Advertisement

Journal of Medical Systems

, 39:165 | Cite as

Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing

  • H. O. Alanazi
  • A. A. ZaidanEmail author
  • B. B. Zaidan
  • M. L. Mat Kiah
  • S. H. Al-Bakri
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Systems-Level Quality Improvement

Abstract

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Keywords

Electronic medical records Security Confidentiality Privacy Cryptography 

Abbreviations

EMR

Electronic medical record

PKI

Public key infrastructure

Tpass

Temporary password

IEm

Inside encrypted message

Cpass

Customized password

OEm

Outside encrypted message

Spub

Server public key

Notes

Acknowledgments

This research has been funded from University Malaya High Impact Research (HIR) Grant, under Grant No. UM.C/HIR/MOHE/FCSIT/12. The authors would like to acknowledge Universiti Pendidikan Sultan Idris and University Technology Malaysia for providing several researches facilities and important resources as well as for providing expert consultations to improve this work.

References

  1. 1.
    Simon, S. R., Evans, J. S., Benjamin, A., Delano, D., and Bates, D. W., Patients’ attitudes toward electronic health information exchange: Qualitative study. J. Med. Internet. Res. 11(3):e30, 2009.CrossRefGoogle Scholar
  2. 2.
    Horan, T. A., Botts, N. E., and Burkhard, R. J., A multidimensional view of personal health systems for underserved populations. J. Med. Internet. Res. 12(3):e32, 2010.CrossRefGoogle Scholar
  3. 3.
    Thompson, L. A., Black, E., Duff, W. P., Paradise Black, N., Saliba, H., and Dawson, K., Protected health information on social networking sites: Ethical and legal considerations. J. Med. Internet. Res. 13(1):954–957, 2011.CrossRefGoogle Scholar
  4. 4.
    Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74(2–4):279–287, 2005.CrossRefGoogle Scholar
  5. 5.
    Jarvis K, NTRU over the Eisenstein Integers. 2011. Carleton University. URL: http://www.ruor.uottawa.ca/en/handle/10393/19862 [accessed 2012-04-24]
  6. 6.
    Stebila D, Mosca M, Lütkenhaus N. The case for quantum key distribution. Quantum Communication and Quantum Networking, 2010: 283–296. URL: http://arxiv.org/abs/0902.2839 [accessed 2012-04-25]
  7. 7.
    Dick RS, Steen EB. The computer-based patient record: an essential technology for health care. 1991: Natl Academy Pr. URL: http://www.nap.edu/openbook.php?record_id=5306 [accessed 2012-04-27]
  8. 8.
    Alanazi, H. O., Jalab, H. A., Alam, G. M., Zaidan, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res 4(19):2059–2074, 2010. http://www.academicjournals.org/jmpr/abstracts/abstracts/abstracts2010/4%20oct/Alanazi%20et%20al.htm [accessed 2012-05-25].Google Scholar
  9. 9.
    Brandner, R., Haak, V. D., Hartmann, M., Haux, R., and Schmucker, P., Electronic signature of medical documents—integration and evaluation of a public key infrastructure in hospitals. MethodsInf Med Methodik Inf Med 41(4):321–330, 2002.Google Scholar
  10. 10.
    Pharow, P., and Blobel, B., Security infrastructure services for electronic archives and electronic health records. Stud Health Technol Inf 103:434–440, 2004.Google Scholar
  11. 11.
    Beyer A, Hellmann S, Hesse M, Holl F, Morcinek P, Paulus S, Reimer H. Criteria for success of identification, authentication and signing methods based on asymmetric cryptographic algorithms (EKIAS) 2007. URL: http://www.security-management.de/de/publikationen/EKIAS-Studie_engl_Download.pdf [accessed 2012-05-24]
  12. 12.
    Winslade, W. J., Confidentiality of medical records: An overview of concepts and legal policies. J. Legal Med. 3(4):497–533, 1982.  10.1080/01947648209513364 [accessed 2012-05-24].CrossRefGoogle Scholar
  13. 13.
    Judi, H. M., Razak, A. A., Sha’ari, N., and Mohamed, H., Feasibility and critical success factors in implementing telemedicine. Inf. Technol. J. 8(3):326–32, 2009. http://scialert.net/fulltext/?doi=itj.2009.326.332 [accessed 2012-06-24].CrossRefGoogle Scholar
  14. 14.
    Bonander, J., and Gates, J., Public health in an era of personal health records: Opportunities for innovation and new partnerships. J. Med. Internet. Res. 12(3):e33, 2010.CrossRefGoogle Scholar
  15. 15.
