Privacy - Preserving Data Exchange and Aggregation in Healthcare

Medical data are often scattered among multiple clinics, hospitals, insurance companies, pharmacies, and research institutions that store and process personal healthcare information. The use of information and communication technologies for health (eHealth) provides us with the means to share healthcare data between authorized parties in an efficient manner. In this thesis, we address some of the challenges of implementing eHealth in practice: to achieve interoperability between data sources, and to ensure privacy for patients. Achieving both of these guarantees is our goal but they seem conflictual, hence the challenge. Once interoperability is achieved and a patient’s data are shared, it becomes evenmore difficult to ensure the patient’s privacy i.e., to provide to a patient control over his data and to guarantee the data anonymity in medical research. We address the aforementioned challenges by studying requirements from medical and legal perspectives, and by developing algorithms and frameworks to support privacy-preserving dynamic data-sharing, exchange, and aggregation from multiple data sources.

In the first part of the thesis, we address certain privacy challenges. We present a framework based on the blockchain technology for ensuring traceability and accountability when sharing, exchanging, and aggregating medical data. Our framework ensures privacy, security, availability, and fine-grained access control over highly sensitive patient-data. We also analyze the potential of applying blockchain technology in different eHealth settings: primary care, medical-data research, and connected health. Our second contribution is a framework for privacy-preserving data aggregation: an algorithm for constructing the anonymized database and a protocol that improves the utility of the anonymized database as the database grows.

In the second part of the thesis, we focus on achieving interoperability. We design an interface specification that defines communication protocols andmessages supporting integration of a new software tool in clinical practice. Then, we develop a multi-agent system (MAS) for the dynamic aggregation of the data collected and generated by this software tool for the purpose of clinical research. This MAS takes into account the objectives of the research study, the availability of data, and could employ our proposed algorithm for privacy-preserving data aggregation. The negotiation protocol in the framework of theMAS achieves a precise definition of database characteristics, such as schema, content, and privacy parameters, therefore increasing the efficiency of data collection for medical research and ensuring the privacy of patients.