The world's first electronic medical record encryption technology by NSYSU won the NSTC's Brightest Achievement Award
When the implementation of cloud-based exchange for electronic medical records becomes imperative, how to balance the concerns of personal privacy and information security? The "Privacy-Preserving Medical Data Warehouse System Supporting Secure Data Mining" project of National Sun Yat-sen University (NSYSU) has developed functional encryption technology, which, for the first time in the world, could guarantee information security when uploading the medical data of the Fast Healthcare Interoperability Resources (FHIR) to the cloud. This project helps to provide a secure medical data storage and exchange system, promotes the exchange of electronic medical records, and synchronizes personal medical data and medical records. Both hospitals and patients would be enabled to reduce economic and time costs. The project won the "Brightest Achievement Award" from the Office of Technology Promotion Program in Advanced Cybersecurity Research of the National Science and Technology Council (NSTC).
Chun-I Fan, Distinguished Professor of the Department of Computer Science and Engineering, Dean of the College of Engineering, and Director of the Information Security Research Center at NSYSU, emphasized that through the link and cooperation of industry, academia, and research in this project, privacy-preserving federated learning as well as cloudification of medical data will be realized, the exchange of electronic medical records will be facilitated, and the economic and time costs of referrals for patients will be reduced. In addition, the personal electronic health record platform synchronizes personal medical data with medical records, enhancing the accuracy of diagnoses and the quality of medical care, thereby promoting the seamless communication between the healthcare and caregiving sectors. The results of this project were also displayed at the CYBERSEC 2023 further.
On July 18, 2022, the Ministry of Health and Welfare (MOHW) announced the amendment of the "Regulations Governing the Creation and Management of Electronic Medical Records by Medical Institutions," which focuses on medical artificial intelligence (AI), information security, and telemedicine, and provides the legal basis for the cloud-based uploading of electronic medical records. The Principal Investigator Chun-I Fan, in charge of the NSTC's Technology Promotion Program in Advanced Cybersecurity Research project "Privacy-Preserving Medical Data Warehouse System Supporting Secure Data Mining" and co-hosts Professor and Chair of the Institute of Medical Science and Technology of NSYSU Cheng-Hsin Chuang, Assistant Professors of the Department of Computer Science and Engineering Ruei-Hau Hsu and Arijit Karati, and Kaohsiung Veterans General Hospital Attending Doctor Tsung-Lung Yang formed a cross-disciplinary team to devote to this research. In addition to the world's first functional encryption technology to assist in the secure uploading of medical data to the cloud, the release of the FHIR Implementation Guide (IG) with a privacy protection mechanism is also the first in Taiwan. The secure medical data storage and exchange system it provides enables hospitals to upload data to the public cloud and reduce maintenance costs, and its open data will help boost the development of the healthcare industry, aligned with the MOHW's promotion of healthcare IT development, whose two main focuses are the cloud-based uploading of electronic medical records and FHIR.
Chun-I Fan pointed out that the current electronic medical record exchange standard adopts VPN and closed networks, which are small in scale and difficult to open the data to the industry and academia for sharing. Also, it runs the security risks such as external malicious attacks or information leakage, which causes hospitals to incur substantial expenses on information system maintenance. Given these circumstances, the secure medical data warehouse system project entrusted by the NSTC is to improve the above shortcomings and further provide functions such as contribution measurement. It helps medical records to be stored in the public cloud in the form of ciphertext with three characteristics: attribute-based encryption, homomorphic computing, and searchability. Furthermore, given the limitation that medical institutions have traditionally been restricted to training models within their own facilities, hindering collaboration among multiple institutions, the adoption of federated learning allows for cooperation among medical institutions.
This project establishes Privacy Preserving Fast Healthcare Interoperability Resources (PPFHIR) to achieve a secure medical data exchange system. Also, through the Searchable Attribute-Based Homomorphic Encryption (SABHE) mechanism, which integrates encryption, ciphertext search, homomorphic computing, and access rights management, the storage, access, operation, and calculation of medical data shall be all processed in ciphertext form. This ensures the goal of achieving the cloud-based storage and exchange of medical data with privacy protection. What’s more, PPFHIR is compatible with the existing FHIR system, making it easy to interface and convert between systems.