A pill box with biometric access control and web connection (work in progress)

Similar documents
HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

RelayHealth Legal Notices

Body Sensor Network Security

ChARM EPCS. User Guide for Washington

Ordering New & Refill Prescriptions Online With Costco Mail Order

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA and HIPAA Compliance with PHI/PII in Research

A Review on Privacy Preserving Data Mining Approaches

Member Mail Order Helpful Hints, Reminders and Tools

OptumRx Quick Reference Guide

What is a Prescription Drug Monitoring Program?

Electronic Prescribing of Controlled Substances (EPCS)

2017_Privacy and Information Security_English_Content

Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).

HIPAA UPDATE. Michael L. Brody, DPM

Edition. MONTEREY COUNTY BEHAVIORAL HEALTH MD User Guide

Data Compromise Notice Procedure Summary and Guide

HIPAA AND SECURITY. For Healthcare Organizations

Pseudonymization of Information for Privacy in E-Health (PIPE)

HIPAA Compliance & Privacy What You Need to Know Now

Adobe Sign and 21 CFR Part 11

Building a Privacy Management Program

Employee Security Awareness Training Program

Task: Design an ER diagram for that problem. Specify key attributes of each entity type.

Thank you for using our clinical software Medinet. Together with Practice 2000, Medinet offers a complete solution for Medical Practitioners.

Website Privacy Policy

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

Computers and Security

LIFEWAY PREMARITAL INFORMATION FORM LIFEWAY REFERRAL INFORMATION

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Secure Government Computing Initiatives & SecureZIP

HIPAA Compliance Checklist

The Potential for Blockchain to Transform Electronic Health Records ARTICLE TECHNOLOGY. by John D. Halamka, MD, Andrew Lippman and Ariel Ekblaw

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Terms & Conditions. Privacy, Health & Copyright Policy

Security Enhancements

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

HELPFUL TIPS: MOBILE DEVICE SECURITY

Protecting Personal Health Information on Mobile and Portable Devices. Guidance from the Information and Privacy Commissioner of Ontario

An Overview of Secure Multiparty Computation

SECURING DEVICES IN THE INTERNET OF THINGS

INVESTIGATION REPORT , , ,

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

1 Privacy Statement INDEX

Electronic Communication of Personal Health Information

Complete document security

HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:

Information Security Policy

Cybersecurity and Hospitals: A Board Perspective

Issues of Operating Systems Security

Data Backup and Contingency Planning Procedure

Part 11 Compliance SOP

The Australian Privacy Act An overview of the Australian Privacy Principles (APPs) Author: Paul Green

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Applying TVLA to Public Key Cryptographic Algorithms. Michael Tunstall Gilbert Goodwill

Subject Access Request Policy

DigitalPersona Altus. Solution Guide

Registration on express-scripts.com and Mobile App Express Scripts Holding Company. All All Rights Reserved.

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

COMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11

mhealth: Privacy Challenges in Smartphone-based Personal Health Records and a Conceptual Model for Privacy Management

ComplianceQuest Support of Compliance to FDA 21 CFR Part 11Requirements WHITE PAPER. ComplianceQuest In-Depth Analysis and Review

HAGA CLICK AQUÍ PARA TRADUCCION AL ESPAÑOL DE LA POLÍTICA DE PRIVACIDAD

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

ATLANTICARE HEALTH-E YOU PATIENT PORTAL

Access Rights and Responsibilities. A guide for Individuals and Organisations

LiiV Handbook. Version 2.1. Supplier information in the VARA register. This handbook describes pharmaceutical companies work in LiiV

Creative Funding Solutions Limited Data Protection Policy

HIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996

ONE ID Identity and Access Management System

A Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:

Zero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16)

Addendum # 2 STATE OF LOUISIANA DIVISION OF ADMINISTRATION OFFICE OF GROUP BENEFITS (OGB) NOTICE OF INTENT TO CONTRACT (NIC) FOR

HIPAA COMPLIANCE AND

AUTHORIZATION TO RELEASE HEALTH INFORMATION

NOTICE OF PRIVACY PRACTICES

Device Discovery for Vulnerability Assessment: Automating the Handoff

We will only ask you for information which is absolutely necessary for us to help you and that which you have consented to providing,

OptimiseRx Prescribers User Guide for EMIS Web

HIPAA & Privacy Compliance Update

Olympia Family Medicine 5949 Harbour Park Drive Midlothian, VA 23112

SHS Annual Information Privacy and Security Training

CPSC 467b: Cryptography and Computer Security

Privacy Policy on the Responsibilities of Third Party Service Providers

HIPAA Federal Security Rule H I P A A

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Training Guide for Alabama Practitioners and Pharmacists. Alabama Department of Public Health Prescription Drug Monitoring Program

Privacy Challenges in Big Data and Industry 4.0

A full list of SaltWire Network Inc. publications is available by visiting saltwire.com.

