- Award ID(s):
- 1915780
- NSF-PAR ID:
- 10291773
- Date Published:
- Journal Name:
- Interservice/Industry Training, Simulation and Education Conference (I/ITSEC)
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
Electronic Health Records (EHRs) have become increasingly popular in recent years, providing a convenient way to store, manage and share relevant information among healthcare providers. However, as EHRs contain sensitive personal information, ensuring their security and privacy is most important. This paper reviews the key aspects of EHR security and privacy, including authentication, access control, data encryption, auditing, and risk management. Additionally, the paper dis- cusses the legal and ethical issues surrounding EHRs, such as patient consent, data ownership, and breaches of confidentiality. Effective implementation of security and privacy measures in EHR systems requires a multi-disciplinary approach involving healthcare providers, IT specialists, and regulatory bodies. Ultimately, the goal is to come upon a balance between protecting patient privacy and ensuring timely access to critical medical information for feature healthcare delivery.more » « less
-
There is an increasing demand for processing large volumes of unstructured data for a wide variety of applications. However, protection measures for these big data sets are still in their infancy, which could lead to significant security and privacy issues. Attribute-based access control (ABAC) provides a dynamic and flexible solution that is effective for mediating access. We analyzed and implemented a prototype application of ABAC to large dataset processing in Amazon Web Services, using open-source versions of Apache Hadoop, Ranger, and Atlas. The Hadoop ecosystem is one of the most popular frameworks for large dataset processing and storage and is adopted by major cloud service providers. We conducted a rigorous analysis of cybersecurity in implementing ABAC policies in Hadoop, including developing a synthetic dataset of information at multiple sensitivity levels that realistically represents healthcare and connected social media data. We then developed Apache Spark programs that extract, connect, and transform data in a manner representative of a realistic use case. Our result is a framework for securing big data. Applying this framework ensures that serious cybersecurity concerns are addressed. We provide details of our analysis and experimentation code in a GitHub repository for further research by the community.
-
Patient health records(PHRs) are crucial and sensitive as they contain essential information and are frequently shared among healthcare entities. This information must remain correct, up to date, private and accessible only to the authorized entities. Moreover, access must also be assured during health emergency crises such as the recent outbreak, which represents the greatest test of the flexibility and the efficiency of PHR sharing among healthcare providers, which ended up an immense interruption to the healthcare industry. Moreover, the right to privacy is the most fundamental right for a patient. Hence, the patient health records in the healthcare sector have faced issues with privacy breaches, insider outside attacks, and unauthorized access to crucial patients’ records. As a result, it pushes more patients to demand more control, security, and a smoother experience when they want to access their health records. Furthermore, the lack of interoperability among the healthcare system and providers and the added weight of cyber-attacks on an already overwhelmed system have called for an immediate solution. In this work, we developed a secured blockchain framework that safeguards patients’ full control over their health data which can be stored in their private IPFS and later shared with an authorized provider. Furthermore, the system ensures privacy and security while handling patient data, which can only be shared with the patients. The proposed Security and privacy analysis show promising results in providing time savings, enhanced confidentiality, and less disruption in patient-provider interactions.more » « less
-
Abstract Objective Electronic health records (EHRs) are rich sources of patient-level data, offering valuable resources for medical data analysis. However, privacy concerns often restrict access to EHRs, hindering downstream analysis. Current EHR deidentification methods are flawed and can lead to potential privacy leakage. Additionally, existing publicly available EHR databases are limited, preventing the advancement of medical research using EHR. This study aims to overcome these challenges by generating realistic and privacy-preserving synthetic EHRs time series efficiently.
Materials and Methods We introduce a new method for generating diverse and realistic synthetic EHR time series data using denoizing diffusion probabilistic models. We conducted experiments on 6 databases: Medical Information Mart for Intensive Care III and IV, the eICU Collaborative Research Database (eICU), and non-EHR datasets on Stocks and Energy. We compared our proposed method with 8 existing methods.
Results Our results demonstrate that our approach significantly outperforms all existing methods in terms of data fidelity while requiring less training effort. Additionally, data generated by our method yield a lower discriminative accuracy compared to other baseline methods, indicating the proposed method can generate data with less privacy risk.
Discussion The proposed model utilizes a mixed diffusion process to generate realistic synthetic EHR samples that protect patient privacy. This method could be useful in tackling data availability issues in the field of healthcare by reducing barrier to EHR access and supporting research in machine learning for health.
Conclusion The proposed diffusion model-based method can reliably and efficiently generate synthetic EHR time series, which facilitates the downstream medical data analysis. Our numerical results show the superiority of the proposed method over all other existing methods.
-
The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept.more » « less