Anonymous Health Information Exchange (HIE)

Transfer with Credibility Check against Fraud

through Chaum Mixes and Crowds.

By: Aaron Silcott

What exactly am I trying to accomplish?•My goal with this research is to see if there is a way to protect the patient’s information during the transmission, hide the sender/requester of the medical records while still having authentication method to prove authority, and to accomplish the transmission in a time interval that would be acceptable for emergency room needing to know information as fast as possible regarding a patient. I plan on investigating three possible models for this transfer, Chaum Mixes, Crowds, and a hybrid-like combination of the two• I will focus specifically on emergency situations in which response time would be a major factor, such as ER or EMT scenarios.

Medical background Information and Terminology• EMR – electronic medical record, electronic file containing all medical

information regarding a patient at a single medical facility.• EHR – electronic health exchange, “An EHR is a longitudinal electronic

version of a patient’s medical information. This includes patient demographics, progress notes, medications, vital signs, past medical history, immunizations, laboratory data, and radiology or other reports.”• HIE – health information exchange, a term referring to the secure

transfer of EMR’s and EHR’s.

Current HIE Types

• Directed Exchange: Directed exchange gives health care providers the ability to electronically send and receive secure information – such as such as laboratory orders and results, patient referrals, or discharge summaries – to other health care providers involved in a patient’s care over the Internet via encrypted, secure, and reliable messaging.

• Query-Based Exchange: Query-based exchange gives health care providers the ability to find and/or request information on a patient from other providers and is often used for unplanned/emergency care.

• Consumer Mediated Exchange: Consumer Mediated Exchange gives patients the ability to aggregate and manage their health information on the Internet. When in control of their own health information, patients can help transfer information between providers, correct inaccurate demographic, medical, or billing information, and track and monitor their own health

• -All types pulled from HealthIt.gov

Methods and Evaluation

• There are 3 steps I will be taking-• Theoretical/logical designing – this is where I will break down what is required

of the Query-Based HIE and attempt to devise a model which could represent a working solution. I will be looking at possible vulnerabilities and Statistical analysis.• Simulation – After I have designed the working possible scenarios, I will model

each using a Java program simulation I will write to simulate real world issues such as network traffic, cable delay, etc. At this step I will be evaluating if the statistical times hold up and are reliable in a real world example.• Moving Forward - The last phase will be more of an open ended look into

possible implementations that could potential fit as a network solution.

References

• McDonald, Clement J. "The barriers to electronic medical record systems and how to overcome them." Journal of the American Medical Informatics Association 4.3 (1997): 213-221.

• Kripalani, Sunil, et al. "Deficits in communication and information transfer between hospital-based and primary care physicians: implications for patient safety and continuity of care." Jama 297.8 (2007): 831-841.

• Chaum, David. "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms." Communication of ACM 24.2 (1981). Print.

• Reiter, Michael K., and Aviel D. Rubin. "Crowds: Anonymity for Web Transactions." ACM Transactions on Information and System Security TISSEC ACM Trans. Inf. Syst. Secur. (1998): 66-92. Print.

• McCarthy, Douglas B., et al. "Learning from Health Information Exchange Technical Architecture and Implementation in Seven Beacon Communities." EGEMS 2.1 (2014).