A Patient Privacy Protection Scheme for Medical Information System

Authors:
Chenglang Lu;Zongda Wu;Mingyong Liu;Wei Chen;Junfang Guo
Affiliations:
Northwestern Polytechnical University, Xi'an, People's Republic of China 710072;Oujiang College, Wenzhou University, Wenzhou, People's Republic of China 325035;Northwestern Polytechnical University, Xi'an, People's Republic of China 710072;Wenzhou Hospital of Integrated Traditional Chinese and Western Medicine, Wenzhou, China 325088;Oujiang College, Wenzhou University, Wenzhou, People's Republic of China 325035
Venue:
Journal of Medical Systems
Year:
2013

Citing 12
Cited 0

A new privacy homomorphism and applications

Information Processing Letters
Executing SQL over encrypted data in the database-service-provider model

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Silog: Speech input logon

Knowledge-Based Systems
CryptDB: protecting confidentiality with encrypted query processing

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Computer Security Fundamentals

Computer Security Fundamentals
A new remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Access control: principle and practice

IEEE Communications Magazine
A More Secure Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
A Secure Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
Executing SQL queries over encrypted character strings in the Database-As-Service model

Knowledge-Based Systems
An Efficient Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
An Improved Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In medical information systems, there are a lot of confidential information about patient privacy. It is therefore an important problem how to prevent patient's personal privacy information from being disclosed. Although traditional security protection strategies (such as identity authentication and authorization access control) can well ensure data integrity, they cannot prevent system's internal staff (such as administrators) from accessing and disclosing patient privacy information. In this paper, we present an effective scheme to protect patients' personal privacy for a medical information system. In the scheme, privacy data before being stored in the database of the server of a medical information system would be encrypted using traditional encryption algorithms, so that the data even if being disclosed are also difficult to be decrypted and understood. However, to execute various kinds of query operations over the encrypted data efficiently, we would also augment the encrypted data with additional index, so as to process as much of the query as possible at the server side, without the need to decrypt the data. Thus, in this paper, we mainly explore how the index of privacy data is constructed, and how a query operation over privacy data is translated into a new query over the corresponding index so that it can be executed at the server side immediately. Finally, both theoretical analysis and experimental evaluation validate the practicality and effectiveness of our proposed scheme.