TRUCE: TRUsted Compliance Enforcement Service for Secure Health Data Exchange

TL;DR

TRUCE is a framework that automates compliance enforcement for health data exchange by assessing trustworthiness and regulatory adherence using AI and semantic web technologies, demonstrated on HIPAA data.

Contribution

The paper introduces a novel AI-based framework, TRUCE, for automated compliance enforcement in health data exchange, integrating static and dynamic trust assessments.

Findings

Validated on HIPAA data with up to one million records

Streamlines compliance processes in real-time data exchange

Enhances trust and privacy in health data management

Abstract

Organizations are increasingly sharing large volumes of sensitive Personally Identifiable Information (PII), like health records, with each other to better manage their services. Protecting PII data has become increasingly important in today's digital age, and several regulations have been formulated to ensure the secure exchange and management of sensitive personal data. However, at times some of these regulations are at loggerheads with each other, like the Health Insurance Portability and Accountability Act (HIPAA) and Cures Act; and this adds complexity to the already challenging task of Health Data compliance. As public concern regarding sensitive data breaches grows, finding solutions that streamline compliance processes and enhance individual privacy is crucial. We have developed a novel TRUsted Compliance Enforcement (TRUCE) framework for secure data exchange which aims to automate compliance procedures and enhance trusted data management within organizations. The TRUCE framework reasons over contexts of data exchange and assesses the trust score of users and the veracity of data based on corresponding regulations. This framework, developed using approaches from AI/Knowledge representation and Semantic Web technologies, includes a trust management method that incorporates static ground truth, represented by regulations such as HIPAA, and dynamic ground truth, defined by an organization's policies. In this paper, we present our framework in detail along with the validation against the Health Insurance Portability and Accountability Act (HIPAA) Data Usage Agreement (DUA) on CDC Contact Tracing patient data, up to one million patient records. TRUCE service will streamline compliance efforts and ensure adherence to privacy regulations and can be used by organizations to manage compliance of large velocity data exchange in real time.