More Like this

1. HonestChain: Consortium blockchain for protected data sharing in health information systems

   https://doi.org/10.1007/s12083-021-01153-y  

   Purohit, Soumya; Calyam, Prasad; Alarcon, Mauro Lemus; Bhamidipati, Naga Ramya; Mosa, Abu; Salah, Khaled (September 2021, Peer-to-Peer Networking and Applications)
2. An Activity Theory Approach to Leak Detection and Mitigation in Patient Health Information (PHI)

   https://doi.org/10.17705/1jais.00687  

   Valecha, Rohit; Upadhyaya, Shambhu; Rao, H. Raghav (January 2021, Journal of the Association for Information Systems)

   The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept. 

   more » « less
3. Privacy and Security — Protecting Patients’ Health Information

   https://doi.org/10.1056/NEJMp2201676  

   Hoffman, Sharona (November 2022, New England Journal of Medicine)
4. Enabling Health Data Sharing with Fine-Grained Privacy

   https://doi.org/10.1145/3583780.3614864  

   Bonomi, Luca; Gousheh, Sepand; Fan, Liyue (October 2023, Proceedings of the 32nd ACM International Conference on Information and Knowledge Management (CIKM '23))
5. Beyond Open vs. Closed: Balancing Individual Privacy and Public Accountability in Data Sharing

   https://doi.org/10.1145/3287560.3287577  

   Young, Meg; Rodriguez, Luke; Keller, Emily; Sun, Feiyang; Sa, Boyang; Whittington, Jan; Howe, Bill (January 2019, FAT*)

   Data too sensitive to be "open" for analysis and re-purposing typically remains "closed" as proprietary information. This dichotomy undermines efforts to make algorithmic systems more fair, transparent, and accountable. Access to proprietary data in particular is needed by government agencies to enforce policy, researchers to evaluate methods, and the public to hold agencies accountable; all of these needs must be met while preserving individual privacy and firm competitiveness. In this paper, we describe an integrated legal-technical approach provided by a third-party public-private data trust designed to balance these competing interests. Basic membership allows firms and agencies to enable low-risk access to data for compliance reporting and core methods research, while modular data sharing agreements support a wide array of projects and use cases. Unless specifically stated otherwise in an agreement, all data access is initially provided to end users through customized synthetic datasets that offer a) strong privacy guarantees, b) removal of signals that could expose competitive advantage, and c) removal of biases that could reinforce discriminatory policies, all while maintaining fidelity to the original data. We find that using synthetic data in conjunction with strong legal protections over raw data strikes a balance between transparency, proprietorship, privacy, and research objectives. This legal-technical framework can form the basis for data trusts in a variety of contexts. 

   more » « less