Top

Published in:

2018 | OriginalPaper | Chapter

A Conceptual Framework of Personally Controlled Electronic Health Record (PCEHR) System to Enhance Security and Privacy

Author : Quazi Mamun

Published in: International Conference on Applications and Techniques in Cyber Security and Intelligence

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In recent years, the electronic health record (eHR) system is regarded as one of the biggest developments in healthcare domains. A personally controlled electronic health record (PCEHR) system, offered by the Australian government makes the health system more agile, reliable, and sustainable. Although the existing PCEHR system is proposed to be fully controlled by the patients, however there are ways for healthcare professionals and database/system operators to reveal the records for corruption as system operators are assumed to be trusted by default. Moreover, as a consequence of increased threats to security of electronic health records, an actual need for a strong and effective authentication and access control methods has raised. Furthermore, due to the sensitive nature of eHRs, the most important challenges towards fine-grained, cryptographically implemented access control schemes which guarantee data privacy and reliability, verifying that only authorized people can access the corresponding health records. Moreover, an uninterrupted application of the security principle of electronic data files necessitates encrypted databases. In this paper we concentrates the above limitations together by proposing a robust authentication scheme and a hybrid access control model to enhance the security and privacy of eHRs. Homomorphic encryption technique is applied in storing and working with the eHRs in the proposed cloud-based PCEHR framework. The proposed model ensures the control of both security and privacy of eHRs accumulated in the cloud database.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Attacking Crypto-1 Cipher Based on Parallel Computing Using GPU

next chapter Frequency Switch, Secret Sharing and Recursive Use of Hash Functions Secure (Low Cost) Ad Hoc Networks

National E Health Transition Authority (NEHTA): Draft concept of operations: relating to the introduction of apersonally controlled electronic health record (PCEHR) system (2011)

Gajanayake, R., Iannella, R., Sahama, T.: Privacy oriented access control for electronic health records. In: Data Usage Management on the Web Workshop at the Worldwide Web Conference. ACM (2012)

Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: the evolution of access control models. Technical report HPL-2009-30, HP Labs (2009)

Barua, M., Liang, X., Lu, R., Shen, X.: PEACE: an efficient and secure patient-centric access control scheme for eHealth care system. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 970–975 (2011)

Santos-Pereira, C., Augusto, A.B., Cruz-Correia, R.: A secure RBAC mobile agent access control model for healthcare institutions. In: IEEE 26th International Symposium on Computer-Based Medical Systems (CBMS), pp. 349–354 (2011)

Alhaqbani, B., Fidge, C.: Access control requirements for processing electronic health records. In: Business Process Management Workshops, vol. 4928, pp. 371–382 (2007)

Chen, T.S., Liu, C.H., Chen, T.L., Chen, C.S., Bau, J.G., Lin, T.C.: Secure dynamic access control scheme of PHR in cloud computing. J. Med. Syst. 36(6), 4005–4020 (2012)CrossRef

Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Norwood (2003)MATH

Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient records. IEEE Inf. Technol. Biomed. 7(1), 202–207 (2003)CrossRef

10.

Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 57–64 (2002)

11.

Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: The Second Australian Information Security Workshop, Dunedin, vol. 32, pp. 53–61 (2004)

12.

Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 102–110 (2005)

13.

Naikuo, Y., Howard, B., Ning, Z.: A purpose-based access control model. J. Inf. Assur. Secur. 1, 51–58 (2006)

14.

Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Proceedings of the 6th International ICST Conference, SecureComm, pp. 89–106 (2010)

15.

Ding, Y., Klein, K.: Model-driven application-level encryption for the privacy of E-health data. In: International Conference on Availability, Reliability, and Security, ARES, pp. 341–346 (2010)

16.

Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 103–114 (2009)

17.

Jin, J., Ahn, G., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, ACM SACMAT, pp. 125–134 (2009)

18.

Van der Haak, M., Wol, A.C., Brandner, R., Drings, P., Wannenmacher, M., Wetter, T.: Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2-3), 117–130 (2003)CrossRef

19.

Ateniese, G., Curtmola, R., de Medeiros, B., Davis, D.: Medical information privacy assurance: cryptographic and system aspects. In: Proceedings of the 3rd International Conference on Security in Communication Network, SCN, pp. 199–218 (2002)

20.

Dijk, M.V., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt, pp. 24–43 (2010)

21.

Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: The Proceedings of the 3rd ACM workshop on Cloud Computing Security Workshop, CCSW, pp. 113–124 (2009)

22.

National Health Information Management Advisory Council: Health Online: A Health Information Action Plan for Australia, 2nd edn. (2001)

23.

He, D., Kumar, N., Wang, H., Wang, L., Choo, K.-K.R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans. Dependable Secure Comput. (2017). doi:10.1109/TDSC.2016.2596286

24.

Casola, V., Castiglione, A., Choo, K.-K.R., Esposito, C.: Healthcare-related data in the cloud: challenges and opportunities. IEEE Cloud Comput. 3(6), 10–14 (2016)CrossRef

25.

Guo, C., Zhuang, R., Jie, Y., Ren, Y., Wu, T., Choo, K.-K.R.: Fine-grained database field search using attribute-based encryption for e-healthcare clouds. J. Med. Syst. 40(11) (2016). Article 235

26.

D’Orazio, C., Choo, K.-K.R.: A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In: Proceedings of 48th Annual Hawaii International Conference on System Sciences (HICSS 2015), 5–8 January 2015, pp. 5175–5184. IEEE Computer Society Press (2015)

Title: A Conceptual Framework of Personally Controlled Electronic Health Record (PCEHR) System to Enhance Security and Privacy
Author: Quazi Mamun
Publisher: Springer International Publishing
Book: International Conference on Applications and Techniques in Cyber Security and Intelligence
Print ISBN: 978-3-319-67070-6

Electronic ISBN: 978-3-319-67071-3

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-67071-3_37

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner