医疗健康大数据隐私保护综述

doi:10.3778/j.issn.1673-9418.2009071

摘要/Abstract

摘要：

随着智能移动设备普及化、医疗设备数字化及电子病历结构化的推进，医疗数据呈现爆发增长的特点。在深入研究探讨医疗大数据发展规律，提高对医疗大数据真实价值的认识的同时，如何有效保护数据的隐私安全现已成为广受关注的重要议题。医疗大数据自身特点以及存储环境等都为隐私保护带来了不小的挑战。首先，介绍了医疗大数据的相关概念以及特点。然后，围绕医疗大数据生命周期的四个阶段数据的采集、存储、共享以及分析，分别介绍面临的风险挑战以及相应的隐私保护技术，并对不同技术的优缺点、适用范围等进行分析。在数据采集时，匿名技术、差分隐私可以抵御数据集成融合带来的基于背景知识的攻击。在存储阶段，医疗大数据多存储于云平台，为了数据的机密性和完整性，常使用加密、审计的方法。在数据共享阶段，主要使用访问控制方法来控制获取数据的对象。在数据分析阶段，在机器学习框架下对医疗健康大数据进行隐私保护。最后，针对贯穿医疗大数据生命周期的普遍隐私保护挑战，从管理的层面提出合理的建议。

关键词: 医疗大数据, 生命周期, 隐私保护技术

Abstract:

With the popularization of smart mobile devices, the digitalization of medical devices and the structuring of electronic medical records, medical data have shown the characteristics of explosive growth. It has attracted wide attention to improve the understanding of the real value of big data in healthcare, by doing in-depth research and discussion on its development regulation. However, the issue how to protect the privacy security effectively in the process deserves attentions as well. Due to the characteristics of big data in healthcare and the storage environment, privacy protection faces severe challenges. First, the related concepts and characteristics of big data in healthcare are introduced. Then, focusing on the four stages of the life cycle model of big data in healthcare, which includes data collection, storage, share and analysis, this paper respectively introduces the risks and challenges it faces and the corresponding privacy protection technologies, analyzing the merits, drawbacks and their applicable scope. When collecting, anonymous technology and differential privacy can resist attacks based on background knowledge brought by data integration and fusion. During the storage stage, big data in healthcare are mostly stored on the cloud platform. Encryption and audit are often used for the confidentiality and integrity of data. During the data share stage, the access control plays an important part in controling the object to obtain data. During the analysis stage, privacy protection of big data in healthcare is achieved based on the framework of machine learning. Last but not least, regarding to the universal privacy protection challenges throughout the life cycle of big data in healthcare, reasonable suggestions are proposed in the management level.

Key words: big data in healthcare, life cycle, privacy protection technology

郭子菁, 罗玉川, 蔡志平, 郑腾飞. 医疗健康大数据隐私保护综述[J]. 计算机科学与探索, 2021, 15(3): 389-402.

GUO Zijing, LUO Yuchuan, CAI Zhiping, ZHENG Tengfei. Overview of Privacy Protection Technology of Big Data in Healthcare[J]. Journal of Frontiers of Computer Science and Technology, 2021, 15(3): 389-402.

参考文献

[1] OBERMEYER Z, EMANUEL E J. Predicting the future-big data, machine learning, and clinical medicine[J]. New Eng-land Journal of Medicine, 2016, 375(13): 1216-1219.
[2] A review of cyber security incidents in 2019 (international)[EB/OL]. [2020-02-10]. https://www.freebuf.com/articles/network/226830.html.
[3] WANG K. A survey on risks of big data privacy[C]//Proceed-ings of the 2017 International Conference on Applications and Techniques in Cyber Security and Intelligence, Ningbo, Jun 16-18, 2017. Berlin, Heidelberg: Springer, 2017: 161-167.
[4] XIONG P, ZHU T Q, WANG X F. A survey on differential privacy and applications[J]. Chinese Journal of Computers, 2014, 37(1): 101-122.
熊平, 朱天清, 王晓峰. 差分隐私保护及其应用[J]. 计算机学报, 2014, 37(1): 101-122.
[5] SWEENEY L. K-anonymity: a model for protecting privacy[J]. International Journal of Uncertainty, Fuzziness and Know-ledge-Based Systems, 2002, 10(5): 557-570.
[6] MACHANAVAJJHALA A, KIFER D, GEHRKE J. L-diver-sity: privacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery from Data, 2007, 1(1): 3.
[7] LI N H, LI T C, VENKATASUBRAMANIAN S. t-Closeness: privacy beyond k-anonymity and l-diversity[C]//Proceedings of the 23rd International Conference on Data Engineering, Istanbul, Apr 15-20, 2007. Washington: IEEE Computer Society, 2007: 106-115.
[8] SONG F G, MA T H, TIAN Y, et al. A new method of privacy protection: random k-anonymous[J]. IEEE Access, 2019, 7: 75434-75445.
[9] LI H T, MA J F, FU S. A privacy-preserving data collection model for digital community[J]. Science China (Information Sciences), 2015, 58(3): 1-16.
[10] LI H, GUO F, ZHANG W, et al. (a,k)-anonymous scheme for privacy-preserving data collection in IoT-based healthcare se-rvices systems[J]. Journal of Medical Systems, 2018, 42(3): 56.
[11] PEI M L. An anonymous algorithm based on l-diversity for missing medical data[D]. Zhengzhou: Zhengzhou University, 2019.
裴孟丽. 基于l-diversity面向缺失医疗数据的匿名算法研究[D]. 郑州: 郑州大学, 2019.
[12] XIAO X K, TAO Y F. M-invariance: towards privacy pre-serving re-publication of dynamic datasets[C]//Proceedings of the 2007 ACM SIGMOD International Conference on Manage-ment of Data, Beijing, Jun 12-14, 2007. New York: ACM, 2007: 689-700.
[13] SHI Y, ZHANG Z, CHAO H C, et al. Data privacy protec-tion based on micro aggregation with dynamic sensitive attri-bute updating[J]. Sensors, 2018, 18(7): 2307.
[14] DWORK C. Differential privacy[C]//LNCS 4052: Proceedings of the 33rd International Colloquium on Automata, Languages and Programming, Venice, Jul 10-14, 2006. Berlin, Heidel-berg: Springer, 2006: 1-12.
[15] LI H W, DAI Y S, LIN X D. Efficient e-health data release with consistency guarantee under differential privacy[C]//Proceedings of the 17th International Conference on E-health Networking, Application & Services, Boston, Oct 14-17, 2015. Piscataway: IEEE, 2016: 602-608.
[16] RAISARO J L, TRONCOSO-PASTORIZA J R, MISBACH M, et al. MedCo: enabling secure and privacy-preserving ex-ploration of distributed clinical and genomic data[J]. IEEE/ACM Transactions on Computational Biology and Bioinfor-matics, 2019, 16(4): 1328-1341.
[17] RAISARO J L, CHOI G, PRADERVAND S, et al. Protecting privacy and security of genomic data in i2b2 with homo-morphic encryption and differential privacy[J]. IEEE/ACM Transactions on Computational Biology and Bioinformatics, 2018, 15(5): 1413-1426.
[18] TANG W J, REN J, DENG K, et al. Secure data aggregation of lightweight e-healthcare IoT devices with fair incentives[J]. IEEE Internet of Things Journal, 2019, 6(5): 8714-8726.
[19] GAFF B M, SUSSMAN H E, GEETTER J. Privacy and big data[J]. Computer, 2014, 47(6): 7-9.
[20] NARAYAN S, GAGNé M, SAFAVI-NAINI R. Privacy pre-serving EHR system using attribute-based infrastructure[C]//Proceedings of the 2nd ACM Cloud Computing Security Work-shop, Chicago, Oct 8, 2010. New York: ACM, 2010: 47-52.
[21] CHOE J, YOO S K. Web-based secure access from multiple patient repositories[J]. International Journal of Medical Infor-matics, 2008, 77(4): 242-248.
[22] YANG Y, ZHENG X H, LIU X M, et al. Cross-domain dyna-mic anonymous authenticated group key management with symptom-matching for e-health social system[J]. Future Gene-ration Computer Systems, 2018, 84: 160-176.
[23] SEN POH G, CHIN J J, YAU W C, et al. Searchable sym-metric encryption: designs and challenges[J]. ACM Comput-ing Surveys, 2017, 50(3): 1-37.
[24] LI J, WANG Q, WANG C, et al. Fuzzy keyword search over encrypted data in cloud computing[C]//Proceedings of the 29th IEEE International Conference on Computer Communi-cations, Joint Conference of the IEEE Computer and Com-munications Societies, San Diego, Mar 15-19, 2010. Piscat-away: IEEE, 2010: 441-445.
[25] WANG C, WANG Q, REN K, et al. Privacy- preserving public auditing for data storage security in cloud computing[C]//Proceedings of the 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, San Diego, Mar 15-19, 2010. Piscataway: IEEE, 2010: 525-533.
[26] TAN S, JIA Y. NaEPASC: a novel and efficient public auditing scheme for cloud data[J]. Journal of Zhejiang University-Science C, 2014, 15(9): 794-804.
[27] GARG N, BAWA S. RITS-MHT: relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing[J]. Journal of Network and Computer App-lications, 2017, 84: 1-13.
[28] SHEN J, CHEN X F, HUANG X Y, et al. An efficient public auditing protocol with novel dynamic structure for cloud data[J]. IEEE Transactions on Information Forensics & Security, 2017, 12(10): 2402-2415.
[29] SHANG T, ZHANG F, CHEN X Y, et al. Identity-based dynamic data auditing for big data storage[J]. IEEE Trans-actions on Big Data, 2019: 1.
[30] FAN Y K, LIN X D, TAN G, et al. One secure data integrity verification scheme for cloud storage[J]. Future Generation Computer Systems, 2019, 96: 376-385.
[31] YU Y, AU M, ATENIESE G, et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage[J]. IEEE Transactions on Information Foren-sics and Security, 2017, 12(4): 767-778.
[32] ZHANG J, LI P, MAO J. IPad: ID-based public auditing for the outsourced data in the standard model[J]. Cluster Computing, 2016, 19(1): 127-138.
[33] SRINIVAS J, DAS A K, KUMAR N, et al. Cloud centric authentication for wearable healthcare monitoring system[J]. IEEE Transactions on Dependable & Secure Computing, 2020, 17(5): 942-956.
[34] GOPE P, AMIN R. A novel reference security model with the situation based access policy for accessing EPHR data[J]. Journal of Medical Systems, 2016, 40(11): 242.
[35] MA C. Comparative study of large domestic and foreign medi-cal big data resource sharing[J]. Information and Document-ation Services, 2016, 37(3): 63-67.
马灿. 国内外医疗大数据资源共享比较研究[J]. 情报资料工作, 2016, 37(3): 63-67.
[36] SHAMIR A, TAUMAN Y. Improved online/offline signature schemes[C]//LNCS 2139: Proceedings of the 21st Annual International Cryptology Conference Advances in Cryptology, Santa Barbara, Aug 19-23, 2001. Berlin, Heidelberg: Springer, 2001: 355-367.
[37] CHEN X F, ZHANG F G, SUSILO W, et al. Efficient generic on-line/off-line signatures without key exposure[C]//LNCS 4521: Proceedings of the 5th International Conference on Applied Cryptography and Network Security, Zhuhai, Jun 5-8, 2007. Berlin, Heidelberg: Springer, 2017: 18-30.
[38] LIU J H, MA J H, WU W, et al. Protecting mobile health records in cloud computing: a secure, efficient, and anony-mous design[J]. ACM Transactions on Embedded Computing Systems, 2017, 16(2): 57.
[39] ZHANG R, LIU L. Security models and requirements for health-care application clouds[C]//Proceedings of the 2010 IEEE International Conference on Cloud Computing, Miami, Jul 5-10, 2010. Washington: IEEE Computer Society, 2010: 268-275.
[40] KUMAR P, LEE S G, LEE H J. E-SAP: efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks[J]. Sensors, 2012, 12(2):1625-1647.
[41] HE D, KUMAR N, CHEN J, et al. Robust anonymous authen-tication protocol for health-care applications using wireless medical sensor networks[J]. Multimedia Systems, 2015, 21(1): 49-60.
[42] LI X, NIU J, KUMARI S, et al. A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity[J]. Security & Communication Networks, 2016, 9(15): 2643- 2655.
[43] WU F, XU L, KUMARI S, et al. An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks[J]. Multimedia Sys-tems, 2015, 23(2): 1-11.
[44] AMIN R, ISLAM S H, BISWAS G P, et al. A robust and anonymous patient monitoring system using wireless medical sensor networks[J]. Future Generation Computer Systems, 2018, 80: 483-495.
[45] XIONG H, TAO J, YUAN C. Enabling telecare medical infor-mation systems with strong authentication and anonymity[J]. IEEE Access, 2017, 5: 5648-5661.
[46] FENG C, SHUANG W, JIANG X Q, et al. PRINCESS: pri-vacy-protecting rare disease international network collabo-ration via encryption through software guard extensions[J]. Bioinformatics,2017, 33(6): 871-878.
[47] CHEN F, WANG C, DAI W, et al. PRESAGE: privacy-pre-serving genetic testing via software guard extension[J]. BMC Medical Genomics, 2017, 10(S2): 48.
