Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System

Jieun Eom, Dong Hoon Lee, Kwangsu Lee

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient’s permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient’s perspective.

Original languageEnglish
Article number253
JournalJournal of Medical Systems
Volume40
Issue number12
DOIs
Publication statusPublished - 2016 Dec 1

Fingerprint

Electronic Health Records
Cryptography
Health
Access control
Emergencies
Privacy
Emergency Medical Services
Delivery of Health Care

Keywords

  • Cloud computing
  • Data privacy
  • Electronic health records
  • Patient control

ASJC Scopus subject areas

  • Medicine (miscellaneous)
  • Information Systems
  • Health Informatics
  • Health Information Management

Cite this

Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System. / Eom, Jieun; Lee, Dong Hoon; Lee, Kwangsu.

In: Journal of Medical Systems, Vol. 40, No. 12, 253, 01.12.2016.

Research output: Contribution to journalArticle

@article{36321e61c8984b97a43135bf4b5024ba,
title = "Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System",
abstract = "In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient’s permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient’s perspective.",
keywords = "Cloud computing, Data privacy, Electronic health records, Patient control",
author = "Jieun Eom and Lee, {Dong Hoon} and Kwangsu Lee",
year = "2016",
month = "12",
day = "1",
doi = "10.1007/s10916-016-0621-3",
language = "English",
volume = "40",
journal = "Journal of Medical Systems",
issn = "0148-5598",
publisher = "Springer New York",
number = "12",

}

TY - JOUR

T1 - Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System

AU - Eom, Jieun

AU - Lee, Dong Hoon

AU - Lee, Kwangsu

PY - 2016/12/1

Y1 - 2016/12/1

N2 - In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient’s permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient’s perspective.

AB - In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient’s permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient’s perspective.

KW - Cloud computing

KW - Data privacy

KW - Electronic health records

KW - Patient control

UR - http://www.scopus.com/inward/record.url?scp=84990860384&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84990860384&partnerID=8YFLogxK

U2 - 10.1007/s10916-016-0621-3

DO - 10.1007/s10916-016-0621-3

M3 - Article

C2 - 27714562

AN - SCOPUS:84990860384

VL - 40

JO - Journal of Medical Systems

JF - Journal of Medical Systems

SN - 0148-5598

IS - 12

M1 - 253

ER -