Litcius/Paper detail

A Pseudonymisation Protocol With Implicit and Explicit Consent Routes for Health Records in Federated Ledgers

Micael Pedrosa, André Zúquete, Carlos Costa

2020IEEE Journal of Biomedical and Health Informatics16 citationsDOI

Abstract

Healthcare data for primary use (diagnosis) may be encrypted for confidentiality purposes; however, secondary uses such as feeding machine learning algorithms requires open access. Full anonymity has no traceable identifiers to report diagnosis results. Moreover, implicit and explicit consent routes are of practical importance under recent data protection regulations (GDPR), translating directly into break-the-glass requirements. Pseudonymisation is an acceptable compromise when dealing with such orthogonal requirements and is an advisable measure to protect data. Our work presents a pseudonymisation protocol that is compliant with implicit and explicit consent routes. The protocol is constructed on a (t,n)-threshold secret sharing scheme and public key cryptography. The pseudonym is safely derived from a fragment of public information without requiring any data-subject's secret. The method is proven secure under reasonable cryptographic assumptions and scalable from the experimental results.

Topics & Concepts

Computer scienceScalabilityCryptographyProtocol (science)AnonymityConfidentialityComputer securityEncryptionCryptographic protocolIdentifierPseudonymPublic-key cryptographyScheme (mathematics)Computer networkDatabaseMedicineLawMathematicsPathologyMathematical analysisPolitical scienceAlternative medicineCryptography and Data SecurityPrivacy-Preserving Technologies in DataAdvanced Authentication Protocols Security
A Pseudonymisation Protocol With Implicit and Explicit Consent Routes for Health Records in Federated Ledgers | Litcius