MicroShare: Privacy-Preserved Medical Resource Sharing through MicroService Architecture

TL;DR

This paper presents MicroShare, a privacy-preserving microservice architecture for medical resource sharing that avoids data de-identification and enhances data security and query efficiency in healthcare systems.

Contribution

It introduces a novel approach using microservices and security techniques to share medical data without compromising patient privacy, avoiding traditional de-identification methods.

Findings

Effective privacy preservation without data de-identification.

Enhanced query efficiency for medical data access.

Validated on endoscopic reporting application.

Abstract

This paper takes up the problem of medical resource sharing through MicroService architecture without compromising patient privacy. To achieve this goal, we suggest refactoring the legacy EHR systems into autonomous MicroServices communicating by the unified techniques such as RESTFul web service. This lets us handle clinical data queries directly and far more efficiently for both internal and external queries. The novelty of the proposed approach lies in avoiding the data de-identification process often used as a means of preserving patient privacy. The implemented toolkit combines software engineering technologies such as Java EE, RESTful web services, JSON Web Tokens to allow exchanging medical data in an unidentifiable XML and JSON format as well as restricting users to the need-to-know principle. Our technique also inhibits retrospective processing of data such as attacks by an adversary on a medical dataset using advanced computational methods to reveal Protected Health Information (PHI). The approach is validated on an endoscopic reporting application based on openEHR and MST standards. From the usability perspective, the approach can be used to query datasets by clinical researchers, governmental or non-governmental organizations in monitoring health care and medical record services to improve quality of care and treatment.