An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

[1]  Hoi-Kwong Lo,et al.  From Quantum Cheating to Quantum Security , 2000, quant-ph/0111100.

[2]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[3]  Randolph C. Barrows,et al.  Review: Privacy, Confidentiality, and Electronic Medical Records , 1996, J. Am. Medical Informatics Assoc..

[4]  Chuan-Ming Liu,et al.  A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[5]  Anil K. Jain,et al.  Securing Electronic Medical Records Using Biometric Authentication , 2005, AVBPA.

[6]  David C. Yen,et al.  Electronic medical record quality and its impact on user satisfaction - Healthcare providers' point of view , 2012, Gov. Inf. Q..

[7]  Paolo Tonella,et al.  A 2-layer model for the white-box testing of Web applications , 2004, Proceedings. Sixth IEEE International Workshop on Web Site Evolution.

[8]  Xie Xuan XML Digital Signature , 2002 .

[9]  Marco Chirico,et al.  XML technologies to design didactical distributed measurement laboratories , 2002, IMTC/2002. Proceedings of the 19th IEEE Instrumentation and Measurement Technology Conference (IEEE Cat. No.00CH37276).

[10]  Dipak Kalra,et al.  Inter-organizational future proof EHR systems: A review of the security and privacy related issues , 2009, Int. J. Medical Informatics.

[11]  Norihiro Sakamoto,et al.  A secure model for communication of health care information by sub-division of information and multiplication of communication paths , 1998, Int. J. Medical Informatics.

[12]  T. M. Chester Cross-platform integration with XML and SOAP , 2001 .

[13]  Eugene Y.S. Lim,et al.  Data Security and Protection for Medical Images , 2008 .

[14]  Qi Li,et al.  Using qualitative studies to improve the usability of an EMR , 2005, J. Biomed. Informatics.

[15]  Keshab K. Parhi,et al.  High-speed VLSI architectures for the AES algorithm , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16]  Hung-Ming Chen,et al.  An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2012, Journal of Medical Systems.

[17]  X. Liao,et al.  One-way Hash function construction based on the chaotic map with changeable-parameter , 2005 .

[18]  Bin Li,et al.  Effects of electronic medical record in a Chinese hospital: A time series study , 2012, Int. J. Medical Informatics.

[19]  Ayman I. Kayssi,et al.  J2ME application-layer end-to-end security for m-commerce , 2004, J. Netw. Comput. Appl..

[20]  Ju-Chuan Wu,et al.  A Reliable RFID Mutual Authentication Scheme for Healthcare Environments , 2013, Journal of Medical Systems.

[21]  Carolyn McGregor,et al.  Compression of XML physiological data streams to support neonatal intensive care unit Web services , 2005, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service.

[22]  S. Davidson,et al.  Physician and nurse satisfaction with an Electronic Medical Record system. , 2004, The Journal of emergency medicine.

[23]  Juan C Asenjo Feature: The Advanced Encryption Standard - Implementation and Transition to a New Cryptographic Benchmark , 2002 .

[24]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[25]  Russell Tessier,et al.  Low latency Solution for Confidentiality and Integrity Checking in Embedded Systems with Off-Chip Memory , 2007, ReCoSoC.

[26]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[27]  Jochen R. Moehr,et al.  Adoption of security and confidentiality features in an operational community health information network: the Comox Valley experience - case example , 1998, Int. J. Medical Informatics.

[28]  Timothy W. Finin,et al.  Authorization and privacy for semantic Web services , 2004, IEEE Intelligent Systems.

[29]  Joachim Dudeck,et al.  Implementing health care systems using XML standards , 2005, Int. J. Medical Informatics.

[30]  Apostolos P. Fournaris,et al.  A new RSA encryption architecture and hardware implementation based on optimized Montgomery multiplication , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[31]  Snezana Sucurovic,et al.  Implementing security in a distributed web-based EHCR , 2007, Int. J. Medical Informatics.

[32]  Masaya Norifusa Internet security: difficulties and solutions , 1998, Int. J. Medical Informatics.

