Abstract
In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient’s privacy and discuss the applied methods.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
HI: Harris Interactive, Survey on Medical Privacy (2004), http://www.harrisinteractive.com/news/newsletters/healthnews/HI_HealthCareNews2004Vol4_Iss13.pdf
Pyper, C., Amery, J., Watson, M., Crook, C.: Access to Electronic health records in primary care – a survey of patients’ views. Med. Sci. Monit. 10(11), 17–22 (2004)
TCG: Trusted Computing Group (2008), http://www.trustedcomputinggroup.org
CSI: Computer Crime and Security Survey 2007, Computer Security Institute (2007), http://www.gocsi.com/forms/csisurvey.jhtml
Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Workshop on Design Issues in Anonymity and Unobservability, pp. 1–9 (2000)
Win, K.T.: A review of security of electronic health records. HIM J. 34(1), 13–18 (2005)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2002)
Stingl, C., Slamanig, D.: Privacy Enhancing Methods for eHealth Applications: How to Prevent Statistical Analyses and Attacks. Int. J. Business Intelligence and Data Mining 3, 236–254 (2008)
Steinbrecher, S., Köpsell, S.: Modelling Unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)
Riedl, B., Neubauer, T., Goluch, G., Boehm, O., Reinauer, G., Krumboeck, A.: A Secure Architecture for the Pseudonymization of Medical Data. In: Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), pp. 318–324. IEEE Computer Society, Los Alamitos (2007)
Riedl, B., Grascher, V., Neubauer, T.: A Secure e-Health Architecture based on the Appliance of Pseudonymization. Journal of Software 3, 23–32 (2008)
Slamanig, D., Stingl, C., Lackner, G., Payer, U.: Preserving Privacy in a Web-based Multiuser-System (German). In: Horster, P. (ed.) Proceedings of DACH-Security 2007, pp. 98–110. IT-Verlag (2007)
Danezis, G., Diaz, C.: A Survey of Anonymous Communication Channels. Technical Report MSR-TR-2008-35, Microsoft Research (2008)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium, p. 21 (2004)
Federrath, H.: Privacy Enhanced Technologies: Methods, Markets, Misuse. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 1–9. Springer, Heidelberg (2005)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 2–15. IEEE Computer Society, Los Alamitos (2003)
Boneh, D., Franklin, M.: Anonymous authentication with subset queries. In: Proc. of the 6th ACM conference on Computer and communications security, pp. 113–119 (1999)
Lindell, Y.: Anonymous Authenticaion. Whitepaper Aladdin Knowledge Systems, 2007 (2007), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf
Schechter, S., Parnell, T., Hartemink, A.: Anonymous Authentication of Membership in Dynamic Groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)
Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
Rivest, R.L., Shamir, A., Tauman, Y.: How to Leak a Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)
Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous Identification in Ad Hoc Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)
Naor, M.: Deniable Ring Authentication. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 481–498. Springer, Heidelberg (2002)
Stingl, C., Slamanig, D., Rauner-Reithmayer, D., Fischer, H.: Realization of a Secure and Centralized Data Repository (German). In: Horster, P. (ed.) Proceedings of DACH Security 2006, pp. 32–45. IT-Verlag (2006)
Demuynck, L., Decker, B.D.: Privacy-Preserving Electronic Health Records. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 150–159. Springer, Heidelberg (2005)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)
Slamanig, D., Stingl, C.: Privacy Aspects of eHealth. In: Proceedings of the The Third International Conference on Availability, Reliability and Security (ARES 2008), pp. 1226–1233. IEEE Computer Society, Los Alamitos (2008)
Slamanig, D., Stingl, C.: Investigating Anonymity in Group Based Anonymous Authentication. In: Svenda, P. (ed.) The Future of Identity in the Informaton Society - Challenges for Privacy and Security. IFIP International Federation for Information Processing. Springer, Boston (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Slamanig, D., Stingl, C. (2010). Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient’s Privacy. In: Fred, A., Filipe, J., Gamboa, H. (eds) Biomedical Engineering Systems and Technologies. BIOSTEC 2009. Communications in Computer and Information Science, vol 52. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11721-3_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-11721-3_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11720-6
Online ISBN: 978-3-642-11721-3
eBook Packages: Computer ScienceComputer Science (R0)