Secure Team-Based EPR Access Acquisition in Wireless Networks

Electronic patient records (EPR) may contain highly confidential and sensitive medical data, and it is therefore essential that such information is properly protected. Medical teams that are providing care to a patient has a legitimate need to access the medical data of the concerning patient, and this could be a valid criteria for medical professionals to obtain access to such data. Moreover, since teams consist of more than one individual, the consent or agreement among a number of the members of a medical team could by itself be a proper basis for trust and therefore a legitimate basis for medical teams to acquire access to medical data. In this paper, we present three closely related cryptographic protocols for secure team-based EPR access acquisition where the crypto graphically verifiable mutual consent from some minimum number of participants of a medical team is the granting criteria for the team to acquire EPR access. The schemes are based on threshold cryptography and are moreover broadcast-oriented, and are thus well-suited for wireless networks. All schemes do also provide secure transfer of medical data.

[1]  Vladimir A. Oleshchuk,et al.  EPR Access Authorization of Medical Teams Based on Patient Consent , 2007, ECEH.

[2]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[3]  S. M. Shah,et al.  Information technology and health care. , 1998, JPMA. The Journal of the Pakistan Medical Association.

[4]  Narn-Yih Lee,et al.  Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders , 1994, EUROCRYPT.

[5]  Hossein Ghodosi,et al.  A Self-Certified Group-Oriented Cryptosystem Without a Combiner , 1999, ACISP.

[6]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Marco Eichelberg,et al.  A survey and analysis of Electronic Healthcare Record standards , 2005, CSUR.

[9]  G Bleumer,et al.  Cryptographic protection of health information: cost and benefit. , 1996, International journal of bio-medical computing.

[10]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[11]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[12]  G. I. Serour Confidentiality, privacy and security of patients' health care information , 2006, International journal of gynaecology and obstetrics: the official organ of the International Federation of Gynaecology and Obstetrics.

[13]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[14]  Reinhold Haux,et al.  An e-consent-based shared EHR system architecture for integrated healthcare networks , 2007, Int. J. Medical Informatics.

[15]  Jennifer Seberry,et al.  Fundamentals of Computer Security , 2003, Springer Berlin Heidelberg.

[16]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[17]  Josef Pieprzyk,et al.  Multiparty key agreement protocols , 2000 .

[18]  S. Pattinson Figo Committee for the Ethical Aspects of Human Reproduction and Women's Health , 1999, International journal of gynaecology and obstetrics: the official organ of the International Federation of Gynaecology and Obstetrics.