Presentation is loading. Please wait.

Presentation is loading. Please wait.

Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011.

Published byJovany Runnells Modified over 9 years ago

Similar presentations

Presentation on theme: "Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011."— Presentation transcript:

1 Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011

2 Healthcare Privacy Problem  Data needed for treatment  Electronic records and health information exchange can improve care, reduce costs  Most patients seen in emergency room were treated in an unaffiliated hospital in last six months  Patient access is important  Required by law  Diabetics can enter glucose data, improve treatment  Personal health devices: Blood pressure, Zeo, Fitbit, Withings Patient DoctorInsurance Electronic Record Patient Portal Drug Co. Quality care HIPAA compliance Patient privacy  Privacy requirements  HIPAA law mandates privacy  Hospitals add policy  Insurer needs data for billing, should not deny coverage based on correlated factors HIE

3 Privacy theory  automated compliance

4 Finite Model for HIPAA  Dependency graph  Acyclicity of privacy law  Can we capture the behavior of an acyclic law by its operations on a finite set of exemplary use cases?  Exemplary cases can be used for  Training and education  Testing and debugging for compliance software permitted_by_164_502_ a(A) is_from_coveredEntity (A) permitted_by_164_502_a_1 (A) is_phi(A) permitted_by_164_502_a_1_i( A) Dependency graph

5 Compliance Tree of an Acyclic Law compliantWithALaw( A ) permittedBySomeClause( A ) forbiddenBySomeClause( A ) AND NOT permittedBy C1( A ) permittedBy C1( A ) permittedBy Cm( A ) permittedBy Cm( A ) … OR coveredBy C1( A ) coveredBy C1( A ) satisfies C1( A ) satisfies C1( A ) permittedBySome RefOfClause1( A ) permittedBySome RefOfClause1( A ) permByClauseRef_1,1( A ) permittedByClause Ref_1,N( A ) permittedByClause Ref_1,N( A ) AND forbiddenBy C1( A ) forbiddenBy C1( A ) forbiddenBy Cm( A ) forbiddenBy Cm( A ) … coveredBy Cm( A ) coveredBy Cm( A ) satisfies Cm ( A ) satisfies Cm ( A ) NOT AND OR

6 Algorithm to Generate Exemplary Cases for an Acyclic Privacy Law I. Construct the compliance tree for the acyclic law II. Normalize it (push NOT operators to the bottom) Using De Morgan’s Laws and Boolean algebra III. Construct the search trees IV. For each search tree, add an exemplary case instance to the model that satisfies all the nodes in the tree

7 A Search Tree to Generate an Exemplary Case compliantWithALaw( A ) permittedBySomeClause( A ) notForbiddenBy AnyClause( A ) notForbiddenBy AnyClause( A ) AND permittedBy C1( A ) permittedBy C1( A ) coveredBy C1( A ) coveredBy C1( A ) satisfies C1( A ) satisfies C1( A ) permittedBySome RefOfC1( A ) permittedBySome RefOfC1( A ) permittedByClause Ref_I,J( A ) permittedByClause Ref_I,J( A ) AND notForbidden ByC1( A ) notForbidden ByC1( A ) notForbidden ByCm( A ) notForbidden ByCm( A ) … notCoveredBy Cm( A ) notCoveredBy Cm( A ) AND

8 Finite Model for Privacy Laws  Our main results regarding the construction  The model for an acyclic law constructed using our algorithm is finite  The acyclic law can be completely characterized by its operation on the exemplary cases in the model

9 User Hospital Encrypted medical data in the cloud Database Policy Engine Query Attribute- based Encryption Attribute- based Decryption Encrypted Medical Data Credentials EHR Applications: HIE, Affiliated clinics Medical research

10 Attribute-Based Encryption PK “Doctor” “Neurology” “Nurse” “Physical Therapy” OR Doctor AND Nurse ICU  OR Doctor AND Nurse ICU SK  = =

11 Extracting ABE data policy  HIPAA, Hospital policy  Policy: Action  {allow, deny}  Action characterized by   from, about, type, consents, to, purpose, beliefs   Data policy  SELECT rows with given attributes: from, about, type, consents  PROJECT them to generate the associated ABE access policy {  to, purpose, beliefs  | Policy (  from, about, type, consents, to, purpose, beliefs  ) = Allow}

12 Prototype

13 Performance

14 Open Issue  No direct support of Parameterized Roles in ABE  Format: R(p 1, p 2, …, p n )  E.g.,164.502 (g)(3)(ii)A … a covered entity may disclose, or provide access in accordance with §164.524 to, protected health information about an unemancipated minor to a parent, guardian, or other person acting in loco parentis;  Workaround  Hardcode parameter values into the attribute name, e.g. inLocoParentis_Tom  Challenges  Identity silos across organizations

15 References  Declarative privacy policy: Finite models and attribute-based encryption, P.E.Lam, J.C.Mitchell, A.Scedrov, et al., IHI 2012.  Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size, J. Franklin, S. Chaki, A. Datta, A. Seshadri, Proceedings of 31st IEEE Symposium on Security and Privacy, May 2010.  A Formalization of HIPAA for a Medical Messaging System  P.F. Lam, J.C. Mitchell, and S. Sundaram, TrustBus 2009.  Privacy and Contextual Integrity: Framework and Applications, A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum, Proceedings of 27th IEEE Symposium on Security and Privacy, May 2006.  Healthcare privacy project source code  http://github.com/healthcareprivacy  Demo (under construction)  http://crypto.stanford.edu/privacy/HIPAA/

16 Backup slides

17 Compliance Tree of an Acyclic Law

18 compliantWithALaw( A ) permittedBySomeClause( A ) forbiddenBySomeClause( A ) AND NOT permittedBy C1( A ) permittedBy C1( A ) permittedBy Cm( A ) permittedBy Cm( A ) … OR coveredBy C1( A ) coveredBy C1( A ) satisfies C1( A ) satisfies C1( A ) permittedBySome RefOfClause1( A ) permittedBySome RefOfClause1( A ) permByClauseRef_1,1( A ) permittedByClause Ref_1,N( A ) permittedByClause Ref_1,N( A ) AND forbiddenBy C1( A ) forbiddenBy C1( A ) forbiddenBy Cm( A ) forbiddenBy Cm( A ) … coveredBy Cm( A ) coveredBy Cm( A ) satisfies Cm ( A ) satisfies Cm ( A ) NOT AND OR

19 A Search Tree to Generate an Exemplary Case

Download ppt "Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011."

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Meet Stan… Veteran Retired Meet Stan… Enjoying retirement in Savannah!

Meet Stan… Veteran Retired Meet Stan… Enjoying retirement in Savannah!
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
Patient Consent The Massachusetts Health Information Highway www.masshiway.net.

Patient Consent The Massachusetts Health Information Highway
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Privacy Challenges and Solutions for Health Information Systems John C Mitchell, Stanford University.

Privacy Challenges and Solutions for Health Information Systems John C Mitchell, Stanford University.
The University of Kansas Medical Center Shadow Experience Training.

The University of Kansas Medical Center Shadow Experience Training.

Similar presentations

Ads by Google