Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks Online publication date: Fri, 19-Dec-2008
by Christian Stingl, Daniel Slamanig
International Journal of Business Intelligence and Data Mining (IJBIDM), Vol. 3, No. 3, 2008
Abstract: This paper investigates the privacy issues in the context of e-health and will especially consider e-health portals which provide patients access to Electronic Health Records (EHRs). Since e-health portals can be accessed via the internet, security and privacy issues arise that have to be considered carefully. Besides the traditional security properties, we focus mainly on additional threats, namely the disclosure attack, the anonymity set attack and statistical analysis of metadata. A disclosure attack takes place if a person 'motivates' or even forces another one to present her EHR. We propose so-called multiple identities, which help to eliminate this attack. In the context of anonymous authentication, we will point out weaknesses regarding the choice of anonymity sets. Additionally, by applying statistical analysis on the metadata of an e-health portal, it is possible to determine relevant information which could have negative effects on the patient. We present a concept that includes pseudonymisation of e-health portals, multiple identities, obfuscation of metadata and anonymity methods to prevent the above-mentioned attacks and make statistical analysis difficult. Furthermore, all privacy-enhancing methods do not rely on application-layer mechanisms (which in general can easily be bypassed by insiders), but are based on cryptographic primitives which are state of the art.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Business Intelligence and Data Mining (IJBIDM):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook