The purpose of this investigation is to develop a method for quantitative assessment of the uniqueness of personal medical data (PMD) to improve their protection in medical information systems (MIS). The relevance of the goal is due to the fact that impersonal PMD can form unique combinations that are potentially of interest to intruders and threaten to reveal the patient's identity and medical confidentiality. Existing approaches were analyzed, and a new method for quantifying the degree of uniqueness of PMD was proposed. A weakness in existing approaches is the assumption that an attacker will use exact matching to identify people. The novelty of the method proposed in this paper lies in the fact that it is not limited to this hypothesis, although it has its limitations: it is not applicable to small samples. The developed method for determining the PMD uniqueness coefficient is based on the assumption of a multidimensional distribution of features, characterized by a covariance matrix, and a normal distribution, which provides the most reliable reflection of the existing relationships between features when analyzing large data samples. The results obtained in computational experiments show that efficiency is no worse than that of focus groups of specialized experts.

 

Doi: 10.28991/HIJ-2023-04-01-09

Full Text: PDF

Medical Information Systems; Personal Medical Data; Information Security; Medical Secret; Assessing Data Uniqueness.

Tatarkanov, A., Alexandrov, I., Muranov, A., & Lampezhev, A. (2022). Development of a Technique for the Spectral Description of Curves of Complex Shape for Problems of Object Classification. Emerging Science Journal, 6(6), 1455–1475. doi:10.28991/esj-2022-06-06-015.

Lampezhev, A. H., Linskaya, E. Y., Tatarkanov, A. A., & Alexandrov, I. A. (2021). Cluster Data Analysis with a Fuzzy Equivalence Relation to Substantiate a Medical Diagnosis. Emerging Science Journal, 5(5), 688–699. doi:10.28991/esj-2021-01305.

Tatarkanov, A. A., Alexandrov, I. A., Chervjakov, L. M., & Karlova, T. V. (2022). A Fuzzy Approach to the Synthesis of Cognitive Maps for Modeling Decision Making in Complex Systems. Emerging Science Journal, 6(2), 368–381. doi:10.28991/esj-2022-06-02-012.

Tatarkanov, A., Alexandrov, I., & Glashev, R. (2021). Synthesis of neural network structure for the analysis of complex structured ocular fundus images. Journal of Applied Engineering Science, 19(2), 344–355. doi:10.5937/jaes0-31238.

Chua, H. N., Ooi, J. S., & Herbland, A. (2021). The effects of different personal data categories on information privacy concern and disclosure. Computers & Security, 110, 102453. doi:10.1016/j.cose.2021.102453.

Qamar, S. (2022). Healthcare data analysis by feature extraction and classification using deep learning with cloud based cyber security. Computers and Electrical Engineering, 104(A), 108406. doi:10.1016/j.compeleceng.2022.108406.

Vitabile, S., Marks, M., Stojanovic, D., Pllana, S., Molina, J. M., Krzyszton, M., …, Salomie, I. (2019). Medical Data Processing and Analysis for Remote Health and Activities Monitoring. High-Performance Modelling and Simulation for Big Data Applications. Lecture Notes in Computer Science, 11400. Springer, Cham, Switzerland. doi:10.1007/978-3-030-16272-6_7.

Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., & Saadi, M. (2017). Big data security and privacy in healthcare: A Review. Procedia Computer Science, 113, 73–80. doi:10.1016/j.procs.2017.08.292.

Garcia-Perez, A., Cegarra-Navarro, J. G., Sallos, M. P., Martinez-Caro, E., & Chinnaswamy, A. (2023). Resilience in healthcare systems: Cyber security and digital transformation. Technovation, 121. doi:10.1016/j.technovation.2022.102583.

Sharma, P., Borah, M. D., & Namasudra, S. (2021). Improving security of medical big data by using Blockchain technology. Computers & Electrical Engineering, 96, 107529. doi:10.1016/j.compeleceng.2021.107529.

Kumar, R., Sharma, S., Vachhani, C., & Yadav, N. (2022). What changed in the cyber-security after COVID-19? Computers & Security, 120, 102821. doi:10.1016/j.cose.2022.102821.

Nass, S. J., Levit, L. A., & Gostin, L. O. (2009). The HIPAA privacy rule. Beyond the HIPAA privacy rule: enhancing privacy, improving health through research. National Academies Press, Washington, United States. doi:10.17226/12458.

Deng, Z., & Liu, S. (2017). Understanding consumer health information-seeking behavior from the perspective of the risk perception attitude framework and social support in mobile social media websites. International Journal of Medical Informatics, 105, 98–109. doi:10.1016/j.ijmedinf.2017.05.014.

Willison, D. J., Swinton, M., Schwartz, L., Abelson, J., Charles, C., Northrup, D., Cheng, J., & Thabane, L. (2008). Alternatives to project-specific consent for access to personal information for health research: Insights from a public dialogue. BMC Medical Ethics, 9(1). doi:10.1186/1472-6939-9-18.

Nair, K., Willison, D., Holbrook, A., & Keshavjee, K. (2004). Patients’ consent preferences regarding the use of their health information for research purposes: A qualitative study. Journal of Health Services Research and Policy, 9(1), 22–27. doi:10.1258/135581904322716076.

Kass, N. E., Natowicz, M. R., Hull, S. C., Faden, R. R., Plantinga, L., Gostin, L. O., & Slutsman, J. (2003). The use of medical records in research: What do patients want? Journal of Law, Medicine and Ethics, 31(3), 429–433. doi:10.1111/j.1748-720X.2003.tb00105.x.

