Summit Program

Professor Koppel is a leading scholar of healthcare IT, and of the interactions of people, computers and workplaces. His articles in JAMA, JAMIA, Annals of Internal Medicine, NEJM, Health Affairs, etc. are considered seminal works. Professor Koppel is on the faculty of the Sociology Department and of the Medical School at the University of Pennsylvania. Koppel is also a Senior Fellow of the Leonard Davis Institute at Penn’s Wharton School. In addition, Koppel is a co-investigator of Penn’s National Science Foundation Project on Safe Cyber Communication and Smart Alerts. At Harvard, Dr. Koppel is co-PI on the FDA-funded study of prescribing errors related to patient data displays.  Also at Harvard, he is the Internal Evaluator of their project to create new HIT architecture. His work combines ethnographic research, extensive statistical analysis, surveys, and usability studies. Working with colleagues at Dartmouth and USC, he also studies workarounds to cybersecurity.

We present a novel approach for disseminating genomic data while satisfying differential privacy. The proposed algorithm splits raw genome sequences into blocks, subdivides the blocks in a top-down fashion, and finally adds noise to counts to protect privacy. Preliminary experimental results suggest that the proposed algorithm can retain data utility that is higher than the baseline for a given privacy budget. The proposed algorithm can also be used to protect heterogeneous data, such as records consisting of both medical and genomic data. Further improvement is possible by refining the heuristic for splitting sequences and by introducing a scoring function in the data generalization process.

We examine adapting proposed privacy-preserving analysis and storage systems for human genome sequences to the realm of human microbiome sequencing. To begin, we discuss the methodology and statistics of interest in microbiome sequence-based analysis, referred to as metagenomics. Next, we investigate the capability of microbiome sequencing to uniquely identify an individual. Then, we detail the differences in metagenomic analysis and genome-wide association studies while reviewing a privacy-preserving genome-wide association study approach. We conclude with a discussion of a system for secure storage and disease risk computation using human genome sequences along with design considerations for extending the system to microbiome sequencing.

Wearable health technology is becoming a hot commodity as it has the potential to help both patients and clinicians continuously monitor vital signs and symptoms. One popular type of wearable devices are worn on human wrist and are equipped with sensors to passively perform sensing tasks. Their constrained user interface, however, is ineffective to display the sensory data for users. We envision connecting a wrist-worn device to a display device, such as a television, so the user is able to view the sensory data. Such connections must be secure to prevent the sensory data from being eavesdropped by other devices, must be made only when the user intends, and must be easy even when a new display is encountered (such as in a medical clinic, or a hotel room). In this presentation, we will discuss the secure wearable/display connection problem by revisiting existing methods and hardware designs of wrist-worn devices and display devices. We then present possible solutions that leverage the built-in hardware components of wrist-worn devices to implement, secure, intentional, easy connections to ambient display devices.

From military Unmanned Air Vehicles (UAVs) to home-made TETRIX® robots, teleoperated systems are playing an increasingly important role in our lives. Like robotics, teleoperated systems are more affordable and easier to acquire than ever before. In the medical field, we have seen applications of this technology in systems like da Vinci® where robots assist in medical procedures. Teleoperated surgical robots will in the future likely be used in more extreme scenarios such as battlefields, natural disasters, and human-caused catastrophes. But, with the rapidly increasing application of this technology raises the question; what if these robots are taken over and turned into weapons?

The goal of this presentation is to raise awareness to this emerging threat, and to initiate research and development of patient safe, information secure and privacy preserving teleoperated robotic surgery. Experts agree that complex systems are best secured when security mechanisms are incorporated into the system from the beginning. Here we have a rare opportunity to design a system and its appropriate security mechanism in parallel. Moreover, we anticipate that the majority of threats against telerobotic surgery will also be relevant to other teleoperated robotic and co-robotic systems.

We start the effort towards safe and secure teleoperated surgery by identifying possible attacks, and experimentally analyzing the scopes, impacts, and resources needed to mount them. We then discuss possible implications on teleoperated surgery. Finally, we provide some initial guidance to prevent these types of attacks from occurring in other applications of teleoperated robotics.

In emerging Health Information Exchange systems (or HIE), a search facility, such as record locator service, is critically important for data sharing across autonomous hospitals. An understudied problem for searching HIE is the privacy preservation—how to protect the patient’s private visit-history data in the search process and how to address innately different privacy and sensitivity for different patients and hospitals. For instance, knowing that a patient visited a specialty hospital (e.g. a women’s health center) may leak more privacy than knowing that the patient visited a general hospital. In this work we proposed a differentiated privacy preservation technique for searching in HIE, coined l-PPLS. Given hospitals with different specialties, l-PPLS attempts to cluster them in order to hide among other hospitals their specialties linked to a patient, so that an attacker can not infer the patient’s medical condition based on the specialties of the hospitals she visited.

The proposed Accounting of Disclosure rule seeks to give patients/consumers clear rights to receive an accounting of the disclosures of their medical information. Similar to the rights regarding disclosures of credit information first given to consumers in the 1970 Fair Credit Reporting Act, the rights for an Accounting of Disclosure seeks to make disclosures of medical information more transparent. After the Department of Health and Human Services Accounting of Disclosure rule proposal of rulemaking in 2010 (Proposed Rule: HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act, 76 Fed. Reg. 31426-31449 (May 31, 2011; RIN 0991–AB62), over 400 public comments were received (Public Comment on Proposed Rule: HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act, (August 1, 2011), available at: http://www.regulations.gov/#!documentDetail;D=HHS-OCR-2011-0011-0001 ). While some comments supported the rule and advocated further rights and protections for consumers, many providers and representatives of provider organizations voiced significant criticisms and offered serious challenges to the proposed rule (e.g., Hall and Nissenbaum 2011). Additional hearings on the subject further identified provider concerns regarding the proposed rule.