Data Management Unit, V3.1 University of Pennsylvania Treatment Research Center, 2010 Page 2

Teradata and Protegrity High-Value Protection for High-Value Data

Care360 Mobile Frequently Asked Questions

Compliance Matrix for 21 CFR Part 11: Electronic Records

1 A Tale of Two Lovers

Transcription:

A pill box with biometric access control and web connection (work in progress) Eiji Okamoto (okamoto@is.tsukuba.ac.jp) 1 René Peralta (peralta@cs.yale.edu) 2 1 Institute of Information Sciences and Electronics, University of Tsukuba 2 Department of Computer Science Yale University 1 Introduction Because of the increased connectivity of households to the Internet it is now possible to consider the latter as a medium for delivery of a variety of social services. In this work, we propose dispensing prescription drugs remotely via specialized internet-enabled devices. To our knowledge, there are no such medication delivery devices in use at this time, although the idea has most probably been considered by the pharmaceutical industry. 2 Smart pill boxes We envision a class of smart, portable devices equiped with biometric access controls. These devices will be brought home by the patient and will be connected to the Internet in a variety of possible ways. They will perform on-line and off-line tasks that will translate into more effective controls at reduced costs. They will help the patient follow prescribed treatments by keeping track of medication dispensed, issuing audio and/or visual alarms when a dosage is missed, and refuse to dispense more than the prescribed amount of medication. They will reduce the number of pharmacy visits for medication pick-up. The number of pills dispensed at each pharmacy visit is often constrained by the danger that the patient may take too many of the pills at once. The biometric access controls will prevent this. The number of pills is also constrained by the vendor s need to be assured of payment. Since these devices will be connected to the Internet, the system can remotely lock the pill box due to lack of payment (or other contingencies, such as recalls). They will safeguard the supply of medication from undetected theft by third parties (usually household members). Some of the drugs that end up for sale, say, at high schools are stolen, in small amounts, by children from household medicine cabinets. The biometric access controls would prevent this.

They will increase the level of confidence of the health professional in the medication being taken as prescribed. In particular, the system will be capable of issuing a remote warning when the patient stops taking the medication. This is important in the case of some psychiatric patients, the elderly, the mentally impaired, and those patients taking drugs that must be taken for a period of time after the patient is asymptomatic (for example, tuberculosis patients). They will communicate with automated control and data-gathering systems. In this way, they will support the compilation of aggregate medical data to be used by public health policy makers. Clearly, deployment of these devices raises security issues pertaining to patients s rights such as privacy and freedom from coercion. Under what circumstances a patient should be coerced into taking medication is a medical, legal and moral issue outside the scope of this work. Patients s privacy, however, can be protected by using modern cryptographic communication protocols. These protocols ensure that messages on the net are both inaccessible to unauthorized parties and carry no more information that is necessary for the message s specific purpose. We will expand on this below. 3 Selective Disclosure envelopes Modern cryptology offers powerful techniques for the controlled release of information. The devices we propose will use a variant of zero-knowledge proofs called discreet proofs [1]. Discreet proofs are short and non-interactive. They exist for any Boolean predicate whose associated language is in the class NP. Although a discreet proof is simply a string of bits. The details of how it is constructed, and what properties it has, are quite complex. Thus it is useful to create an abstract object which embodies the essential properties of a discreet proof. We suppose that a document is a string of bits containing identifiable fields. A selective disclosure envelope (SD envelope) is an abstract envelope in which a document can be inserted for digital transaction purposes. When a document D is inserted in an SD envelope by a person P, then the following holds: by default D is completely hidden by the SD envelope; once in the SD envelope, P can not alter the contents of D; at insertion time, P can choose to disclose (make readable) any field of D. for a field D that is not fully disclosed at insertion time, P can issue a discreet proof of any Boolean predicate f(d) (Note that f may be chosen after the SD envelope has been sealed and is in circulation). The role of the SD-envelope abstraction can perhaps best be understood by considering the information contained in one of our pill boxes. All these are possible:

name of drug; dosage information; name/address of prescribing physician; name/address of patient; name/address of health professional directly responsible for monitoring use of the device (the idea is that it should not require a medical doctor s degree to perform this task); biometric identification fields (e.g. the patient s fingerprint template); medication vendor information; patient s medical insurance information; payment history; history of missed doses; and many more, depending on the particular patient and condition. Now consider a communication between the pill box and the medication vendor. The vendor might want to know if payment for this month s supply has been received 1 and whether the pill box contains enough medication for next month. If so, then no more information need be exchanged. If there is a problem with payment, the vendor may trigger a no payment exception which would possibly involve other parties; involve exchange of other information (e.g. the medication name, the health professional in charge, and so on); produce vendor-activated actions (anything from a polite warning to a locking of the box), and corresponding audit trail; If the box needs refilling, then a completely different exchange of information would be triggered. The point of using SD-envelopes is that it allows for these information exchanges to exclude all information not relevant to the immediate need. For example, most of these communications would not reveal the identity of the patient, the identity of the prescribing doctor, or even the name of the medication in the pill box. This is a powerful tool for protecting the privacy of the patient while at the same time enforcing the patient s responsibilities. 4 Some technical challenges Discreet proofs are most efficient in what is known as the random oracle model. In practice, this requires the availability of an independent, publically accessible, source of random bits. Such a 1 This is for illustration purposes only. In practice, collection tasks are usually delegated to a third party: a payment gateway. This natural compartmentalization of tasks in E-commerce further helps with the patient s privacy goal being discussed here.

service was provided for some time by CCCNS (http://www.cccns.uwm.edu) at the University of Wisconsin. Entropy was obtained from white noise on radio waves and was expanded via standard cryptographic techniques. Several such sources can be posted on the web. This would help against denial of service attacks as well as serve the needs of users who are unwilling to trust any one source (two or more sources can be combined in such a way that all sources would have to be compromised in order to bias the bits in any way). Developing and maintaining a reliable and trusted public source of randomness with the necessary cryptographic properties (e.g. unpredictability) is not a trivial matter. However, the mathematics of doing so have been known since the 1980s. Another necessary task is to produce software that can help construct discreet proofs for predicates which are frequently encountered in E-commerce. These predicates relate to knowledge of secrets. Secrets, in this context, are bit-strings which satisfy functional equations of the type F (x) = y where F is a one-way function and y is public. The most commonly used one-way functions are based on substitution-permutation ciphers (e.g. DES), modular exponentiation, integer factorization (e.g. RSA, quadratic residuosity), and exponentiation over elliptic curves. Discreet proofs are circuit-based cryptographic primitives. In order to make these proofs as short as possible, circuits must be designed for each one-way function of interest. These circuits are special in that they should contain only addition and multiplication over GF (2). 2 Furthermore, the number of multiplications should be as small as possible. This is because the length of discreet proofs is proportional to the number of multiplications in the circuit but independent of the number of additions. The second author, along with Michael Fischer at Yale, have implemented selective disclosure envelopes for another E-commerce application (on-line Vickrey auctions). This work has provided us with a proof-of-concept as well as ballpark efficiency measures. Another task is related to circuit complexity: in [1] is is shown that the length of a discreet proof (of knowledge of a secret S which satisfies a circuit C) is at most 4rθ + 2rk = 4θ(log 2 (2θ) + r) + 2rk = 4θ log 2 (2θ) + r(4θ + 2k) where θ is the number of conjunctions in C. k is the length of one bit-commitment. r is a security parameter such that the probability of a false proof goes undetected is of the order (1/2) r. Thus, the minimum number of conjunctions necessary to build a circuit for a given function f over the base (, ) is of much interest to this work. We call this complexity measure on f the multiplicative complexity of f and we denote it by f (). In [2] it is shown that the multiplicative 2 Note that the Boolean operators (, ), correspond to (addition,multiplication) over GF (2).

complexity of a random function is approximately the square root of the Boolean complexity of the same function. The exact multiplicative complexity of classes of functions of interest to cryptology is not known. However, it is reasonable to expect that they too have a much lower multiplicative complexity than Boolean complexity. 5 Looking further ahead In Japan, remote sensor-based devices that perform automated lab work, such as urine analysis for diabetics, have been developed and are already in use. The technology that we propose should eventually be merged with the latter sensor-based technology. This will enable the amount of medication dispensed to vary according to the patient s condition. References 1. J. Boyar, I. Damgård, and R. Peralta. Short non-interactive cryptographic proofs. Journal of Cryptology, 13:449 472, 2000. 2. J. Boyar, R. Peralta, and D. Pochuev. On the multiplicative complexity of Boolean functions over the basis (,, 1). Theoretical Computer Science, 235:43 57, 2000.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback