| 8:30 a.m.–9:00 a.m. |
Monday |
Continental Breakfast
Hall of Battles |
| 9:00 a.m.–10:30 a.m. |
Monday |
Erman Ayday, Jean Louis Raisaro, Paul J. McLaren, Jacques Fellay, and Jean-Pierre Hubaux, École Polytechnique Fédérale de Lausanne According to many scientists and clinicians, genomics is the “next big thing” in the field of medicine. On one hand, decreasing costs in genome sequencing has been paving the way to better preventive and personalized medicine. On the other hand, genomic data also raises serious privacy concerns, as it is the ultimate identifier of an individual and it contains privacy-sensitive data (e.g., disease predispositions, ancestry information). Thus, it is necessary to find ways of using genomic data without abusing the genomic privacy of individuals. To get a more comprehensive medical assessment, genomic information must be combined with other clinical and environmental data (such as demographic information, family history, disease history, laboratory test results, etc.) that are also privacy-sensitive (e.g., HIV status of an individual) and need to be treated as such. Focusing on disease risk tests, in this paper, we propose a privacy-preserving system for storing and processing genomic, clinical, and environmental data by using homomorphic encryption and privacy-preserving integer comparison. We implement the proposed system using real patient data and reliable disease risk factors. In particular, we use 23 genetic and 14 clinical and environmental risk factors to compute the risk of coronary artery disease in a privacypreserving way. Finally, we show the practicality of the proposed system via a complexity evaluation.
Ellick M. Chan, Peifung E. Lam, and John C. Mitchell, Stanford University Electronic Health Records (EHRs) are perceived as a path to significant improvement in healthcare, and patient privacy is an important consideration in the adoption of EHRs. Medical record segmentation is a technique to provide privacy and protect against discrimination for certain medical conditions such as STDs, substance abuse and mental health, by sequestering or redacting certain medical codes from a patient’s record.
We present an initial study that describes an approach for segmenting sensitive medical codes to protect patient privacy and to comply with privacy laws. Firstly, we describe segmentation strategies for sensitive codes, and explore the link between medical concepts using sources of medical knowledge. Secondly, we mine medical knowledge sources for correlations between medical concepts. Thirdly, we describe an approach that a privacy attacker may use to infer redacted codes based off second order knowledge. More specifically, the attacker could use the presence of multiple related concepts to strengthen the attack. Finally, we evaluate defensive approaches against techniques that an adversary may use to infer the segmented condition.
Sadegh Torabi and Konstantin Beznosov, University of British Columbia
Presented by Lujo Bauer, Carnegie Mellon University Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared information, health related information (HRI) has received considerable attention from researchers and individual users. While considered beneficial, sharing HRI, which is personal in nature, comes with its privacy drawback. Privacy is a process of boundary regulation that is related to the individual and her perception of the surrounding environment. As a result, the subjective privacy risk perceptions associated with sharing HRI in OSN have driven people to adopt different types of behaviour, both in terms of HRI sharing and privacy risk mitigation.
Through an online survey, we examined factors that affect users’ perceived privacy risks along with their risk-mitigating behaviour, when it comes to sharing HRI in OSNs. The results suggest that the majority (over 95%) of participants share some HRI, with the “type” and the “recipient” of the shared HRI being the key factors that affect the perceived privacy risk and the risk-mitigating behavioural responses.
|
| 10:30 a.m.–11:00 a.m. |
Monday |
Break with Refreshments
Hall of Battles |
| 11:00 a.m.–12:30 p.m. |
Monday |
Panelists include: Brian Fitzgerald, Deputy Division Director, Division of Electrical and Software Engineering, U.S. Food & Drug Administration Center for Devices & Radiological Health; Lynette Sherrill, Deputy Director, Office of Information Security, Field Security Office, Health Information Security Division, Department of Veterans Affairs; Ken Hoyme, Distinguished Scientist, Adventium Labs and Co-chair, AAMI Medical Device Security Working Group; Former Senior Fellow, Boston Scientific
|
| 12:30 p.m.–1:45 p.m. |
Monday |
Workshop Luncheon
Hall of Battles
|
| 1:45 p.m.–3:45 p.m. |
Monday |
Jason King and Laurie Williams, North Carolina State University Electronic health record (EHR) systems must log all transactions with protected health information (PHI) to deter unauthorized behavior and prevent users from denying that they created, read, updated, or deleted PHI. However, a plethora of standardization and governing organizations publish documentation (such as standards, suggestions, and requirements) to outline transactions that should be logged and the data that should be captured for each log entry. The objective of this research is to guide the design of electronic health record systems by cataloging suggested information that should be captured by logging mechanisms from both healthcare and non-healthcare documentation. In this paper, we focus on three types of information: data transactions, security events, and log entry content. We collect a set of ten healthcare-related and six non- healthcare related documents that contain specifications for logging mechanisms. From these 16 sources, we catalog 11 data transactions, 77 security events, and 22 data elements for log entry content. Overall, we identify 14 security events and 2 data elements for log entry content that are not explicitly addressed by healthcare documents. We found that developers must consider 13 of the 16 documents to extract 100% of the security events and log entry content cataloged.
Samuel Tan, Rebecca Shapiro, and Sean W. Smith, Dartmouth College The Electronic Prescription for Controlled Substances (EPCS) is a set of rules published by the Drug Enforcement Administration (DEA) that regulates implementations of electronic prescription systems for controlled substances. EPCS includes requirements two-factor authentication; specifications for electronic prescription applications; and rules governing the signing, transmitting, and receiving of electronic prescriptions. However, this set of regulations overlooks numerous critical aspects of computer security. This paper highlights some key areas in the electronic prescription process outlined by the EPCS regulation that are susceptible to adversarial attacks and provides recommendations for additions to EPCS regulations that would provide greater security for the use of electronic prescriptions.
Eric Duffy, University of Illinois at Urbana-Champaign; Steve Nyemba, Vanderbilt University; Carl A. Gunter, University of Illinois at Urbana-Champaign; David Liebovitz, Northwestern University; Bradley Malin, Vanderbilt University Over the past decade, various regulations have been proposed and promulgated to support the auditing of accesses to Electronic Medical Record (EMRs). Current tools to support this process can improve their use of statistical and machine learning techniques and auditor interfaces. We sketch requirements and design for an Extensible Medical Open Audit Toolkit (EMOAT) to enable progress in these areas. A key objective is to provide interfaces that support three types of stakeholders: (1) expert analysts, (2) privacy and security ocers, and (3) patients. Our system design provides for an application programming interface that enables ocers and patients to access both simple and complex analytic systems. We illustrate how EMOAT has been adapted to support certain audit functionalities with data from the EMR systems of several large hospital systems.
Chen Qin, Emily Freebairn, and Sean Smith, Dartmouth College Clinicians report usability problems in modern health IT systems in part because the strictness of computerization eliminates the layer of informality which previously enabled them to get their jobs done. In this paper, we examine a solution by considering the strictly-enforced medical order as a security capability, and then using capability exchange to authorize frustrated end-users to re-introduce the necessarily flexibility. We prototype our idea using OpenEMR and Belay, and show how this prototype can address access control usability problems reported by clinicians.
|
| 3:45 p.m.–4:15 p.m. |
Monday |
Break with Refreshments
Hall of Battles
|
| 4:15 p.m.–5:15 p.m. |
Monday |
Nathan L. Henry, University of Tennessee; Nathanael R. Paul, University of Tennessee and Oak Ridge National Laboratory; Nicole McFarlane, University of Tennessee Patients are increasingly reliant on implantable medical device systems today. For patients with diabetes, an implantable insulin pump system can greatly improve their quality of life. As with any device, these devices can and do suffer from software and hardware issues, often reported as a safety event. For a forensic investigator, a safety event is indistinguishable from a potential security event. In this paper, we propose a new sensor system that can be transparently integrated into existing and future electronic diabetes therapy systems while providing additional forensic data to help distinguish between safety and security events.
Shane S. Clark, University of Massachusetts Amherst; Benjamin Ransford, University of Washington; Amir Rahmati, University of Michigan; Shane Guineau, University of Massachusetts Amherst; Jacob Sorber, Clemson University; Kevin Fu, University of Michigan; Wenyuan Xu, University of South Carolina and Zhejiang University Medical devices based on embedded systems are ubiquitous in clinical settings. Increasingly, they connect to networks and run off-the-shelf operating systems vulnerable to malware. But strict validation requirements make it prohibitively difficult or costly to use anti-virus software or automated operating system updates on these systems. Our add-on monitoring system, WattsUpDoc, uses a traditionally undesirable side channel of power consumption to enable run-time malware detection. In our experiments, WattsUpDoc detected previously known malware with at least 94% accuracy and previously unknown malware with at least 85% accuracy on several embedded devices—detection rates similar to those of conventional malware-detection systems on PCs. WattsUpDoc detects malware without requiring hardware or software modifications or network communication.
|
| 5:30 p.m.–7:00 p.m. |
Monday |
Regency A
Session Chair: Ben Ransford, University of Washington and University of Massachusetts Amherst The poster session and reception is a great opportunity to discuss new work with stakeholders from academia, industry, government, and medicine in an informal social environment.
In addition to refereed poster presentations, the session will feature a Codenomicon Vendor Demo from 5:45 p.m. to 6:15 p.m. Companies like Roche Diagnostics, Intuitive Surgical, medical device component suppliers, and app developers rely on Codenomicon Defensics software (www.codenomicon.com) to discover zero-day vulnerabilities. The US Food and Drug administration (FDA) has also chosen Codenomicon Defensics for inclusion in their Cybersecurity Testing Lab.
About the demo: Building secure devices and systems in health care requires a solid foundation of secure coding practices coupled with repeated testing to discover vulnerabilities. Through the use of fuzz testing and binary analysis, both known and unknown vulnerabilities can be uncovered, allowing medical device manufacturers, integrators, and providers to resolve security issues before they become news headlines. By integrating these tools into the development, quality assurance, and incident management environments found in the health care ecosystem, security and robustness issues can be substantially reduced and effectively managed. Please join our demonstration where we will show you how.
|
