Article Preview
Top1. Introduction
Recently, Web services have started to be a popular medium for data publishing and sharing on the Web (Carey, 2007; Gilpin, Yuhanna, Leganza, Heffner, Hoppermann, & Smillie, 2007). Modern enterprises are moving towards a service-oriented architecture for data sharing on the Web by putting their databases behind Web services, thereby providing a well-documented, interoperable method of interacting with their data. We call this type of Web services as DaaS Web services (Data-as-a-Service Web services). DaaS services are becoming increasingly popular in the eHealth industry as a viable solution to access and manipulate the Electronic Health Record (EHR). The European Commission, in fulfillment of its action plan (European Commission, 2004) to promote interoperability among European eHealth systems, has supported many projects that address the interoperability problem by adopting the DaaS Web service technology as an interoperability platform among healthcare facilities, medical research centers and health institutions in Europe. One of the most prominent projects is ARTEMIS (Dogac et al., 2006), where DaaS services are used to access and manipulate the different components of the medical records (EHRs) that are held by proprietary data sources/ information systems in healthcare facilities.
While individual DaaS Web services may provide interesting medical information alone, in most cases, users’ queries require the invocation of several services. For instance, let us consider the following query: “what are the tests performed in ABC Lab by patients who have been administered Glucophage in XWZ hospital?” Let us assume that ABC Lab and XWZ hospital provide two DaaS services SABC and SXYZ, respectively: SABC returns the tests performed by a given patient in ABC Lab and SXWZ returns the list of patients that have been administered a given drug in XWZ hospital. The execution of the above mentioned query involves the composition of SABC and SXYZ services. Web service composition is a powerful solution for building value-added services on top of existing ones (Singh, 2001). One can for example, reconstitute the entire healthcare record by compositing the DaaS services which provide its primitive data elements like, allergies, Medications, Operations, etc.
Patient data privacy preservation is one of the most challenging problems in the medical DaaS service Web composition. Privacy is the right of individuals to determine for themselves when, how and to what extent information about them is communicated to others (Westin, 1967). Users are reluctant to use online services for fear that their private data may be disseminated to untrusted parties or used for unintended purposes (LeFevre, 2007).
Data privacy preservation has received a considerable attention in recent years. Earlier work focused on preserving privacy in centralized settings through anonymization (LeFevre, 2007). However, users’ private information is often scattered across independent distributed data sources. Applying anonymization techniques on each data source in isolation is not suitable. For example, a patient Sarah may have her personal information (national identifier or SSN, age, sex, address, etc) stored at provider A‘s data source and her lung cancer screenings tests stored at provider B’s. If data sources at A and B were anonymized in isolation, then the anonymized records are not joinable with other datasets. Hence, queries such as “return the female patients who have developed lung cancer in XWZ city” (which requires joining A’s and B’s relations) cannot be answered even if Sarah agreed to release her address, sex, and medical tests.