DIMACS Working Group on Privacy / Confidentiality of Health Data Reference Page
Working Group Subtopics/Subgroups: Plans and Resources

Health Data Privacy and Cryptography Subtopic

December 10 - 12, 2003
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ

Rakesh Agrawal, IBM Almaden, ragrawal@acm.org
Larry Cox, CDC, lcox@cdc.gov
Joe Fred Gonzalez, CDC, jfg2@cdc.gov, chair
Harry Guess, University of North Carolina, harry_guess@unc.edu
Tomas Sander, HP Labs, tosander@exch.hpl.hp.com
Presented under the auspices of the Special Focus on Communication Security and Information Privacy and
Special Focus on Computational and Mathematical Epidemiology.
Some Health Data Privacy Challenges for Cryptography:

1). Identify different functionalities and specific challenges for cryptography.

     a). Does transferring data between a hospital and testing lab or
     other problems of transferring health data require any different
     cryptographic tools than we need for financial transactions?

     b). We should distinguish between problems of transferring data
     and problems of computing with data, especially distributed
     data? See 2) for challenges in this direction.

2). Privacy-preserving Data Mining and Privacy-preserving Data Sharing. There are many 
    challenges here. Some:

     a). Identify specific functionalities needed for health data

     b). Make secure multi-party computation more efficient for large
     databases (a generic challenge)

     c). Extend secure multi-party computation to clustering. Since
     clustering is hard, we might have to settle for approximate
     solutions. More generally, can we extend secure multi-party

     d). Is it possible to modify secure multi-party computation
     protocols so one doesn't have to access all data elements?

     e). What are the issues involved in privacy-preserving data
     sharing in general and secure multiparty computation in
     particular if we want to take into consideration what the output
     itself might leak about the data?

3). Tracking Disclosed Information (a topic related to secure software and secure 
    computing environments as well as cryptography)

     a). Can we "send" with disclosed information some restrictions on
     its use, e.g., future disclosure?

     b). Can we "send" with disclosed information restrictions on
     length it can be saved/used?

     c). Can we do this tracking if there are later changes in
     disclosure limitations?

4). Can we develop good auditing technologies?

     This question applies well beyond cryptography. In health
     data, it is concerned with distinguishing between a transaction
     (e.g., looking at a patient record) that is legitimate and one
     that is not. A well-known method involves tracking
     authorizations. However, are there smart methods to audit large
     data sets of transactions to find illegitimate transactions?

5). "Customizable" Privacy

     Software employed by different partners may differ in privacy
     protections/policy and processing. This presents cryptography
     with complex privacy management concerns and it would be
     important to develop privacy protocols that are readily
     "customizable" to different users.

6). Dynamic Query Authorization and Forbidden Question Combinations

      a). It is an old topic to change authorization to make queries based
      on previous queries to data sets and information disclosed, so
      as to make it impossible to make forbidden inferences. But how
      do we do this in the encryption situation and with widely
      distributed data sets?

     b). A simpler challenge arises if we have specific questions and
     some combination of them that is forbidden in advance. Even here,
     there are cryptographic challenges if we hide the questions from
     the database owner.

7). Revealing Partial Information

      It may not be known in advance which information will and will
      not be sensitive. Traditionally, cryptography does not allow
      information leakage unless it is explicitly defined as part of
      the input. Dynamically-changing disclosure limitations pose
      challenges for cryptography, e.g., in secure multiparty computation.

Reference Index
Working Group Index
DIMACS Homepage
Contacting the Center
Document last modified on January 26, 2004.