Health and Genomic Privacy

Established: October 1, 2010





Electronic health records make patients’ medical information more accessible and mobile, and have the potential to vastly improve health care; however, they also introduce new security and privacy concerns. Emerging technology for sequencing the human genome can help unlock secrets of human health, but making genomic data available also poses important privacy and security challenges. We explore the challenge of preserving patients’ privacy in electronic health record systems and genomics.

Privacy for Electronic Medical Records

Patient Controlled Encryption

In this project we argue that privacy in Electronic Medical Records systems should be enforced via encryption as well as access control. Furthermore, we argue for approaches that enable patients to generate and store their own encryption keys, so that the patients’ privacy is protected should the host data center be compromised. We call this approach Patient Controlled Encryption (PCE). We show that we can build an efficient system within this framework that preserves basic functionalities, including allowing patients both to share partial access rights with others and to perform searches over their records.

Patient Controlled Encryption: patient privacy in electronic medical records by Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, ACM Cloud Computing Security Workshop 2009.



Genomic Privacy

In a sequence of papers and projects, we investigate the potential to compute on genomic data in encrypted form.  The main new tool is homomorphic encryption, which allows us to do meaningful computation on data which has been encrypted in a particular way.  We demonstrate solutions for encoding and encrypting data in a manner which allows efficient computation of functions needed in Genome Wide Association Studies (GWAS) and in tasks such as sequence alignment and edit distance.  A recent competition highlights the record capabilities in this area.

Anonymous Healthcare

When patients participate in today’s healthcare system, insurance companies and pharmacies have access to the sensitive patient care information, including medical conditions, diagnosis and treatment. We have designed an anonymous system in which patients can receive care from their physicians and the care providers can receive payment for their services, without the insurance companies and pharmacies learning which patients are being treated for which conditions.

Our design principal is that a health record system should reveal as little as pos­sible to various parties such as insurers and pharmacies, while allowing the system to work.  One technique is to use Anonymous Credentials, which ensures that the service cannot identify the user.


Related links