Securing Electronic Health Records Without Impeding the Flow of Information. Agrawal, R. & Johnson, C. International Journal of Medical Informatics, 76(5):471-479, Elsevier, 5, 2007. Website abstract bibtex Objective: We present an integrated set of technologies, known as the Hippocratic Database, that enable healthcare enterprises to comply with privacy and security laws without impeding the legitimate management, sharing, and analysis of personal health information. \par Approach: The Hippocratic Database approach to securing electronic health records involves (1) active enforcement of fine-grained data disclosure policies using query modification techniques, (2) efficient auditing of past database access to verify compliance with policies and track security breaches, (3) data mining algorithms that preserve privacy by randomizing information at the individual level, (4) de-identification of personal health data using an optimal method of k-anonymization, and (5) information sharing across autonomous data sources using cryptographic protocols. \par Conclusions: Our research confirms that policies concerning the disclosure of electronic health records can be reliably and efficiently enforced and audited at the database level. We further demonstrate that advanced data mining and anonymization techniques can be employed to analyze aggregate health records without revealing individual patient identities. Finally, we show that web services and commutative encryption can be used to share sensitive information selectively among autonomous entities without compromising security or privacy.
@article{
title = {Securing Electronic Health Records Without Impeding the Flow of Information},
type = {article},
year = {2007},
identifiers = {[object Object]},
keywords = {ehr,health-it,health-records,healthcare,security},
pages = {471-479},
volume = {76},
websites = {http://dx.doi.org/10.1016/j.ijmedinf.2006.09.015},
month = {5},
publisher = {Elsevier},
id = {bd2f29fe-31c6-38b0-a378-2baa12539fa8},
created = {2018-07-12T21:32:33.555Z},
file_attached = {false},
profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
last_modified = {2018-07-12T21:32:33.555Z},
read = {false},
starred = {false},
authored = {false},
confirmed = {true},
hidden = {false},
citation_key = {agrawal:securing-ehr},
source_type = {article},
private_publication = {false},
abstract = {Objective: We present an integrated set of technologies, known as the Hippocratic Database, that enable healthcare enterprises to comply with privacy and security laws without impeding the legitimate management, sharing, and analysis of personal health information. \par Approach: The Hippocratic Database approach to securing electronic health records involves (1) active enforcement of fine-grained data disclosure policies using query modification techniques, (2) efficient auditing of past database access to verify compliance with policies and track security breaches, (3) data mining algorithms that preserve privacy by randomizing information at the individual level, (4) de-identification of personal health data using an optimal method of k-anonymization, and (5) information sharing across autonomous data sources using cryptographic protocols. \par Conclusions: Our research confirms that policies concerning the disclosure of electronic health records can be reliably and efficiently enforced and audited at the database level. We further demonstrate that advanced data mining and anonymization techniques can be employed to analyze aggregate health records without revealing individual patient identities. Finally, we show that web services and commutative encryption can be used to share sensitive information selectively among autonomous entities without compromising security or privacy.},
bibtype = {article},
author = {Agrawal, Rakesh and Johnson, Christopher},
journal = {International Journal of Medical Informatics},
number = {5}
}
Downloads: 0
{"_id":"PhQcFiKjFWCkfvfEm","bibbaseid":"agrawal-johnson-securingelectronichealthrecordswithoutimpedingtheflowofinformation-2007","downloads":0,"creationDate":"2019-02-15T15:15:01.899Z","title":"Securing Electronic Health Records Without Impeding the Flow of Information","author_short":["Agrawal, R.","Johnson, C."],"year":2007,"bibtype":"article","biburl":null,"bibdata":{"title":"Securing Electronic Health Records Without Impeding the Flow of Information","type":"article","year":"2007","identifiers":"[object Object]","keywords":"ehr,health-it,health-records,healthcare,security","pages":"471-479","volume":"76","websites":"http://dx.doi.org/10.1016/j.ijmedinf.2006.09.015","month":"5","publisher":"Elsevier","id":"bd2f29fe-31c6-38b0-a378-2baa12539fa8","created":"2018-07-12T21:32:33.555Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:32:33.555Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"agrawal:securing-ehr","source_type":"article","private_publication":false,"abstract":"Objective: We present an integrated set of technologies, known as the Hippocratic Database, that enable healthcare enterprises to comply with privacy and security laws without impeding the legitimate management, sharing, and analysis of personal health information. \\par Approach: The Hippocratic Database approach to securing electronic health records involves (1) active enforcement of fine-grained data disclosure policies using query modification techniques, (2) efficient auditing of past database access to verify compliance with policies and track security breaches, (3) data mining algorithms that preserve privacy by randomizing information at the individual level, (4) de-identification of personal health data using an optimal method of k-anonymization, and (5) information sharing across autonomous data sources using cryptographic protocols. \\par Conclusions: Our research confirms that policies concerning the disclosure of electronic health records can be reliably and efficiently enforced and audited at the database level. We further demonstrate that advanced data mining and anonymization techniques can be employed to analyze aggregate health records without revealing individual patient identities. Finally, we show that web services and commutative encryption can be used to share sensitive information selectively among autonomous entities without compromising security or privacy.","bibtype":"article","author":"Agrawal, Rakesh and Johnson, Christopher","journal":"International Journal of Medical Informatics","number":"5","bibtex":"@article{\n title = {Securing Electronic Health Records Without Impeding the Flow of Information},\n type = {article},\n year = {2007},\n identifiers = {[object Object]},\n keywords = {ehr,health-it,health-records,healthcare,security},\n pages = {471-479},\n volume = {76},\n websites = {http://dx.doi.org/10.1016/j.ijmedinf.2006.09.015},\n month = {5},\n publisher = {Elsevier},\n id = {bd2f29fe-31c6-38b0-a378-2baa12539fa8},\n created = {2018-07-12T21:32:33.555Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:32:33.555Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {agrawal:securing-ehr},\n source_type = {article},\n private_publication = {false},\n abstract = {Objective: We present an integrated set of technologies, known as the Hippocratic Database, that enable healthcare enterprises to comply with privacy and security laws without impeding the legitimate management, sharing, and analysis of personal health information. \\par Approach: The Hippocratic Database approach to securing electronic health records involves (1) active enforcement of fine-grained data disclosure policies using query modification techniques, (2) efficient auditing of past database access to verify compliance with policies and track security breaches, (3) data mining algorithms that preserve privacy by randomizing information at the individual level, (4) de-identification of personal health data using an optimal method of k-anonymization, and (5) information sharing across autonomous data sources using cryptographic protocols. \\par Conclusions: Our research confirms that policies concerning the disclosure of electronic health records can be reliably and efficiently enforced and audited at the database level. We further demonstrate that advanced data mining and anonymization techniques can be employed to analyze aggregate health records without revealing individual patient identities. Finally, we show that web services and commutative encryption can be used to share sensitive information selectively among autonomous entities without compromising security or privacy.},\n bibtype = {article},\n author = {Agrawal, Rakesh and Johnson, Christopher},\n journal = {International Journal of Medical Informatics},\n number = {5}\n}","author_short":["Agrawal, R.","Johnson, C."],"urls":{"Website":"http://dx.doi.org/10.1016/j.ijmedinf.2006.09.015"},"bibbaseid":"agrawal-johnson-securingelectronichealthrecordswithoutimpedingtheflowofinformation-2007","role":"author","keyword":["ehr","health-it","health-records","healthcare","security"],"downloads":0},"search_terms":["securing","electronic","health","records","without","impeding","flow","information","agrawal","johnson"],"keywords":["ehr","health-it","health-records","healthcare","security"],"authorIDs":[]}