Pseudonymization for improving the privacy in e-health applications

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2008, Pages

  Riedl, Bernhard ^a   Grascher, Veronika ^a   Fenz, Stefan ^a   Neubauer, Thomas ^a  

^a Secure Business Austria   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

ARSENIC COMPOUNDS; COMPUTER NETWORKS; HEALTH CARE; INSURANCE; PIPE;

E-HEALTH; INTERNATIONAL CONFERENCES; PSEUDONYMIZATION; SYSTEM SCIENCES;

HEALTH;

EID: 51449090174     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2008.366     Document Type: Conference Paper

References (40)

1. S. Maerkle, K. Koechy, R. Tschirley, and H. U. Lemke, "The PREPaRe system - Patient Oriented Access to the Personal Electronic Medical Record," in Proceedings of Computer Assisted Radiology and Surgery, Netherlands, 2001, pp. 849-854.
2. F. R. Ernst and A. J. Grizzle, "Drug-related morbidity and mortality: Updating the cost-of-illness model," University of Arizona, Tech. Rep., 1995.
3. _, "Drug-related morbidity and mortality: Updating the cost-of-illness model," University of Arizona, Tech. Rep., 2001.
4. J. Pope, "Implementing EHRs requires a shift in thinking. PHRs - the building blocks of EHRs - may be the quickest path to the fulfillment of disease management." Health Management Technology, vol. 27(6), p. 24, 2006.
5. United States Department of Health & Human Service, "Hipaa administrative simplification: Enforcement; final rule," Federal Register / Rules and Regulations, vol. Vol. 71, No. 32, 2006.
6. European Union, "Directive 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data." Official Journal of the European Communities, vol. L 281, pp. 31-50, 1995, http://europa.eu/scadplus/leg/en/lvb/l14012.htm.
7. Council of Europe, European Convention on Human Rights. Martinus Nijhoff Publishers, 1987.
8. Republic of Austria, "Datenschutzgesetz 2000 (DSG 2000), BGBl. I Nr. 165/1999," 1999.
9. M. Ackerman, R. Craft, F. Ferrante, M. Kratz, S. Mandil, and H. Sapci, "Telemedicine technology," Telemedicine Journal and e-Health, vol. 8, No. 1, pp. 71-78, 2002.
10. J. Montagnat, F. Bellet, H. Benoit-Cattin, V. Breton, L. Brunie, H. Duque, Y. Legr, I. E. Magnin, L. Maigne, S. Miguet, J. M. Pierson, L. Seitz, and T. Tweed, "Medical images simulation, storage, and processing on the european datagrid testbed," Journal of Grid Computing, vol. 2, Number 4, pp. 387-400, 2004.
11. A. Pfitzmann and M. Koehntopp., "Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management A Consolidated Proposal for Terminology," in Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2005.
12. K. Taipale, "Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd," International Journal of Communications Law & Policy, vol. 9, 2004.
13. R. L. Peterson, "Patent: Encryption system for allowing immediate universal access to medical records while maintaining complete patient control over privacy," US Patent US 2003/0074564 A1, 2003.
14. C. Thielscher, M. Gottfried, S. Umbreit, F. Boegner, J. Haack, and N. Schroeders, "Patent: Data processing system for patient data," Int. Patent, WO 03/034294 A2, 2005.
15. G. de Moor, B. Claerhout, and F. de Meyer, "Privacy enhancing technologies: the key to secure communication and management of clinical and genomic data," Methods of information in medicine, vol. 42, pp. 148-153, 2003.
16. J. Gulcher, K. Kristjansson, H. Gudbjartsson, K., and Stefanson, "Protection of privacy by third-party encryption in genetic research," European journal of human genetics, vol. 8, pp. 739-742, 2000.
17. K. Pommerening, "Medical Requirements for Data Protection," in Proceedings of IFIP Congress, Vol. 2, 1994, pp. 533-540. [Online]. Available: citeseer.ist.psu.edu/330589.html
18. K. Pommerening and M. Reng, Medical And Care Compunetics 1. IOS Press, 2004, ch. Secondary use of the Electronic Health Record via pseudonymisation, pp. 441-446.
19. D. Lobach and D. Detmer, "Research challenges for electronic health records," American Journal of Preventive Medicine, vol. 32, Issue 5, pp. 104-111, 2007.
20. B. Riedl, T. Neubauer, G. Goluch, O. Boehm, G. Reinauer, and A. Krumboeck, "A secure architecture for the pseudonymization of medical data," in Proceedings of the Second International Conference on Availability, Reliability and Security, 2007, pp. 318-324.
21. A. Rector, J. Rogers, A. Taweel, D. Ingram, D. Kalra, J. Milan, P. Singleton, R. Gaizauskas, M. Hepple, D. Scott, and R. Power, "Clef - joining up healthcare with clinical and post-genomic research," in Proceedings of UK e-Science All Hands Meeting, 2003, pp. 203-211. [Online]. Available: citeseer.ist.psu.edu/rector03clef.html
22. A. Lysyanskaya, R. L. Rivest, A. Sahai, and S. Wolf, "Pseudonym systems," in Proceedings of the Sixth Annual Workshop on Selected Areas in Cryptography (SAC '99). [Online]. Available: citeseer.ist.psu.edu/ lysyanskaya99pseudonym.html
23. U. Flegel, "Pseudonymizing unix log files," in Proceedings of the International Conference on Infrastructure Security. London, UK: Springer-Verlag, 2002, pp. 162-179.
24. J. Daemen and V. Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard. Springer; 1 Edition, 2002.
25. R. L. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120-126, 1978.
26. V. S. Miller, "Use of elliptic curves in cryptography," Lecture notes in computer sciences, vol. 218 on Advances in cryptology - CRYPTO 85, pp. 417-426, 1986.
27. B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley; 2 edition, 1995.
28. M. Hendry, Smart Card Security and Applications, Second Edition. Norwood, MA, USA: Artech House, Inc., 2001.
29. W. Rankl and W. Effing, Smart Card Handbook. New York, NY, USA: John Wiley & Sons, Inc., 1997.
30. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, pp. 11-33, 2004.
31. R. Russell, D. Kaminsky, R. F. Puppy, J. Grand, D. Ahmad, H. Flynn, I. Dubrawsky, S. W. Manzuik, and R. Permeh, Hack Proofing Your Network (Second Edition). Syngress Publishing, 2002.
32. T. Westran, M. Mack, and R. Enbody, "The last line of defense: a host-based, real-time, kernel-level intrusion detection system," in submitted to IEEE Symposium on Security and Privacy, 2003.
33. T. Thornburgh, "Social engineering: the "Dark Art"," in Proceedings of the 1st annual conference on Information security curriculum development. New York, NY, USA: ACM Press, 2004, pp. 133-135.
34. A. Shamir, "How to share a secret," Commun. ACM, vol. 22, no. 11, pp. 612-613, 1979.
35. J. Han and M. Kamber, Data mining: concepts and techniques. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2000.
36. K. Maris, "The Human Factor," in Proceedings of Hack.lu, Luxembourg, 2005.
37. V. Schmidt, W. Striebel, H. Prihoda, M. Becker, and G. D. Lijzer, "Patent: Verfahren zum be- oder verarbeiten von daten," German Patent, DE 199 25 910 A1, 2001.
38. B. Riedl, V. Grascher, and T. Neubauer, "Pseudonymization for securing e-health applications," in to appear in the proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC07), 2007.
39. D. C. Wherry, "Secure your public key infrastructure with hardware security modules," SANS Institute, Tech. Rep., 2003.
40. B. Riedl and O. Jorns, "Granting access to emergency data in a pseudonymized e-health architecture," in submitted to the Proceedings of the 9th International Conference on Information Integration and Web-based Application & Services, 2007.