Skip to main content

Advertisement

SpringerLink
Log in

Preserving Patient Privacy During Computation over Shared Electronic Health Record Data

  • Implementation Science & Operations Management
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Patient Electronic Health Records (EHRs) contain valuable clinical data that is useful for medical research and public health inquires. However, patient privacy regulation and improper resource sharing risks limit access to EHR medical data for research and public health purposes. In this paper, we introduce an end-to-end security solution that addresses both concerns and facilitates the sharing of patient EHR data over an unsecured third-party server using a leveled homomorphic encryption (LHE) scheme. Time testing for aggregating queries and linear computations was carried out using an HPE ProLiant DL580 Gen 10 server with an Intel Xeon Platinum 8280 Processor.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Hartskamp, Michael Van, et al. “Artificial Intelligence in Clinical Health Care Applications: Viewpoint.” Interactive Journal of Medical Research, vol. 8, no. 2, May 2019, doi:https://doi.org/10.2196/12100.

  2. Garrett, Daniel. “Tapping into the value of health data through secondary use: as electronic health records (EHRs) proliferate across the nation, an important new opportunity awaits healthcare organizations that can find meaningful commercial uses for the data contained in their EHR systems.“ Healthcare Financial Management, vol. 64, no. 2, Feb. 2010, pp. 76.

  3. Emam, Khaled El, et al. “A Secure Distributed Logistic Regression Protocol for the Detection of Rare Adverse Drug Events.” Journal of the American Medical Informatics Association, vol. 20, no. 3, July 2012, pp. 453–461., doi:https://doi.org/10.1136/amiajnl-2011-000735.

    Article  Google Scholar 

  4. Yadav, Pranjul, et al. “Mining Electronic Health Records (EHRs): A Survey”

  5. AMCA Data Breach Impacts 12 Million Quest Diagnostics Patients.” HIPAA Journal, 4 June 2019, https://www.hipaajournal.com/amca-data-breach-impacts-12-million-quest-diagnostics-patients/.

  6. Abomhara, Mohamed, and Geir M. Køien. “Towards an Access Control Model for Collaborative Healthcare Systems.” Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies, 2016, doi:https://doi.org/10.5220/0005659102130222.

  7. The Health Insurance Portability and Accountability Act (HIPAA), (45 C.F.R. § 160, 164(a,e), 1996).

  8. Nass, Sharyl J, et al. Beyond the Hipaa Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, D.C: National Academies Press, 2009.

    Book  Google Scholar 

  9. Li, Fengjun et al. “New Privacy Threats in Healthcare Informatics: When Medical Records Join the Web.” 2010.

  10. Emam, Khaled El, et al. “Evaluating the Risk of Re-Identification of Patients from Hospital Prescription Records.” The Canadian Journal of Hospital Pharmacy, vol. 62, no. 4, 2009, doi:https://doi.org/10.4212/cjhp.v62i4.812.

  11. Loukides, Grigorios, et al. “The Disclosure of Diagnosis Codes Can Breach Research Participants Privacy.” Journal of the American Medical Informatics Association, vol. 17, no. 3, 2010, pp. 322–327., doi:https://doi.org/10.1136/jamia.2009.002725.

    Article  Google Scholar 

  12. Thenen, Nora Von, et al. “Re-Identification of Individuals in Genomic Data-Sharing Beacons via Allele Inference.” Bioinformatics, vol. 35, no. 3, 2018, pp. 365–371., doi:https://doi.org/10.1093/bioinformatics/bty643.

  13. Vaidya, Jaideep, et al. “Identifying Inference Attacks Against Healthcare Data Repositories.” AMIA Joint Summits on Translational Science Proceedings. 2013, pp. 262–66.

  14. Courbier, Sandra, et al. “Share and Protect Our Health Data: an Evidence Based Approach to Rare Disease Patients’ Perspectives on Data Sharing and Data Protection - Quantitative Survey and Recommendations.” Orphanet Journal of Rare Diseases, vol. 14, no. 1, Dec. 2019, doi:https://doi.org/10.1186/s13023-019-1123-4.

  15. Raisaro, Jean Louis, et al. Feasibility of Homomorphic Encryption for Sharing I2B2 Aggregate-Level Data in the Cloud. American Medical Informatics Association, 2017.

  16. Ikuomola, Aderonke J. et al. “Securing Patient Privacy in E-Health Cloud Using Homomorphic Encryption and Access Control.” International Journal of Computer Networks and Communications Security (IJCNCS) vol 2, January 2014, pp. 15–21.

    Google Scholar 

  17. Wang, Qi, et al. “Privacy Preserving Computations over Healthcare Data.” 2019 International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2019, doi:https://doi.org/10.1109/ithings/greencom/cpscom/smartdata.2019.00123.

  18. HEANN, https://github.com/kimandrik/HEAAN

  19. “Privacy-Preserving Biomedical Data Dissemination via a Hybrid Approach.” AMIA … Annual Symposium Proceedings. AMIA Symposium, vol. 2018, 2018, pp. 1176–85.

  20. SEAL, https://github.com/Microsoft/SEAL

  21. Chou, Edward, et al. A Fully Private Pipeline for Deep Learning on Electronic Health Records. Nov. 2018.

  22. Preuveneers, Davy, and Wouter Joosen. “Privacy-Enabled Remote Health Monitoring Applications for Resource Constrained Wearable Devices.” Proceedings of the 31st Annual ACM Symposium on Applied Computing, vol. 04-08-, ACM, 2016, pp. 119–24, doi:https://doi.org/10.1145/2851613.2851683.

  23. Shai Halevi and Victor Shoupn, https://github.com/shaih/HElib

  24. Kocabas, Ovunc, et al. “Assessment of Cloud-Based Health Monitoring Using Homomorphic Encryption.” 2013 IEEE 31st International Conference on Computer Design (ICCD), IEEE, 2013, pp. 443–46, doi:https://doi.org/10.1109/ICCD.2013.6657078.

  25. Bos, Joppe W., et al. “Private Predictive Analysis on Encrypted Medical Data.” Journal of Biomedical Informatics, vol. 50, Elsevier Inc, Aug. 2014, pp. 234–43, doi:https://doi.org/10.1016/j.jbi.2014.04.003.

  26. nGraph-HE, https://github.com/IntelAI/he-transformer

  27. Walonoski, Jason, et al. “Synthea: An Approach, Method, and Software Mechanism for Generating Synthetic Patients and the Synthetic Electronic Health Care Record.” Journal of the American Medical Informatics Association, vol. 25, no. 3, Oxford University Press, Mar. 2018, pp. 230–38, doi:https://doi.org/10.1093/jamia/ocx079.

  28. Bender, Duane, and Kamran Sartipi. “HL7 FHIR: An Agile and RESTful Approach to Healthcare Information Exchange.” Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, 2013, doi:https://doi.org/10.1109/cbms.2013.6627810.

  29. Fhirbase, Health Samurai, https://github.com/fhirbase/fhirbase

  30. Rahimzadeh, Vasiliki. “A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies.” Front Big Data, 2021, February. doi: 0.3389/fdata.2020.603044

  31. Tomar, Diveya, et al. “A survey on Data Mining approaches for Healthcare.” International Journal of Bio-Science and Bio-Technology, vol. 5, no. 5, 2013, pp. 241–266. doi: https://doi.org/10.14257/ijbsbt.2013.5.5.25

  32. Shortreed, Susan M., et al. “Challenges and Opportunities for Using Big Health Care Data to Advance Medical Science and Public Health.” American Journal of Epidemiology, vol. 188, no. 5, March 2019. doi: https://doi.org/10.1093/aje/kwy292

  33. Gentry, Craig. “Fully Homomorphic Encryption Using Ideal Lattices.” Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, ACM, 2009, pp. 169–78, doi:https://doi.org/10.1145/1536414.1536440.

  34. Cheon, Jung Hee, and Yong Soo Song. Homomorphic Encryption Method of a Plurality of Messages Supporting Approximate Arithmetic of Complex Numbers. 7 Feb. 2018.

  35. Boemer, Fabian, et al. nGraph-HE: A Graph Compiler for Deep Learning on Homomorphically Encrypted Data. Oct. 2018.

  36. Cyphers, Scott, et al. “Intel nGraph: An Intermediate Representation, Compiler, and Executor for Deep Learning.” arXiv.org, Cornell University Library, arXiv.org, Jan. 2018, http://search.proquest.com/docview/2071286873/.

  37. Coded Private Information or Specimens Use in Research, Guidance, Office for Human Research Protections (2008)

  38. McDonald, Clem et al. “Introduction.” LOINC Users’ Guide (2017)

  39. International Health Terminology Standards Development Organization. SNOMED CT® Editorial Guide, January 2020.

  40. Boemer, Fabian, et al. “nGraph-HE2: A High-Throughput Framework for Neural Network Inference on Encrypted Data.” arXiv.org, Cornell University Library, arXiv.org, Aug. 2019, http://search.proquest.com/docview/2272613116/.

Download references

Funding

This study was funded by Intel Corporation.

Author information

Authors and Affiliations

  1. Leidos Inc, Arlington, VA, United States

    Olivia G. d’Aliberti & Mark A. Clark

Authors
  1. Olivia G. d’Aliberti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark A. Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Olivia G. d’Aliberti.

Ethics declarations

Conflict of Interest

Authors Mark Clark and Olivia d’Aliberti received an internal research and development (IR&D) grant from Intel Corporation.

Ethical Approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Implementation Science & Operations Management.

Appendix

Appendix

A.1 Sample PostgreSQL Data Requests

A.1.1 This JSONB SQL statement pulls records, from a FHIR health EHR database, of women who have suffered a miscarriage in the first trimester since 2010 and were prescribed a method of birth control 3 months prior to the miscarriage:

figure 4

A.1.2 This JSONB SQL statement pulls Body Mass Index and Height statistics, from a FHIR health EHR database, of individuals who have experienced a cardiac arrest episode:

figure 5

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

d’Aliberti, O.G., Clark, M.A. Preserving Patient Privacy During Computation over Shared Electronic Health Record Data. J Med Syst 46, 85 (2022). https://doi.org/10.1007/s10916-022-01865-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-022-01865-5

Keywords

Search

Navigation