Addressing health information privacy with a novel cloud-based PHR system architecture

• Published in: 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC) pp. 1841 - 1846
• Main Authors: Gorp, P. V., Comuzzi, M., Fialho, A., Kaymak, U.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2012
• Subjects: Bioinformatics; Cloud; Genomics; Personal Health Records; Privacy; Security; Software; Unified modeling language; Virtual machining
• ISBN: 9781467317139; 1467317136
• ISSN: 1062-922X; 2577-1655
• DOI: 10.1109/ICSMC.2012.6378006

Patient Health Records (PHRs) shift the ownership of health data from health providers to patients. Such a shift poses important challenges from the data privacy point of view. Patients would like to be able to selectively reveal information to other stakeholders and, at the same time, be assured that their health information will not be used improperly once shared. Current PHR systems partially fail to satisfy these requirements. In this paper, we show that both requirements can be satisfied fully when adopting a novel cloud-based PHR system architecture.We expain the role of remote virtual machines in this architecture and use interaction models to reason about privacy implications. Finally, we evaluate MyPHRMachines, a prototypical implementation of the architecture: we demonstrate that the system enables the execution of third party genome analysis services on patientowned genome data while ensuring that (1) such services cannot maliciously store this data and (2) patients can show the analysis results to experts without sharing along their full genome.