    Gorini, A., Gaggioli, A., Vigna, C., and Riva, G., A second life for eHealth: Prospects for the use of 3-D virtual worlds in clinical psychology. J. Med. Internet. Res. 10(3):e21, 2008.CrossRefGoogle Scholar
  16. 16.
    Lin, C. F., Lu, M. S., Chung, C. C., and Ming, C., The establishment of an ethical guideline for genetic testing through citizen consensus via the internet in Taiwan. J. Med. Internet. Res. 12(4):e47, 2010.CrossRefGoogle Scholar
  17. 17.
    Riper, H., Andersson, G., Christensen, H., Cuijpers, P., Lange, A., and Eysenbach, G., Theme issue on e-mental health: A growing field in internet research. J. Med. Internet. Res. 12(5):e74, 2010.CrossRefGoogle Scholar
  18. 18.
    Weitzman, E. R., Kaci, L., and Mandl, K. D., Acceptability of a personally controlled health record in a community-based setting: Implications for policy and design. J. Med. Internet. Res. 11(2):e14, 2009.CrossRefGoogle Scholar
  19. 19.
    O’Grady, L., Witteman, H., Bender, J. L., Urowitz, S., Wiljer, D., and Jadad, A. R., Measuring the impact of a moving target: Towards a dynamic framework for evaluating collaborative adaptive interactive technologies. J. Med. Internet. Res. 11(2):e20, 2009.CrossRefGoogle Scholar
  20. 20.
    Fernandez-Luque, L., Karlsen, R., and Bonander, J., Review of extracting information from the social web for health personalization. J. Med. Internet. Res. 13(1):e15, 2011.CrossRefGoogle Scholar
  21. 21.
    Jones, R., Sharkey, S., Smithson, J., Ford, T., Emmens, T., Hewis, E., Sheaves, B., and Owens, C., Using metrics to describe the participative stances of members within discussion forums. J. Med. Internet. Res. 13(1):e3, 2011.CrossRefGoogle Scholar
  22. 22.
    Holländare, F., Andersson, G., and Engström, I., A comparison of psychometric properties between internet and paper versions of two depression instruments (BDI-II and MADRS-S) administered to clinic patients. J. Med. Internet. Res. 12(5):e49, 2010.CrossRefGoogle Scholar
  23. 23.
    Alanizi, H. O., Mat Kiah, M. L., Zaidan, A. A., Zaidan, B. B., and Alam, G. H., Secure topology for electronic medical record transmissions. Int. J. Pharmacol. 6(6):954–958, 2010. http://scialert.net/fulltext/?doi=ijp.2010.954.958&org=11 [accessed 2012-03-24].CrossRefGoogle Scholar
  24. 24.
    El Emam K, Jonker E, Sampson M, Krleza-Jeric K, Neisa A. The use of electronic data capture tools in clinical trials: Web-survey of 259 Canadian trials. Journal of medical Internet research, 2009. 11(1). [CrossRef]Google Scholar
  25. 25.
    Wiljer, D., Urowitz, Apatu, E., Dellenardo, C., Eysenbach, G., Harth, T., Pai, H., and Leonard, K. J., Patient accessible electronic health records: Exploring recommendations for successful implementation strategies. J. Med. Internet. Res. 10(4):e34, 2008.CrossRefGoogle Scholar
  26. 26.
    Powell, J., Inglis, N., Ronnie, J., and Large, S., The characteristics and motivations of online health information seekers: Cross-sectional survey and qualitative interview study. J Med Internet Res 13(1):e20, 2011.CrossRefGoogle Scholar
  27. 27.
    Lindquist, A. M., Johansson, P. E., Petersson, G. I., Saveman, B. I., and Nilsson, G. C., The use of the personal digital assistant (PDA) among personnel and students in health care: A review. J Med Internet Res 10(4):e31, 2008.CrossRefGoogle Scholar
  28. 28.
    Brooks, R. G., and Menachemi, N., Physicians’ use of email with patients: Factors influencing electronic communication and adherence to best practices. J Med Internet Res 8(1):e2, 2006.CrossRefGoogle Scholar
  29. 29.
    Rind, D. M., Kohane, I. S., Szolovits, P., Safran, C., Chueh, H. C., and Barnett, G. O., Maintaining the confidentiality of medical records shared over the Internet and the World Wide Web. Ann. Intern. Med. 127(2):138–141, 1997.CrossRefGoogle Scholar
  30. 30.
    de Meyer, F., Lundgren, P. A., de Moor, G., Fiers, T., et al., Determination of user requirements for the secure communication of electronic medical record information. Int. J. Med. Inform. 49(1):125–130, 1998.CrossRefGoogle Scholar
  31. 31.
    Epstein, M. A., Pasieka, M. S., Lord, W. P., and Mankovich, N. J., Security for the digital information age of medicine: Issues, applications, and implementation. J. Digit. Imaging 11(1):33–44, 1998.CrossRefGoogle Scholar
