research-article

A rights management approach to protection of privacy in a cloud of electronic health records

Authors:

Mohammad Jafari,

Reihaneh Safavi-Naini,

Nicholas Paul SheppardAuthors Info & Claims

DRM '11: Proceedings of the 11th annual ACM workshop on Digital rights management

Pages 23 - 30

https://doi.org/10.1145/2046631.2046637

Published: 21 October 2011 Publication History

Abstract

A patient-centric DRM approach is proposed for protecting privacy of health records stored in a cloud storage based on the patient's preferences and without the need to trust the service provider. Contrary to the current server-side access control solutions, this approach protects the privacy of records from the service provider, and also controls the usage of data after it is released to an authorized user.

References

[1]

Google Health. http://www.google.com/health.

[2]

Microsoft Active Directory Rights Management Service. http://technet.microsoft.com/en-ca/windowsserver/dd448611.aspx.

[3]

Microsoft HealthVault. http://www.healthvault.com.

[4]

eXtensible Rights Markup Language version 1.2. http://www.xrml.org/XrML_12.asp, 2001.

[5]

R. Kailar and V. Muralidhar. A security architecture for health information networks. In AMIA Annual Symposium Proc., pages 379--383, 2007.

[6]

S. Kenny and L. Korba. Applying digital rights management systems to privacy rights management. Computers & Security, 21(7):648--664, 2002.

Digital Library

[7]

Q. Liu, R. Safavi-Naini, and N. P. Sheppard. Digital rights management for content distribution. In ACSW Frontiers '03: Proc. of the Australasian Information Security Workshop Conference on ACSW, pages 49--58, 2003.

Digital Library

[8]

K. D. Mandl, W. W. Simons, W. C. Crawford, and J. M. Abbett. Indivo: a personally controlled health record for health information exchange and communication. BMC Medical Informatics and Decision Making, 7(25), 2007.

[9]

A. Mohan, D. Bauer, D. M. Blough, M. Ahamad, B. Bamba, R. Krishnan, L. Liu, D. Mashima, and B. Palanisamy. A patient-centric, attribute-based, source-verifiable framework for health record sharing. Technical report, Georgia Institute of Technology, Center for Experimental Research in Computer Systems, GIT-CERCS-09-11, 2009.

[10]

Organisation for the Advancement of Structured Information Standards (OASIS). Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2.0. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, 2005.

[11]

B. C. Popescu, B. Crispo, A. S. Tanenbaum, and F. L. Kamperman. A DRM security architecture for home networks. In DRM '04: Proc. of the 4th ACM Workshop on Digital Rights Management, pages 1--10, Washington DC, USA, 2004.

Digital Library

[12]

T. C. Rindfleisch. Privacy, information technology, and health care. Commun. ACM, 40(8):92--100, 1997.

Digital Library

[13]

F. Salim, N. P. Sheppard, and R. Safavi-Naini. Enforcing P3P policies using a digital rights management system. In PET'07: Proc. of the 7th international conference on Privacy enhancing technologies, pages 200--217, Ottawa, Canada, 2007.

Digital Library

[14]

N. P. Sheppard and R. Safavi-Naini. Protecting Privacy with the MPEG-21 IPMP Framework. In PETS'06: The Proc. of the 6th Workshop on Privacy Enhancing Technologies, pages 152--171, Cambridge, UK, 2006.

Digital Library

[15]

P. C. Tang and D. Lansky. The Missing Link: Bridging The Patient-Provider Health Information Gap. Health Affairs, 24(5), 2005.

[16]

L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner. A break in the clouds: towards a cloud definition. SIGCOMM Comput. Commun. Rev., 39(1):50--55, 2009.

Digital Library

[17]

World-Wide Web Consortium. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, 2006.

Cited By

Ray PMishra S(2022)Preserving healthcare dataCognitive Big Data Intelligence with a Metaheuristic Approach10.1016/B978-0-323-85117-6.00001-7(323-345)Online publication date: 2022
https://doi.org/10.1016/B978-0-323-85117-6.00001-7
Ali MAbbas AKhan MKhan S(2021)SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2018.28547909:1(347-359)Online publication date: 1-Jan-2021
https://doi.org/10.1109/TCC.2018.2854790
El-Bawab T(2019)From the Editor-in-ChiefIEEE Communications Magazine10.1109/MCOM.2019.861326257:1(3-3)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/MCOM.2019.8613262
Show More Cited By

Index Terms

A rights management approach to protection of privacy in a cloud of electronic health records
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

An efficient privacy mechanism for electronic health records

Electronic health records (EHRs), digitization of patients' health record, offer many advantages over traditional ways of keeping patients' records, such as easing data management and facilitating quick access and real-time treatment. EHRs are a rich ...
Securing Electronic Health Records in the Cloud
W-P2DS'18: Proceedings of the 1st Workshop on Privacy by Design in Distributed Systems

Health care institutions gather and store sensitive information from patients with the goal of providing the best care. The medical history of a patient is essential to guarantee that the right diagnosis is achieved and help the clinical staff act in ...
Privacy preservation and information security protection for patients' portable electronic health records

As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DRM '11: Proceedings of the 11th annual ACM workshop on Digital rights management

October 2011

70 pages

ISBN:9781450310055

DOI:10.1145/2046631

General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
Stefan Katzenbeisser
Technische Universität Darmstadt & CASED, Germany
,
Ahmad-Reza Sadeghi
Technische Universität Darmstadt & CASED, Germany

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 21, 2011

Illinois, Chicago, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
978
Total Downloads

Downloads (Last 12 months)53
Downloads (Last 6 weeks)1

Reflects downloads up to 11 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ray PMishra S(2022)Preserving healthcare dataCognitive Big Data Intelligence with a Metaheuristic Approach10.1016/B978-0-323-85117-6.00001-7(323-345)Online publication date: 2022
https://doi.org/10.1016/B978-0-323-85117-6.00001-7
Ali MAbbas AKhan MKhan S(2021)SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2018.28547909:1(347-359)Online publication date: 1-Jan-2021
https://doi.org/10.1109/TCC.2018.2854790
El-Bawab T(2019)From the Editor-in-ChiefIEEE Communications Magazine10.1109/MCOM.2019.861326257:1(3-3)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/MCOM.2019.8613262
Alabdulatif AKhalil IForkan AAtiquzzaman M(2019)Real-time Secure Health Surveillance for Smarter Health CommunitiesIEEE Communications Magazine10.1109/MCOM.2017.170054757:1(122-129)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/MCOM.2017.1700547
Stach CSteimle FMitschang B(2019)How to Realize Device Interoperability and Information Security in mHealth ApplicationsBiomedical Engineering Systems and Technologies10.1007/978-3-030-29196-9_12(213-237)Online publication date: 13-Aug-2019
https://doi.org/10.1007/978-3-030-29196-9_12
(2018)A security scheme of digital rights management based on agent encryption and key distribution in cloud computingInternational Journal of Security and Networks10.5555/3292934.329293613:4(228-235)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292934.3292936
Jabeen FHamid ZAbdul WGhouzali SMalik SKhan ANawaz SGhafoor H(2017)Enhanced Architecture for Privacy Preserving Data Integration in a Medical Research EnvironmentIEEE Access10.1109/ACCESS.2017.27075845(13308-13326)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2707584
Gardiyawasam Pussewalage HOleshchuk V(2016)Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutionsInternational Journal of Information Management: The Journal for Information Professionals10.1016/j.ijinfomgt.2016.07.00636:6(1161-1173)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1016/j.ijinfomgt.2016.07.006
(2016)Security and privacy preserving approaches in the eHealth clouds with disaster recovery planComputers in Biology and Medicine10.1016/j.compbiomed.2016.09.00378:C(1-8)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.compbiomed.2016.09.003
Sajid AAbbas H(2016)Data Privacy in Cloud-assisted Healthcare SystemsJournal of Medical Systems10.1007/s10916-016-0509-240:6(1-16)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s10916-016-0509-2
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents