Private Verification of Access on Medical Data: An Initial Study
Yes
12th International Workshop on Data Privacy Management
from 14-09-2017 to 15-09-2017
[en] Verifiability ; Audit ; Compliance ; Privacy ; Searchable encryption ; Patient-centered medical systems
[en] Patient-centered medical systems promote empowerment of patients, who can decide on the accesses and usage of their personal data. To inspire a sense of trust and encourage the adoption of such systems, it is desired to allow one to verify whether the system has acted in accordance with the patients’ preferences. However, it is argued that even audit logs and usage policies, normally used when verifying such property, may already be enough for one to learn sensitive information, e.g., the medical specialists a given patient has visited in the past. This is not only damaging for the patients, but is also against the interests of the medical system, which may lose back the trust earned and gain a bad reputation. Verifiability should not come at the expense of patients’ privacy. It is, therefore, imperative that these systems take necessary precautions towards patient’s information when providing means for verifiability. In this work we study how to realize that. In particular, we explore how searchable encryption techniques could be applied to allow the verification of systems in a private fashion, providing no information on patient’s sensitive data.
[University of Ottawa > School of Electrical Engineering and Computer Science]
