Abstract
Personally controlled health records (PCHR) systems have emerged to allow patients to control their own medical data. In a PCHR system, all the access privileges to a patient’s data are granted by the patient. However, in many emergency cases, it is impossible for the patient to participate in access authorization on site when immediate medical treatment is needed. To solve the emergency access authorization problem in the absence of patients, we consider two cases: a) the requester is already in the PCHR system but has not obtained the access privilege of the patient’s health records, and b) the requester does not even have an account in the PCHR system to submit its request. For each of the two cases, we present a method for emergency access authorization, utilizing the weighted voting and source authentication cryptographic techniques. Our methods provide an effective, secure and private solution for emergency access authorization, that makes the existing PCHR system frameworks more practical and thus improves the patients’ experiences of health care when using PCHR systems. We have implemented a prototype system as a proof of concept.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
The American Recovery and Reinvestment Act of 2009 (ARRA), P.L. 111C5, 6. 123 Stat 115, 17 February 2009.
Agrawal, D., and Srikant, R., Privacy-preserving data mining. In: Proc. ACM SIGMOD. pp. 439–450, 2000.
Grimson, W., Jung, B., van Mulligen, E. M., van Ginneken, A. M., Pardon, S., and Sottile, P. A., Extensions to the HISA standard—The SynEx computing environment. Methods Inf. Med. 41:401–10, 2002.
Blobel, B., Authorization and access control for electronic health record systems. Int. J. Med. Inform. 73(3):251–257, 2004.
Brickell, J., and Shmatikov, V., Efficient anonymity-preserving data collection. In: Proc. of ACM KDD, 2006.
Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B., Multicast security: A taxonomy and some efficient constructions. In: Proceedings of IEEE INFOCOM ’99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE. Vol. 2, pp. 708–716, 1999.
Chen, K., and Liu, L., Privacy preserving data classification with rotation perturbation. In: Proceeding of ICDM’05. pp. 589–592. Washington: IEEE Computer Society, 2005.
Du, W., and Zhan, Z., Using randomized response techniques for privacy preserving data mining. In: Proceeding of SIGKDD’03. pp. 505–510, 2003.
France, R., Security of health care records in Belgium application in a university hospital. Int. J. Med. Inform. 73(3):235–8, 2004.
Grimson, W., Berry, D., Grimson, J., Stephens, G., Felton, E., Given, P., and O’Moore, R., Federated healthcare record server—The synapses paradigm. Int. J. Med. Inform. 52:3–27, 1998.
Grimson, J., Grimson, W., Berry, D., Stephens, G., Felton, E., Kalra, D., Toussaint, P., and Weier, O. W., A CORBA-based integration of distributed electronic healthcare records using the synapses approach. IEEE Trans. Inf. Technol. Biomed. 2:124–138, 1998.
HIPPA, National Standards to Protect the Privacy of Personal Health Information, [Online]. Available at: http://www.hhs.gov/ocr/hipaa/finalreg.html, 2006.
Haaka, Mvd, Wolffa, A. C., Brandnera R, Dringsb P, Wannenmacherc M, and Wetter T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2–3):117–130, 2003.
Lindell, Y., and Pinkas, B., Privacy preserving data mining. J. Cryptol. 15(3):177–206, 2002.
LeFevre, K., Dewitt, D. J., and Ramakrishnan, R., Incognito: Efficient full-domain k-anonymity. In: Proceedings of the 2005 ACM SIGMOD, 12–16 June 2005.
Motta, G., and Furuie S., A contextual role-based access control authorization model for electronic patient record. IEEE Trans. Inf. Technol. Biomed. 7(3):202–7, 2003.
Narayanan, A., and Shmatikov, V., Obfuscated databases and group privacy. In: Proc. of ACM CCS, 2005.
The Personal Health Working Group, The personal health working group final report. Washington, DC: Connecting for Health: A Public–Private Collaborative, 2003.
Committee on Data Standards for Patient Safety, Board on Health Care Services, Key capabilities of an electronic health record system. Washington, DC: Institute of Medicine of the National Academies, 2003.
Sandhu, R. S., Coyne, E. J., and Youman, C. E., Role-based access control models. IEEE Comput. 29(2):38–47, 1996.
Simons, W. W., Mandl, K. D., and Kohane, I. S., The PING personally controlled electronic medical record system: Technical architecture. J. Am. Med. Inform. Assoc. 12(1):47–54, 2005.
Teng, Z., and Du, W., Comparisons of K-anonymization and randomization schemes under linking attacks. In: Proceedings of the 2006 ICDM. pp. 1091–1096, 2006.
Tannenbaum, T., Excursions in modern mathematics, 6th Ed. Upper Saddle River: Prentice Hall, 48C83, 2006.
Thompson, T. G., and Brailer, D. J., The decade of health information technology: Delivering consumer-centric and information-rich health care. Available at: http://www.hsrnet.net/nhii/materials/strategic_framework.pdf, Accessed 24 August 2004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, T., Zhong, S. Emergency Access Authorization for Personally Controlled Online Health Care Data. J Med Syst 36, 291–300 (2012). https://doi.org/10.1007/s10916-010-9475-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-010-9475-2