Privacy-preserving Attribute-based Access Control Model for XML-based Electronic Health Record System

Kwangsoo Seol, Young Gab Kim, Euijong Lee, Young Duk Seo, Doo Kwon Baik

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems may introduce additional security threats when compared to existing singular systems. Thus, patients may experience exposure of private data that they do not wish to disclose. In order to protect the privacy of patients, many approaches have been proposed to provide access control to patient documents when providing health services. However, most current systems do not support fine-grained access control or take into account additional security factors such as encryption and digital signatures. In this paper, we propose a cloud-based EHR model that performs attribute-based access control using extensible access control markup language. Our EHR model, focused on security, performs partial encryption and uses electronic signatures when a patient document is sent to a document requester. We use XML encryption and XML digital signature technology. Our proposed model works efficiently by sending only the necessary information to requesters who are authorized to treat the patient in question.

Original languageEnglish
JournalIEEE Access
DOIs
Publication statusAccepted/In press - 2018 Feb 2

Fingerprint

Access control
XML
Health
Cryptography
Electronic document identification systems
Markup languages

Keywords

  • Access control
  • Access Control
  • Biomedical imaging
  • Data Privacy
  • Digital Signature
  • Encryption
  • Encryption
  • Medical services
  • Privacy
  • Standards

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

Privacy-preserving Attribute-based Access Control Model for XML-based Electronic Health Record System. / Seol, Kwangsoo; Kim, Young Gab; Lee, Euijong; Seo, Young Duk; Baik, Doo Kwon.

In: IEEE Access, 02.02.2018.

Research output: Contribution to journalArticle

@article{0c18d86eb4df4481b6935335359f83d2,
title = "Privacy-preserving Attribute-based Access Control Model for XML-based Electronic Health Record System",
abstract = "Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems may introduce additional security threats when compared to existing singular systems. Thus, patients may experience exposure of private data that they do not wish to disclose. In order to protect the privacy of patients, many approaches have been proposed to provide access control to patient documents when providing health services. However, most current systems do not support fine-grained access control or take into account additional security factors such as encryption and digital signatures. In this paper, we propose a cloud-based EHR model that performs attribute-based access control using extensible access control markup language. Our EHR model, focused on security, performs partial encryption and uses electronic signatures when a patient document is sent to a document requester. We use XML encryption and XML digital signature technology. Our proposed model works efficiently by sending only the necessary information to requesters who are authorized to treat the patient in question.",
keywords = "Access control, Access Control, Biomedical imaging, Data Privacy, Digital Signature, Encryption, Encryption, Medical services, Privacy, Standards",
author = "Kwangsoo Seol and Kim, {Young Gab} and Euijong Lee and Seo, {Young Duk} and Baik, {Doo Kwon}",
year = "2018",
month = "2",
day = "2",
doi = "10.1109/ACCESS.2018.2800288",
language = "English",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Privacy-preserving Attribute-based Access Control Model for XML-based Electronic Health Record System

AU - Seol, Kwangsoo

AU - Kim, Young Gab

AU - Lee, Euijong

AU - Seo, Young Duk

AU - Baik, Doo Kwon

PY - 2018/2/2

Y1 - 2018/2/2

N2 - Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems may introduce additional security threats when compared to existing singular systems. Thus, patients may experience exposure of private data that they do not wish to disclose. In order to protect the privacy of patients, many approaches have been proposed to provide access control to patient documents when providing health services. However, most current systems do not support fine-grained access control or take into account additional security factors such as encryption and digital signatures. In this paper, we propose a cloud-based EHR model that performs attribute-based access control using extensible access control markup language. Our EHR model, focused on security, performs partial encryption and uses electronic signatures when a patient document is sent to a document requester. We use XML encryption and XML digital signature technology. Our proposed model works efficiently by sending only the necessary information to requesters who are authorized to treat the patient in question.

AB - Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems may introduce additional security threats when compared to existing singular systems. Thus, patients may experience exposure of private data that they do not wish to disclose. In order to protect the privacy of patients, many approaches have been proposed to provide access control to patient documents when providing health services. However, most current systems do not support fine-grained access control or take into account additional security factors such as encryption and digital signatures. In this paper, we propose a cloud-based EHR model that performs attribute-based access control using extensible access control markup language. Our EHR model, focused on security, performs partial encryption and uses electronic signatures when a patient document is sent to a document requester. We use XML encryption and XML digital signature technology. Our proposed model works efficiently by sending only the necessary information to requesters who are authorized to treat the patient in question.

KW - Access control

KW - Access Control

KW - Biomedical imaging

KW - Data Privacy

KW - Digital Signature

KW - Encryption

KW - Encryption

KW - Medical services

KW - Privacy

KW - Standards

UR - http://www.scopus.com/inward/record.url?scp=85041661541&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041661541&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2800288

DO - 10.1109/ACCESS.2018.2800288

M3 - Article

AN - SCOPUS:85041661541

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -