EPR Access Authorization of Medical Teams Based on Patient Consent

Electronic patient records (EPR) may contain highly confidential and personal medical information. It is therefore essential that medical data is properly protected and managed. Today, it is widely recognized that patients have a right to selfdetermination and to exert control of their own medical data by consent. In this paper, we present a cryptographic EPR access authorization scheme that incorporates patient consent as a basis for granting EPR access to medical teams or practitioners. This ensures that only the medical practitioners specified by a consenting patient are granted EPR access. If a patient is unconscious, the variation of the scheme allows an emergency or security team to act on behalf of the patient.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Narn-Yih Lee,et al.  Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders , 1994, EUROCRYPT.

[3]  Roger Clarke,et al.  Viewpoint Paper: e-Consent: The Design And Implementation of Consumer Consent Mechanisms in an Electronic Environment , 2004, J. Am. Medical Informatics Assoc..

[4]  G Bleumer,et al.  Cryptographic protection of health information: cost and benefit. , 1996, International journal of bio-medical computing.

[5]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[6]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[7]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[8]  Telecommunications Board For the Record: Protecting Electronic Health Information [link] , 1997 .

[9]  P. A. B. Galpottage,et al.  Patient consent principles and guidelines for e-consent: a New Zealand perspective , 2005, Health Informatics J..

[10]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[11]  Hossein Ghodosi,et al.  A Self-Certified Group-Oriented Cryptosystem Without a Combiner , 1999, ACISP.

[12]  Sigurd Eskeland Access control by secure multi-party EPR decryption in the medical scenario , 2006, Communication, Network, and Information Security.

[13]  Reinhold Haux,et al.  An e-consent-based shared EHR system architecture for integrated healthcare networks , 2007, Int. J. Medical Informatics.

[14]  G. I. Serour Confidentiality, privacy and security of patients' health care information , 2006, International journal of gynaecology and obstetrics: the official organ of the International Federation of Gynaecology and Obstetrics.

[15]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .