Skip to main content
SpringerLink
Log in

Secure Dynamic Access Control Scheme of PHR in Cloud Computing

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system “personal health records (PHR)” is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Committee on Quality of Health Care in America IoM, Crossing the quality chasm. National Academy Press, Washington, DC, 2001.

    Google Scholar 

  2. Kaelber, D. C., Jha, A. K., Johnston, D., Middleton, B., and Bates, D. W., A research agenda for personal health records. J. Am. Med. Inform. Assoc. 15(6):729–736, 2008.

    Article  Google Scholar 

  3. Pagliari, C., Detmer, D., and Singleton, P., Potential of electronic personal health records. Br. Med. J. 335(7615):330–333, 2007.

    Article  Google Scholar 

  4. National Research Council, Networking health: prescriptions for the internet. National Academy Press, Washington, DC, 2000.

    Google Scholar 

  5. AHIMA, AMIA, The value of personal health records: a joint position statement for consumers of healthcare. J. Am. Med. Inform. Assoc. 78(4):22–24, 2007.

    Google Scholar 

  6. Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., and Sands, D. Z., Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inform. Assoc. 13(2):121–126, 2006.

    Article  Google Scholar 

  7. Li, M., Yu, S., Ren, K., and Lou, W., “Securing Personal Health Records in Cloud Computing: Patient-centric and Fine-grained Data Access Control in Multi-owner Settings,” Security and Privacy in Communication Networks, pp. 89-106, 2010.

  8. Shortliffe, E. H., The evolution of electronic medical records. Acad. Med. 74:414–419, 1999.

    Article  Google Scholar 

  9. Cimino, J. J., Socratous, S. A., and Clayton, P. D., Internet as clinical information system: application development using the world wide Web. J. Am. Med. Informat. Assoc. 2:273–284, 1995.

    Article  Google Scholar 

  10. Schneider, J. H., Online personal medical records: Are they reliable for acute/critical care? Soc. Crit. Care Med. 29:196–201, 2001.

    Article  Google Scholar 

  11. Department of Health and Human Services, Security and electronic signature standards. Fed. Regist. 63(155):43241–43243, 1998.

    Google Scholar 

  12. Google health, Available: http://www.google.com/intl/en-US/health/about/index.html

  13. Microsoft health Vault, Available:http://www. healthvault.com/Personal/index.html

  14. US Public Law, “"Health Insurance Portability and Accountability Act of 1996,” 104th Congress, Public Law 104–191, 1996.

  15. Yanga, C. M., Lina, H. C., Changb, P., and Jianc, W. S., Taiwan’s Perspective on electronic medical Records’ security and privacy protection: lessons learned from HIPAA. Comput. Meth. Programs. Biomed. 82:277–282, 2006.

    Article  Google Scholar 

  16. Qualys On Demand Vulnerability Management, “CASE STUDY: Geisinger Health System—Bringing HIPAA Compliance to an Electronic Medical Record System,” http://www.qualys.com/docs/geisinger.pdf

  17. “Meeting HITECH’s Challenge to the Health Care Industry,” An Oracle White Paper, May 2010.

  18. Atluri, V., and Huang, W., “An Authorization Model for Workflows,” Proceedings of the Fourth European Symposium on Research in Computer Security, pp. 25-27, 1996.

  19. Barkley, J. F., Ferraiolo, D. F., and Kuhn, D. R., “A role based access control model and reference implementation within a corporate intranet”. ACM Trans. Inform. Syst.Secur. (TISSEC) 2:34–64, 1999.

    Article  Google Scholar 

  20. Botha, R., “CoSAWoE – A Model for Context-sensitive Access Control in Workflow Environments,” South Africa computer journal, 2001.

  21. Coyne, E., Fenstein, H., Sandhu, R., and Youman, C., Role-based access control models. IEEE Computer 29(2):38–47, 1996.

    Article  Google Scholar 

  22. Denning, D. E., “Cryptographic Checksums for Multilevel Database Security,” Proceedings of the 1984 IEEE Symposium on Security and Privacy, pp. 52–61, 1984.

