Van, et al. “Artificial Intelligence in Clinical Health Care Applications: Viewpoint.” Interactive Journal of Medical Research, vol. 8, no. 2, May 2019, doi:https://doi.org/10.2196/12100.
Garrett, Daniel. “Tapping into the value of health data through secondary use: as electronic health records (EHRs) proliferate across the nation, an important new opportunity awaits healthcare organizations that can find meaningful commercial uses for the data contained in their EHR systems.“ Healthcare Financial Management, vol. 64, no. 2, Feb. 2010, pp. 76.
Emam, Khaled El, et al. “A Secure Distributed Logistic Regression Protocol for the Detection of Rare Adverse Drug Events.” Journal of the American Medical Informatics Association, vol. 20, no. 3, July 2012, pp. 453–461., doi:https://doi.org/10.1136/amiajnl-2011-000735.
Yadav, Pranjul, et al. “Mining Electronic Health Records (EHRs): A Survey”
AMCA Data Breach Impacts 12 Million Quest Diagnostics Patients.” HIPAA Journal, 4 June 2019, https://www.hipaajournal.com/amca-data-breach-impacts-12-million-quest-diagnostics-patients/.
Abomhara, Mohamed, and Geir M. Køien. “Towards an Access Control Model for Collaborative Healthcare Systems.” Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies, 2016, doi:https://doi.org/10.5220/0005659102130222.
The Health Insurance Portability and Accountability Act (HIPAA), (45 C.F.R. § 160, 164(a,e), 1996).
Nass, Sharyl J, et al. Beyond the Hipaa Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, D.C: National Academies Press, 2009.
Li, Fengjun et al. “New Privacy Threats in Healthcare Informatics: When Medical Records Join the Web.” 2010.
Emam, Khaled El, et al. “Evaluating the Risk of Re-Identification of Patients from Hospital Prescription Records.” The Canadian Journal of Hospital Pharmacy, vol. 62, no. 4, 2009, doi:https://doi.org/10.4212/cjhp.v62i4.812.
Loukides, Grigorios, et al. “The Disclosure of Diagnosis Codes Can Breach Research Participants Privacy.” Journal of the American Medical Informatics Association, vol. 17, no. 3, 2010, pp. 322–327., doi:https://doi.org/10.1136/jamia.2009.002725.
Thenen, Nora Von, et al. “Re-Identification of Individuals in Genomic Data-Sharing Beacons via Allele Inference.” Bioinformatics, vol. 35, no. 3, 2018, pp. 365–371., doi:https://doi.org/10.1093/bioinformatics/bty643.
Vaidya, Jaideep, et al. “Identifying Inference Attacks Against Healthcare Data Repositories.” AMIA Joint Summits on Translational Science Proceedings. 2013, pp. 262–66.
Courbier, Sandra, et al. “Share and Protect Our Health Data: an Evidence Based Approach to Rare Disease Patients’ Perspectives on Data Sharing and Data Protection - Quantitative Survey and Recommendations.” Orphanet Journal of Rare Diseases, vol. 14, no. 1, Dec. 2019, doi:https://doi.org/10.1186/s13023-019-1123-4.
Raisaro, Jean Louis, et al. Feasibility of Homomorphic Encryption for Sharing I2B2 Aggregate-Level Data in the Cloud. American Medical Informatics Association, 2017.
Ikuomola, Aderonke J. et al. “Securing Patient Privacy in E-Health Cloud Using Homomorphic Encryption and Access Control.” International Journal of Computer Networks and Communications Security (IJCNCS) vol 2, January 2014, pp. 15–21.
Wang, Qi, et al. “Privacy Preserving Computations over Healthcare Data.” 2019 International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2019, doi:https://doi.org/10.1109/ithings/greencom/cpscom/smartdata.2019.00123.
“Privacy-Preserving Biomedical Data Dissemination via a Hybrid Approach.” AMIA … Annual Symposium Proceedings. AMIA Symposium, vol. 2018, 2018, pp. 1176–85.
SEAL, https://github.com/Microsoft/SEAL
Chou, Edward, et al. A Fully Private Pipeline for Deep Learning on Electronic Health Records. Nov. 2018.
Preuveneers, Davy, and Wouter Joosen. “Privacy-Enabled Remote Health Monitoring Applications for Resource Constrained Wearable Devices.” Proceedings of the 31st Annual ACM Symposium on Applied Computing, vol. 04-08-, ACM, 2016, pp. 119–24, doi:https://doi.org/10.1145/2851613.2851683.
Shai Halevi and Victor Shoupn, https://github.com/shaih/HElib
Kocabas, Ovunc, et al. “Assessment of Cloud-Based Health Monitoring Using Homomorphic Encryption.” 2013 IEEE 31st International Conference on Computer Design (ICCD), IEEE, 2013, pp. 443–46, doi:https://doi.org/10.1109/ICCD.2013.6657078.
Bos, Joppe W., et al. “Private Predictive Analysis on Encrypted Medical Data.” Journal of Biomedical Informatics, vol. 50, Elsevier Inc, Aug. 2014, pp. 234–43, doi:https://doi.org/10.1016/j.jbi.2014.04.003.
nGraph-HE, https://github.com/IntelAI/he-transformer
Walonoski, Jason, et al. “Synthea: An Approach, Method, and Software Mechanism for Generating Synthetic Patients and the Synthetic Electronic Health Care Record.” Journal of the American Medical Informatics Association, vol. 25, no. 3, Oxford University Press, Mar. 2018, pp. 230–38, doi:https://doi.org/10.1093/jamia/ocx079.
Bender, Duane, and Kamran Sartipi. “HL7 FHIR: An Agile and RESTful Approach to Healthcare Information Exchange.” Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, 2013, doi:https://doi.org/10.1109/cbms.2013.6627810.
Fhirbase, Health Samurai, https://github.com/fhirbase/fhirbase
Rahimzadeh, Vasiliki. “A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies.” Front Big Data, 2021, February. doi: 0.3389/fdata.2020.603044
Tomar, Diveya, et al. “A survey on Data Mining approaches for Healthcare.” International Journal of Bio-Science and Bio-Technology, vol. 5, no. 5, 2013, pp. 241–266. doi: https://doi.org/10.14257/ijbsbt.2013.5.5.25
Shortreed, Susan M., et al. “Challenges and Opportunities for Using Big Health Care Data to Advance Medical Science and Public Health.” American Journal of Epidemiology, vol. 188, no. 5, March 2019. doi: https://doi.org/10.1093/aje/kwy292
Gentry, Craig. “Fully Homomorphic Encryption Using Ideal Lattices.” Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, ACM, 2009, pp. 169–78, doi:https://doi.org/10.1145/1536414.1536440.
Cheon, Jung Hee, and Yong Soo Song. Homomorphic Encryption Method of a Plurality of Messages Supporting Approximate Arithmetic of Complex Numbers. 7 Feb. 2018.
Boemer, Fabian, et al. nGraph-HE: A Graph Compiler for Deep Learning on Homomorphically Encrypted Data. Oct. 2018.
Cyphers, Scott, et al. “Intel nGraph: An Intermediate Representation, Compiler, and Executor for Deep Learning.” arXiv.org, Cornell University Library, arXiv.org, Jan. 2018, http://search.proquest.com/docview/2071286873/.
Coded Private Information or Specimens Use in Research, Guidance, Office for Human Research Protections (2008)
McDonald, Clem et al. “Introduction.” LOINC Users’ Guide (2017)
International Health Terminology Standards Development Organization. SNOMED CT® Editorial Guide, January 2020.
Boemer, Fabian, et al. “nGraph-HE2: A High-Throughput Framework for Neural Network Inference on Encrypted Data.” arXiv.org, Cornell University Library, arXiv.org, Aug. 2019, http://search.proquest.com/docview/2272613116/.
Funding
This study was funded by Intel Corporation.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
Authors Mark Clark and Olivia d’Aliberti received an internal research and development (IR&D) grant from Intel Corporation.
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Implementation Science & Operations Management.
Appendix
Appendix
A.1 Sample PostgreSQL Data Requests
A.1.1 This JSONB SQL statement pulls records, from a FHIR health EHR database, of women who have suffered a miscarriage in the first trimester since 2010 and were prescribed a method of birth control 3 months prior to the miscarriage:
A.1.2 This JSONB SQL statement pulls Body Mass Index and Height statistics, from a FHIR health EHR database, of individuals who have experienced a cardiac arrest episode:
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
d’Aliberti, O.G., Clark, M.A. Preserving Patient Privacy During Computation over Shared Electronic Health Record Data. J Med Syst 46, 85 (2022). https://doi.org/10.1007/s10916-022-01865-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-022-01865-5