Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption

Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. However, there have been serious privacy concerns about outsourcing PHR data to cloud servers, not only because cloud providers are generally not covered entities under HIPAA, but also due to an increasing number of cloud data breach incidents happened in recent years. In this thesis, we propose a privacy-preserving PHR system using attribute-based encryption (ABE). In this system, patients can encrypt their PHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive PHR contexts. Meanwhile patients maintain full control over access to their PHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their PHR. Our system also provides extra features such as populating PHR from professional electronic health record (EHR) using ABE. In order to evaluate our proposal, we create a Linux library that implement primitive of key-policy attribute-based encryption (KP-ABE) algorithms. We also build a PHR application based on Indivo PCHR system that allow doctors to encrypt and submit their prescription and diagnostic note to PHR servers using KP-ABE. We evaluate the performance efficiency of different ABE schemes as well as the data query time of Indivo PCHR system when PHR data are encrypted under ABE scheme

SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN LARGE NETWORKS USING ATTRIBUTES BASED ENCRYPTION

Outstanding Fitness Record is an electronic application used by patients to keep up and manage their prosperity information in a private, secure and mystery atmosphere. In appropriated figuring, cloud providers go probably as an outcast for the information exchange of individual prosperity records. Notwithstanding the way that this advancement supports successful organization and the sharing of patient's own special prosperity record, there are wide assurance worries, for instance, the presentation and transparency of fragile prosperity information by unapproved customers. To give security and insurance, it is essential to scramble the data preceding re-examining and just affirmed customers with significant attributes should be allowed to get to the data. Hiding the customers' information is furthermore critical while getting to data over the association. Moreover to reduce the key organization unpredictability of data owners, singular prosperity records are requested into various security spaces. To achieve fine-grained and versatile data access control for PHRs, to impact attribute based encryption techniques to encode each patient's PHR record. Not equivalent to past works in secure data re-examining, to base on the various data owner circumstance, and partition the customers in the PHR structure into various security zones that colossally diminishes the key organization unpredictability for owners and customers. A genuine degree of patient security is guaranteed at the same time by manhandling multiauthority ABE. Our agreement in like manner engages dynamic change of access methods or record credits, maintains valuable on-demand customer/property disavowal and break-glass access under emergency circumstances to cover the customer information, baffling approval through Attribute-Based Encryption method and fine-grained data access control through AES are gotten. This mix gives a genuine degree of assurance and security for the PHR record. This preparation enables the dynamic change of access approaches or best credits and on-demand customer repudiation. Expansive test and execution inspection show that the proposed contrive is capable to the extent security and pledge