  23. Bardram, J. E., Pervasive healthcare as a scientific discipline. Methods. Inform. Med. 47:129–142, 2008.

    Google Scholar 

  24. http://www.tafm.org.tw/data/012/meeting/209.pdf

  25. US Department of Health and Human Services, “Personal Health Records and Personal Health Record Systems,” National Committee on Vital and Health Statistics, pp. 15, 2006.

  26. Vaquero, L. M., Rodero-Merino, L., Caceres, J., and Lindner, M., A break in the clouds: towards a cloud definition. ACM SIGCOMM Comput. Comm. 39(1):50–55, 2008.

    Article  Google Scholar 

  27. Mell, P. and Grance, T., “The NIST Definition of Cloud Computing,” National Institute of Standards and Technology. 2009.

  28. Brunette, G. and Mogull, R., “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,” Cloud Security Alliance, 2009.

  29. Gens, F., “"New IDC IT Cloud Services Survey: Top Benefits and Challenges,” IDC eXchange, 2009

  30. Minister of Justice, “Personal Information Protection and Electronic Documents Act (PIPEDA),” 2011.

  31. Benaloh,J., Chase,M., Horvitz,E., and Lauter, K., “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records,” In Proceedings of the ACM workshop on Cloud computing security, pp. 103-114, 2009.

  32. Stalling,W., “Network and Network Security – Principles and Practice,” Prentice Hall International Edition, pp. 1-14, 1995.

  33. Stallings, W., “Cryptography and Network Security, Principles and Practice,” Prentice Hall, 2003

  34. AIM (Advance Informatics in Medicine), “Secure Environment for Information Systems in Medicine,” SEISMED (A2033)/SP14/HILD/05.07. 95.

  35. Shamir, A., “Identity-based Cryptosystems and Signature Schemes,” Advances in Cryptology-Proceedings of CRYPTO’84, Springer-Verlag LNCS 196, pp.47-53, 1985.

  36. National Bureau of Standards, FIPS pub. 46, “Data Encryption Standard,” US Department of Commerce, January 1977.

  37. Lai, X., and Massey, J., “"A proposal for a New block encryption standard”, Proceedings of Eurocrypt’91, Springer-Verlag. LNCS 473:389–404, 1991.

    MathSciNet  Google Scholar 

  38. Miller, V., “Use of Elliptic Curves in Cryptography”, Advances in Cryptology-Crypto’85. LNCS 218:417–426, 1985.

    MathSciNet  Google Scholar 

  39. Rivest, R., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-Key cryptosystems. Commun. ACM 21(2):120–126, 1978.

    Article  MathSciNet  MATH  Google Scholar 

  40. ElGamal, T., “A Public-Key Cryptosystem and a Signature Scheme based on Discrete Logarithms”, Advances in Cryptology-Crypto’85, Springer-Verlag. LNCS 196:10–18, 1985.

    MathSciNet  Google Scholar 

  41. Koblitz, N., Elliptic curve cryptosystems. Math. Comput. 48:203–209, 1985.

    MathSciNet  Google Scholar 

Download references

Acknowledgment

This work was supported partially by National Science Council of Republic of China under Grants NSC 101-2410-H-129 -001.

Author information

Authors and Affiliations

  1. Department of Information Management, Tunghai University, Taichung, Taiwan

    Tzer-Shyong Chen & Tzu-Ching Lin

  2. Department of Digital Literature and Arts, St. John’s University, Taipei, Taiwan

    Chia-Hui Liu

  3. Department of Information Management, Taiwan University, Taipei, Taiwan

    Tzer-Long Chen

  4. Department of Statistics, Tunghai University, Taichung, Taiwan

    Chin-Sheng Chen

  5. Department of Biomedical Engineering, Hungkuang University, Taichung, Taiwan

    Jian-Guo Bau

Authors
  1. Tzer-Shyong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chia-Hui Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tzer-Long Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chin-Sheng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jian-Guo Bau
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tzu-Ching Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tzer-Shyong Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, TS., Liu, CH., Chen, TL. et al. Secure Dynamic Access Control Scheme of PHR in Cloud Computing. J Med Syst 36, 4005–4020 (2012). https://doi.org/10.1007/s10916-012-9873-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-012-9873-8

Keywords

Search

Navigation