  32. 32.
    O’Brien, D. G., and Yasnoff, W. A., Privacy, confidentiality, and security in information systems of state health agencies. Am. J. Prev. Med. 16(4):351–358, 1999.CrossRefGoogle Scholar
  33. 33.
    Anderson, J. G., Security of the distributed electronic patient record: A case-based approach to identifying policy issues. Int. J. Med. Inform. 60(2):111–118, 2000.CrossRefGoogle Scholar
  34. 34.
    Ferreira A, Correia R, Antunes L, Palhares E, Marques P, Costa P, Pereira ADC. Integrity for electronic patient record reports. 2004: IEEE. URL: http://www.computer.org/portal/web/csdl/abs/proceedings/cbms/2004/2104/00/21040004abs.htm [accessed 2012-05-22]
  35. 35.
    Stepnowsky, C., Palau, J., Marler, M., and Gifford, A., Pilot randomized trial of the effect of wireless telemonitoring on compliance and treatment efficacy in obstructive sleep apnea. J Med Internet Res 9(2):e14, 2007.Google Scholar
  36. 36.
    El Emam, K., Moreau, K., and Jonker, E., How strong are passwords used to protect personal health information in clinical trials. J Med Internet Res 13(1):e18, 2011.CrossRefGoogle Scholar
  37. 37.
    Bonet M, Pitassi T, Raz R, No Feasible Interpolation for TC. 1997 URL: http://citeseerx.ist.psu.edu/viewdoc/summary;jsessionid=EF0B3B7D858A1C6E33FCB6C9EC634906?doi=10.1.1.36.1819 [accessed 2012-05-18]
  38. 38.
    Kurosawa K, Okada K, Tsujii S. Low exponent attack against elliptic curve RSA. Advances in Cryptology—ASIACRYPT’94, 1994: p. 376–383 URL: http://www.iacr.org/cryptodb/data/paper.php?pubkey=293 [accessed 2012-04-18]
  39. 39.
    Lei F, Chen W, Chen K. Improvement of Adaptive Threshold RSA. EC2ND 2005–2006, Section III:, 157–164, DOI:  10.1007/1-84628-352-3_16 URL: http://www.springerlink.com/content/v452076185267t28/ [accessed 2012-05-18]
  40. 40.
    Saxena N. Public key cryptography sans certificates in ad hoc networks. Springer, 2006 URL: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.77.6956 [accessed 2012-05-06]
  41. 41.
    kolodziejczyk L, Thapen N. The polynomial and linear hierarchies in models where the weak pigeonhole principle fails, 2006. URL: http://www.math.cas.cz/~thapen/lintime.pdf [accessed 2012-05-18]
  42. 42.
    Guan D. Introduction to Security Proof of Cryptosystems. 2007 URL: http://guan.cse.nsysu.edu.tw/note/provable.pdf [accessed 2012-05-19]
  43. 43.
    Tartary C. Authentication for Multicast Communication. Macquarie University, 2007. URL: http://itcs.tsinghua.edu.cn/~ctartary/Thesis_Christophe_Tartary.pdf [accessed 2012-05-22]
  44. 44.
    Maitra S, Sarkar S. Revisiting Wiener’s attack–new weak keys in RSA. Information Security, 2008: p. 228–243. URL: http://www.iacr.org/cryptodb/data/paper.php?pubkey=17905 [accessed 2012-05-17]
  45. 45.
    Schridde C, Smith M, Freisleben B. TrueIP: prevention of IP spoofing attacks using identity-based cryptography. 2009: ACM URL: http://arnetminer.org/publication/trueip-prevention-of-ip-spoofing-attacks-using-identity-based-cryptography-1264749.html [accessed 2012-05-16]
  46. 46.
    Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5–6):442–448, 2007.CrossRefGoogle Scholar
  47. 47.
    Bos, J., Digital signatures and the electronic health records: Providing legal and security guarantees. Int. J. Biomed. Comput. 42(1–2):157–163, 1996.CrossRefGoogle Scholar
  48. 48.
    Blobel, B., and Roger-France, F., A systematic approach for analysis and design of secure health information systems. Int. J. Med. Inform. 62(1):51–78, 2001.CrossRefGoogle Scholar
  49. 49.
    Smith, J. P., Authentication of digital medical images with digital signature technology. Radiology 194(3):771–774, 1995.CrossRefGoogle Scholar
  50. 50.
    Janbandhu, P., and Siyal, M., Novel biometric digital signatures for Internet-based applications. Inf Manag Comput Secur 9(5):205–212, 2001. http://www.emeraldinsight.com/journals.htm?articleid=862802 [accessed 2012-05-16].Google Scholar
  51. 51.
    Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records. IJCSNS 9(1):1, 2009. http://paper.ijcsns.org/07_book/200901/20090101.pdf [accessed 2012-05-25].Google Scholar
  52. 52.
    Cipresso, P., Gaggioli, A., Serino, S., Cipresso, S., and Riva, G., How to create memorizable and strong passwords. J Med Internet Res 14(1):e10, 2012. http://www.jmir.org/2012/1/e10/.CrossRefGoogle Scholar
