Novel Solutions for Privacy, Security and Trust in Modern Medical Data Management Systems

Data and analytics are indispensable parts of any successful business. Despite that, they can lead to serious privacy issues if not used safely. Even though the financial and legal consequences of privacy breaches are profound, the most damaging one, in the long run, is customer distrust. This is particularly the case for hypersensitive data such as personal health information. In recent years, the significance of privacy, security, and trust to the design of successful modern systems are being recognized more than ever before. Nevertheless, the current state of data management systems is far from achieving this goal. Particularly, in medical data management systems, handling sensitive data, mistrust is a barrier to many core processes such as data collection, sharing and analytics. Consequently, it is a primary cause of suboptimal medical services in our time. The primary direction of this thesis is to respond to these concerns of ethical nature by taking data privacy as a fundamental human right into serious consideration in the design of these processes. We highlight the emerging role of the blockchain in health information systems and recognize blockchain's ample opportunities for trust establishment. Consequently, we propose solutions based on this novel technology. More precisely, this thesis proposes a privacy-preserving data market for incentivedriven data collection for the development of reliable mathematical models that accelerate medical research. The blockchain aspect of the platform provides transparency as to the purpose for which the data is used to avoid the perception of data misuse/abuse. Secondly, this thesis proposes flexible blockchain-based access control mechanisms with multiple privacy protection layers for user-centric data sharing. Furthermore, it proposes a distributed machine learning-as-a-service platform for data analytics whose computational integrity can be verified efficiently by users. The strength of this platform lies in mutual privacy protection of user data and service provider intellectual property.