weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, May 13, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: Bradley Malin

Title: A Systems Approach to Data Privacy in the Biomedical Domain

Abstract: The healthcare community has made considerable strides in the development and deployment of information systems, with particular gains in electronic health records and cheap genome sequencing technologies. Given the recent passage of the American Recovery and Reinvestment Act of 2009, and the HITECH Act in particular, advancement and adoption of such systems is expected to grow at unprecedented rates. The quantity of patient-level data that will be generated is substantial and can enable more cost-effective care as well as support a host of secondary uses, such biomedical research and biosurveillance. At the same time, care must be taken to ensure that such records are accessed and shared without violating a patient’s privacy rights.

The construction and application of data privacy technologies in the biomedical domain is a complex endeavor and requires the resolution of often competing computational, organizational, regulatory, and scientific needs. In this talk, I will introduce how the Vanderbilt Health Information Privacy Laboratory builds and applies data privacy solutions to support various biomedical settings. Our solutions are rooted in computational formalisms, but are driven by real world requirements and, as such, draw upon various tools and techniques from a number of fields, including cryptography, databases and data mining, public policy, risk analysis, and statistics. Beyond a high-level overview, I will delve into recent research on how we are measuring and mitigating privacy risks when sharing patient-level data from electronic medical and genomic records from the Vanderbilt University Medical Center to local researchers and an emerging de-identified repository at the National Institutes of Health.

Bio: Brad Malin is an Assistant Professor of Biomedical Informatics in the School of Medicine and an Assistant Professor of Computer Science in the School of Engineering at Vanderbilt University. He is the founder and director of the Vanderbilt Health Information Privacy Laboratory (HIPLab), which focuses on basic and applied research in a number of health-related areas, including primary care and secondary sharing of patient-specific clinical and genomic data. His research has received several awards of distinction from the American and International Medical Informatics Associations and the HIPLab is currently supported by grant funding from the National Science Foundation, National Institutes of Health, and Veterans Health Administration. For the past several years, he has directed a data privacy research and consultation team for the Electronic Medical Records and Genomics (eMERGE) project, a consortium sponsored by the National Human Genome Research Institute. He has served as a program committee member and workshop chair for numerous conferences on data mining, privacy, and medical informatics. He has also edited several volumes for Springer Lecture Notes in Computer Science, a special issue for the journal Data and Knowledge Engineering, and is currently on the editorial board of the journal Transactions on Data Privacy. He received a bachelor’s in biology (2000), master’s in knowledge discovery and data mining (2002), master’s in public policy & management (2003), and a doctorate in computation, organizations & society (2006) from the School of Computer Science at Carnegie Mellon University.

His home on the web can be found at http://www.hiplab.org/people/malin

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, May 6, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Annie Anton

Title: Designing Software Systems that Comply with Privacy Laws

Abstract: Properly protecting information is in all our best interests, but it is a complex undertaking. The fact that regulation is often written by non-technologists, introduces additional challenges and obstacles. Moreover, those who design systems that collect, store, and maintain sensitive information have an obligation to design systems holistically within this broader context of regulatory and legal compliance.

There are questions that should be asked when developing new requirements for information systems. For example ….. How do we build systems to handle data that must be kept secure and private when relevant regulations tie your hands? When building a system that maintains health or financial records for a large number of people, what do we need to do to protect the information against theft and abuse, keep the information private, AND at the same time, satisfy all governing privacy laws and restrictions? Moreover, how do we know that we’ve satisfied those laws? How do we monitor for compliance while ensuring that we’re monitoring the right things? And, how do you accomplish all this in a way that can be expressed clearly to end-users and legislators (or auditors) so they can be confident you are doing the right things?

We’ve been working on technologies to make these tasks simpler, and in some senses, automatic. In this talk, I will describe some of the research that we have been conducting to address these problems. I will also discuss the results of a survey involving 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers. The results of this work and our other studies pose interesting ethical questions for industry and society at large, and help illustrate the complexity of the problems.

Bio: Dr. Annie I. Antón is a Professor of Computer Science in the College of Engineering at the North Carolina State University. She received her Ph.D. in Computer Science from the College of Computing at the Georgia Institute of Technology. Dr. Antón joined the computer science department at NC State in 1998. From 2005-2006 she was a visiting faculty (sabbatical) scholar at Purdue University’s CERIAS.

She was awarded an NSF CAREER Award in 2000, named a CRA Digital Government Fellow in 2002, nominated and selected for the 2004-2005 IDA/DARPA Defense Science Study Group, and received the CSO (Chief Security Officer) Magazine “Woman of Influence in the Public Sector” award at the 2005 Executive Women’s Forum. This July she was named one of the most influential women in technology and government by The Political Voices of Women blog. In 2006 she was honored with an award for “Most Influential Paper of ICRE 1996” at RE’06 for her 1996 paper entitled “Goal-Based Requirements Analysis”. She is a former associate editor of IEEE Transactions on Software Engineering, and currently the cognitive issues area editor for the Requirements Engineering Journal and a member of the International Board of Referees for Computers & Security. Antón is a member of the International Association of Privacy Professionals, a senior member of the IEEE as well as a member of the ACM U.S. Public Policy Executive Committee and co-chair of the USACM Privacy Sub-committee.

Antón currently serves on various boards: the NSF Computer & Information Science & Engineering Directorate Advisory Council, the DHS Data Privacy and Integrity Advisory Committee, the CRA Board of Directors, an Intel Corporation Advisory Board, the Distinguished External Advisory Board for the TRUST Research Center, the Advisory Board for the Electronic Privacy Information Center in Washington, DC, and the Georgia Tech Alumni Association Board of Trustees. She is a former member of the Microsoft Research University Relations Faculty Advisory Board, the CRA-W, and the Georgia Tech Advisory Board (GTAB). Dr. Antón is director of ThePrivacyPlace.Org (http://theprivacyplace.org). Her URL is: http://www.csc.ncsu.edu/faculty/anton/.

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 29, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Guy Rothblum

Title: On the Complexity of Differentially Private Data Release: Efficient Algorithms and Hardness Results

Abstract: We consider private data analysis in the setting in which a trusted and trustworthy curator, having obtained a data set containing sensitive information, releases to the public a “sanitization” of the data set. The goal is for the sanitization to both protect the privacy of the individual contributors of data and offer aggregate statistical utility to a data analyst.

In a remarkable recent result, Blum et al. [STOC '08] showed that it is theoretically possible (in exponential time) to generate a synthetic data-set that allows rich statistical analysis, while ensuring a strong privacy guarantee known as differential privacy.

We investigate the possibility of *efficiently* achieving rich statistical data analysis that protects the privacy of individuals. The main result we will present is the first efficient mechanism that achieves rich general privacy-preserving data analysis by answering large sets of predicate counting queries. We will also show strong lower bounds based on standard cryptographic hardness assumptions.

Joint work with Cynthia Dwork, Moni Naor, Omer Reingold and Salil Vadhan.

Bio: Guy Rothblum is a Ph.D. candidate at MIT. His research focuses on foundational cryptography. Recently he is especially interested in studying methods for protecting individual’s privacy, for reliably delegating computations and for obfuscation and software protection.

Watch Video