Secure Collaborative Platform for Health Care Research in an Open Environment: Perspective on Accountability in Access Control
- PMID: 36240003
- PMCID: PMC9617185
- DOI: 10.2196/37978
Secure Collaborative Platform for Health Care Research in an Open Environment: Perspective on Accountability in Access Control
Abstract
Background: With the recent use of IT in health care, a variety of eHealth data are increasingly being collected and stored by national health agencies. As these eHealth data can advance the modern health care system and make it smarter, many researchers want to use these data in their studies. However, using eHealth data brings about privacy and security concerns. The analytical environment that supports health care research must also consider many requirements. For these reasons, countries generally provide research platforms for health care, but some data providers (eg, patients) are still concerned about the security and privacy of their eHealth data. Thus, a more secure platform for health care research that guarantees the utility of eHealth data while focusing on its security and privacy is needed.
Objective: This study aims to implement a research platform for health care called the health care big data platform (HBDP), which is more secure than previous health care research platforms. The HBDP uses attribute-based encryption to achieve fine-grained access control and encryption of stored eHealth data in an open environment. Moreover, in the HBDP, platform administrators can perform the appropriate follow-up (eg, block illegal users) and monitoring through a private blockchain. In other words, the HBDP supports accountability in access control.
Methods: We first identified potential security threats in the health care domain. We then defined the security requirements to minimize the identified threats. In particular, the requirements were defined based on the security solutions used in existing health care research platforms. We then proposed the HBDP, which meets defined security requirements (ie, access control, encryption of stored eHealth data, and accountability). Finally, we implemented the HBDP to prove its feasibility.
Results: This study carried out case studies for illegal user detection via the implemented HBDP based on specific scenarios related to the threats. As a result, the platform detected illegal users appropriately via the security agent. Furthermore, in the empirical evaluation of massive data encryption (eg, 100,000 rows with 3 sensitive columns within 46 columns) for column-level encryption, full encryption after column-level encryption, and full decryption including column-level decryption, our approach achieved approximately 3 minutes, 1 minute, and 9 minutes, respectively. In the blockchain, average latencies and throughputs in 1Org with 2Peers reached approximately 18 seconds and 49 transactions per second (TPS) in read mode and approximately 4 seconds and 120 TPS in write mode in 300 TPS.
Conclusions: The HBDP enables fine-grained access control and secure storage of eHealth data via attribute-based encryption cryptography. It also provides nonrepudiation and accountability through the blockchain. Therefore, we consider that our proposal provides a sufficiently secure environment for the use of eHealth data in health care research.
Keywords: Internet of Things; accountability; attribute-based encryption; blockchain; cloud computing; eHealth data; interoperability; mobile phone; privacy; research platform for health care; security.
©Giluk Kang, Young-Gab Kim. Originally published in the Journal of Medical Internet Research (https://www.jmir.org), 14.10.2022.
Conflict of interest statement
Conflicts of Interest: None declared.
Figures
Similar articles
-
Blockchain-enabled data governance for privacy-preserved sharing of confidential data.PeerJ Comput Sci. 2024 Dec 20;10:e2581. doi: 10.7717/peerj-cs.2581. eCollection 2024. PeerJ Comput Sci. 2024. PMID: 39896413 Free PMC article.
-
HealthLock: Blockchain-Based Privacy Preservation Using Homomorphic Encryption in Internet of Things Healthcare Applications.Sensors (Basel). 2023 Jul 28;23(15):6762. doi: 10.3390/s23156762. Sensors (Basel). 2023. PMID: 37571545 Free PMC article.
-
Privacy Preservation in Patient Information Exchange Systems Based on Blockchain: System Design Study.J Med Internet Res. 2022 Mar 22;24(3):e29108. doi: 10.2196/29108. J Med Internet Res. 2022. PMID: 35315778 Free PMC article.
-
A Blockchain Framework for Patient-Centered Health Records and Exchange (HealthChain): Evaluation and Proof-of-Concept Study.J Med Internet Res. 2019 Aug 31;21(8):e13592. doi: 10.2196/13592. J Med Internet Res. 2019. PMID: 31471959 Free PMC article. Review.
-
Privacy-Preserving Methods for Feature Engineering Using Blockchain: Review, Evaluation, and Proof of Concept.J Med Internet Res. 2019 Aug 14;21(8):e13600. doi: 10.2196/13600. J Med Internet Res. 2019. PMID: 31414666 Free PMC article. Review.
Cited by
-
Development of an eHealth Tool for Capturing and Analyzing the Immune-related Adverse Events (irAEs) in Cancer Treatment.Cancer Inform. 2023 Jun 5;22:11769351231178587. doi: 10.1177/11769351231178587. eCollection 2023. Cancer Inform. 2023. PMID: 37313372 Free PMC article.
References
-
- Health Insurance Portability and Accountability Act. U.S. Department of Health & Human Services. [2022-01-10]. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations .
-
- General data protection regulation. Intersoft Consulting. [2022-01-10]. https://gdpr-info.eu .
-
- California Consumer Privacy Act. State of California Department of Justice. [2022-01-10]. https://oag.ca.gov/privacy/ccpa .
-
- Oh S, Seo Y, Lee E, Kim Y. A comprehensive survey on security and privacy for electronic health data. Int J Environ Res Public Health. 2021 Sep 14;18(18):9668. doi: 10.3390/ijerph18189668. https://www.mdpi.com/resolver?pii=ijerph18189668 ijerph18189668 - DOI - PMC - PubMed
Publication types
MeSH terms
LinkOut - more resources
Full Text Sources
Research Materials
