Privacy-Preserving Electronic Healthcare with Self-Monitoring Devices using Trusted Execution Environments

Abstract

The adoption of smart wearable devices has been on the rise over the past few years. These wearables are able to track the user's vital signs, making them valuable for use in the healthcare industry. Sharing this information with the user's healthcare provider has the potential to improve medical care by reducing medical misinformation. Currently, patients in the Netherlands are able to inspect their medical file at each healthcare provider they are attending, but they are unable to inspect all their medical files at one place. Moreover, they are not able to contribute to their own medical files. In this thesis, we propose the use of Trusted Execution Environments (TEEs) as an extension to the Polymorphic Encryption and Pseudonymisation (PEP) framework. PEP facilitates the exchange of medical data between multiple parties in a privacy-preserving manner. However, PEP suffers from collusion and scalability issues. The Distributed Polymorphic Encryption and Pseudonymisation (Dist-PEP) protocol is an improvement to PEP, and mitigates these issues. To make further improvements, the Distributed Polymorphic Access Management (Dist-PACMAN) protocol has been introduced to handle the access management more securely. By introducing TEEs, we make further improvements to the efficiency en scalability of the protocol. The result is a privacy-preserving framework that can be used to share the information gathered by the wearables with the user's healthcare provider securely and more efficiently. Additionally, the user can keep and inspect their own medical file at a cloud provider.