An efficient privacy mechanism for electronic health records
| Autor: | Abid Khan, Saif Ur Rehman Malik, Basit Raza, Adeel Anjum, Asma Haroon, Samee U. Khan, Sangeen Khan, Kim-Kwang Raymond Choo, Naveed Ahmad |
|---|---|
| Přispěvatelé: | Anjum, Adeel, Malik, Saif ur Rehman, Choo, Kim-Kwang Raymond, Khan, Abid, Haroon, Asma, Khan, Sangeen, Khan, Samee U, Ahmad, Naveed, Raza, Basit |
| Rok vydání: | 2018 |
| Předmět: |
General Computer Science
privacy preserving model business.industry Computer science End user Data management k-anonymity 020206 networking & telecommunications electronic health record 02 engineering and technology Computer security computer.software_genre Term (time) balanced p+-sensitive k-anonymity model attribute disclosure 0202 electrical engineering electronic engineering information engineering Data analysis ComputingMilieux_COMPUTERSANDSOCIETY 020201 artificial intelligence & image processing business p+-sensitive k-anonymity model Law computer |
| Zdroj: | Computers & Security. 72:196-211 |
| ISSN: | 0167-4048 |
| DOI: | 10.1016/j.cose.2017.09.014 |
| Popis: | Electronic health records (EHRs), digitization of patients' health record, offer many advantages over traditional ways of keeping patients' records, such as easing data management and facilitating quick access and real-time treatment. EHRs are a rich source of information for research (e.g. in data analytics), but there is a risk that the published data (or its leakage) can compromise patient privacy. The k-anonymity model is a widely used privacy model to study privacy breaches, but this model only studies privacy against identity disclosure. Other extensions to mitigate existing limitations in k-anonymity model include p-sensitive k-anonymity model, p + -sensitive k-anonymity model, and (p, α)-sensitive k-anonymity model. In this paper, we point out that these existing models are inadequate in preserving the privacy of end users. Specifically, we identify situations where p + -sensitive k-anonymity model is unable to preserve the privacy of individuals when an adversary can identify similarities among the categories of sensitive values. We term such attack as Categorical Similarity Attack (CSA). Thus, we propose a balanced p + -sensitive k-anonymity model, as an extension of the p + -sensitive k-anonymity model. We then formally analyze the proposed model using High-Level Petri Nets (HLPN) and verify its properties using SMT-lib and Z3 solver. We then evaluate the utility of release data using standard metrics and show that our model outperforms its counterparts in terms of privacy vs. utility tradeoff. Refereed/Peer-reviewed |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect