Mathematical Reconciliation of Medical Privacy Policies

Healthcare data are arguably the most private of personal data. This very private information in the wrong hands can lead to identity theft, prescription fraud, insurance fraud, and an array of other crimes. Electronic-health systems such as My Health Record in Australia holds great promise in sharing medical data and improving healthcare quality. But, a key privacy issue in these systems is the misuse of healthcare data by “authorities.” The recent General Data Protection Regulation (GDPR) introduced in the EU aims to reduce personal-data misuse. But, there are no tools currently available to accurately reconcile a domestic E-health policy against the GDPR to identify discrepancies. Reconciling privacy policies is also non-trivial, because policies are often written in free text, making them subject to human interpretation. In this article, we propose a tool that allows the description of E-health privacy policies, represents them using formal constructs making the policies precise and explicit. Using this formal framework, our tool can automatically reconcile a domestic E-health policy against the GDPR to identify violations and omissions. We use our prototype to illustrate several critical flaws in Australia’s My Health Record policy, including a non-compliance with GDPR that allows healthcare providers to access medical records by default.