Managing the Privacy and Security of eHealth Data

The large scale adoption of mobile medicine, supported by an increasing number of medical devices and remote access to health services, correlated with the continuous involvement of the patients in their own healthcare, led to the emergence of tremendous amounts of clinical data. They need to be securely transferred, archived and accessed. This paper refers to a new approach for protecting the privacy and security of clinical data through the use of a state of the art encryption scheme and attribute-based access control authorization framework. As personal medical records are often used by different entities (e.g. Doctors, pharmacists, nurses, etc.), there is a need for different degrees of authorization access for specific parts of the personal dossier. Appropriate cryptographic tools are presented for allowing partial visibility and valid protection on authorized parts for hierarchical privacy protection of eHealth data. The encryption process relies on ARCANA, a security platform developed at ERISCS research laboratory from University Aix-Marseille. It provides the appropriate cryptographic tools for secure hierarchical access to healthcare data. This ensures that the access of various entities to the healthcare data is accurately and hierarchically controlled. The access control framework used in this research is based on XACML, a standard access control decision model specified by OASIS. The applicability and feasibility of XACML-based policies to regulate the access to patient data are demonstrated through SAFAX. SAFAX is a new public authorization framework developed by the Eindhoven University of Technology tested among others on eHealth case studies, in cooperation with Munich University of Applied Sciences. It is envisioned that the usage of data encryption and public authorization solutions to regulate access control on patients clinical data will have a big impact on the patient's trust in electronic healthcare systems and will speed up their large scale adoption.

[1]  Tim Benson Comprar Principles of Health Interoperability HL7 and SNOMED | Benson, Tim | 9781848828025 | Springer , 2009 .

[2]  Tim Benson,et al.  Principles of Health Interoperability HL7 and SNOMED , 2009 .

[3]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[4]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[5]  Tao Xie,et al.  Designing Fast and Scalable XACML Policy Evaluation Engines , 2011, IEEE Transactions on Computers.

[6]  Jerry den Hartog,et al.  SAFAX – An Extensible Authorization Service for Cloud Environments , 2015, Front. ICT.

[7]  Traian Muntean,et al.  A Cryptographic Keys Transfer Protocol for Secure Communicating Systems , 2010, 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing.

[8]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[9]  Traian Muntean,et al.  Towards fully incremental cryptographic schemes , 2013, ASIA CCS '13.

[10]  Mihir Bellare,et al.  Incremental cryptography and application to virus protection , 1995, STOC '95.

[11]  Stefaan Callens,et al.  The EU legal framework on e-health , 2010 .

[12]  Alexandru Soceanu,et al.  Towards Interoperability of eHealth System Networked Components , 2013, 2013 19th International Conference on Control Systems and Computer Science.

[13]  Daniel Slamanig,et al.  Generalizations and Extensions of Redactable Signatures with Applications to Electronic Healthcare , 2010, Communications and Multimedia Security.

[14]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[15]  Traian Muntean,et al.  A New Secure Virtual Connector Approach for Communication within Large Distributed Systems , 2015, 2015 14th International Symposium on Parallel and Distributed Computing.

[16]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .