Challenges in eHealth: From Enabling to Enforcing Privacy

  • Naipeng Dong
  • Hugo Jonker
  • Jun Pang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7151)


Privacy is recognised as a fundamental requirement for eHealth systems. Proposals to achieve privacy have been put forth in literature, most of which approach patient privacy as either an access control or an authentication problem. In this paper, we investigate privacy in eHealth as a communication problem, since future eHealth systems will be highly distributed and require interoperability of many sub-systems. In addition, we research privacy needs for others than patients. In our study, we identify two key privacy challenges in eHealth: enforced privacy and privacy in the presence of others. We believe that these privacy challenges are vital for secure eHealth systems, and more research is needed to understand these challenges. We propose to use formal techniques to understand and define these new privacy notions in a precise and unambiguous manner, and to build an efficient verification framework.


Access Control Electronic Patient Record Patient Privacy Online Auction Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Meingast, M., Roosta, T., Sastry, S.S.: Security and privacy issues with health care information technology. In: Proc. 28th Annual Conference of the IEEE Engineering in Medicine and Biology Society, pp. 5453–5458. IEEE CS (2006)Google Scholar
  2. 2.
    Kotz, D., Avancha, S., Baxi, A.: A privacy framework for mobile health and home-care systems. In: Proc. Workshop on Security and Privacy in Medical and Home-Care Systems, pp. 1–12. ACM Press (2009)Google Scholar
  3. 3.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17, 435–487 (2009)Google Scholar
  4. 4.
    Dong, N., Jonker, H.L., Pang, J.: Analysis of a Receipt-Free Auction Protocol in the Applied Pi Calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Matyáš, V.: Protecting doctors’ identity in drug prescription analysis. Health Informatics Journal, 205–209 (1998)Google Scholar
  6. 6.
    Ateniese, G., de Medeiros, B.: Anonymous e-prescriptions. In: Proc. ACM Workshop on Privacy in the Electronic Society, pp. 19–31. ACM Press (2002)Google Scholar
  7. 7.
    De Decker, B., Layouni, M., Vangheluwe, H., Verslype, K.: A Privacy-Preserving eHealth Protocol Compliant with the Belgian Healthcare System. In: Mjølsnes, S.F., Mauw, S., Katsikas, S.K. (eds.) EuroPKI 2008. LNCS, vol. 5057, pp. 118–133. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Anderson, R.: A security policy model for clinical information systems. In: Proc. 17th IEEE Symposium on Security and Privacy, pp. 30–43. IEEE CS (1996)Google Scholar
  9. 9.
    Louwerse, K.: The electronic patient record; the management of access – case study: Leiden University hospital. International Journal of Medical Informatics 49, 39–44 (1998)CrossRefGoogle Scholar
  10. 10.
    Reid, J., Cheong, I., Henricksen, M., Smith, J.: A Novel Use of rBAC to Protect Privacy in Distributed Health Care Information Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 403–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: Proc. 2nd Australian Information Security Workshop. Conferences in Research and Practice in Information Technology, vol. 32, pp. 53–61. Australian Computer Society (2004)Google Scholar
  12. 12.
    Hung, P.C.K.: Towards a privacy access control model for e-healthcare services. In: Proc. 3rd Annual Conference on Privacy, Security and Trust (2005)Google Scholar
  13. 13.
    Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proc. 11th Conference on Database Security. IFIP Conference Proceedings, vol. 113, pp. 166–181. Springer (1997)Google Scholar
  14. 14.
    Kalam, A., Benferhat, S., Miège, A., Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proc. 4th IEEE Workshop on Policies for Distributed Systems and Networks, pp. 120–131. IEEE CS (2003)Google Scholar
  15. 15.
    Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. Electronic Notes in Theoretical Computer Science 186, 3–26 (2007)CrossRefGoogle Scholar
  16. 16.
    Sneha, S., Varshney, U.: Enabling ubiquitous patient monitoring: Model, decision protocols, opportunities and challenges. Decision Support Systems 46, 606–619 (2009)CrossRefGoogle Scholar
  17. 17.
    Ko, J., Lu, C., Srivastava, M.B., Stankovic, J.A., Terzis, A., Welsh, M.: Wireless sensor networks for healthcare. Proceedings of IEEE 98, 1947–1960 (2010)CrossRefGoogle Scholar
  18. 18.
    Maglogiannis, I., Kazatzopoulos, L., Delakouridis, C., Hadjiefthymiades, S.: Enabling location privacy and medical data encryption in patient telemonitoring systems. IEEE Transactions on Information Technology in Biomedicine 13, 946–954 (2009)CrossRefGoogle Scholar
  19. 19.
    Chiu, D.K.W., Hung, P.C.K., Cheng, V.S.Y., Kafeza, E.: Protecting the exchange of medical images in healthcare process integration with web services. In: Proc. 40th Hawaii Conference on Systems Science, pp. 131–140. IEEE CS (2007)Google Scholar
  20. 20.
    Biskup, J., Bleumer, G.: Cryptographic protection of health information: cost and benefit. International Journal of Bio-Medical Computing 43, 61–67 (1996)CrossRefGoogle Scholar
  21. 21.
    van der Haak, M., Wolff, A.C., Brandner, R., Drings, P., Wannenmacher, M., Wetter, T.: Data security and protection in cross-institutional electronic patient records. International Journal of Medical Informatics 70, 117–130 (2003)CrossRefGoogle Scholar
  22. 22.
    Ateniese, G., Curtmola, R., de Medeiros, B., Davis, D.: Medical Information Privacy Assurance: Cryptographic and System Aspects. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 199–218. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Layouni, M., Verslype, K., Sandıkkaya, M.T., De Decker, B., Vangheluwe, H.: Privacy-Preserving Telemonitoring for eHealth. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security 2009. LNCS, vol. 5645, pp. 95–110. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Tien, J.M., Goldschmidt-Clermont, P.: Healthcare: A complex service system. Journal of Systems Science and Systems Engineering 18, 257–282 (2009)CrossRefGoogle Scholar
  25. 25.
    Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Proc. 26th Symposium on Theory of Computing, pp. 544–553. ACM Press (1994)Google Scholar
  26. 26.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proc. 4th ACM Workshop on Privacy in the Electronic Society, pp. 61–70. ACM Press (2005)Google Scholar
  27. 27.
    Abe, M., Suzuki, K.: Receipt-Free Sealed-Bid Auction. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 191–199. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    Chen, X., Lee, B., Kim, K.: Receipt-free Electronic Auction Schemes Using Homomorphic Encryption. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 259–273. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Lee, B., Kim, K.: Receipt-free electronic voting through collaboration of voter and honest verifier. In: Proc. Japan-Korea Joint Workshop on Information Security and Cryptology, pp. 101–108 (2000)Google Scholar
  30. 30.
    Hirt, M., Sako, K.: Efficient Receipt-Free Voting Based on Homomorphic Encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  31. 31.
    Lee, B., Kim, K.: Receipt-free Electronic Voting with a Tamper-resistant Randomizer. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 389–406. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  32. 32.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th Symposium on Principles of Programming Languages, pp. 104–115. ACM Press (2001)Google Scholar
  33. 33.
    Backes, M., Hriţcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proc. 21st IEEE Computer Security Foundations Symposium, pp. 195–209. IEEE CS (2008)Google Scholar
  34. 34.
    Baskar, A., Ramanujam, R., Suresh, S.: Knowledge-based modelling of voting protocols. In: Proc. 11th Conference on Theoretical Aspects of Rationality and Knowledge, pp. 62–71. ACM Press (2007)Google Scholar
  35. 35.
    Jonker, H.L., Mauw, S., Pang, J.: A formal framework for quantifying voter-controlled privacy. Journal of Algorithms in Cognition, Informatics and Logic 64(2-3), 89–105 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  36. 36.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proc. 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE CS (2001)Google Scholar
  37. 37.
    Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion-resistance and its applications. In: Proc. 23rd IEEE Computer Security Foundations Symposium, pp. 122–136. IEEE CS (2010)Google Scholar
  38. 38.
    Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Proc. 22nd IEEE Computer Security Foundations Symposium, pp. 266–276. IEEE CS (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Naipeng Dong
    • 1
  • Hugo Jonker
    • 1
  • Jun Pang
    • 1
  1. 1.Faculty of Sciences, Technology and CommunicationUniversity of LuxembourgLuxembourg

Personalised recommendations