A formal adversarial perspective: Secure and efficient electronic health records collection scheme for multi‐records datasets

The collection of private health data without compromising privacy is an imperative aspect of privacy‐aware data collection mechanisms. Privacy‐preserved data collection is achieved by anonymizing private data before its transmission from data holders to data collectors. Though there exist ample literature on private data collection for 1:1 (single record of a data holder) datasets, collecting multi‐records (multiple records of a data holder) datasets (referred to as 1:M datasets) has not received due attention from the research community. Therefore, the current studies experience serious privacy breaches in 1:M dataset thereby limiting their application in secure healthcare applications and systems. In this work, we have formally classified main privacy disclosures on these data collection mechanisms and proposed an improved privacy scheme, namely, horizontal sliced permuted permutation (H‐SPP) for 1:M datasets. It uses the composite slicing and anatomy‐based approach to protect against the privacy violations like identity, attribute, and membership disclosures. Moreover, we perform formal modeling of the proposed scheme using high‐level Petri nets (HLPN) and show that it effectively prevents the identified external and internal privacy attacks. Experimental results show that H‐SPP provides robust privacy for health data with high performance.