Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System

In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient’s permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient’s perspective.

[1]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[2]  Jun Pang,et al.  Challenges in eHealth: From Enabling to Enforcing Privacy , 2011, FHIES.

[3]  Dong Hoon Lee,et al.  Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency , 2013, ASIACRYPT.

[4]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[5]  Matthew Green,et al.  Securing electronic medical records using attribute-based encryption on mobile devices , 2011, SPSM '11.

[6]  L. Kux OF HEALTH AND HUMAN SERVICES Food and Drug Administration , 2014 .

[7]  Dong-Yuan Shi,et al.  An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption , 2014, 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[8]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[9]  Helmut Krcmar,et al.  Evaluation Framework for Personal Health Records: Microsoft HealthVault Vs. Google Health , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[10]  Lynda L. McGhie,et al.  THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[11]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[12]  Kwangsu Lee,et al.  Self-updatable encryption with short public parameters and its extensions , 2016, Des. Codes Cryptogr..

[13]  R. Caplan HIPAA. Health Insurance Portability and Accountability Act of 1996. , 2003, Dental assistant.

[14]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[15]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.

[16]  Dong-Yuan Shi,et al.  Privacy-preserving Cloud-based Personal Health Record System Using Attribute-based Encryption and Anonymous Multi-ReceiverIdentity-based Encryption , 2015, Informatica.

[17]  Arnon Rosenthal,et al.  Methodological Review: Cloud computing: A new business paradigm for biomedical information sharing , 2010 .

[18]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[19]  HuJiankun,et al.  A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations , 2010 .

[20]  Jiankun Hu,et al.  Corresponding author’s address: , 2022 .

[21]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[22]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[23]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[24]  Josep Domingo-Ferrer,et al.  Flexible attribute-based encryption applicable to secure e-healthcare records , 2015, International Journal of Information Security.

[25]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[26]  Jon Doyle,et al.  Guardian Angel: Patient-Centered Health Information Systems , 1994 .

[27]  Chien-Ding Lee,et al.  A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations , 2008, IEEE Transactions on Information Technology in Biomedicine.

[28]  Noboru Sonehara,et al.  Aspects of privacy for electronic health records , 2011, Int. J. Medical Informatics.

[29]  Jameela Al-Jaroodi,et al.  e-Health Cloud: Opportunities and Challenges , 2012, Future Internet.

[30]  Thomas Neubauer,et al.  A methodology for the pseudonymization of medical data , 2011, Int. J. Medical Informatics.

[31]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[32]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[33]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[34]  Jian-Guo Bau,et al.  Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[35]  Robert H. Deng,et al.  Authorized Keyword Search on Encrypted Data , 2014, ESORICS.

[36]  Ming Li,et al.  Authorized Private Keyword Search over Encrypted Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[37]  Kenneth D. Mandl,et al.  Indivo: a personally controlled health record for health information exchange and communication , 2007, BMC Medical Informatics Decis. Mak..

[38]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[39]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[40]  David W. Bates,et al.  White Paper: Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption , 2006, J. Am. Medical Informatics Assoc..

[41]  C. Redhead The Health Information Technology for Economic and Clinical Health (HITECH) Act , 2009 .

[42]  R. Anandaraj,et al.  RSA-DABE: A Novel Approach for Secure Health Data Sharing in Ubiquitous Computing Environment , 2015 .