Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Transcription

1 Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Melissa Chase (MSR) Joint work with Josh Benaloh, Kristin Lauter, and Eric Horvitz

2 Medical Records Traditionally, health providers kept paper files Transferring data very cumbersome Visiting a new doctor requires paperwork Emergency care often cannot access record

3 Electronic Medical Records Movement to: Digitize records Make accessible to network of providers Patients records will be accessible to any provider who treats them Advantages Better care Reduce costs President Obama: all medical records computerized within 5 years ARR Act: $19 billion

4 Privacy concerns Also dangerous Much easier to steal digital records Much easier to attack remotely accessible system Large system is very vulnerable to abuse ARR Act: Specific objectives: Secure communications Ensure appropriate authorization Encryption

5 Privacy Concerns Why are we concerned about privacy? Want patients to be honest Discrimination Insurance Employment Social stigma (friends/coworkers) Medical Identity Theft

6 Standard Approach to Security: Provider Managed + Access Control Patient Bob patient records Doctor Alice Upload health info Health Record Server Permission? s Log File Must Audit Logs Sensitive information Celebrity records

7 Privacy Concerns Wide access All or nothing permissions Even more in large network scenario Roughly 150 people have access to a patient s record in a hospitalization Patient Controlled Record grant access only to appropriate part of record allow patient to identify providers who treat him

8 Privacy Concerns Wide access All or nothing permissions Even more in large network scenario Roughly 150 people have access to a patient s record in a hospitalization Access control Theft Attack Patient must trust owner/administrator of data for physical and electronic security For privacy (Insider attacks)

9 Create Account Upload health info Search record Patient Bob New Approach: Encryption Health Record Server Bob s record Permission s

10 Using Cryptography Who holds the key? Server Key can be stolen/compromised along with data Third party Somewhat more secure How to maintain functionality? Patient? What we will look at

11 Using Cryptography Must have key backup Hide from server = hides from hackers, thieves, etc Patient Bob Create Account Upload health info Bob s record Search record Health Record Server Permission s

12 Search Search record record Create Account Upload health info Search record Patient Bob Doctor Alice Using Cryptography Pharmacist Charles How do we allow patient to grant partial access? Health Record Server Bob s record Permission s Upload health info Upload health info Grant Grant partial partial access access

13 How to grant partial access? Two approaches Hierarchical record sharing: Patient Controlled Encryption [BCHL09] Assumes hierarchical health record Based on standard, efficient primitives (hash functions, block ciphers) Also consider how to incorporate searchability Re encryption based sharing: Functional Re Encryption [CCV12] Easier to revoke users / add revocation date Easier key management More complex constructions Based on bilinear pairing

14 Hierarchical Record Sharing Joint work with Eric Horvitz, Kristin Lauter, and Josh Benaloh

15 Hierarchical Record Sharing Grant partial access Assumption on types of delegation Arrange the record in a hierarchy Allowable delegations: rights to a category

16 Ex: Hierarchical Health Records Give Doctor access to entire record

17 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin

18 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin

19 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin Give Eyeglass Prescription to Retailer

20 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin Give Eyeglass Prescription to Retailer

21 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin Give Eyeglass Prescription to Retailer Give Dental Information and Allergies and Medications to Dentist

22 Ex: Hierarchical Health Records Give Doctor access to entire record Give Exercise info to cousin Give Eyeglass Prescription to Retailer Give Dental Information and Allergies and Medications to Dentist

23 Security Hierarchical Encryption Symmetric Key [AT83, S88, ] Public Key: HIBE[GS02, ] only have access if an appropriate key was given KeyDer KeyDer

24 Patient Controlled Encryption Create Account Patient Bob Upload health info Search record Health Record Server Bob s record Permission s

25 Patient Controlled Encryption Create Account Patient Bob Upload health info Search record Doctor Alice Health Record Server Bob s record Permission s Upload health info Upload health info

26 Patient Controlled Encryption Grant Grant partial partial access access Pharmacist Charles Search Search record record Create Account Patient Bob Upload health info Search record Doctor Alice Health Record Server Bob s record Permission s Upload health info Upload health info

27 Patient Controlled Encryption

28 Re Encryption based Sharing Joint work with Nishanth Chandran and Vinod Vaikuntanathan

29 An example: Cloud storage for patient health records Bob s health record Doctor Medications Medications Cardiology Pharmacist X Rays Research Center Sister Patient Bob Access

30 Encrypted Cloud Storage Encrypt files Medications Bob s health record Medications Cardiology Doctor Pharmacist X Rays Research Center Sister Patient Bob Access

31 Encrypted Cloud Storage Encrypt files Medications Bob s health record Medications Cardiology Doctor Pharmacist X Rays Research Center Sister Patient Bob Access

32 Encrypted Cloud Storage Encrypt files Medications Bob s health record Medications Cardiology Doctor Pharmacist X Rays Research Center Patient Bob Access Sister How to implement access policy??

33 Access control for encrypted data How can we implement access control when data is encrypted? Our goal: Allow server to perform access control on encrypted data Server will: take files encrypted for Bob transform them into files encrypted for appropriate recipient without decrypting anything. Server cannot decrypt!

34 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record Medications Cardiology Doctor Pharmacist X Rays Research Center Patient Bob Generate policy token Access token Sister

35 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record Medications Cardiology X Rays token token token Doctor Pharmacist Research Center Patient Bob Generate policy token Access token Sister

36 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record Medications Cardiology X Rays token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access token Sister

37 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record Medications Cardiology X Rays token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access Sister Server can: Transform encrypted files into files readable by appropriate recipients Cannot decrypt or read token any files (Strong notion of security vs collusion, etc)

38 Private Access Control Want private cloud, where sensitive data is hidden even from cloud operator Previous scenario: server can implement policy but cannot decrypt any ciphertexts But sometimes the policy itself is private! E.g.: Whether patient has chosen to participate in research project for mental health records May want to give access to one family member without revealing that fact to others Question: Can we allow the same functionality, but without revealing the policy, even to the cloud provider?

39 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record Medications Cardiology X Rays token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access token Sister

40 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record + Medications + Cardiology X Rays + token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access token Sister

41 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record + Medications + Cardiology X Rays + token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access token Sister

42 Access control for encrypted data: Our approach Encrypt files Medications Bob s health record + Medications + Cardiology X Rays + token token token Correct recipients retrieve and decrypt Doctor Pharmacist Research Center Patient Bob Generate policy token Access Sister Server can: Transform encrypted files into files readable by appropriate recipients Cannot decrypt or read token any files Cannot learn anything about policy (Strong notion of security vs collusion, etc)

43 Constructions Private access control on encrypted data Hides policy and tags For very simple policies Construction based on pairings Relatively mild assumptions about pairing curves Can also achieve more efficient constructions where and tags are not hidden Fairly general formulas Similar to work on outsourcing ABE decryption [GHW 2011]

44 Advantages Private data is hidden from server: Security against server compromise, theft, untrusted operators, etc As secure as patient downloading, decrypting, re encrypting Even if server colludes with recipients Patient only online to set/change policy Access control is invisible to recipients Decryptor s efficiency independent of policy is hidden from recipients Revocation is invisible for recipients

45 Conclusions and Future Work

46 Open Issues Additional privacy concerns Key backup Identification Usability?

47 Conclusions Electronic Medical Records present risks to privacy Access control is not sufficient Encryption + Patient Control is the right approach 2 approaches for partial access when files are encrypted Hierarchical sharing Re encryption based sharing

48 Questions

49

50