Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions

In the last few decades, there have been significant efforts in integrating information and communication technologies (ICT) into healthcare practices. This new paradigm commonly identified as electronic healthcare (e-health) allows provisioning of healthcare services at an affordable price to its consumers. However, there have been questions raised about the security of the sensitive information such as health records as well as the privacy of involving parties raising doubts on the minds of the general public. Thus, it is important to understand the potential security challenges in e-health systems and successfully resolve them by taking adequate measures to ensure fair utilization of such systems. In this paper, we have carried out a systematic state-of-the-art review over privacy preserving mechanisms that have been utilized on e-health solutions to achieve the security and privacy requirements while investigating to what extent such mechanisms are compatible with the identified requirements. Finally, we have pointed out some future research directions which could potentially contribute to develop secure and efficient e-health solutions.

[1]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[2]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[3]  Vinod Vaikuntanathan,et al.  Fuzzy Identity Based Encryption from Lattices , 2011, IACR Cryptol. ePrint Arch..

[4]  Helena M. Mentis,et al.  Non-static nature of patient consent: shifting privacy perspectives in health information sharing , 2013, CSCW.

[5]  V. Indhumathi,et al.  On demand security for Personal Health Record in cloud computing , 2015, 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Reihaneh Safavi-Naini,et al.  A rights management approach to protection of privacy in a cloud of electronic health records , 2011, DRM '11.

[8]  Polun Chang,et al.  Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA , 2006, Comput. Methods Programs Biomed..

[9]  Kevin M. Stine,et al.  Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule [revision 1] , 2005 .

[10]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[11]  Bhavani Thuraisingham,et al.  Proceedings of the 12th ACM symposium on Access control models and technologies , 2007 .

[12]  S. Swamynathan,et al.  Genetic-based Biometric Security System for Wireless Sensor-based Health Care Systems , 2012, 2012 International Conference on Recent Advances in Computing and Software Systems.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Hongxia Jin,et al.  Quantified risk-adaptive access control for patient privacy protection in health information systems , 2011, ASIACCS '11.

[15]  Kai Wang,et al.  An Efficient Time-Bound Access Control Scheme for Dynamic Access Hierarchy , 2009, 2009 Fifth International Conference on Mobile Ad-hoc and Sensor Networks.

[16]  Feipei Lai,et al.  A secure electronic medical record sharing mechanism in the cloud computing platform , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[17]  Venki Balasubramanian,et al.  A biometric based authentication and encryption Framework for Sensor Health Data in Cloud , 2014, Proceedings of the 6th International Conference on Information Technology and Multimedia.

[18]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[19]  Jun Pang,et al.  Challenges in eHealth: From Enabling to Enforcing Privacy , 2011, FHIES.

[20]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[21]  Kuo-Ching Liu,et al.  Efficient key management for preserving HIPAA regulations , 2011, J. Syst. Softw..

[22]  Yu-Yi Chen,et al.  A Secure EHR System Based on Hybrid Clouds , 2012, Journal of Medical Systems.

[23]  Hee Jeong Cheong,et al.  Improving Korean Service Delivery System in Health Care: Focusing on National E-health System , 2009, 2009 International Conference on eHealth, Telemedicine, and Social Medicine.

[24]  Amir H. Chinaei,et al.  Biometric access control for e-health records in pre-hospital care , 2013, EDBT '13.

[25]  Milan Petkovic,et al.  Secure management of personal health records by applying attribute-based encryption , 2009, Proceedings of the 6th International Workshop on Wearable, Micro, and Nano Technologies for Personalized Health.

[26]  Alexandru Soceanu,et al.  Managing the Privacy and Security of eHealth Data , 2015, 2015 20th International Conference on Control Systems and Computer Science.

[27]  Ken Sakamura,et al.  Toward a synergy among discretionary, role-based and context-aware access control models in healthcare information technology , 2012, World Congress on Internet Security (WorldCIS-2012).

[28]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[29]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[30]  Joan Hash,et al.  SP 800-66 Rev. 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule , 2008 .

[31]  Pan Su,et al.  Securing patient-centric personal health records sharing system in cloud computing , 2014, China Communications.

[32]  Luigi Coppolino,et al.  Cloud security: Emerging threats and current solutions , 2017, Comput. Electr. Eng..

[33]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[34]  Zarina Shukur,et al.  Security Challenges and Success Factors of Electronic Healthcare System , 2013 .

[35]  Xu Xu,et al.  Self-organization approaches for optimization in cognitive radio networks , 2014, China Communications.

[36]  Era moderna até Health Insurance Portability and Accountability Act , 2011 .

[37]  Peter R. Croll,et al.  Consumer-Centric and Privacy-Preserving Identity Management for Distributed E-Health Systems , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[38]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[39]  G. P. Biswas,et al.  Design of RSA-CA Based E-Health System for Supporting HIPAA Privacy-Security Regulations☆ , 2012 .

[40]  Haakon Bryhni,et al.  Security and privacy legislation guidelines for developing personal health records , 2015, 2015 Second International Conference on eDemocracy & eGovernment (ICEDEG).

[41]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[42]  Xuemin Shen,et al.  SPS: Secure personal health information sharing with patient-centric access control in cloud computing , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[43]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[44]  Ergin Soysal,et al.  Security Standards for Electronic Health Records , 2012, 2012 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining.

[45]  Ruoyu Wu,et al.  Secure sharing of electronic health records in clouds , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[46]  K. Revathi,et al.  Secured Health Care Information exchange on cloud using attribute based encryption , 2015, 2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN).

[47]  Vladimir A. Oleshchuk,et al.  Secure Team-Based EPR Access Acquisition in Wireless Networks , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[48]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[49]  Xuemin Shen,et al.  PEACE: An efficient and secure patient-centric access control scheme for eHealth care system , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[50]  James M. Humber Promulgation of “Standards for Privacy of Individually Identifiable Health Information: Final Rule” , 2001 .

[51]  Brent Waters,et al.  Attribute-Based Encryption , 2009, Identity-Based Cryptography.

[52]  Dimitrios Pendarakis,et al.  Security audits of multi-tier virtual infrastructures in public infrastructure clouds , 2010, CCSW '10.

[53]  Elisa Bertino,et al.  Multiparty privacy protection for electronic health records , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[54]  Rajendra K. Raj,et al.  Secure Access Control for Health Information Sharing Systems , 2013, 2013 IEEE International Conference on Healthcare Informatics.

[55]  Jiankun Hu,et al.  Corresponding author’s address: , 2022 .

[56]  G. P. Biswas,et al.  A Certificate Authority (CA)-based cryptographic solution for HIPAA privacy/security regulations , 2014, J. King Saud Univ. Comput. Inf. Sci..

[57]  Yunan Chen,et al.  Privacy management in dynamic groups: understanding information privacy in medical practices , 2013, CSCW.

[58]  Sushmita Ruj,et al.  Attribute based access control in clouds: A survey , 2014, International Conference on Signal Processing and Communications.

[59]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for electronic healthcare services , 2011, Comput. Secur..

[60]  Ruth Breu,et al.  Considering privacy and effectiveness of authorization policies for shared electronic health records , 2012, IHI '12.

[61]  Vladimir A. Oleshchuk,et al.  EPR Access Authorization of Medical Teams Based on Patient Consent , 2007, ECEH.

[62]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[63]  V. S. Kadam,et al.  Attribute based encryption for securing personal health record on cloud , 2014, 2014 2nd International Conference on Devices, Circuits and Systems (ICDCS).

[64]  Hongmei Chi,et al.  Securing EHRs via CPMA attribute-based encryption on cloud systems , 2014, ACM Southeast Regional Conference.

[65]  Olivier Festor,et al.  Group Key Management in MANETs , 2008, Int. J. Netw. Secur..

[66]  Elisa Bertino,et al.  Multi-domain and privacy-aware role based access control in eHealth , 2008, Pervasive 2008.

[67]  Vladimir A. Oleshchuk,et al.  Location-based security framework for use of handheld devices in medical information systems , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[68]  Rakesh Bobba,et al.  Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption , 2009, ESORICS.

[69]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[70]  Navin Sabharwal,et al.  Understanding Cloud Computing , 2013 .

[71]  Chien-Ding Lee,et al.  A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations , 2008, IEEE Transactions on Information Technology in Biomedicine.

[72]  Hhs Office for Civil Rights Standards for privacy of individually identifiable health information. Final rule. , 2002, Federal register.

[73]  Willy Susilo,et al.  Biometrics for Electronic Health Records , 2010, Journal of Medical Systems.

[74]  S. Gritzalis,et al.  Managing Medical and Insurance Information Through a Smart-Card-Based Information System , 2000, Journal of Medical Systems.

[75]  K. Sakamura,et al.  Context-aware access control for clinical information systems , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[76]  Jiqiang Liu,et al.  RBTBAC: Secure access and management of EHR data , 2011, i-Society 2011.

[77]  Jian-Guo Bau,et al.  Secure Dynamic Access Control Scheme of PHR in Cloud Computing , 2012, Journal of Medical Systems.

[78]  Victor Valeriu Patriciu,et al.  Bio-cryptographic authentication in cloud storage sharing , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[79]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[80]  DU Hong-zhen Efficient and Provable Secure ID-based Threshold Signature Scheme , 2013 .

[81]  Inma Carrión,et al.  Usable Privacy and Security in Personal Health Records , 2011, INTERACT.