[48] CHEN F, DOW M, DING S J, et al. PREMIX: privacy-pre-serving estimation of individual admixture[C]//Proceedings of the American Medical Informatics Association Annual Symposium, Chicago, Nov 12-16, 2016: 1747-1755.
[49] WANG W H, CHEN G X, PAN X R, et al. Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX[C]//Proceedings of the 2017 ACM SIGSAC Con-ference on Computer and Communications Security, Dallas, Oct 30-Nov 3, 2017. New York: ACM, 2017: 2421-2434.
[50] SHUANG W, ZHANG Y C, DAI W R, et al. HEALER: hom-omorphic computation of exact logistic regression for secure rare disease variants analysis in GWAS[J]. Bioinformatics,2016, 32(2): 211-218.
[51] CHEON J H, KIM M, LAUTER K E. Homomorphic comput-ation of edit distance[C]//LNCS 8976: Proceedings of the International Conference on Financial Cryptography and Data Security, San Juan, Jan 30, 2015. Berlin, Heidelberg: Spr-inger, 2015: 194-212.
[52] LU W J, YAMADA Y, SAKUMA J. Privacy-preserving genome-wide association studies on cloud environment using fully homomorphic encryption[J]. BMC Medical Informatics & Decision Making, 2015, 15(S5): S1.
[53] GILAD-BACHRACH R, DOWLIN N, LAINE K, et al. Cry-ptonets: applying neural networks to encrypted data with high throughput and accuracy[C]//Proceedings of the 33rd International Conference on Machine Learning, New York, Jun 19-24, 2016: 201-210.
[54] KUZU M, KANTARCIOGLU M, INAN A, et?al. Efficient privacy-aware record integration[C]//Proceedings of the 16th International Conference on Extending Database Technology, Genoa, Mar 18-22, 2013. New York: ACM, 2013: 167-178.
[55] ZHANG Y, BLANTON M. Secure distributed genome analysis for GWAS and sequence comparison computation[J]. BMC Medical Informatics & Decision Making, 2015, 15(S5): S4.
[56] WAGH S, GUPTA D, CHANDRAN N. SecureNN: 3-party secure computation for neural network training[J]. Proceed-ings on Privacy Enhancing Technologies, 2019, 3: 26-49.
[57] DANKAR F K, EL EMAM K. Practicing differential privacy in health care: a review[J]. Transactions on Data Privacy, 2013, 6(1): 35-67.
[58] MOHAMMED N, BAROUTI S, ALHADIDI D, et al. Secure and private management of healthcare databases for data mining[C]//Proceedings of the 28th IEEE International Sym-posium on Computer-Based Medical Systems, Sao Carlos, Jun 22-25, 2015. Washington: IEEE Computer Society, 2015: 191-196.
[59] ALNEMARI A, ROMANOWSKI C J, RAJ R K. An ada-ptive differential privacy algorithm for range queries over healthcare data[C]//Proceedings of the 2017 IEEE Inter-national Conference on Healthcare Informatics, Park City, Aug 23-26, 2017. Washington: IEEE Computer Society, 2017: 397-402.
[60] BEAULIEU-JONES B K,YUAN W, FINLAYSON S G, et al. Privacy-preserving distributed deep learning for clinical data[J]. arXiv:1812.01484, 2018.
[61] DONG J S, ROTH A, SU J. Gaussian differential privacy[J]. arXiv:1905.02383, 2019.
[62] LIU X, TSAFTARIS S A. Have you forgotten? A method to assess if machine learning models have forgotten data[C]//LNCS 12261: Proceedings of the 23rd International Conference on Medical Image Computing and Computer Assisted Inter-vention, Lima, Oct 4-8, 2020. Berlin, Heidelberg: Springer,2020: 95-105.
[63] GOLATKAR A, ACHILLE A, SOATTO S. Eternal sunshine of the spotless net: selective forgetting in deep networks[C]//Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, Jun 13-19, 2020. Pis-cataway:IEEE, 2020: 9301-9309.
[64] GINART A, GUAN M Y, VALIANT G, et al. Making AI forget you: data deletion in machine learning[C]//Proceed-ings of the Annual Conference on Neural Information Pro-cessing Systems, Vancouver, Dec 8-14, 2019. Red Hook: Curran Associates, 2019: 3513-3526.
[65] BOURTOULE L, CHANDRASEKARAN V, CHOQUETTE-CHOO C, et al. Machine unlearning[J]. arXiv:1912.03817, 2019.
[66] FREDRIKSON M, JHA S, RISTENPART T. Model inver-sion attacks that exploit confidence information and basic countermeasures[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, Oct 12-16, 2015. New York: ACM, 2015: 1322-1333.
[67] KIM Y, SUN J M, YU H, et al. Federated tensor factoriza-tion for computational phenotyping[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, Aug 13-17, 2017. New York: ACM, 2017: 887-895.
[68] BRISIMI T S, CHEN R, MELA T, et al. Federated learning of predictive models from federated electronic health records[J]. International Journal of Medical Informatics, 2018, 112: 59-67.
[69] LI W, MILLETARì F, XU D, et al. Privacy-preserving federated brain tumour segmentation[C]//LNCS 11861: Inter-national Workshop on Machine Learning in Medical Imag-ing. Cham: Springer, 2019: 133-141.