Fully Homomorphic Encryption based Privacy-Preserving Data Acquisition and Computation for Contact Tracing

摘要

For public health surveillance systems, privacy is a major issue in storing and sharing of personal medical data. Often, patients and organizations are unwilling to divulge personal medical data for fear of compromising their privacy because although the data may be encrypted, the encrypted values typically need to be first decrypted to perform any computation on the data. Unfortunately, such a barrier in easy sharing of data can severely hamper the ability to respond in a timely and effective manner to a crisis scenario, as evident in the case of the ongoing COVID-19 pandemic. To overcome this critical obstacle, we propose in this paper a novel privacy-preserving encryption mechanism for storage and computation of sensitive healthcare data. Our scheme is based on the use of a secure fully homomorphic encryption scheme, so that the required computations can be performed directly on the encrypted data values without the need for any decryption. The ability to execute queries or computation directly on encrypted data, without the need for decryption, is not present in any existing public-health surveillance system. We propose a novel computational model and also develop an algorithm for contact tracing with COVID-19 pandemic as a case study. We have simulated our proposed approach using the ElGamal encryption algorithm to check the correctness and effectiveness of our proposed approach. The results show that our proposed solution is effective in providing adequate security while supporting the computational needs for contact-tracing. Besides contact-tracing, our new data-encryption technique can have a much broader impact in the field of healthcare. By executing queries or computations directly on encrypted data, our innovative solution would make the sharing of data in healthcare-related research and industry significantly simpler and faster. The use of such a data encryption scheme to store and transmit sensitive healthcare data over a network can not only allay the fear of compromising sensitive information but also ensure HIPAA-compliance.