Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Patient controlled encryption: ensuring privacy of electronic medical records
Proceedings of the 2009 ACM workshop on Cloud computing security
Developing Electronic Health Records in Taiwan
IT Professional
Privacy preserving EHR system using attribute-based infrastructure
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
Electronic health records (EHR) are a convenient method to exchange medical information of patients between different healthcare providers. In many countries privacy laws require to protect the confidentiality of these data records and let the patient control the access to them. Existing approaches to protect the privacy of EHRs are either insufficient for these strict laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. However, this does not allow a physician to access an EHR of a patient who is unable to show up in person. In this paper, we propose a security architecture for EHR infrastructures that provides more flexibility but retains the security of patient-controlled encryption. In our proposal patients are able to authorize access to their records remotely (e.g. via phone) and time-independent for later processing by the physician. The security of our approach relies on modern cryptographic schemes and their incorporation into an EHR infrastructure. The adoption of our security architecture would allow to fulfill strict privacy laws while relaxing usage restrictions of existing security protections.