Secure Traversable Event logging for Responsible Identification of Vertically Partitioned Health Data

We aim to provide a solution for the secure identification of sensitive medical information. We consider a repository of de-identified medical data that is stored in the custody of a Healthcare Institution. The identifying information that is stored separately can be associated with the medical information only by a subset of users referred to as custodians. This paper intends to secure the process of associating identifying information with sensitive medical information. We also enforce the responsibility of the custodians by maintaining an immutable ledger documenting the events of such information identification. The paper proposes a scheme for constructing ledger entries that allow the custodians and patients to browse through the entries which they are associated with. However, in order to respect their privacy, such traversal requires appropriate credentials to ensure that a user cannot gain any information regarding the other users involved in the system unless they are both involved in the same operation.