SHARPS Update 3rd Quarter 2011

This is the first SHARPS quarterly newsletter. The purpose of the SHARPS  Update is to keep parties interested in the project informed of its developments and to report upcoming meetings and activities of interest to researchers in privacy and security for healthcare.

 

SHARPS Top “10 Workshop” on Privacy Concepts and Policies: Modeling the Right Issues

The SHARPS workshop was held on March 30 at the Vanderbilt Center for Better Health in Nashville, TN. The goal for the workshop was to refine the research team’s technical agenda by ensuring that the most important privacy issues and use cases are represented in the design of security architectures developed under SHARPS. The workshop brought together privacy and technical experts and some core SHARPS team members to discuss and seek solutions to several issues important to representing and modeling policies. Attendees included: Deborah Peel, Patient Privacy Rights, Vicki Estrin, Managing Consultant, MARKLE, Linda Dimitropoulos, Director of the Center for the Advancement of Health IT (CAHIT) RTI International, and from SHARPS, Denise Anthony, Anupam Datta, Mark Frisse, Carl Gunter, John Mitchell, Andras Nadas, and Janos Sztipanovits.

EMOAT Internship Program

June 2 was the kick-off day for an internship program at Northwestern. Computer science and bio-informatics PhD students Wen Zhang from Vanderbilt, He Zhang from Northwestern and Igor Svecs from Illinois spent the summer at Northwestern Memorial Hospital (NHM) working on a toolkit for the privacy analysis of audit logs. The Extensible Medical Open Audit Toolkit (EMAOT) will support functions like research into privacy violations (including support for the HITECH rule that patients can see who accesses their records) and enterprise intelligence that improves security through metrics. This work is associated with the Experience Based Access Management (EBAM) component of SHARPS and is a collaboration with Brad Malin and members of the Health Information Privacy Laboratory at Vanderbilt.

 

SHARPfest 2011

A meeting of the SHARP grantees took place on July 11-12 at the ONC Headquarters in Washington, DC. The four SHARP areas presented regarding their Year 1 progress and discussed further ways to collaborate. Specifically identified for collaboration is a pan-SHARP project called the Medication List Reconciliation Project. The Medication List Reconciliation Project addresses a National Patient Safety Goal set by The Joint Commission. Medication reconciliation is a routine medical need, namely, to collate medication data about a patient from several sources and produce a single reconciled list. A primary SHARPS interest in medication list reconciliation occurs when lists are exchanged between administrative domains such as HIEs and PHRs. One potential challenge concerns rules for exchanging lists between states.

 

Microsoft Research Faculty Summit 2011

Two SHARPS team members made presentations at the Microsoft Research Faculty Summit held on July 19-20 in Redmond, WA. Carl Gunter’s presentation was entitled, “Encryption as Access Control for Cloud Security”. Matt Green discussed the Charm toolkit developed under SHARPS.

 

SHARPS Face-to-Face Meeting

The SHARPS F2F was held at the Fort Mason Center in San Francisco, CA on August 8. 52 attendees from 12 institutions including Joy Pritts the ONC Chief Privacy Officer participated in the meeting. SHARPS senior investigators and their respective teams presented their work. The progress of Year 1 was analyzed; the tasks for Year 2 and the next steps for deliverables were discussed at this productive meeting.

 

2nd USENIX Workshop on Health Security and Privacy (HealthSec 2011)

The workshop was held in conjunction with the 20th USENIX Security Symposium on August 9 at the Westin St. Francis in San Francisco, CA. The keynote speaker was Joy Pritts, ONC Chief Privacy Officer. Seven out of the thirteen papers presented were authored by SHARPS team members. The program committee included four SHARPS senior investigators, Kevin Fu, Carl Gunter, David Kotz and Avi Rubin. The HealthSec Program Co-Chairs, Ben Adida from Mozilla is a technical advisor to the SMART project (SHARP Area 3) and Umesh Shankar from Google is a member of the SHARPS Project Advisory Committee. SHARPS researchers, Nate Paul and Kevin Fu served as panel speakers for “Do Medical Devices Have Significant Forensic Value?” The HealthSec online proceedings can be found on the program web page.

HealthSec 2012 will be held in Bellevue, WA on August 6-7, 2012. SHARPS team members Carl Gunter and Zachary Peterson are the workshop co-charis. More information regarding submission deadlines will be coming soon. 

 

SHARPS Entrepreneurs’ Club

The ONC has been keen to see direct impact on vendors and providers from SHARPS research. To facilitate this, the SHARPS Entrepreneurs’ Club was formed. The Club consists of SHARPS researchers who are interested in starting companies (or who work at and run one). The aim is for Club members to swap ideas about commercial opportunity in the Health IT space, in security or otherwise. They will interact with vendors at Health IT related conventions, starting with the upcoming HIMSS 2012. The Club tentatively plans to organize a series of three meetings around the time of the convention that will be used to familiarize the researchers with the current status of research and commercial activity within the Club, propose and critique commercialization plans, foster collaboration within SHARPS, and assist each other in forming connections with commercial entities. Please direct your questions and comments to Ellick Chan, Stanford, Matt Green, Johns Hopkins University, and Michael LeMay, Illinois. 

 

SHARPS Spotlight on Kevin Fu

On April 13 Kevin submitted testimony to the Special Committee on Aging of the US Senate Hearing on a Delicate Balance: FDA and the Reform of the Medical Device Approval Process. Recommendations were made to increase the trustworthiness of medical device software given. The full statement can be found on the SHARPS website.

Kevin’s team has created a website for the Open Medical Device Research Library (OMDRL). The mission of the OMDRL is to provide access to medical devices for research. Lack of access to these devices is one of the greatest limiting factors of medical device security research. Through this service, the OMDRL enables the recycling of otherwise discarded resources putting them into good use by enhancing health security. Researchers may apply to borrow medical devices from the OMDRL and donations are accepted.

Kevin was the General Chair for the 7th Annual Workshop on Radio Frequency Identification (RFID) Security and Privacy (RFIDsec11) in Amherst, MA held on June 26-28. The workshop brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks, tutorials, contributed presentations and posters. RFIDsec12 will be held in Nijmegen, The Netherlands on July 1-3, 2012. Paper submissions are due in March 2012.

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices was awarded best paper at ACM SIGCOMM 2011 held in Toronto, Canada on August 15-19. Kevin authored this paper with Shyamnath Gollakota, Haitham Hassanieh, Dina Katabi, MIT and Benjamin Ransford also from UMass Amherst.

 

Wayne Burleson 

SHARPS Welcomes New Team Members

Nathanael Paul from the University of Tennessee and Oak Ridge National Labs will be collaborating with Yoshi Kohno from Washington University on security and privacy for infusion pumps and glucose meters. Nate is an Associate Professor of EECS at UT and a Security Research Scientist and the Director of the Center for Trustworthy Embedded Systems (CTES) at Oak Ridge. Nate’s research interests include medical device system security, energy delivery security and trustworthy hardware.

Professor Wayne Burleson from UMass Amherst joins the SHARPS as a collaborator with the TEL team. Wayne is an ECE faculty, Director for the VLSI Circuits and Systems Group, an investigator for the RFID Consortium for Security and Privacy, and is a member of the Embedded System Security Group. Wayne’s research interests include low-power and reliable CMOS design, on-chip sensors, 3D circuits, embedded security, physical unclonable functions, true random number generators, RFID implementations and security, and transportation payment systems. At the beginning of the year, Wayne was elevated to IEEE Fellow for contributions in integrated circuit design and signal processing.

Techincal publications photo 

SHARPS Publications

A dozen papers representing work of SHARPS team members were added to the SHARPS publication web page in the third quarter of 2011. Here are four representatives of these, to see the full list, consult the SHARPS Publications web page.

Privacy in Mobile Technology for Personal Healthcare
Sasikanth Avancha, Amit Baxi, and David Kotz
ACM Computing Surveys, to appear in 2013.

Securing Electronic Medical Records Using Attribute-Based Encryption On Mobile Devices
Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson, and Aviel D. Rubin
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), October 2011.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications
Deepak Garg, Limin Jia, and Anupam Datta
ACM Conference on Computer and Communications Security (CCS 2011), October 2011.

Experienced-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, September/October 2011.

To add publications to the SHARPS online list, please contact Andrea Whitesell.