User-Generated Pseudonyms Through Merkle Trees

Kermezis, Georgios; Limniotis, Konstantinos; Kolokotronis, Nicholas

doi:10.1007/978-3-030-76663-4_5

Cited by 2 publications

(2 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FHIR-DIET allows users to choose among several cryptographic schemes, all of which offer a perfectly hiding property and can be fed to the tool through the configuration files. In particular, following the guidelines [14], the choice is around literature approaches based on asymmetric cryptographic algorithms (e.g., [40]) or more recent approaches based on cryptographic accumulators for pseudonym generation [41], which inherits the security properties of a Merkle tree (also envisioned by the recent ENISA report [15]) achieving post-quantum security. The reference is the ENISA best practices [14] and techniques [15] and the ISO 25237 standard on pseudonymisation and specifically the Clause 6 [16].…”

Section: ) Pseudonymisation and De-pseudonymisationmentioning

confidence: 99%

Anonymization and Pseudonymization of FHIR Resources for Secondary Use of Healthcare Data

Raso,

Loreti,

Ravaziol

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Along with the creation of medical profiles of patients, Electronic Health Records have several secondary missions, such as health economy and research. The recent, increasing adoption of a common standard, i.e., the Fast Healthcare Interoperability Resources (FHIR), makes it easier to exchange medical data among the several parties involved, for example, in an epidemiological research activity. However, this exchange process is hindered by regulatory frameworks due to privacy issues related to the presence of personal information, which allows patients to be identified directly (or indirectly) from their medical data. When properly used, de-identification techniques can provide crucial support in overcoming these problems. FHIR-DIET aims to bring flexibility and concreteness to the implementation of de-identification of health data, supporting many customised data-processing behaviours that can be easily configured and tailored to match specific use case requirements. Our solution enables faster and easier cooperation between legal and IT professionals to establish and implement de-identification rules. The performance evaluation demonstrates the viability of processing hundreds of FHIR patient information data per second using standard hardware. We believe FHIR-DIET can be a valuable tool to satisfy the current regulation requirements and help to create added-value for the secondary use of healthcare data.

show abstract

Section: ) Pseudonymisation and De-pseudonymisationmentioning

confidence: 99%

Anonymization and Pseudonymization of FHIR Resources for Secondary Use of Healthcare Data

Raso,

Loreti,

Ravaziol

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Initially studied mainly in the context of computer and network security, privacy engineering has emerged not only as an important research field per se [3], but also as a growing market, fuelled by the compliance needs of organisations, as well as the increasing awareness and demands of users. Beyond cryptography and legacy security technologies, various research areas have spawned, including pseudonymisation [4], anonymisation [5], privacyaware access control [6], differential privacy [7], privacy assessment [8], location privacy [9], privacy-preserving data analysis [10], and users rights' enforcement [11], among others, whereas in the Business Process Management (BPM) domain, most privacy-related research has focused on the annotation of processes and workflows with authorisation constraints and/or other data protection concerns (e.g., [12] [13]). The protection of privacy -and compliance thereof-is also the focus of several European projects, among which BPR4GDPR, together comprising the "GDPR Cluster", and proposing complementary solutions [14].…”

Section: Related Workmentioning

confidence: 99%

GDPR Compliance Made Easier: the BPR4GDPR Project

Lioudakis¹,

Papagiannakopoulou²,

Koukovini³

et al. 2021

ARIS2 Journal

View full text Add to dashboard Cite

With the aim to facilitate compliance with the GDPR, particularly for SMEs, this paper summarises the results of the H2020 BPR4GDPR project. With a focus on business processes, the project has proposed a holistic approach able to support compliant processes, while fulfilling requirements covering diverse application domains. The main pillars of the solution are: i) a policy-based access and usage control system, for setting the operational rules; ii) a framework for automatically re-engineering processes, so that they become compliant by design; iii) a run-time environment for the enforcement of privacy constraints and data subjects’ rights; iv) a process mining framework, devised for ex post compliance analysis and conformance checking leveraging the process execution traces.

show abstract

User-Generated Pseudonyms Through Merkle Trees

Cited by 2 publications

References 32 publications

Anonymization and Pseudonymization of FHIR Resources for Secondary Use of Healthcare Data

Anonymization and Pseudonymization of FHIR Resources for Secondary Use of Healthcare Data

GDPR Compliance Made Easier: the BPR4GDPR Project

Contact Info

Product

Resources

About