An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations

  • Authors:

  • Rima Addas;Ning Zhang

  • Affiliations:

  • School of Computer Science, University of Manchester, Manchester, UK;School of Computer Science, University of Manchester, Manchester, UK

  • Venue:
  • USAB'11 Proceedings of the 7th conference on Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society: information Quality in e-Health
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by healthcare providers and third party users, which will consequently improve patient care. However, uncontrolled access to distributed EPRs can introduce serious concerns related to patient privacy. This indicates that there is a need for a stronger fine-grained access control mechanism to be used in e-health applications. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method offers a number of significant features: (1) it makes use of credentials to support the three-levels of accesses; (2) it simplifies key management distribution; (3) it allows better performance; (4) it supports separation of duties among trusted third parties (ensuring accountability); (5) it improves scalability. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform.