Long-term verifiability of the electronic healthcare records' authenticity

PURPOSE To investigate whether the long-term preservation of the authenticity of electronic healthcare records (EHR) is possible. To propose a mechanism that enables the secure validation of an EHR for long periods, far beyond the lifespan of a digital signature and at least as long as the lifetime of a patient. APPROACH The study is based on the fact that although the attributes of data authenticity, i.e. integrity and origin verifiability, can be preserved by digital signatures, the necessary period for the retention of EHRs is far beyond the lifespan of a simple digital signature. It is identified that the lifespan of signed data is restricted by the validity period of the relevant keys and the digital certificates, by the future unavailability of signature-verification data, and by suppression of trust relationships. In this paper, the notarization paradigm is exploited, and a mechanism for cumulative notarization of signed EHR is proposed. RESULTS The proposed mechanism implements a successive trust transition towards new entities, modern technologies, and refreshed data, eliminating any dependency of the relying party on ceased entities, obsolete data, or weak old technologies. The mechanism also exhibits strength against various threat scenarios. CONCLUSIONS A future relying party will have to trust only the fresh technology and information provided by the last notary, in order to verify the authenticity of an old signed EHR. A Cumulatively Notarized Signature is strong even in the case of the compromise of a notary in the chain.

[1]  Diomidis Spinellis,et al.  Towards a framework for evaluating certificate status information mechanisms , 2003, Comput. Commun..

[2]  Cathy Nelson Hartman,et al.  A Metadata Approach to Preservation of Digital Resources: The University of North Texas Libraries' Experience , 2002, First Monday.

[3]  Andrew D. Fernandes Risking "trust" in a public key infrastructure: old techniques of managing risk applied to new technology , 2001, Decis. Support Syst..

[4]  Dimitrios Lekkas Establishing and managing trust within the public key infrastructure , 2003, Comput. Commun..

[5]  T. Wright Secure Digital Archiving of High-Value Data , 2001 .

[6]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[7]  Costas Lambrinoudakis,et al.  Technical guidelines for enhancing privacy and data protection in modern electronic medical environments , 2005, IEEE Transactions on Information Technology in Biomedicine.

[8]  John Ross,et al.  Electronic Signature Formats for long term electronic signatures , 2001, RFC.

[9]  Mary Baker,et al.  Enabling the Archival Storage of Signed Documents , 2002, FAST.

[10]  Bernd Blobel,et al.  Authorisation and access control for electronic health record systems , 2004, Int. J. Medical Informatics.

[11]  Costas Lambrinoudakis,et al.  A security architecture for interconnecting health information systems , 2004, Int. J. Medical Informatics.

[13]  D Gritzalis,et al.  An integrated architecture for deploying a virtual private medical network over the Web , 2001, Medical informatics and the Internet in medicine.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Jan Willemson,et al.  Efficient Long-Term Validation of Digital Signatures , 2001, Public Key Cryptography.

[16]  Evangelos A. Kiountouzis,et al.  Achieving Interoperability in a Multiple-Security- Policies Environment , 2000, Comput. Secur..

[17]  Stephen Wu,et al.  Digital Signatures , 2002 .