Information sharing requires that partners establish broad electronic trust among the caretakers of critical information and those who need and are authorized to use that information.
Researchers from Georgia Tech teamed with Children’s Healthcare of Atlanta and Emory University’s Center for Comprehensive Informatics to develop technologies that will protect the security and privacy of electronic health information.
“Storing medical records in electronic format and sharing them among different health care organizations has the potential to produce enormous improvements in the quality and efficiency of the health care system, but unauthorized disclosure of the information has the potential to damage lives and harm careers,” said Douglas Blough, a professor in the School of Electrical and Computer Engineering at Georgia Tech.
Through a project called MedVault, Blough and professors Mustaque Ahamad and Ling Liu of the School of Computer Science at Georgia Tech are developing a broad set of information security and privacy tools that can be integrated with electronic health records systems and work flows. MedVault is supported by the National Science Foundation and the Atlanta Clinical and Translational Science Institute.
With health information exchanges popping up across the country, individuals will begin sharing health documents with various health care system entities, which will need to verify the source and trustworthiness of the documents. MedVault researchers developed a system that uses redactable signature technology for source-verifiable, patient-controlled information sharing. The system enables documents digitally signed by a health care provider to be authenticated, while at the same time invisibly deleting information a patient wants to keep confidential.
“This technology could be especially valuable, for example, to parents who need certified health records to enroll a child in school, college, summer camp or other activity because parents would just need this one digitally signed document and could use it in many different ways,” explained Blough.
The research team also designed a policy combination and conflict resolution system that can examine the policies of multiple health care entities and ensure they are all followed.
“Each organization with a health information exchange may have a different policy about what information in their system can be disclosed under specific circumstances and patients might want to set their own disclosure controls, and all of these policies must be enforced. Our system combines these multiple policies and resolves any conflicts,” added Blough.
The MedVault team is working to ensure that these technologies are seamlessly integrated with the overall health system and its medical processes to provide strong security and privacy while assuring patient safety.
Explore further:
Drones may violate international law
