Sikker tilgang til private helseopplysninger i eHelse

Elektronisk helseteknologi gjør utveksling av helsedata enklere, og bidrar dermed til effektiv behandling. Samtidig øker muligheten for at private opplysninger kommer på avveie. Harsha Sandaruwan Gardiyawasam Pussewalage har forsket på mulighetene for å behandle den sensitive informasjonen på en måte som gjør at bare de som trenger den får tilgang.

I avhandlingen foreslår han en metode som tilfredsstiller kravene ikke bare til sikker og kontrollerbar, men også til fleksibel tilgang til sensitive persondata for helsepersonell.

Harsha Sandaruwan Gardiyawasam Pussewalage disputerer for ph.d.-graden med avhandlingen “Attribute Based Cryptographic Enforcements for Security and Privacy in E-health environments” torsdag 2. mai 2019.

Han har fulgt doktorgradsprogrammet ved Fakultet for teknologi og realfag med spesialisering i IKT.

Slik beskriver kandidaten selv essensen i avhandlingen:

Attribute Based Cryptographic Enforcements for Security and Privacy in E-health Environments

In the last few decades, there have been significant efforts in integrating information and communication technologies into healthcare practices.

This new paradigm commonly known as electronic healthcare (e-health) allows provisioning of healthcare services at an affordable price to its consumers while enabling a platform for efficient inter-domain health information exchange.

Sensitive information

Although such benefits exist, given that health information of patients contain a lot of sensitive information, secure sharing of patient records is of utmost importance to ensure the privacy of the patients. In addition, the linkability of different user access sessions over patient health information could also lead to the violation of patient privacy as well as the privacy of the accessing user.

Furthermore, to strengthen the access flexibility in collaborative e-health environments, access delegation plays a vital role. However, access delegation has to be enforced in a controlled manner, and it is a research area that has not received significant attention.

Two scenarios are examined

In this dissertation, we considered two application scenarios that resemble a collaborative

e-health environment.

In the first scenario, the health information of patients are stored under the control of a local healthcare provider (LHP), and we require the health information to be shared with the healthcare professionals of LHP as well as users from other domains in a flexible and a privacy preserving manner.

In the second scenario, we considered the case where health information of patients are stored in a third-party cloud platform which brings the challenge of enforcing flexible and privacy preserving access over the encrypted data.

Proposes cryptographic constructions

In relation to the above stated scenarios, our objective is to propose efficient attribute based cryptographic constructions that enable access anonymization and controlled access delegatability.

To achieve this objective, in this dissertation, we propose seven attribute based cryptographic constructions which not only enable the aforementioned characteristics but also ensure secure, privacy preserving and flexible access to the stored health information of patients.