ABSTRACT
Electronic Health Records (EHRs) are further driving the volume of data as patients' files, x-rays, lab results, and other sensitive medical records are transmitted across the network. Today, nearly one-third of healthcare providers use mobile devices to access EHRs from cloud systems. With the healthcare industry facing a new reality, healthcare applications are steadily impacting the mobility and security of how caregivers and hospitals are authorized to access vital information. However, mobile services are still not generally allowed to operate with highly sensitive and personal data, mainly due to the lack of a defined security standard, low protection of data transferred through the mobile and wireless network and no standard and widely accepted user authentication method that ensure confidentiality. In this paper, a proposed privacy-preserving EHR system using ciphertext-multi authority attribute-based encryption (CPMA-ABE) will be built. In this system, patients can encrypt their EHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive EHR contexts. Meanwhile patients maintain full control over access to their EHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their EHR. The system also provides extra features such as populating EHR from different EHR cloud systems using ABE.
- Alemán, J. L. F., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics.Google Scholar
- Joseph A. Akinyele, et al. 2011. Securing electronic medical records using attribute-based encryption on mobile devices. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM '11). ACM, 75--86. Google ScholarDigital Library
- Lohr H., S. A. (2010). Securing the e-Health Cloud. Proceedings of the 1st ACM International Health Informatics Symposium, 220--229. Google ScholarDigital Library
- Mell P., G. T. (2011, September). The NIST Definition of Cloud Computing. NIST Special Publication 800-145. Gaithersburg, MD, USA. Google ScholarDigital Library
- Raju, S. e. (2004). Status of Mobile Computing in Health Care: An Evidence Study. 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 3274--3277Google Scholar
- Ries, M. D. (2014). Electronic Medical Records: Friends or Foes?. Clinical Orthopaedics and Related Research®, 472(1), 16--21.Google Scholar
- Wu R., A. G. (2012). Secure Sharing of Electronic Health Records in Clouds. In Proeedings of the 8th IEEE International Conference on Collaborative (pp. 1--8). Pittsburgh: CollaborateCom.Google Scholar
- Zhang R., et al. (2013). Role-Based and Time-bound Access and Management of EHR Data. Security and Communication Networks.Google Scholar
- Zhang R., Liu L. (2010). Security Models and Requirements for Healthcare Application Clouds. Proceeding CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing, 268--275. Google ScholarDigital Library
- Cpabe http://hms.isi.jhu.edu/acsc/cpabe/Google Scholar
Index Terms
- Securing EHRs via CPMA attribute-based encryption on cloud systems
Recommendations
Securing Electronic Health Records in the Cloud
W-P2DS'18: Proceedings of the 1st Workshop on Privacy by Design in Distributed SystemsHealth care institutions gather and store sensitive information from patients with the goal of providing the best care. The medical history of a patient is essential to guarantee that the right diagnosis is achieved and help the clinical staff act in ...
Securing electronic medical records using attribute-based encryption on mobile devices
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devicesWe provide a design and implementation of self-protecting electronic medical records (EMRs) using attribute-based encryption on mobile devices. Our system allows healthcare organizations to export EMRs to locations outside of their trust boundary. In ...
An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet ComputingAs an emerging patient-centric model of health information exchange, cloud-based personal health record (PHR) system holds great promise for empowering patients and ensuring more effective delivery of health care. In this paper, we propose a novel ...
Comments