Achieving Forward Secrecy and Unlinkability in Cloud-Based Personal Health Record System

This paper proposes a symmetric key based PHRMS solution for cloud satisfying the following security and privacy properties: (1) forward data secrecy i.e., a user (for example, a doctor) with old keys cannot access any newly added data, (2) data unlinkability i.e., no unauthorized user can link an outsourced PHR information to its owner, and (3) write integrity protection i.e., no unauthorized user can modify the outsourced PHR data including their actual writers (for example, a doctor or Laboratory), even if they collude with the cloud service provider.

[1]  B. Halpern-Felsher,et al.  Influence of physician confidentiality assurances on adolescents' willingness to disclose information and seek future health care. A randomized controlled trial. , 1997, JAMA.

[2]  Paul S. Appelbaum Privacy in Psychiatric Treatment: Threats and Responses , 2003 .

[3]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[4]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[5]  Daniela Richter,et al.  Pseudonymization of patient identifiers for translational research , 2013, BMC Medical Informatics and Decision Making.

[6]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[7]  Armin B. Cremers,et al.  Pseudonymization for Secondary Use of Cloud Based Electronic Health Records , 2014 .

[8]  Yu-Yi Chen,et al.  A Secure EHR System Based on Hybrid Clouds , 2012, Journal of Medical Systems.

[9]  David W. Bates,et al.  Viewpoint Paper: A Research Agenda for Personal Health Records (PHRs) , 2008, J. Am. Medical Informatics Assoc..

[10]  C. Thomas,et al.  Psychiatrists, the Public, and Confidentiality , 1982, The Journal of nervous and mental disease.

[11]  T. Giordano,et al.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research. , 2006, Annual review of medicine.

[12]  Michael Schrefl,et al.  A HYBRID APPROACH INTEGRATING ENCRYPTION AND PSEUDONYMIZATION FOR PROTECTING ELECTRONIC HEALTH RECORDS , 2010, BioMed 2010.

[13]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[14]  Jon Doyle,et al.  Guardian Angel: Patient-Centered Health Information Systems , 1994 .

[15]  Shiping Chen,et al.  A platform for secure monitoring and sharing of generic health data in the Cloud , 2014, Future Gener. Comput. Syst..

[16]  Charles Safran,et al.  Toward a national framework for the secondary use of health data: an American Medical Informatics Association White Paper. , 2007, Journal of the American Medical Informatics Association : JAMIA.

[17]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[18]  Vanga Odelu,et al.  An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E-Medicine System , 2012, Journal of Medical Systems.