A note on the use of timestamps as nonces
ACM SIGOPS Operating Systems Review
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Patient controlled encryption: ensuring privacy of electronic medical records
Proceedings of the 2009 ACM workshop on Cloud computing security
Securing medical records on smart phones
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
A Secure Channel Free Public Key Encryption with Keyword Search Scheme without Random Oracle
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
User-centric handling of identity agent compromise
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Privacy preserving EHR system using attribute-based infrastructure
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Proceedings of the 1st ACM International Health Informatics Symposium
MeD-Lights: a usable metaphor for patient controlled access to electronic health records
Proceedings of the 1st ACM International Health Informatics Symposium
Keypad: an auditing file system for theft-prone devices
Proceedings of the sixth conference on Computer systems
Healthcare and security: understanding and evaluating the risks
EHAWC'11 Proceedings of the 2011th international conference on Ergonomics and health aspects of work with computers
Enabling robust information accountability in E-healthcare systems
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Customer-centric energy usage data management and sharing in smart grid systems
Proceedings of the first ACM workshop on Smart energy grid security
Hi-index | 0.00 |
Electronic Health Record (EHR) and Personal Health Record (PHR) systems could allow patients to better manage their health information and share it to enhance the quality and efficiency of their healthcare. Unfortunately, misuse of information stored in EHR and PHR systems will create new risks for patients, and we need to empower them to safeguard their health information to avoid problems such as medical identity theft. In this paper, we introduce the notion of accountable use and update of electronic health records and design a patient-centric monitoring system based on it. We develop a system architecture and associated protocols that enable either explicit or implicit patient control over when and how health information is accessed. Our approach provides a reasonable solution rather than addressing the more general information flow control problem in distributed systems. We also implement and evaluate a prototype system motivated by a health record sharing scenario based on NHIN Direct to demonstrate that enhanced accountability can be supported with acceptable performance and integration overheads.