Electronic data has become the standard method of storing information in our modern age.
Evolving from paper-based data to electronic data creates opportunities to share information
between organizations in record speeds, especially when handling large data sets. However,
sharing sensitive information creates requirements for electronic data exchange: privacy requires
that the original data will not be revealed to unauthorized parties. In the healthcare sector in
particular, there are two important use cases that require exchanging information in a privacy-preserving
way. 1. Contract research organizations (CROs) need to verify the eligibility of a participant in a
phase 1 clinical trial. One criterion is checking that an individual is not concurrently
enrolled in a trial at another CRO. However, privacy laws and the maintenance of a
private list of participants for competitive purposes prevent CROs from checking against
that criterion. 2. A patient’s medical record is usually distributed amongst several healthcare
organizations. To improve healthcare services, it is important to have a patient’s complete
medical history: either to help diagnose an illness or to gather statistics for better disease
control. However, patient medical files need to be confidential. Two healthcare
organizations cannot link their large patient databases by disclosing identity revealing
details (e.g., names or health card numbers). This thesis presents the development and evaluation of protocols capable of querying and linking
datasets in a privacy-preserving manner: TRACK for checking concurrent enrolment in phase 1
clinical trials, and SHARE for linking two large datasets in terms of millions of (patient medical)
records. These protocols are better than existing approaches in terms of the privacy protection
level they offer (e.g., against dictionary and frequency attacks), of the reliance on trusted third
parties, and of performance when performing blocking. These protocols were extensively
validated in simulated scenarios similar to their real-world counterparts. The thesis presents novel identity representation schemes that offer strong privacy
measures while being efficient for very large databases. These schemes may be used by other
researchers to represent identity in different use cases. CROs may implement the protocols (and
especially TRACK) in systems to check if an individual exists in another CRO’s dataset without
revealing the identity of that individual. Two healthcare organizations may use a system based
on this research (and especially the SHARE protocol) to discover their common patients while
protecting the identities of the other patients.
Identifer | oai:union.ndltd.org:uottawa.ca/oai:ruor.uottawa.ca:10393/32320 |
Date | January 2015 |
Creators | Farah, Hanna Ibrahim |
Contributors | Amyot, Daniel |
Publisher | Université d'Ottawa / University of Ottawa |
Source Sets | Université d’Ottawa |
Language | English |
Detected Language | English |
Type | Thesis |
Page generated in 0.0026 seconds