Efficient key management for preserving HIPAA regulations

The protection of patients' health information is a very important issue in the information age. Health Insurance Portability and Accountability Act (HIPAA) of privacy and security regulations are two crucial provisions in the protection of healthcare privacy, especially electronic medical information. For the quality and efficiency of the electronic services, it is necessary to construct better performance for the user and the trusted party. Based on elliptic curve cryptography (ECC) and complying with HIPAA regulations, this article presents an efficient key management scheme to facilitate inter-operations among the applied cryptographic mechanisms. In addition, the proposed scheme can achieve the complete functionality which includes: (1) a dictionary of key tables is not required for users and other units; (2) users can freely choose their own passwords; (3) users can freely update their passwords after the registration phase; (4) the computational cost is very low for users and the trusted center or server; (5) users are able to access their individual medical information through the authorization process; (6) case of consent exceptions intended to facilitate emergency applications or other possible exceptions can also be dealt with easier.

[1]  Vassil S. Dimitrov,et al.  Two Algorithms for Modular Exponentiation Using Nonstandard Arithmetics , 1995 .

[2]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[3]  G. Stevens A Brief Summary of the Medical Privacy Rule , 2002 .

[4]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[5]  R. Caplan HIPAA. Health Insurance Portability and Accountability Act of 1996. , 2003, Dental assistant.

[6]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[7]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[8]  A. C. Weaver,et al.  The e-logistics of securing distributed medical data , 2003, IEEE International Conference on Industrial Informatics, 2003. INDIN 2003. Proceedings..

[9]  Rebecca Herold,et al.  Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Final rule. , 2001, Federal register.

[10]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Chien-Ding Lee,et al.  A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations , 2008, IEEE Transactions on Information Technology in Biomedicine.

[15]  Hhs Office for Civil Rights Standards for privacy of individually identifiable health information. Final rule. , 2002, Federal register.

[16]  Jiankun Hu,et al.  Corresponding author’s address: , 2022 .

[17]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[18]  Ted Cooper,et al.  Beyond good practice: why HIPAA only addresses part of the data security problem , 2004, CARS.

[19]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.

[20]  Polun Chang,et al.  Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA , 2006, Comput. Methods Programs Biomed..

[21]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.