[33]  Kefei Chen,et al.  A Secure Lightweight RFID Binding Proof Protocol for Medication Errors and Patient Safety , 2012, Journal of Medical Systems.

[34]  A. A. Zaidan,et al.  Review of mobile short message service security issues and techniques towards the solution , 2011 .

[35]  Polun Chang,et al.  Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA , 2006, Comput. Methods Programs Biomed..

[36]  Dimitris Koutsouris,et al.  Medical support system for continuation of care based on XML web technology , 2001, Int. J. Medical Informatics.

[37]  Sally Beahan Legal Issues in Medical Records/Health Information Management , 2008 .

[38]  Madhusudhan Govindaraju,et al.  Investigating the limits of SOAP performance for scientific computing , 2002, Proceedings 11th IEEE International Symposium on High Performance Distributed Computing.

[39]  Anne Holbrook,et al.  Views on health information sharing and privacy from primary care practices using electronic medical records , 2011, Int. J. Medical Informatics.

[40]  Xinxing Jing,et al.  Research based on XML/SOAP BACnet and internet integration technology , 2010, 2010 International Conference on Intelligent Computing and Integrated Systems.

[41]  David Ting Securing access to healthcare , 2011 .

[42]  Lorie Lucas,et al.  Partnering to Enhance the Nursing Curriculum: Electronic Medical Record Accessibility , 2010 .

[43]  K Toyoda Standardization and security for the EMR. , 1998, International journal of medical informatics.

[44]  Xia Wang,et al.  Web-based infectious disease reporting using XML forms , 2008, Int. J. Medical Informatics.

[45]  Muhammad Khurram Khan,et al.  An Authentication Scheme for Secure Access to Healthcare Services , 2012, Journal of Medical Systems.

[46]  Cheng-Wen Wu,et al.  An HMAC processor with integrated SHA-1 and MD5 algorithms , 2004 .

[47]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[48]  Pekka Ruotsalainen,et al.  A notary archive model for secure preservation and distribution of electrically signed patient documents , 2007, Int. J. Medical Informatics.

[49]  Chien-Lung Hsu,et al.  A Security and Privacy Preserving E-Prescription System Based on Smart Cards , 2012, Journal of Medical Systems.

[50]  Ting-Wei Hou,et al.  Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment , 2012, Journal of Medical Systems.

[51]  Bernd Blobel,et al.  Securing interoperability between chip card based medical information systems and health networks , 2001, Int. J. Medical Informatics.

[52]  Da-Wei Wang,et al.  Aspect-oriented design and implementation of adaptable access control for Electronic Medical Records , 2010, Int. J. Medical Informatics.

[53]  Shau-Yin Tseng,et al.  Integrated design of AES (Advanced Encryption Standard) encrypter and decrypter , 2002, Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors.

[54]  Ming-Chih Chen,et al.  Memory-free low-cost designs of advanced encryption standard using common subexpression elimination for subfunctions in transformations , 2006, IEEE Transactions on Circuits and Systems I: Regular Papers.

[55]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[56]  Ravi Mukkamala,et al.  Active certificates: a new paradigm in digital certificate management , 2002, Proceedings. International Conference on Parallel Processing Workshop.

[57]  Bernd Blobel,et al.  Modelling privilege management and access control , 2006, Int. J. Medical Informatics.

[58]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[59]  Álvaro Alesanco Iglesias,et al.  A robust and simple security extension for the medical standard SCP-ECG , 2013, J. Biomed. Informatics.

[60]  Lionel Torres,et al.  PE-ICE: Parallelized Encryption and Integrity Checking Engine , 2006, 2006 IEEE Design and Diagnostics of Electronic Circuits and systems.

[61]  Antoine Joux,et al.  Why Textbook ElGamal and RSA Encryption Are Insecure , 2000, ASIACRYPT.

[62]  Morteza Nikooghadam,et al.  Secure Communication of Medical Information Using Mobile Agents , 2012, Journal of Medical Systems.

