Date of Award


Degree Name

Doctor of Philosophy


Computer Science

First Advisor

Dr. Leszek T. Lilien

Second Advisor

Dr. Zijiang James Yang

Third Advisor

Dr. Kuanchin Chen


Sharing healthcare information—including electronic health/medical records (EHRs/EMRs)—among healthcare information systems is necessary for improving the quality of healthcare. However, facilitating data exchange increases privacy threats—due to easier copying and dissemination of healthcare information.

We propose a solution that provides privacy protection for patients’ EHRs/EMRs disseminated among different authorized healthcare information systems. Our solution builds upon the existing construct named an Active Data Bundle (ADB). In the proposed solution, ADBs keep EHRs/EMRs as sensitive data; include metadata describing sensitive data and prescribing their use; and encompass a policy enforcement engine (called a virtual machine or VM), which controls and manages how its active bundle behaves. The VM enforces ADB’s data integrity and ADB’s privacy policies (specified as a part of metadata).

We first modify the existing design and implementation of the ADB scheme, known as Active Bundles using Trusted Third Party (ABTTP). ABTTP uses ADBs and trusted third parties (TTPs). The latter maintain and provide to ADBs trust values of visited hosts, as well as hash values and decryption keys. Our modification, named Active Data Bundles with Trusted Third Party (ADB-TTP), is only a starting point for significant enhancements and improvements to the ADB scheme proposed by us. They include: (i) using nested VMs in ADB-TTP instead of using single VM in ABTTP, (ii) adding new phases to the ADB lifecycle including ADB auditing and ADB Termination; and (iii) using the eXtensible Access Control Markup Language (XACML) to specify the privacy policies and to enforce them.

We also develop a new ADB scheme implementation, known as Active Data Bundles with Multi-Agent System (ADB-MAS). ADB-MAS implements active data bundles as mobile intelligent agents, which eliminate the need for using TTPs.

In order to test the effectiveness of different ADB schemes and evaluate their use in healthcare applications, we use a real-life healthcare scenario for dissemination of EHRs in healthcare information systems. We evaluate both ADB-TTP and ADB-MAS using separate testbeds implemented with Java Standard Edition (JDK 1.8) and Java Agent Development Framework (JADE), respectively.

We run consistent experiments on both testbeds to evaluate and compare performance for both solutions (the experiments are "consistent" as much as possible in the context of separate testbed implementations). The evaluation criteria for ADB-TTP and ADB-MAS include rates of data reduction, data disclosure, and successful/unsuccessful data delivery. Our evaluation shows that ADBs are able to protect patient EHRs//EMRs during their dissemination among healthcare providers. The quantitative results show that under different circumstances either ADB-TTP or ADB-MAS is a better protector of data (via so called “evaporation” or “apoptosis” of the most sensitive data). The qualitative conclusions are that ADB-MAS outperforms ADB-TTP in protection of privacy of healthcare data (EHRs/EMRs) because ADB-MAS performs a priori trust verification of destination hosts (to which EHRs/EMRs are delivered by ADBs).

Our results demonstrate that ADB-MAS, our new implementations of the ADB scheme, improve the privacy and efficiency of processing of patients’ data in healthcare information systems. In the broader area of computing technology, ADB-MAS can be used to prevent privacy violations, including stealing and leaking of sensitive data in diverse distributed computing applications areas, including Internet of Things, Cloud Computing, Opportunistic Resource Utilization Networks (Oppnets), and distributed database systems.

Access Setting

Dissertation-Campus Only

Restricted to Campus until