Searching HIE with Differentiated Privacy Preservation

In emerging Health Information Exchange systems (or HIE), a search facility, such as record locator service, is critically important for data sharing across autonomous hospitals. An understudied problem for searching HIE is the privacy preservation—how to protect the patient’s private visit-history data in the search process and how to address innately different privacy and sensitivity for different patients and hospitals. For instance, knowing that a patient visited a specialty hospital (e.g. a women’s health center) may leak more privacy than knowing that the patient visited a general hospital. In this work we proposed a differentiated privacy preservation technique for searching in HIE, coined l-PPLS. Given hospitals with different specialties, l-PPLS attempts to cluster them in order to hide among other hospitals their specialties linked to a patient, so that an attacker can not infer the patient’s medical condition based on the specialties of the hospitals she visited.