  53. 53.
    Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRefGoogle Scholar
  54. 54.
    Wu, Z. Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y.-F., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRefGoogle Scholar
  55. 55.
    Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.CrossRefGoogle Scholar
  56. 56.
    Lee, T.-F., and Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):9933, 2013.CrossRefGoogle Scholar
  57. 57.
    He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRefGoogle Scholar
  58. 58.
    Das, A. K., and Goswami, A., A secure and efficient uniqueness and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.CrossRefGoogle Scholar
  59. 59.
    Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.CrossRefGoogle Scholar
  60. 60.
    Ashok Kumar, D., Bezawada Bruhadeshwar, An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System. J. Med. Syst 37(4):1–17, 2013.Google Scholar
  61. 61.
    Kiah, M. L., Nabi, M. S., Zaidan, B. B., and Zaidan, A. A., An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1. J. Med. Syst. 37(5):1–18, 2013.CrossRefGoogle Scholar
  62. 62.
    Li, Y.-C., Hung, M.-C., Hsiao, S.-J., Tsai, K.-D., and Chang, M.-M., an assessment of patient safety in acupuncture process under EMR support. J. Med. Syst. 35(6):1447–1453, 2011. 1,789 KB.CrossRefGoogle Scholar
  63. 63.
    Ullah, S., and Alamri, A., A secure RFID-based WBAN for healthcare applications. J. Med. Syst. 37(5):1–9, 2013.CrossRefGoogle Scholar
  64. 64.
    Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–6, 2013.zbMATHGoogle Scholar
  65. 65.
    Lee, T. F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):9985, 2013.CrossRefGoogle Scholar
  66. 66.
    Hsu, C.-L., Lee, M.-R., and Su, C.-H., The role of privacy protection in healthcare information systems adoption. J. Med. Syst. 37:9966, 2013.CrossRefGoogle Scholar
  67. 67.
    Zaidan, B. B., Zaidan, A. A., and Mat Kiah, M. L., Impact of data privacy and confidentiality on developing telemedicine applications: A review participates opinion and expert concerns. Int. J. Pharmacol. 7(3):382–387, 2011.CrossRefGoogle Scholar
  68. 68.
    Nabi, M. S. A., Mat Kiah, M. L., Zaidan, B. B., Zaidan, A. A., and Alam, G. M., Suitability of using SOAP protocol to secure electronicmedical record databases transmission. Int. J. Pharmacol. 6(6):959–964, 2010.CrossRefGoogle Scholar
  69. 69.
    Hamdan, O., Alanazi, H. A., Jalab, G. M., Alam, B. B., and Zaidan, A. A., Securing electronic medical records transmissionsover unsecured communications: An overview for bettermedical governance. J. Med. Plant Res. 4(19):2059–2074, 2010.Google Scholar
  70. 70.
    Kiah, M. L. M., Al-Bakri, S. H., Zaidan, A. A., Zaidan, B. B., and Hussain, M., Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture. J. Med. Syst. 38(10):1–11, 2014.Google Scholar
  71. 71.
    Kiah, M. L. M., Haiqi, A., Zaidan, B. B., and Zaidan, A. A., Open source EMR software: Profiling, insights and hands-on analysis. Computer methods and programs in biomedicine 117(Issue 2):360–382, 2014.CrossRefGoogle Scholar
  72. 72.
    Kiah, M. L. M., Zaidan, B. B., Zaidan, A. A., Nabi, M., and Ibraheem, R., MIRASS: medical informatics research activity support system using information mashup network. J. Med. Syst. 38(4):1–15, 2014.CrossRefGoogle Scholar
  73. 73.
    Mohamed S Nabi, ML Mat Kiah, A.A.Zaidan, B.B.Zaidan, Suitability of adopting S/MIME and OpenPGP email messages protocol to secure electronic medical records, Second International Conference on Future Generation Communication Technology (FGCT), 93–97, 2013Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • H. O. Alanazi
    • 3
  • A. A. Zaidan
    • 2
    Email author
  • B. B. Zaidan
    • 1
  • M. L. Mat Kiah
    • 1
  • S. H. Al-Bakri
    • 3
  1. 1.Faculty of Computer Science and Information TechnologyUniversity of MalayaKuala LumpurMalaysia
  2. 2.Department of Computing, Faculty of Arts, Computing and Creative IndustryUniversiti Pendidikan Sultan IdrisTanjong MalimMalaysia
  3. 3.Faculty of Computer Science and Information SystemUniversity of Technology MalaysiaSkudaiMalaysia

Personalised recommendations