A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations

The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

[1]  Ted Cooper,et al.  Beyond good practice: why HIPAA only addresses part of the data security problem , 2004, CARS.

[2]  A. C. Weaver,et al.  The e-logistics of securing distributed medical data , 2003, IEEE International Conference on Industrial Informatics, 2003. INDIN 2003. Proceedings..

[3]  Rebecca Herold,et al.  Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Final rule. , 2001, Federal register.

[4]  H. Humphrey,et al.  Standards for privacy of individually identifiable health information. , 2003, Health care law monthly.

[5]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[6]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[7]  Polun Chang,et al.  Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA , 2006, Comput. Methods Programs Biomed..

[8]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[9]  G. Stevens A Brief Summary of the Medical Privacy Rule , 2002 .

[10]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[11]  Jose M. Oton,et al.  Smart cards , 1994 .

[12]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[13]  Hhs Office for Civil Rights Standards for privacy of individually identifiable health information. Final rule. , 2002, Federal register.

[14]  Sung-Ming Yen,et al.  Improved Digital Signature Algorithm , 1995, IEEE Trans. Computers.