论文信息 - Design of RSA-CA Based E-Health System for Supporting HIPAA Privacy-Security Regulations☆

Design of RSA-CA Based E-Health System for Supporting HIPAA Privacy-Security Regulations☆

Abstract The privacy and the security regulations are two essential requirements of Health Insurance Portability and Accountability Act (HIPAA), recognized by US congress in 1996 as the US Federal Law followed by global e-health industry, in the protection of healthcare privacy. In this paper, a certificate authority (CA) based duality solution has been proposed to fulfill the HIPAA privacy and security regulations that supports both contract and smart card based systems. It presents a patient-centric e-health system based on RSA based public key certificate that allows secure sharing of healthcare information through internet. Doctors and relevant medical staff must have to take patients’ permission for online access to patients’ PHI data stored in the national medical center server (MCS). A copy of PHI text-data is stored in patients’ e-health smart card to support the duality. A random session key is generated in each appointment after prior authentication to upload and retrieve patients’ PHI data to or from MCS. One advantage is that the proposed CA based e-health system is easy implementable using existing security standards, tools and products. Discussions regarding the fulfillment of HIPAA regulations and comparison with the existing schemes have been provided to show the better performance of our scheme.

G. P. Biswas | Sangram Ray

[1] Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[2] D. Richard Kuhn,et al. SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure , 2001 .

[3] William Stallings,et al. Cryptography and network security , 1998 .

[4] Kuo-Ching Liu,et al. Efficient key management for preserving HIPAA regulations , 2011, J. Syst. Softw..

[5] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[6] Chien-Ding Lee,et al. A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations , 2008, IEEE Transactions on Information Technology in Biomedicine.

[7] Polun Chang,et al. Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA , 2006, Comput. Methods Programs Biomed..

[8] Jiankun Hu,et al. Corresponding author’s address: , 2022 .

[9] Ted Cooper,et al. Beyond good practice: why HIPAA only addresses part of the data security problem , 2004, CARS.

[10] Riley Davis. Health Insurance Portability and Accountability Act , 2011 .