article

Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System

Authors:

Kwangsu LeeAuthors Info & Claims

Journal of Medical Systems, Volume 40, Issue 12

Pages 1 - 16

https://doi.org/10.1007/s10916-016-0621-3

Published: 01 December 2016 Publication History

Abstract

In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient's permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient's perspective.

References

[1]

104th United States Congress. Health Insurance Portability and Accountability Act (HIPAA), 1996. http://aspe.hhs.gov/admnsimp/pl104191.htm

[2]

Abbas, A., and Khan, S. U. h., A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inf. 18(4):1431---1441, 2014.

[3]

AbuKhousa, E., Mohamed, N., and Al-Jaroodi, J., e-health cloud: opportunities and challenges. Futur. Internet 4(3):621---645, 2012.

[4]

Akinyele, J. A., Garman, C., Miers, I., Pagano, M. W., Rushanan, M., Green, M., and Rubin, A. D., Charm: a framework for rapidly prototyping cryptosystems. J. Cryptograph. Eng. 3(2):111---128, 2013.

[5]

Akinyele, J. A., Pagano, M. W., Green, M. D., Lehmann, C. U., Peterson, Z. N. J., and Rubin, A. D., Securing electronic medical records using attribute-based encryption on mobile devices. In: SPSM'11, pp. 75---86. ACM (2011)

Digital Library

[6]

Ferna¿ndez Alema¿n, J. L., Carrio¿n Sen¿or, I., Lozoya, P. A¿. O., and Toval, A., Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inf. 46(3):541---562, 2013.

[7]

Benaloh, J., Chase, M., Horvitz, E., and Lauter, K. E., Patient controlled encryption: ensuring privacy of electronic medical records. In: CCSW 2009, pp. 103---114. ACM, 2009

Digital Library

[8]

Boneh, D., and Boyen, X., Efficient selective-id secure identity-based encryption without random oracles. In: Cachin, C., and Camenisch, J. (Eds.) Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pp. 223---238. Springer, 2004.

[9]

Chen, T.-S., Liu, C.-H., Chen, T.-L., Chen, C.-S., Bau, J.-G., and Lin, T.-C., Secure dynamic access control scheme of PHR in cloud computing. J. Med. Syst. 36(6):4005---4020, 2012.

Digital Library

[10]

Dong, N., Jonker, H., and Pang, J., Challenges in ehealth: From enabling to enforcing privacy. In: Foundations of Health Informatics Engineering and Systems, pp. 195---206. Springer, 2011.

Digital Library

[11]

European Comission. Directive 95/46/EC on Data Protection - data protection in the area of public health, 2011. http://ec.europa.eu/health/data_collection/data_protection/

[12]

Fabian, B., Ermakova, T., and Junghanns, P., Collaborative and secure sharing of healthcare data in multi- clouds. Inf. Syst. 48:132---150, 2015.

Digital Library

[13]

Zhangjie, F., Ren, K., Shu, J., Sun, X., and Huang, F., Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parallel Distrib. Syst. 27(9):2546---2559, 2015.

[14]

Zhangjie, F., Sun, X., Qi, L., Zhou, L., and Shu, J., Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98-B(1):190---200, 2015.

[15]

Haas, S, Wohlgemuth, S., Echizen, I., Sonehara, N., and Mu¿ller, G., Aspects of privacy for electronic health records. I. J. Med. Inf. 80(2):e26---e31, 2011.

[16]

Jiankun, H., Chen, H.-H., and Hou, T.-W., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput. Standards Interf. 32(5---6):274---280, 2010.

Digital Library

[17]

Lee, K., Self-updatable encryption with short public parameters and its extensions. Des. Codes Cryptograph. 79(1):121---161, 2016.

Digital Library

[18]

Lee, K., Choi, S. G., Lee, D. H., Park, J. H., and Yung, M., Self-updatable encryption: Time constrained access control with hidden attributes and better efficiency. In: Sako, K., and Sarkar, P. (Eds.) Advances in Cryptology - ASIACRYPT 2013, volume 8269 of Lecture Notes in Computer Science, pp. 235---254. Springer, 2013.

Digital Library

[19]

Lee, W.-B., and Lee, C.-D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34---41, 2008.

Digital Library

[20]

Li, M., Shucheng, Y., Cao, N., and Lou, W., Authorized private keyword search over encrypted data in cloud computing. In: International Conference on Distributed Computing Systems, pp. 383---392. IEEE, 2011.

Digital Library

[21]

Li, M., Shucheng, Y., Ren, K., and Lou, W., Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In: SecureComm 2010, pp. 89---106. Springer, 2010.

[22]

Li, M., Shucheng, Y., Zheng, Y., Ren, K., and Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1):131---143, 2013.

Digital Library

[23]

Liu, J., Huang, X., and Liu, J. K., Secure sharing of personal health records in cloud computing: Ciphertext-policy attribute-based signcryption. Futur. Gen. Comp. Syst. 52:67---76, 2015.

Digital Library

[24]

Mandl, K. D., Simons, W. W., Crawford, W. C. R., and Abbett, J. M., Indivo: a personally controlled health record for health information exchange and communication. BMC Med. Inf. Decis. Making 7:25, 2007.

[25]

Narayan, S., Gagnă¿, M., and Safavi-Naini, R., Privacy preserving EHR system using attribute-based infrastructure. In: CCSW 2010, pp. 47---52. ACM, 2010.

Digital Library

[26]

Neubauer, T., and Heurix, J., A methodology for the pseudonymization of medical data. I. J. Med. Inf. 80 (3):190---204, 2011.

[27]

Prince, P. B., Krishnamoorthy, K., Anandaraj, R., Jeno Lovesum, S. P., Rsa-dabe: A novel approach for secure health data sharing in ubiquitous computing environment. Indian J. Sci. Technol. 8(17), 2015.

[28]

Bo, Q., Deng, H., Qianhong, W., Domingo-Ferrer, J., Naccache, D., and Zhou, Y., Flexible attribute-based encryption applicable to secure e-healthcare records. Int. J. Inf. Sec. 14(6):499---511, 2015.

Digital Library

[29]

Rosenthal, A., Mork, P., Li, M.H., Stanford, J., Koester, D., and Reynolds, P., Cloud computing: A new business paradigm for biomedical information sharing. J. Biomed. Inf. 43(2):342---353, 2010.

Digital Library

[30]

Rouselakis, Y., Waters, B., and Gligor, V. D., Practical constructions and new proof methods for large universe attribute-based encryption. In: Sadeghi, A.-R., and Yung, M. (Eds.) CCS 2013, pp. 463---474. ACM, 2013.

Digital Library

[31]

Shi, J., Lai, J., Li, Y., Deng, R. H., and Weng, J., Authorized keyword search on encrypted data. In: ESORICS 2014, vol. 8712, pp. 419---435. Springer, 2014.

Digital Library

[32]

Sunyaev, A., Chornyi, D., Mauro, C., and Krcmar, H., Evaluation framework for personal health records: Microsoft healthvault vs. google health. In: HICSS-43 2010, pp. 1---10. IEEE, 2010.

Digital Library

[33]

Szolovits, P., Doyle, J., Long, W. J, Kohane, I., and Pauker, S. G., Guardian angel: Patient-centered health information systems. Technical report, Cambridge, MA, USA, 1994.

Digital Library

[34]

Tang, P. C., Ash, J. S., Bates, D. W., Marc Overhage, J., and Sands, D. Z., Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. JAMIA 13(2):121---126, 2006.

[35]

U.S. Department of Health and Human Services. Health Information Technology for Economic and Clinical Health (HITECH) Act, 2009, http://www.hhs.gov/hipaa/for-professionals/special-topics/HITECH-act-enforcement-interim-final-rule/

[36]

Wan, Z., Liu, J., Deng, R. H, HSBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 7(2):743---754, 2012.

Digital Library

[37]

Wang, C., Xu, X.-L., Shi, D.-Y., Fang, J., Privacy-preserving cloud-based personal health record system using attribute-based encryption and anonymous multi-receiver identity-based encryption. Informatica 39(4), 2015.

[38]

Xia, Z., Wang, X., Sun, X., and Wang, Q., A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27(2):340---352, 2015.

Digital Library

[39]

Yang, J.-J., Li, J., Niu, Y., A hybrid solution for privacy preserving medical data sharing in the cloud environment. Future Gen. Comp. Syst. 43---44:74---86, 2015.

Digital Library

Cited By

Saha SChowdhury CNeogy S(2024)A novel two phase data sensitivity based access control framework for healthcare dataMultimedia Tools and Applications10.1007/s11042-023-15427-583:3(8867-8892)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11042-023-15427-5
Sertbaş NAytaç SErmiş OAlagöz FGür G(2018)Attribute Based Content Security and Caching in Information Centric IoTProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3233273(1-8)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3233273

Index Terms

Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System

Index terms have been assigned to the content through auto-classification.

Recommendations

Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption

Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health ...
An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing

As an emerging patient-centric model of health information exchange, cloud-based personal health record (PHR) system holds great promise for empowering patients and ensuring more effective delivery of health care. In this paper, we propose a novel ...
Flexible patient-controlled security for electronic health records
IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium

Electronic health records (EHR) are a convenient method to exchange medical information of patients between different healthcare providers. In many countries privacy laws require to protect the confidentiality of these data records and let the patient ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Medical Systems

Journal of Medical Systems Volume 40, Issue 12

Oct 2016

410 pages

ISSN:0148-5598

Issue’s Table of Contents

Copyright © Copyright © 2016 Springer Science+Business Media New York.

Publisher

Plenum Press

United States

Publication History

Published: 01 December 2016

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Saha SChowdhury CNeogy S(2024)A novel two phase data sensitivity based access control framework for healthcare dataMultimedia Tools and Applications10.1007/s11042-023-15427-583:3(8867-8892)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11042-023-15427-5
Sertbaş NAytaç SErmiş OAlagöz FGür G(2018)Attribute Based Content Security and Caching in Information Centric IoTProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3233273(1-8)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3233273

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents