TRUCE: TRUsted Compliance Enforcement Service for Secure Health Data Exchange
- URL: http://arxiv.org/abs/2512.09959v1
- Date: Tue, 09 Dec 2025 21:47:46 GMT
- Title: TRUCE: TRUsted Compliance Enforcement Service for Secure Health Data Exchange
- Authors: Dae-young Kim, Karuna Pande Joshi,
- Abstract summary: We have developed a novel TRUsted Compliance Enforcement framework for secure data exchange.<n>The framework assesses the trust score of users and the veracity of data based on corresponding regulations.<n>We present our framework in detail along with the validation against the Health Insurance Portability and Accountability Act (HIPAA) Data Usage Agreement (DUA) on CDC Contact Tracing patient data, up to one million patient records.
- Score: 2.83595986479415
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Organizations are increasingly sharing large volumes of sensitive Personally Identifiable Information (PII), like health records, with each other to better manage their services. Protecting PII data has become increasingly important in today's digital age, and several regulations have been formulated to ensure the secure exchange and management of sensitive personal data. However, at times some of these regulations are at loggerheads with each other, like the Health Insurance Portability and Accountability Act (HIPAA) and Cures Act; and this adds complexity to the already challenging task of Health Data compliance. As public concern regarding sensitive data breaches grows, finding solutions that streamline compliance processes and enhance individual privacy is crucial. We have developed a novel TRUsted Compliance Enforcement (TRUCE) framework for secure data exchange which aims to automate compliance procedures and enhance trusted data management within organizations. The TRUCE framework reasons over contexts of data exchange and assesses the trust score of users and the veracity of data based on corresponding regulations. This framework, developed using approaches from AI/Knowledge representation and Semantic Web technologies, includes a trust management method that incorporates static ground truth, represented by regulations such as HIPAA, and dynamic ground truth, defined by an organization's policies. In this paper, we present our framework in detail along with the validation against the Health Insurance Portability and Accountability Act (HIPAA) Data Usage Agreement (DUA) on CDC Contact Tracing patient data, up to one million patient records. TRUCE service will streamline compliance efforts and ensure adherence to privacy regulations and can be used by organizations to manage compliance of large velocity data exchange in real time.
Related papers
- A Secure and Interoperable Architecture for Electronic Health Record Access Control and Sharing [0.0]
We propose a comprehensive architecture for secure access to electronic health records (EHRs)<n>By granting exclusive control over their EHRs, our solution ensures compliance with personal protection laws and empowers individuals to manage their health information autonomously.<n> Notably, our proposed architecture seamlessly integrates with existing health provider information systems interoperability and store security and data.
arXiv Detail & Related papers (2026-02-24T12:11:32Z) - zkFL-Health: Blockchain-Enabled Zero-Knowledge Federated Learning for Medical AI Privacy [0.0]
zkFL-Health is an architecture that combines Federated Learning (FL) with zero-knowledge proofs (ZKPs) and Trusted Execution Environments (TEEs)<n>Clients locally train and commit their updates; the aggregator operates within a TEE to compute the global update and produces a succinct ZK proof that it used exactly the committed inputs and the correct aggregation rule, without revealing any client update to the host.<n>We outline system and threat models tailored to healthcare, the zkFL-Health protocol, security/privacy guarantees, and a performance evaluation plan spanning accuracy, privacy risk, latency, and cost.
arXiv Detail & Related papers (2025-12-24T08:29:28Z) - Implications of Artificial Intelligence on Health Data Privacy and Confidentiality [0.0]
The rapid integration of artificial intelligence in healthcare is revolutionizing medical diagnostics, personalized medicine, and operational efficiency.<n>However, significant challenges arise concerning patient data privacy, ethical considerations, and regulatory compliance.<n>This paper examines the dual impact of AI on healthcare, highlighting its transformative potential and the critical need for safeguarding sensitive health information.
arXiv Detail & Related papers (2025-01-03T05:17:23Z) - Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing [0.312488427986006]
Protected Health Information (PHI) sharing significantly enhances patient care quality and coordination, contributing to more accurate diagnoses, efficient treatment plans, and a comprehensive understanding of patient history.
Compliance with strict privacy and security policies, such as those required by laws like HIPAA, is critical to protect PHI.
We propose a blockchain technology that integrates smart contracts to partially automate consent-related processes and ensuring that PHI access and sharing follow patient preferences and legal requirements.
arXiv Detail & Related papers (2024-07-03T02:49:33Z) - A Qualitative Analysis Framework for mHealth Privacy Practices [0.0]
This paper introduces a novel framework for the qualitative evaluation of privacy practices in mHealth apps.
Our investigation encompasses an analysis of 152 leading mHealth apps on the Android platform.
Our findings indicate persistent issues with negligence and misuse of sensitive user information.
arXiv Detail & Related papers (2024-05-28T08:57:52Z) - S3PHER: Secure and Searchable System for Patient-driven HEalth data shaRing [0.0]
Current systems for sharing health data between patients and caregivers do not fully address the critical security requirements of privacy, confidentiality, and consent management.
We present S3PHER, a novel approach to sharing health data that provides patients with control over who accesses their data, what data is accessed, and when.
arXiv Detail & Related papers (2024-04-17T13:31:50Z) - A Scalable Multi-Layered Blockchain Architecture for Enhanced EHR Sharing and Drug Supply Chain Management [3.149883354098941]
This paper presents a scalable, multi-layered blockchain architecture for secure Electronic Health Record sharing and drug supply chain management.<n>The proposed framework introduces five distinct layers that enhance system performance, security, and patient-centric access control.<n>Our solution ensures data integrity, privacy, and interoperability, making it compatible with existing healthcare systems.
arXiv Detail & Related papers (2024-02-27T09:20:16Z) - Blockchain-empowered Federated Learning for Healthcare Metaverses:
User-centric Incentive Mechanism with Optimal Data Freshness [66.3982155172418]
We first design a user-centric privacy-preserving framework based on decentralized Federated Learning (FL) for healthcare metaverses.
We then utilize Age of Information (AoI) as an effective data-freshness metric and propose an AoI-based contract theory model under Prospect Theory (PT) to motivate sensing data sharing.
arXiv Detail & Related papers (2023-07-29T12:54:03Z) - The Design and Implementation of a National AI Platform for Public
Healthcare in Italy: Implications for Semantics and Interoperability [62.997667081978825]
The Italian National Health Service is adopting Artificial Intelligence through its technical agencies.
Such a vast programme requires special care in formalising the knowledge domain.
Questions have been raised about the impact that AI could have on patients, practitioners, and health systems.
arXiv Detail & Related papers (2023-04-24T08:00:02Z) - Auditing and Generating Synthetic Data with Controllable Trust Trade-offs [54.262044436203965]
We introduce a holistic auditing framework that comprehensively evaluates synthetic datasets and AI models.
It focuses on preventing bias and discrimination, ensures fidelity to the source data, assesses utility, robustness, and privacy preservation.
We demonstrate the framework's effectiveness by auditing various generative models across diverse use cases.
arXiv Detail & Related papers (2023-04-21T09:03:18Z) - Adherence Forecasting for Guided Internet-Delivered Cognitive Behavioral
Therapy: A Minimally Data-Sensitive Approach [59.535699822923]
Internet-delivered psychological treatments (IDPT) are seen as an effective and scalable pathway to improving the accessibility of mental healthcare.
This work proposes a deep-learning approach to perform automatic adherence forecasting, while relying on minimally sensitive login/logout data.
The proposed Self-Attention Network achieved over 70% average balanced accuracy, when only 1/3 of the treatment duration had elapsed.
arXiv Detail & Related papers (2022-01-11T13:55:57Z) - Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data.
FL and related techniques are often described as privacy-preserving.
We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
arXiv Detail & Related papers (2021-12-21T08:44:05Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.