[63]  Vassilios Chrissikopoulos,et al.  Secure medical digital libraries , 2001, Int. J. Medical Informatics.

[64]  R. Haux,et al.  Electronic signature for medical documents--integration and evaluation of a public key infrastructure in hospitals. , 2002, Methods of information in medicine.

[65]  Emmanuel Barillot,et al.  XML, bioinformatics and data integration , 2001, Bioinform..

[66]  G. Kurtz EMR confidentiality and information security. , 2003, Journal of healthcare information management : JHIM.

[67]  Shankar Pal,et al.  Indexing XML Data Stored in a Relational Database , 2004, VLDB.

[68]  Robert H. Baud,et al.  XMLA as standard for communicating in a document-based electronic patient record: a 3 years experiment , 2003, Int. J. Medical Informatics.

[69]  Pekka Ruotsalainen A cross-platform model for secure Electronic Health Record communication , 2004, Int. J. Medical Informatics.

[70]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[71]  Costas Lambrinoudakis,et al.  A security architecture for interconnecting health information systems , 2004, Int. J. Medical Informatics.

[72]  Ravi Ganesan,et al.  Yaksha: augmenting Kerberos with public key cryptography , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[73]  Jia Zhang,et al.  A SOAP-oriented component-based framework supporting device-independent multimedia Web services , 2002, Fourth International Symposium on Multimedia Software Engineering, 2002. Proceedings..

[74]  Paolo Tonella,et al.  Statistical testing of Web applications , 2004, J. Softw. Maintenance Res. Pract..

[75]  Sanjiva Weerawarana,et al.  Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI , 2002, IEEE Internet Computing.

[76]  Dan Suciu,et al.  XMLTK: An XML Toolkit for Scalable XML Stream Processing , 2002 .

[77]  Thomas G. Zimmerman The case for electronic medical records—why the time to act is now , 2010 .

[78]  Constantinos E. Goutis,et al.  Efficient implementation of the keyed-hash message authentication code (HMAC) using the SHA-1 hash function , 2004, Proceedings of the 2004 11th IEEE International Conference on Electronics, Circuits and Systems, 2004. ICECS 2004..

[79]  Heather Kreger,et al.  Fulfilling the Web services promise , 2003, CACM.

[80]  Leis J.M,et al.  Proceedings of the Symposium , 1997 .

[81]  Fred Piper,et al.  Recent Developments in Cryptography , 1988 .

[82]  Marin Litoiu,et al.  Migrating to Web services - latency and scalability , 2002, Proceedings. Fourth International Workshop on Web Site Evolution.

[83]  Jai Mohan,et al.  The Malaysian Telehealth Flagship Application: a national approach to health data protection and utilisation and consumer rights , 2004, Int. J. Medical Informatics.

[84]  Dimitris Gritzalis,et al.  Long-term verifiability of the electronic healthcare records' authenticity , 2007, Int. J. Medical Informatics.

[85]  Thomas J. Ostrand,et al.  White‐Box Testing , 2002 .

[86]  Stefanos Gritzalis,et al.  Quality assured trusted third parties for deploying secure internet-based healthcare applications , 2002, Int. J. Medical Informatics.

[87]  Terry J. Hannan,et al.  Variation in health care - the roles of the electronic medical record , 1999, Int. J. Medical Informatics.

[88]  Farid Touati,et al.  U-Healthcare System: State-of-the-Art Review and Challenges , 2013, Journal of Medical Systems.

[89]  R. Van de Velde,et al.  Framework for a clinical information system , 2000, Int. J. Medical Informatics.

[90]  A. Bouhraoua Design Feasibility Study For A 500 Gbits/s AES Cypher Decypher Engine , 2006, 2006 International Conference on Microelectronics.

[91]  I. Kohane,et al.  Public standards and patients' control: how to keep electronic medical records accessible but private. , 2001, BMJ : British Medical Journal.

[92]  Jan H. P. Eloff,et al.  Security in health-care information systems - current trends , 1999, Int. J. Medical Informatics.

[93]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.