Dwork, C., McSherry, F., Nissim, K., Smith, A. (2006). Calibrating Noise to Sensitivity in Private Data Analysis. Theory of Cryptography. TCC 2006. Lecture Notes in Computer Science, 3876. Springer, Berlin, Germany. doi:10.1007/11681878_14.

Dwork, C. (2006). Differential Privacy. Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, 4052, Springer, Berlin, Germany. doi:10.1007/11787006_1.

Wang, K., Xie, S., & Rodrigues, J. (2022). Medical data security of wearable tele-rehabilitation under internet of things. Internet of Things and Cyber-Physical Systems, 2, 1–11. doi:10.1016/j.iotcps.2022.02.001.

Altameem, A., Kovtun, V., Al-Ma’aitah, M., Altameem, T., H, F., & Youssef, A. E. (2022). Patient’s data privacy protection in medical healthcare transmission services using back propagation learning. Computers and Electrical Engineering, 102, 108087. doi:10.1016/j.compeleceng.2022.108087.

Fruehwirt, W., & Duckworth, P. (2021). Towards better healthcare: What could and should be automated? Technological Forecasting and Social Change, 172, 120967. doi:10.1016/j.techfore.2021.120967.

de Carvalho Junior, M. A., & Bandiera-Paiva, P. (2018). Health Information System Role-Based Access Control Current Security Trends and Challenges. Journal of Healthcare Engineering, 2018, 6510249. doi:10.1155/2018/6510249.

Wang, G.-Y. (2022). Churn Prediction for High-Value Players in Freemium Mobile Games: Using Random Under-Sampling. Statistika: Statistics and Economy Journal, 102(4), 443–453. doi:10.54694/stat.2022.18.

Zhang, R., Chen, D., Shang, X., Zhu, X., & Liu, K. (2018). A knowledge-constrained access control model for protecting patient privacy in hospital information systems. IEEE Journal of Biomedical and Health Informatics, 22(3), 904–911. doi:10.1109/JBHI.2017.2696573.

Barad, M. (2019). Linking cyber security improvement actions in healthcare systems to their strategic improvement needs. Procedia Manufacturing, 39, 279–286. doi:10.1016/j.promfg.2020.01.335.

Shukla, A., Katt, B., Nweke, L. O., Yeng, P. K., & Weldehawaryat, G. K. (2022). System security assurance: A systematic literature review. Computer Science Review, 45, 279–286. doi:10.1016/j.cosrev.2022.100496.

Khayrutdinov, M. M., Golik, V. I., Aleksakhin, A. V., Trushina, E. V., Lazareva, N. V., & Aleksakhina, Y. V. (2022). Proposal of an algorithm for choice of a development system for operational and environmental safety in mining. Resources, 11(10), 88. doi:10.3390/resources11100088.

Mitra, A., Soman, B., Gaitonde, R., Singh, G., & Roy, A. (2022). Data science methods to develop decision support systems for real-time monitoring of COVID-19 outbreak. Journal of Human, Earth, and Future, 3(2), 223-236. doi: 10.28991/HEF-2022-03-02-08.

Argaw, S. T., Bempong, N. E., Eshaya-Chauvin, B., & Flahault, A. (2019). The state of research on cyberattacks against hospitals and available best practice recommendations: A scoping review. BMC Medical Informatics and Decision Making, 19(1), 1-11. doi:10.1186/s12911-018-0724-5.

Shaikh, F. A., & Siponen, M. (2023). Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers & Security, 124, 102974. doi:10.1016/j.cose.2022.102974.

Schmitz, C., Schmid, M., Harborth, D., & Pape, S. (2021). Maturity level assessments of information security controls: An empirical analysis of practitioners assessment capabilities. Computers & Security, 108, 102306. doi:10.1016/j.cose.2021.102306.

Xiang, H., Lu, J., Kosov, M. E., Volkova, M. V., Ponkratov, V. V., Masterov, A. I., Elyakova, I. D., Popkov, S. Yu., Taburov, D. Yu., Lazareva, N. V., Muda, I., Vasiljeva, M. V., & Zekiy, A. O. (2023). Sustainable Development of Employee Lifecycle Management in the Age of Global Challenges: Evidence from China, Russia, and Indonesia. Sustainability, 15(6), 4987. doi:10.3390/su15064987.

Zhao, J., Shao, M., Wang, H., Yu, X., Li, B., & Liu, X. (2022). Cyber threat prediction using dynamic heterogeneous graph learning. Knowledge-Based Systems, 240, 108086. doi:10.1016/j.knosys.2021.108086.

Singh, A., & Chatterjee, K. (2021). Securing smart healthcare system with edge computing. Computers & Security, 108, 102353. doi:10.1016/j.cose.2021.102353.

Dankar, F. K., El Emam, K., Neisa, A., & Roffey, T. (2012). Estimating the re-identification risk of clinical data sets. BMC Medical Informatics and Decision Making, 12(1). doi:10.1186/1472-6947-12-66.

Pitman, J. (1996). Random discrete distributions invariant under size-biased permutation. Advances in Applied Probability, 28(2), 525–539. doi:10.2307/1428070.

Hoshino, N. (2001). Applying Pitman’s Sampling Formula to Microdata Disclosure Risk Assessment. Journal of Official Statistics, 17(4), 499–520.

Zayatz, L. V. (1991). Estimation of the percent of unique population elements on a microdata file using the sample. US Bureau of the Census, Suitland-Silver Hill, United States.

Benedetti, R., & Franconi, L. (1998). Statistical and technological solutions for controlled data dissemination. Pre-proceedings of New Techniques and Technologies for Statistics, November, 4-6 November, 1998, Sorrento, Italy.