AMIA13 Featured Presentation: The SHARP Program: Security and Privacy (SHARPS)

Welcome AMIA 2013! This is a page developed to introduce participants at the AMIA 2013 SHARP panel to SHARPS by describing the goals of the project at a high level and offering a selection of materials that illustrate work that has been done at a deeper level.

Security and Privacy (S&P) are critical to the success of Health Information Technology (HIT). The other SHARP projects, which touch on key themes that arise throughout HIT, cannot function with assurance or gain public acceptance without adequate S&P protections and mechanisms. SHARPS has addressed many of these barriers both for the other SHARP project scopes and for HIT in general. The project address four major clusters of problems. These are access controls and audit, encryption and trusted base, automated policy, and telemedicine. For each of these clusters we give links to selected work done by SHARPS. The following work provides a general overview of HIT S&P issues that discusses SHARPS and other work.

• Building a Smarter Health and Wellness Future: Privacy and Security Challenges, Carl A. Gunter. Chapter 9 in ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Access Controls and Audit

Workflows at Health Care Organizations (HCOs) are complex and safety critical; this makes it difficult to achieve least privilege in assigning access to HCO personnel. HCOs react to this by allowing broad access and relying on accountability and education to control insider threats. These strategies can be augmented by auditing computer records; this is currently done largely in reaction to specific complaints. These procedures are increasingly inadequate because they do not scale to developments like broader sharing of records in Health Information Exchanges (HIEs) or to emerging threats like large-scale fraud. SHARPS research provides better automation so that large volumes of records can be examined by computer algorithms that are thorough and flexible enough to learn and infer threats quickly and feed experience from operational behavior back into preventative measures. 

Selected SHARPS work in this cluster

• Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs, Eric Duffy, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin. USENIX Workshop on Health Information Technologies, August 2013.
• Policy Auditing over Incomplete Logs: Theory, Implementation and Applications, Deepak Garg, Limin Jia, and Anupam Datta. ACM Conference on Computer and Communications Security (CCS11), October 2011.
• Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems, Carl A. Gunter, David M. Liebovitz, and Bradley Malin. IEEE Security & Privacy, September/October 2011.

Encryption and Trusted Base

HCOs are struggling with rapid changes in the systems they need to secure. Early HCO computing systems used mainframe computers that could be accessed from terminals located in a hospital facility. This trusted base was relatively easy to secure until the Internet offered remote access, but standard enterprise protections such as firewalls were accepted as being sufficiently effective. Now the situation is increasingly complicated by technology changes such as: Bring Your Own Device (BYOD) arrangements in which HCO employees put sensitive data on their own cell phones and tablets, the use of cloud services in which Electronic Health Records (EHRs) are held by third parties, participation in HIE systems that move data between a changing collection of HCOs, and the deployment of patient portals, which provide a new attack surface for access to the EHR. Encryption is a powerful tool for addressing challenges with trusted base. SHARPS research is making strategies encrypting medical data efficient and convenient enough to enable their universal deployment, particularly to protect data at rest (that is, in storage).

Selected SHARPS work in this cluster

• Charm: A Framework for Rapidly Protyping Cryptosystems, Joseph A. Akinyele, Matthew D. Green, and Aviel D. Rubin. Annual Network & Distributed System Security Symposium, February 2012.
• Charm download.
• Declarative Privacy Policy: Finite Models and Attribute-Based Encryption, Peifung E. Lam, John C. Mitchell, Andre Scedrov, Sharada Sundaram, and Frank Wang. ACM SIGHIT International Health Informatics Symposium (IHI12), January 2012.

Automated Policy

 A key challenge faced by many HCOs is the need to share EHRs securely though HIEs such as those being set up by many states and regions, and the need to share them though rapidly evolving partnerships with various business associates. Current techniques are too informal and manual to provide the desired efficiency and convenience. For instance, if it is necessary to get an attorney to review each interstate data exchange, then a high level of exchange of EHR data will lead to a high level of expense (and delayed access). Enabling computers to settle policy decisions automatically can lead to reduced costs, improved care (though timely information exchange), and better support for secondary use of data. SHARPS research is developing  reliable ways to express policies and providing strategies to integrate and enforce formally expressed policies into common HCO and HIE information architectures.

Selected SHARPS work in this cluster

• Modeling Privacy Aware Health Information Exchange Systems, Andras Nadas, Mark E. Frisse, and Janos Sztipanovits. International Workshop on Engineering EHR Solutions (WEES), October 2012.
• Gay Males and Electronic Health Records: Privacy Perceptions, Age, and Negotiating Stigma (Abstract), Timothy Stablein, Joseph Lorenzo Hall, Helen Nissenbaum, and Denise Anthony. Eastern Sociological Society Annual Meeting, February 2012.
• Drug Abuse Recognizer demo and software.

Telemedicine

Mobile devices, including intelligent medical implants, cell phones that sense and process health data, and a variety of new types of sensors and actuators that can be worn on the body, are creating a changing landscape for managing health information. Data are collected everywhere, not just in an HCO facility, and are collected by just about everyone, not just HIPAA-compliant HCOs. Participants include HCOs and patients themselves together with large and small companies that specialize in health guidance, sensor hardware, information technology, communications, and other areas. This diversity, the pervasiveness of the information collection, and the rapid rate of technology and regulatory change in this area raise security and privacy concerns that range from modest risks to the privacy of activity data (like data collected by a pedometer) to safety-critcal risks (like the integrity of software in an insulin pump). These changes have also blurred the distinction between areas like medical devices and the EHR, with corresponding overlaps between government regulatory agencies. SHARPS research is determining threats and requirements and addressing these features of mobile and implanted medical systems.

Selected SHARPS work in this cluster

• Privacy in Mobile Technology for Personal Healthcare, Sasikanth Avancha, Amit Baxi, and David Kotz. ACM Computing Surveys, volume 45, issue 1, March 2013.
• Balancing Security and Utility in Medical Devices? Masoud Rostami, Wayne Burleson and Ari Juels. DAC, June 2013.
• A Review of the Security of Insulin Pump Infusion Systems, Nathanael Paul, Tadayoshi Kohno, and David C. Klonoff. Journal of Diabetes Science and Technology, volume 5, issue 6, pages 1557-1562, November 2011.
• Recent Results in Computer Security for Medical Devices, Shane S. Clark and Kevin Fu. ICST Conference on Wireless Mobile Communication and Healthcare (MobiHealth), October 2011.