Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption

Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. However, there have been serious privacy concerns about outsourcing PHR data to cloud servers, not only because cloud providers are generally not covered entities under HIPAA, but also due to an increasing number of cloud data breach incidents happened in recent years. In this thesis, we propose a privacy-preserving PHR system using attribute-based encryption (ABE). In this system, patients can encrypt their PHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive PHR contexts. Meanwhile patients maintain full control over access to their PHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their PHR. Our system also provides extra features such as populating PHR from professional electronic health record (EHR) using ABE. In order to evaluate our proposal, we create a Linux library that implement primitive of key-policy attribute-based encryption (KP-ABE) algorithms. We also build a PHR application based on Indivo PCHR system that allow doctors to encrypt and submit their prescription and diagnostic note to PHR servers using KP-ABE. We evaluate the performance efficiency of different ABE schemes as well as the data query time of Indivo PCHR system when PHR data are encrypted under ABE scheme

Securing Electronic Medical Records Using Modified Blowfish Algorithm

EMR helped improve services to patients by delivering organization and accuracy of patient information, but issues regarding security breaches and medical identity theft are growing concerns. This paper enhance the current EMR system by integrating modified encryption. The simulation used modified Blowfish algorithm in an EMR system that focuses on four goals: 1) define the requirements, 2) design and identify features, 3) develop the EMR incorporating added security mechanism using modified Blowfish algorithm, and 4) test the application with sample data. Based on the results, the incorporation of the encryption was successful based on testing and checking done on the input terminal and the database server. Data inputted on the EMR system was successfully encrypted before transmission and decrypted only on the terminal for viewing. Performance results show that without encryption, saving took an average of 87.8ms while encrypted, it acquired 88.8ms, a difference of 1ms can be noted. The minimal difference is because of the size of the data. The average decryption time of all records using modified algorithm took 1342ms while using plaintext took 1322ms. The decryption time is higher by 20ms due to the application of the decryption algorithm

Electronic Signatures in E-Healthcare: The Need for a Federal Standard

Healthcare, like many industries, is fast embracing the benefits of modern information technology ( IT ). The wide range of available publications on the use of IT in healthcare indicates that IT provides the promise of faster and more comprehensive information about all aspects of the healthcare delivery process, to all classes of its consumers - patients, doctors, nurses, insurance adjudicators, health inspectors, epidemiologists, and biostatisticians. But the drive towards electronic information in health care is not rooted merely in efficiency; more recently, significant emphasis has been placed on patient safety issues raised by the Institute of Medicine\u27s ( IOM ) year 2001 quality report on the subject. It is believed that the deficiencies indicated in that report can be substantially overcome by the use of IT in health care. However, to make this transition successful and complete, all aspects of health care delivery, information management, and business transactions, have to be logically migrated into the electronic world. This includes the function and use of the signature. The use of signatures in business contexts has traditionally provided two functions of legal significance: 1) evidence that can attribute documents to a particular party, and 2) indication of assent and intent that the documents have legal effect. In the recent decades, state and federal statutes have substantiated these functional attributes to digital or electronic signatures. Many of these statutes derive from model codes, such as the Uniform Electronic Transactions Act ( UETA ), that attempt to standardize use and technology surrounding electronic signatures. Subsequent sections will attempt to identify gaps in the standards which prevent true transaction portability. Lack of portability defeats one of the fundamental goals of health care IT solutions - improved efficiency. The discussion will end with a proposal for a uniform federal statutory scheme for standardized electronic signatures for health care

A Comprehensive Review on Medical Image Steganography Based on LSB Technique and Potential Challenges

The rapid development of telemedicine services and the requirements for exchanging medical information between physicians, consultants, and health institutions have made the protection of patients’ information an important priority for any future e-health system. The protection of medical information, including the cover (i.e. medical image), has a specificity that slightly differs from the requirements for protecting other information. It is necessary to preserve the cover greatly due to its importance on the reception side as medical staff use this information to provide a diagnosis to save a patient's life. If the cover is tampered with, this leads to failure in achieving the goal of telemedicine. Therefore, this work provides an investigation of information security techniques in medical imaging, focusing on security goals. Encrypting a message before hiding them gives an extra layer of security, and thus, will provide an excellent solution to protect the sensitive information of patients during the sharing of medical information. Medical image steganography is a special case of image steganography, while Digital Imaging and Communications in Medicine (DICOM) is the backbone of all medical imaging divisions, whereby it is most broadly used to store and transmit medical images. The main objective of this study is to provide a general idea of what Least Significant Bit-based (LSB) steganography techniques have achieved in medical images