Patient Health Records (PHRs) shift the ownership of health data from health providers to patients. Such a shift poses important challenges from the data privacy point of view. Patients would like to be able to selectively reveal information to other stakeholders and, at the same time, be assured that their health information will not be used improperly once shared. Current PHR systems partially fail to satisfy these requirements. In this paper, we show that both requirements can be satisfied fully when adopting a novel cloud-based PHR system architecture.We expain the role of remote virtual machines in this architecture and use interaction models to reason about privacy implications. Finally, we evaluate MyPHRMachines, a prototypical implementation of the architecture: we demonstrate that the system enables the execution of third party genome analysis services on patientowned genome data while ensuring that (1) such services cannot maliciously store this data and (2) patients can show the analysis results to experts without sharing along their full genome.
|Title of host publication||Proceedings of the 2012 IEEE International Conference on Systems, Man, and Cybernetics, October 14-17, 2012, Seoul, Korea|
|Place of Publication||Piscataway|
|Publisher||Institute of Electrical and Electronics Engineers|
|Publication status||Published - 2012|