Secure Trust Delegation for Sharing Patient Medical Records in a Mobile Environment

This paper presents a detailed architecture and a token-based protocol for the trust delegation on medical data across a public mobile network. The trust is negotiated between a mobile emergency medical unit and a medical record database. The solution presented in this paper enables the development of a software tool that can be used by the emergency medical units in urgent need of sensitive personal medical records about unconscious patients. The trust delegated medical records are downloaded onto the hand-held mobile devices of the mobile emergency medical personal. The downloaded medical records are used during emergency care and this data should be protected from future unauthorized distribution and misuse. This paper presents an architecture of a mobile security capsule, which enables the trust negotiation to provide a highly secure environment which can be used for the access of highly confidential medical data over the mobile network.

[1]  Zhengping Wu,et al.  Bridging Trust Relationships with Web Service Enhancements , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[2]  Raj Gururajan,et al.  The Study in the Use of Hand Held Devices in an Emergency Department , 2007 .

[3]  Peter Fu-Ming Hu,et al.  Design and Evaluation of a Real-Time Mobile Telemedicine System for Ambulance Transport , 2000, AMIA.

[4]  Timestamp authentication protocol for remote monitoring in eHealth , 2008, 2008 Second International Conference on Pervasive Computing Technologies for Healthcare.

[5]  Charles B. Fleming,et al.  Opening the Black Box: Using Process Evaluation Measures to Assess Implementation and Theory Building , 1999, American journal of community psychology.

[6]  Emil Jovanov,et al.  Guest Editorial Introduction to the Special Section on M-Health: Beyond Seamless Mobility and Global Wireless Health-Care Connectivity , 2004, IEEE Transactions on Information Technology in Biomedicine.

[7]  Gary W. Wood,et al.  Patients’ attitudes to the summary care record and HealthSpace: qualitative study , 2008, BMJ : British Medical Journal.

[8]  Adolfo Muñoz Carrero,et al.  Airmed-cardio: a GSM and Internet services-based system for out-of-hospital follow-up of cardiac patients , 2005, IEEE Transactions on Information Technology in Biomedicine.

[9]  C. Safran,et al.  Internet based repository of medical records that retains patient confidentiality , 2000, BMJ : British Medical Journal.

[10]  John Kemp,et al.  Mobile Web Services: Architecture and Implementation , 2006 .

[11]  B. Avolio,et al.  Opening the black box: An experimental investigation of the mediating effects of trust and value congruence on transformational and transactional leadership. , 2000 .

[12]  Sri Lanka,et al.  The Use of Mobile Phone as a Tool for Capturing Patient Data in Southern Rural Tamil Nadu, India , 2011 .

[13]  Stephen Perelson An Investigation Into Access Control For Mobile Devices , 2004, ISSA.

[14]  Elisa Bertino,et al.  Trust Negotiation in Identity Management , 2007, IEEE Security & Privacy.

[15]  Stefanos Gritzalis,et al.  Providing secure mAccess to medical information , 2007, Int. J. Electron. Heal..

[16]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[17]  Marcela D. Rodríguez,et al.  Location-aware access to hospital information and services , 2004, IEEE Transactions on Information Technology in Biomedicine.

[18]  Elisa Bertino,et al.  Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment , 2004, IEEE Transactions on Knowledge and Data Engineering.

[19]  Enrico Motta,et al.  IRS-II: A Framework and Infrastructure for Semantic Web Services , 2003, SEMWEB.

[20]  Muttukrishnan Rajarajan,et al.  Securing electronic health records with novel mobile encryption schemes , 2007, Int. J. Electron. Heal..

[21]  Eric S. Hall,et al.  Enabling remote access to personal electronic medical records. , 2003, IEEE engineering in medicine and biology magazine : the quarterly magazine of the Engineering in Medicine & Biology Society.

[22]  Elisa Bertino,et al.  Digital Identity Management and Trust Negotiation , 2009 .

[23]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.

[24]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[25]  Jesús Favela,et al.  Mobility in hospital work: towards a pervasive computing hospital environment , 2007, Int. J. Electron. Heal..

[26]  David K. Vawdrey,et al.  Trust negotiation for authentication and authorization in healthcare information systems , 2003, Proceedings of the 25th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (IEEE Cat. No.03CH37439).

[27]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.