Skip to main content
SpringerLink
Log in
Book cover

International Joint Conference on Biomedical Engineering Systems and Technologies

BIOSTEC 2009: Biomedical Engineering Systems and Technologies pp 369–380Cite as

Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient’s Privacy

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 52))

Abstract

In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient’s privacy and discuss the applied methods.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. HI: Harris Interactive, Survey on Medical Privacy (2004), http://www.harrisinteractive.com/news/newsletters/healthnews/HI_HealthCareNews2004Vol4_Iss13.pdf

  2. Pyper, C., Amery, J., Watson, M., Crook, C.: Access to Electronic health records in primary care – a survey of patients’ views. Med. Sci. Monit. 10(11), 17–22 (2004)

    Google Scholar 

  3. TCG: Trusted Computing Group (2008), http://www.trustedcomputinggroup.org

  4. CSI: Computer Crime and Security Survey 2007, Computer Security Institute (2007), http://www.gocsi.com/forms/csisurvey.jhtml

  5. Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Workshop on Design Issues in Anonymity and Unobservability, pp. 1–9 (2000)

    Google Scholar 

  6. Win, K.T.: A review of security of electronic health records. HIM J. 34(1), 13–18 (2005)

    Google Scholar 

  7. Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2002)

    Google Scholar 

  8. Stingl, C., Slamanig, D.: Privacy Enhancing Methods for eHealth Applications: How to Prevent Statistical Analyses and Attacks. Int. J. Business Intelligence and Data Mining 3, 236–254 (2008)

    Article  Google Scholar 

  9. Steinbrecher, S., Köpsell, S.: Modelling Unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)

    Google Scholar 

  10. Riedl, B., Neubauer, T., Goluch, G., Boehm, O., Reinauer, G., Krumboeck, A.: A Secure Architecture for the Pseudonymization of Medical Data. In: Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), pp. 318–324. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  11. Riedl, B., Grascher, V., Neubauer, T.: A Secure e-Health Architecture based on the Appliance of Pseudonymization. Journal of Software 3, 23–32 (2008)

    Article  Google Scholar 

  12. Slamanig, D., Stingl, C., Lackner, G., Payer, U.: Preserving Privacy in a Web-based Multiuser-System (German). In: Horster, P. (ed.) Proceedings of DACH-Security 2007, pp. 98–110. IT-Verlag (2007)

    Google Scholar 

  13. Danezis, G., Diaz, C.: A Survey of Anonymous Communication Channels. Technical Report MSR-TR-2008-35, Microsoft Research (2008)

    Google Scholar 

  14. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium, p. 21 (2004)

    Google Scholar 

  15. Federrath, H.: Privacy Enhanced Technologies: Methods, Markets, Misuse. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 1–9. Springer, Heidelberg (2005)

    Google Scholar 

  16. Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 2–15. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  17. Boneh, D., Franklin, M.: Anonymous authentication with subset queries. In: Proc. of the 6th ACM conference on Computer and communications security, pp. 113–119 (1999)

    Google Scholar 

  18. Lindell, Y.: Anonymous Authenticaion. Whitepaper Aladdin Knowledge Systems, 2007 (2007), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf

  19. Schechter, S., Parnell, T., Hartemink, A.: Anonymous Authentication of Membership in Dynamic Groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  20. Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  21. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)

    Google Scholar 

  22. Rivest, R.L., Shamir, A., Tauman, Y.: How to Leak a Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  23. Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous Identification in Ad Hoc Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)

    Google Scholar 

  24. Naor, M.: Deniable Ring Authentication. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 481–498. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Stingl, C., Slamanig, D., Rauner-Reithmayer, D., Fischer, H.: Realization of a Secure and Centralized Data Repository (German). In: Horster, P. (ed.) Proceedings of DACH Security 2006, pp. 32–45. IT-Verlag (2006)

    Google Scholar 

  26. Demuynck, L., Decker, B.D.: Privacy-Preserving Electronic Health Records. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 150–159. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)

    Article  Google Scholar 

  28. Slamanig, D., Stingl, C.: Privacy Aspects of eHealth. In: Proceedings of the The Third International Conference on Availability, Reliability and Security (ARES 2008), pp. 1226–1233. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  29. Slamanig, D., Stingl, C.: Investigating Anonymity in Group Based Anonymous Authentication. In: Svenda, P. (ed.) The Future of Identity in the Informaton Society - Challenges for Privacy and Security. IFIP International Federation for Information Processing. Springer, Boston (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Medical Information Technology · Healthcare IT & Information Security, Carinthia University of Applied Sciences, Austria,  

    Daniel Slamanig & Christian Stingl

Authors
  1. Daniel Slamanig
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Stingl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Instituto de Telecomunicaçöes, IST - Instituto Superior Técnico, Av. Rovisco Pais, 1, 1049-001, Portugal, Lisbon

    Ana Fred

  2. Departament of Systems and Informatics, Polytechnic Institute of Setúbal – INSTICC, Rua do Vale de Chaves - Estefanilha, 2910-761, Setúbal, Portugal

    Joaquim Filipe

  3. Institute of Telecommunications, Av. Rovisco Pais, 1, 1049-001, Lisboa, Portugal

    Hugo Gamboa

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Slamanig, D., Stingl, C. (2010). Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient’s Privacy. In: Fred, A., Filipe, J., Gamboa, H. (eds) Biomedical Engineering Systems and Technologies. BIOSTEC 2009. Communications in Computer and Information Science, vol 52. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11721-3_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11721-3_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11720-6

  • Online ISBN: 978-3-642-11721-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation