Privacy Protocol for Linking Distributed Medical Data

  • Daniel Janusz
  • Martin Kost
  • Johann-Christoph Freytag
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7482)


Health care providers need to exchange medical data to provide complex medical treatments. In general, regulations of privacy protection define strong constraints for exchanging such personal data within a distributed system. Privacy-preserving query protocols provide mechanisms for implementing and maintaining these privacy constraints. In this paper, we introduce a new two-phase protocol for protecting the privacy of patients. The first phase implements a private record linking. Thereby, the queried data provider links the received query with matching records in his data base. In the second phase, a requestor and a data provider perform an authorized exchange of matched patient data. Thus, our protocol provides a method for health care providers to exchange individual medical data in a privacy preserving manner. In contrast to other approaches, we actively involve patients in the exchange process. We apply the honest-but-curious adversary model to our protocol in order to evaluate our approach with respect to complexity and the degree of privacy protection.


Health Care Provider Hair Color Medical Attribute Homomorphic Encryption Privacy Requirement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Allman, M., Blanton, E., Paxson, V., Shenker, S.: Fighting coordinated attackers with cross-organizational information sharing. In: Proceedings of 5th Workshop on Hot Topics in Networks, HotNets (2006)Google Scholar
  3. 3.
    Breebaart, J., Busch, C., Grave, J., Kindt, E.: A Reference Architecture for Biometric Template Protection based on Pseudo Identities. In: BIOSIG (2008)Google Scholar
  4. 4.
    Chow, S.S.M., Lee, J.-H., Subramanian, L.: Two-party computation model for privacy-preserving queries over distributed databases. In: NDSS 2009. The Internet Society, San Diego (2009)Google Scholar
  5. 5.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Elmagarmid, A., Panagiotis, G., Verykios, S.: Duplicate record detection: A survey. IEEE Transaction on Knowledge and Data Engineering (2007)Google Scholar
  7. 7.
    Emekci, F., Agrawal, D., Abbadi, A.E., Gulbeden, A.: Privacy Preserving Query Processing Using Third Parties. In: ICDE (2006)Google Scholar
  8. 8.
    European Union. Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  9. 9.
    Felligi, I.P., Sunter, A.B.: A theory for record linkage. Journal of the American Statistical Society 64, 1183–1210 (1969)Google Scholar
  10. 10.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient Private Matching and Set Intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Goldreich, O.: General Cryptographic Protocols. In: The Foundations of Cryptography, vol. 2. Cambridge University Press (2004)Google Scholar
  12. 12.
    Gomatam, S., Carter, R., Ariet, M., Mitchell, G.: An empirical comparison of record linkage procedures. Statistics in Medicine, 1485–1496 (2002)Google Scholar
  13. 13.
    Inan, A., Kantarcioglu, M., Bertino, E., Scannapieco, M.: A hybrid approach to private record linkage. In: ICDE 2008, Cancun, Mexico. IEEE Computer Society (2008)Google Scholar
  14. 14.
    Karakasidis, A., Verykios, V.S.: Secure blocking + secure matching = secure record linkage. Journal of Computing Science and Engineering, 223–235 (2011)Google Scholar
  15. 15.
    P3P Preference Exchange Language v. 1.0 (APPEL1.0). W3C (2002),
  16. 16.
    NIST. FIPS 180-3: Secure hash standard (SHS). Technical report, National Institute of Standards and Technology, NIST (2008),
  17. 17.
    Siemens Healthcare,
  18. 18.
    Sweeney, L.: Simple demographics often identify people uniquely. Carnegie Mellon University, Data Privacy Working Paper 3 (2000)Google Scholar
  19. 19.
    Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 557–570 (2002)Google Scholar
  20. 20.
    Li, Y., Tygar, J., Hellerstein, J.: Private matching. In: Computer Security in the 21st Century, pp. 25–50 (2005)Google Scholar
  21. 21.
    eXtensible Access Control Markup Language (XACML) v. 2.0. OASIS Standard (February 2005),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Daniel Janusz
    • 1
  • Martin Kost
    • 1
  • Johann-Christoph Freytag
    • 1
  1. 1.DBIS GroupHumboldt-Universität zu BerlinBerlinGermany

Personalised recommendations