Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

Protecting Patient Privacy: Strategies for Regulating Electronic Health Records Exchange

The report offers policymakers 10 recommendations to protect patient privacy as New York state develops a centralized system for sharing electronic medical records. Those recommendations include:Require that the electronic systems employed by HIEs have the capability to sort and segregate medical information in order to comply with guaranteed privacy protections of New York and federal law. Presently, they do not.Offer patients the right to opt-out of the system altogether. Currently, people's records can be uploaded to the system without their consent.Require that patient consent forms offer clear information-sharing options. The forms should give patients three options: to opt-in and allow providers access to their electronic medical records, to opt-out except in the event of a medical emergency, or to opt-out altogether.Prohibit and sanction the misuse of medical information. New York must protect patients from potential bad actors--that small minority of providers who may abuse information out of fear, prejudice or malice.Prohibit the health information-sharing networks from selling data. The State Legislature should pass legislation prohibiting the networks from selling patients' private health information

Towards Authentication and Authorization – Electronic Medical Records

The Technological intervention in field of Computer Science and Information Technology has made it possible to access medical records of Individuals electronically. Electronic Health Records systems which are distributed and need to be interoperable too. Important Business drivers for such kind of high level of interoperability introduce unique citizen ID. Though citizen have access to data from central repository and they can directly communicate with health care providers, but when it comes to security and confidentiality, technology fails to meet the requirements. In this paper we suggest a framework for authentication and authorization of Electronic medical Records System in consideration .It will help to build An Secure-Privacy Protected Electronic medical Record System

Temporary Access to Medical Records in Emergency Situations

Access to patients Electronic Health Records (EHR) is a daily operation in mainstream healthcare. However, having access to EHR in emergencies while is vitally important to save patients’ life, it could potentially lead to security breaches and violating patients’ privacy. In this regards, getting access to patients’ medical records in emergency situations is one of the issues that emergency responder teams are facing. This access can be temporary until patients reach hospitals or healthcare centers. In this paper, we aim to explore different technology-based solutions to give responders temporary access to patients\u27 medical records in emergency situations. The core of this study is patients and responders authentication methods that can save precious emergency time and protect the privacy and confidentiality of patients data to the utmost. We also have explored control access mechanism and security audits to increase the security of the procedure and patient privacy

Exploiting Multimodal Biometrics in E-Privacy Scheme for Electronic Health Records

Existing approaches to protect the privacy of Electronic Health Records (EHR) are either insufficient for existing medical laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. A major issue in EHR is how patient’s privacy and confidentiality can be maintained because there are known scenarios where patients’ health data have been abused and misused by those seeking to gain selfish interest from it. Another issue in EHR is how to provide adequate treatment and have access to the necessary information especially in pre-hospital care settings. Questionnaires were administered by 50 medical practitioners to identify and categorize different EHR attributes. The system was implemented using multimodal biometrics (fingerprint and iris) of patients to access patient record in pre-hospital care. The software development tools employed were JAVA and MySQL database. The system provides applicable security when patients’ records are shared either with other practitioners, employers, organizations or research institutes. The result of the system evaluation shows that the average response time of 6seconds and 11.1 seconds for fingerprint and iris respectively after ten different simulations. The system protects privacy and confidentiality by limiting the amount of data exposed to users. The system also enables emergency medical technicians to gain easy and reliable access to necessary attributes of patients’ EHR while still maintaining the privacy and confidentiality of the data using the patient’s fingerprint and iris. Keywords: Electronic Health Record, Privacy, Biometric

Formal Security Analysis and Performance Evaluation of the Linkable Anonymous Access Protocol

Part 2: The 2014 Asian Conference on Availability, Reliability and Security, AsiaARES 2014International audienceThe introduction of e-Health applications has not only brought benefits, but also raised serious concerns regarding security and privacy of health data. The increasing demands of accessing health data, highlighted critical questions and challenges concerning the confidentiality of electronic patient records and the efficiency of accessing these records. Therefore, the aim of this paper is to provide secure and efficient access to electronic patient records. In this paper, we propose a novel protocol called the Linkable Anonymous Access protocol (LAA). We formally verify and analyse the protocol against security properties such as secrecy and authentication using the Casper/FDR2 verification tool. In addition, we have implemented the protocol using the Java technology to evaluate its performance. Our formal security analysis and performance evaluation proved that the LAA protocol supports secure access to electronic patient records without compromising performance