Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/2110363.2110448acmconferencesArticle/Chapter ViewAbstractPublication PagesihiConference Proceedingsconference-collections
short-paper

Flexible patient-controlled security for electronic health records

Published: 28 January 2012 Publication History

Abstract

Electronic health records (EHR) are a convenient method to exchange medical information of patients between different healthcare providers. In many countries privacy laws require to protect the confidentiality of these data records and let the patient control the access to them. Existing approaches to protect the privacy of EHRs are either insufficient for these strict laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. However, this does not allow a physician to access an EHR of a patient who is unable to show up in person.
In this paper, we propose a security architecture for EHR infrastructures that provides more flexibility but retains the security of patient-controlled encryption. In our proposal patients are able to authorize access to their records remotely (e.g. via phone) and time-independent for later processing by the physician. The security of our approach relies on modern cryptographic schemes and their incorporation into an EHR infrastructure. The adoption of our security architecture would allow to fulfill strict privacy laws while relaxing usage restrictions of existing security protections.

References

[1]
Sozialgesetzbuch V, §291a Elektronische Gesundheitskarte, July 2004. German Federal Law.
[2]
Agence des systèmes d'information partagés de santé. Dossier de spécifications fonctionnelles et techniques des interfaces DMP des logiciels de professionnels de santé. Version 1.0.0, 2010. http://www.asipsante.fr.
[3]
J. A. Akinyele, C. U. Lehmann, M. D. Green, M. W. Pagano, Z. N. J. Peterson, and A. D. Rubin. Self-protecting electronic medical records using attribute-based encryption. Cryptology ePrint Archive, Report 2010/565, 2010.
[4]
J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records. In The ACM Cloud Computing Security Workshop, CCSW '09, pages 103--114. ACM, 2009.
[5]
J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, S&P '07, pages 321--334. IEEE Computer Society, 2007.
[6]
Gematik - Gesellschaft für Telematikanwendungen der Gesundheitskarte. Die elektronische Gesundheitskarte. http://www.gematik.de.
[7]
German Federal Ministry of Health. Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen, Version 0.9.0, March 2006.
[8]
S. Narayan, M. Gagné, and R. Safavi-Naini. Privacy preserving EHR system using attribute-based infrastructure. In The ACM Cloud Computing Security Workshop, CCSW '10, pages 47--52. ACM, 2010.
[9]
H.-H. Rau, C.-Y. Hsu, Y.-L. Lee, W. Chen, and W.-S. Jian. Developing electronic health records in Taiwan. IT Professional, 12:17--25, 2010.
[10]
A. Sahai and B. Waters. Fuzzy identity-based encryption. In Advances in Cryptology - EUROCRYPT 2005, volume 3494 of LNCS, pages 457--473. Springer, 2005.
[11]
SVC - Sozialversicherungs-Chipkarten Betriebs- und Errichtungsgesellschaft. e-card. Website. http://www.chipkarte.at.

Cited By

View all
  • (2024)A Security and Privacy Validation Methodology for E-Health Systems Using Cloud StorageHuman Impact on Security and Privacy10.4018/979-8-3693-9235-5.ch009(173-192)Online publication date: 27-Sep-2024
  • (2024)A Blockchain-Based Solution for the Security and Management of Electronic Medical Records (EMR) in HealthcareProceedings of the Future Technologies Conference (FTC) 2024, Volume 210.1007/978-3-031-73122-8_9(126-139)Online publication date: 5-Nov-2024
  • (2024)Security of Medical Data Processinge‐Health Security Management10.1002/9781394340569.ch8(183-211)Online publication date: 24-Nov-2024
  • Show More Cited By

Index Terms

  1. Flexible patient-controlled security for electronic health records

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
    January 2012
    914 pages
    ISBN:9781450307819
    DOI:10.1145/2110363
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 28 January 2012

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. authorization
    2. cryptography
    3. electronic health records

    Qualifiers

    • Short-paper

    Conference

    IHI '12
    Sponsor:
    IHI '12: ACM International Health Informatics Symposium
    January 28 - 30, 2012
    Florida, Miami, USA

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)8
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Security and Privacy Validation Methodology for E-Health Systems Using Cloud StorageHuman Impact on Security and Privacy10.4018/979-8-3693-9235-5.ch009(173-192)Online publication date: 27-Sep-2024
    • (2024)A Blockchain-Based Solution for the Security and Management of Electronic Medical Records (EMR) in HealthcareProceedings of the Future Technologies Conference (FTC) 2024, Volume 210.1007/978-3-031-73122-8_9(126-139)Online publication date: 5-Nov-2024
    • (2024)Security of Medical Data Processinge‐Health Security Management10.1002/9781394340569.ch8(183-211)Online publication date: 24-Nov-2024
    • (2023)A Privacy-Preserving Medical Data Sharing Scheme Based on BlockchainIEEE Journal of Biomedical and Health Informatics10.1109/JBHI.2022.320357727:2(698-709)Online publication date: Feb-2023
    • (2022)Protecting Personal Health Data through Privacy AwarenessProceedings of the ACM on Human-Computer Interaction10.1145/34928306:GROUP(1-22)Online publication date: 14-Jan-2022
    • (2022)Big Data Privacy and Security Using Abundant Data Recovery Techniques and Data Obliviousness MethodologiesIEEE Access10.1109/ACCESS.2022.321130410(105458-105484)Online publication date: 2022
    • (2022)Implementing a secure remote patient monitoring systemInformation Security Journal: A Global Perspective10.1080/19393555.2022.204783932:1(21-38)Online publication date: 17-Mar-2022
    • (2021)EACS: Expressible Access Control Scheme for Secure Services and Data Delegation in Collaborative E-health SystemInformation Security Journal: A Global Perspective10.1080/19393555.2021.192660331:3(274-288)Online publication date: 4-Jun-2021
    • (2020)A Secure Privacy Preserving Cloud-based Framework for Sharing Electronic Health Data*2020 42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC)10.1109/EMBC44109.2020.9175792(5592-5597)Online publication date: Jul-2020
    • (2019)Symmetric key-based patient controlled secured electronic health record management protocolJournal of High Speed Networks10.3233/JHS-19061325:3(221-237)Online publication date: 1-Jan-2019
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media