ABSTRACT
Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees security and privacy of medical data stored in the cloud. We show how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.
- }}Health insurance portability and accountability act of 1996. U.S. Government Printing Office, 1996.Google Scholar
- }}Recommendations for the interpretation and application of the personal information protection and electronic documents act (s.c.2000, c.5) in the health research context. Technical report, Canadian Institutes of Health Research, November 2001.Google Scholar
- }}N. Attrapadung and H. Imai. Conjunctive broadcast and attribute-based encryption. In Pairing '09: The 3rd International Conference on Pairing-Based Cryptography, volume 5671 of Lecture Notes in Computer Science, pages 248--265. Springer-Verlag, 2009. Google ScholarDigital Library
- }}J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. Patient controlled encryption: Ensuring privacy in medical health records. In ACM CCSW 2009, 2009. Google ScholarDigital Library
- }}J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007, SP '07, pages 321--334. IEEE Xplore, 2007. Google ScholarDigital Library
- }}L. Fang, W. Susilo, C. Ge, and J. Wang. A secure channel free public key encryption with keyword search scheme without random oracle. In CANS '09: Proceedings of the 8th International Conference on Cryptology and Network Security, pages 248--258. Springer-Verlag, 2009. Google ScholarDigital Library
- }}J. Hu, H. Chen, and T. Hou. A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards and Interfaces, 32(5-6):274--280, 2009. Google ScholarDigital Library
- }}Google Inc. Google health. https://www.google.com/health/, 2009.Google Scholar
- }}S. Kamara and K. Lauter. Cryptographic cloud storage. In Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization - 2010, volume 6052 of Lecture Notes in Computer Science. Springer-Verlag, 2010. Google ScholarDigital Library
- }}W. B. lee and C. D. Lee. A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine, 12:34--41, 2008. Google ScholarDigital Library
- }}A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Advances in Cryptology-EUROCRYPT 2010, volume 6110 of Lecture Notes in Computer Science, pages 62--91. Springer-Verlag, 2010. Google ScholarDigital Library
- }}K. Mandl, W. Simons, W. Crawford, and J. Abbett. Indivo: a personally controlled health record for health information exchange and communication. BMC Medical Informatics and Decision Making, 7(1):25, 2007.Google ScholarCross Ref
- }}Microsoft. Microsoft healthvault. http://www.healthvault.com/personal/websites-overview.html, 2009.Google Scholar
- }}A. Sahai and B. Waters. Fuzzy identity-based encryption. In Advances in Cryptology-EUROCRYPT 2005, volume 3494 of Lecture Notes in Computer Science, pages 457--473. Springer Berlin/Heidelberg, 2005. Google ScholarDigital Library
- }}P. Szolovits, J. Doyle, W. J. Long, I. Kohane, and S. G. Pauker. Guardian angel: Patient-centered health information systems. Technical report, 1994. Google ScholarDigital Library
- }}W. D. Yu and M. A. Chekhanovskiy. An electronic health record content protection system using smartcard and PMR. In 9th International Conference on e-Health Networking, Application and Services, 2007, pages 11--18. IEEE Xplore, 2007.Google ScholarCross Ref
Index Terms
- Privacy preserving EHR system using attribute-based infrastructure
Recommendations
A novel approach for privacy homomorphism using attribute-based encryption
In CRYPTO'13, Gentry et al. proposed the first homomorphic encryption HE scheme for the attribute-based encryption ABE. However, Gentry's scheme requires the same index for encryption of each ciphertext and supports only the key-policy ABE. Indeed, in ...
Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation
Personal health record (PHR) service is an emerging model for health information exchange. In PHR systems, patient's health records and information are maintained by the patient himself through the Web. In reality, PHRs are often outsourced to be stored ...
An Efficient Cloud-Based Personal Health Records System Using Attribute-Based Encryption and Anonymous Multi-receiver Identity-Based Encryption
3PGCIC '14: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet ComputingAs an emerging patient-centric model of health information exchange, cloud-based personal health record (PHR) system holds great promise for empowering patients and ensuring more effective delivery of health care. In this paper, we propose a novel ...
Comments