Trusted Process Infomediaries

Abstract

More and more business processes that provide services to consumers are being moved on-line where data may be shared between networks of cooperating organizations to provide seamless, efficient, responsive services to consumers 24x7. However, the very efficient, dynamic and seamless nature of those increasingly global networks raises concerns as how to protect the privacy of personal data and prevent its misuse.

The objective of this project is to evaluate current laws and technology standards in this area and to develop a prototype of a "trusted process infomediary” agent" that can manage access to sensitive data according to rule-based policies, in the context of a complex, distributed electronic business process.

Background

The concept of "trusted infomediary" has been identified as a critical area of research in order to make "information-rich" e-commerce viable. An example of an application area for a "trusted process infomediary agent" is a patient's medical history. As a patient is being treated, a nurse, a lab technician, or physician may add information to the patient’s history, and various parts of the patient history may be transmitted to a pharmacist, a specialist, or the patient’s health insurance company. This access to the patient’s history, with very sensitive information, spans several institutions and many business processes. A “trusted process infomediary agent” would act on behalf of the patient to manage access to the data according to their wishes and in compliance with all applicable laws, regulations and institutional policies.

Project Description

The objective of this project is to construct a simplified agent that applies a subset of rules based on W3C Platform for Privacy Protection (P3P), recent work at IBM on the EPAL language for specifying enterprise rules, and current privacy legislation (PIPEDA, HIPAA). This will include building a web service environment that can simulate the business processes interacting with the agent. The test data used will be based on electronic medical records and business process scenarios related to health care. This project will generate preliminary results for an approach that can be expanded on in subsequent work, to address more complex and comprehensive rules and processes.

Project Significance

The results of this project will significantly advance the research knowledge and tools required to manage sensitive data in business-to-business networks. It will build on work in rule engines, web services, and privacy frameworks and provide valuable insight to the manner in which technology can be directed to support legislative initiatives in this area.

Approach and Methodology

As the emphasis in this project is to create an initial pilot framework based on simple, but real policies, and to work on simple, but real data and scenarios from the medical profession, we will first catalog 5 major use cases and 20 scenarios to represent common business processes in Health Care, including Audit Requests (Courts, Auditors, Patients), Statistical Analysis, Research Studies, Disease Control, Quality Assurance. We will also catalog use cases around patient care delivery.

Using the Health Care use case and scenario data developed, we will then build a web service environment that can simulate business processes interacting with an infomediary agent.

To determine if P3P is a sufficiently rich standard to support the common business processes modeled in our web service environment, and to express the policies required by Ontario Health Privacy Acts, we will define privacy policies for each use case and scenario developed. We will either implement these policies in P3P or EPAL, or alternatively identify limitations and propose extensions to address them. Time permitting, support for such extensions may be included in the infomediary agent to be developed.

A prototype of a” trusted process infomediary agent” that is able to control access to patient information from a variety of sources with 100% coverage of the P3P standard will then be developed. We will design this prototype so that any policy that can be expressed in P3P will be supported according to applicable laws and institutional regulations, and in conformance with the privacy policy specific to a patient.

We will ensure that an audit trail is kept of all requests sufficient for demonstrating conformance to a patient or a court of law and that the infomediary agent is scalable with processing that adds no more than 10% overhead to unrestricted access to patient information. Finally, we will obtain legal analysis that evaluates the compliance of such policies in law.

Research Team

The Research team includes participation of students from both the Technology Law Program in the Faculty of Law and the School of Information Technology and Engineering in the Faculty of Engineering, led by the following two faculty members:

• Liam Peyton, Ph.D., P. Eng., is an Assistant Professor in the School of Information Technology and Engineering (SITE) at the University of Ottawa. He is currently researching issues concerning privacy, security, and accountability of data, particularly as they relate to electronic medical records.

• Marcus Bornfreund, B.A., LL.B., LL.M. is Manager of the Technology Law Program . His research has examined many areas of technology law including Electronic Contracting, Online Legal Services, Open-Source, Intelligent Agents, Electronic Commerce Legislation, Intellectual Property, Internet Service Provider Liability, Data Privacy, Online Anonymity, Electronic Data Interchange (File-Sharing), Information-based Assets, Digital Rights and Information Management.