This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price includes VAT (USA)
Tax calculation will be finalised during checkout.
van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: A review of the security and privacy related issues. Int. J. Med. Inform. 78(3):141–160, 2009.
David, T., Securing access to healthcare. Biom Technol Today 2011(2):10–11, 2011.
Krawczyk, S., and Jain, A. Securing electronic medical records using biometric authentication. Springer, 2005.
Toyoda, K., Standardization and security for the EMR. Int. J. Med. Inform. 48(1–3):57–60, 1998.
Ruotsalainen, P., and Manning, B., A notary archive model for secure preservation and distribution of electrically signed patient documents. Int. J. Med. Inform. 76(5–6):449–453, 2007.
Chang, I. C., Li, Y.-C., Wu, T.-Y., and Yen, D. C., Electronic medical record quality and its impact on user satisfaction — Healthcare providers’ point of view. Gov. Inf. Q. 29(2):235–242, 2012.
Beahan, S., In: Thomas, P. (Ed.), 10 - Legal Issues in Medical Records/Health Information Management, in Practical Guide to Clinical Computing Systems. Academic Press, New York, pp. 171–180, 2008.
Ting, D., Securing access to healthcare. Biom Technol Today 2011(2):10–11, 2011.
Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5–6):442–448, 2007.
Perera, G., Holbrook, A., Thabane, L., Foster, G., and Willison, D. J., Views on health information sharing and privacy from primary care practices using electronic medical records. Int. J. Med. Inform. 80(2):94–101, 2011.
Yang, C.-M., Lin, H.-C., Chang, P., and Jian, W.-S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Methods Prog. Biomed. 82(3):277–282, 2006.
Peleg, M., Beimel, D., Dori, D., and Denekamp, Y., Situation-based access control: Privacy management via modeling of patient data access scenarios. J. Biomed. Inform. 41(6):1028–1040, 2008.
Kurtz, G., EMR confidentiality and information security. J. Healthc. Inf. Manag.: JHIM 17(3):41–48, 2003.
Barrows, R. C., and Clayton, P. D., Privacy, confidentiality, and electronic medical records. J. Am. Med. Inf. Assoc. 3(2):139–148, 1996.
Likourezos, A., Chalfin, D. B., Murphy, D. G., Sommer, B., Darcy, K., and Davidson, S. J., Physician and nurse satisfaction with an Electronic Medical Record system. J. Emerg. Med. 27(4):419–424, 2004.
Lim, E. Y. S., In: David Dagan, F. (Ed.), 11 - Data Security and Protection for Medical Images, in Biomedical Information Technology. Academic Press, Burlington, pp. 249–257, 2008.
Mohan, J., and Razali Raja Yaacob, R., The Malaysian Telehealth Flagship Application: A national approach to health data protection and utilisation and consumer rights. Int. J. Med. Inform. 73(3):217–227, 2004.
Litoiu, M., Migrating to Web services - latency and scalability. in Web Site Evolution, 2002. Proceedings. Fourth International Workshop on. 2002.
Van de Velde, R., Framework for a clinical information system. Int. J. Med. Inform. 57(1):57–72, 2000.
Xue, Y., Liang, H., Wu, X., Gong, H., Li, B., and Zhang, Y., Effects of electronic medical record in a Chinese hospital: A time series study. Int. J. Med. Inform. 81(10):683–689, 2012.
Zimmerman, T. G., The case for electronic medical records—why the time to act is now. Osteopath. Fam. Physician 2(4):108–113, 2010.
Lucas, L., Partnering to enhance the nursing curriculum: Electronic medical record accessibility. Clin. Simul. Nurs. 6(3):e97–e102, 2010.
Rose, A. F., Schnipper, J. L., Park, E. R., Poon, E. G., Li, Q., and Middleton, B., Using qualitative studies to improve the usability of an EMR. J. Biomed. Inform. 38(1):51–60, 2005.
Hannan, T. J., Variation in health care—the roles of the electronic medical record. Int. J. Med. Inform. 54(2):127–136, 1999.
Mandl, K. D., Szolovits, P., Kohane, I. S., Markwell, D., and MacDonald, R., Public standards and patients’ control: how to keep electronic medical records accessible but privateMedical information: access and privacyDoctrines for developing electronic medical recordsDesirable characteristics of electronic medical recordsChallenges and limitations for electronic medical recordsConclusionsCommentary: Open approaches to electronic patient recordsCommentary: A patient’s viewpoint. Bmj 322(7281):283–287, 2001.
Ishida, Y., and Sakamoto, N., A secure model for communication of health care information by sub-division of information and multiplication of communication paths. Int. J. Med. Inform. 49(1):75, 1998.
Brandner, R., Van der Haak, M., Hartmann, M., Haux, R., and Schmucker, P., Electronic signature of medical documents-integration and evaluation of a public key infrastructure in hospitals. Methods Inf. Med. 41(4):321–330, 2002.
Beyer, A., Hellmann, S., Hesse, M., Holl, F. L., Morcinek, P., Paulus, S., Reimer, H., Dahms, M., Kausmann, K., and Friedrich-Meier S., Criteria for success of identification, authentication and signing methods based on asymmetric cryptographic algorithms (EKIAS). 2007.
Gottesman, D. and Lo, H. K., From quantum cheating to quantum security. Arxiv preprint quant-ph/0111100, 2001.
Boneh, D., Joux, A., and Nguyen, P. Q., Why Textbook ElGamal and RSA Encryption Are Insecure, in Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, Springer-Verlag. p. 30–43,2000.
Fournaris, A. P., and Koufopavlou, O., A new RSA encryption architecture and hardware implementation based on optimized Montgomery multiplication. in Circuits and Systems, 2005. ISCAS 2005. IEEE International Symposium on. 2005.
Robinson, S., Still guarding secrets after years of attacks, rsa earns accolades for its founders. SIAM News 36(5):1–4, 2003.
Lenstra, A. K., Recent developments in cryptography. Information Security Summit, p. 30–31, 2001.
Lenstra, A. K., and Verheul, E. R., Selecting cryptographic key sizes. J. Cryptol. 14(4):255–293, 2001.
Ganesan, R., Yaksha: augmenting Kerberos with public key cryptography. in Network and Distributed System Security, 1995., Proceedings of the Symposium on. 1995.
Pellegrini, A., Bertacco, V., and Austin, T., Fault-based attack of RSA authentication. 2010.
Song, R., and Korba, L., Scalability of Security Technologies on Multi-agent Applications, 2003.
Feldhofer, M., Dominikus, S., and Wolkerstorfer, J., Strong authentication for RFID systems using the AES algorithm. Cryptogr. Hardw. Embed. Syst.-CHES 2004:85–140, 2004.
Medani, A., Gani, A., Zakaria, O., Zaidan, A., and Zaidan, B., Review of mobile short message service security issues and techniques towards the solution. Sci. Res. Essays 6(6):1147–1165, 2011.
Xinmiao, Z., and Parhi, K. K., High-speed VLSI architectures for the AES algorithm. Very Large Scale Integration (VLSI) Systems. IEEE Trans. 12(9):957–967, 2004.
Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., and Bardouillet, M., PE-ICE: Parallelized Encryption and Integrity Checking Engine. in Design and Diagnostics of Electronic Circuits and systems, 2006 IEEE. 2006.
Vaslin, R., Gogniat, G., Diguet, J.-P., Tessier, R., and Burleson, W., Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory. in ReCoSoc proceeedings 2007. 2007.
Asenjo, J. C., The Advanced Encryption Standard–Implementation and Transition to a New Cryptographic Benchmark. Netw. Secur. 2002(7):7–9, 2002.
Bouhraoua, A., Design Feasibility Study For A 500 Gbits/s AES Cypher Decypher Engine. in Microelectronics, 2006. ICM '06. International Conference on. 2006.
Shen-Fu, H., Ming-Chih, C., and Chia-Shin, T., Memory-free low-cost designs of advanced encryption standard using common subexpression elimination for subfunctions in transformations. Circuits and Systems I: Regular Papers. IEEE Trans. 53(3):615–626, 2006.
Chih-Chung, L. and Shau-Yin, T., Integrated design of AES (Advanced Encryption Standard) encrypter and decrypter. in Application-Specific Systems, Architectures and Processors, 2002. Proceedings. The IEEE International Conference on. 2002.
Itani, W., and Kayssi, A., J2ME application-layer end-to-end security for m-commerce. J. Netw. Comput. Appl. 27(1):13–32, 2004.
Eastlake, D. and Jones, P., Network Working Group D. Eastlake, 3rd Request for Comments: 3174 Motorola Category: Informational P. Jones Cisco Systems September 2001. 2001. RFC 3174.
Quinlan, S. and Dorward, S., Venti: a new approach to archival storage. 2002.
Madson, C. and Glenn, R., The use of HMAC-MD5-96 within ESP and AH. 1998.
Stoica, I., Morris, R., Karger, D., Kaashoek, M. F., and Balakrishnan, H., Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev. 31(4):149–160, 2001.
Xiao, D., Liao, X., and Deng, S., One-way Hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons Fractals 24(1):65–71, 2005.
Mao-Yin, W., Chih-Pin, S., Chih-Tsun, H., and Cheng-Wen, W., An HMAC processor with integrated SHA-1 and MD5 algorithms. in Design Automation Conference, 2004. Proceedings of the ASP-DAC 2004. Asia and South Pacific. 2004.
Traw, C. B. S., and Aucsmith, D. W., Content protection for transmission systems, Google Patents, 1999.
Michail, H. E., Kakarountas, A. P., Milidonis, A., and Goutis, C. E., Efficient implementation of the keyed-hash message authentication code (HMAC) using the SHA-1 hash function. in Electronics, Circuits and Systems, 2004. ICECS 2004. Proceedings of the 2004 11th IEEE International Conference on. 2004.
Siddiqui, B., Exploring XML Encryption, Part 1. IBM developerWorks, 2002. 3.
Mukkamala, R., and Balusani, S., Active certificates: a new paradigm in digital certificate management. in Parallel Processing Workshops, 2002. Proceedings. International Conference on. 2002.
Simon, E., Madsen, P., and Adams, C., XML Digital Signature. 2001.
Avila-Campillo, I., Green, T. J., Gupta, A., Onizuka, M., Raven, D., and Suciu, D., XMLTK: An XML toolkit for scalable XML stream processing. 2002.
McGregor, C., Purdy, M., and Kneale, B., Compression of XML physiological data streams to support neonatal intensive care unit Web services. in e-Technology, e-Commerce and e-Service, 2005. EEE '05. Proceedings. The 2005 I.E. International Conference on. 2005.
Pal, S., Cseri, I., Seeliger, O., Schaller, G., Giakoumakis, L., and Zolotov, V., Indexing XML data stored in a relational database. 2004. VLDB Endowment.
Chester, T. M., Cross-platform integration with XML and SOAP. IT Prof. 3(5):26–34, 2001.
Achard, F., Vaysseix, G., and Barillot, E., XML, bioinformatics and data integration. Bioinformatics 17(2):115, 2001.
Bagnasco, A., Chirico, M., and Scapolla, A. M., XML technologies to design didactical distributed measurement laboratories. in Instrumentation and Measurement Technology Conference, 2002. IMTC/2002. Proceedings of the 19th IEEE. 2002.
Kreger, H., Fulfilling the Web services promise. Commun. ACM, 2003. 46(6): p. 29–ff.
Jia, Z., and Jen-Yao, C., A SOAP-oriented component-based framework supporting device-independent multimedia Web services. in Multimedia Software Engineering, 2002. Proceedings. Fourth International Symposium on. 2002.
Chiu, K., Govindaraju, M., and Bramley, R., Investigating the limits of SOAP performance for scientific computing. in High Performance Distributed Computing, 2002. HPDC-11 2002. Proceedings. 11th IEEE International Symposium on. 2002.
Brown, A., Fox, B., Hada, S., LaMacchia, B., and Maruyama, H., SOAP security extensions: Digital signature. W3C Note, 2001.
Curbera, F., Duftler, M., Khalaf, R., Nagy, W., Mukhi, N., and Weerawarana, S., Unraveling the Web services web: An introduction to SOAP, WSDL, and UDDI. Internet Comput. IEEE 6(2):86–93, 2002.
Kagal, L., Finin, T., Paolucci, M., Navcen, S., Sycara, K., and Denker, G., Authorization and privacy for semantic Web services. Intell. Syst. IEEE 19(4):50–56, 2004.
Ping, Z., Zhiyong, L., Tao, Q., and Xinxing, J., Research based on XML/SOAP BACnet and internet integration technology. in Intelligent Computing and Integrated Systems (ICISS), 2010 International Conference on. 2010.
Ostrand, T., White-Box Testing. Encyclopedia of Software Engineering, 2002.
Tonella, P. and Ricca, F., A 2-layer model for the white-box testing of Web applications. in Web Site Evolution, 2004. WSE 2004. Proceedings. Sixth IEEE International Workshop on. 2004.
Tonella, P., and Ricca, F., Statistical testing of Web applications. J. Softw. Maint. Evol. Res. Pract. 16(1–2):103–127, 2004.
Yu, Y.-C., and Hou, T.-W., Utilize common criteria methodology for secure ubiquitous healthcare environment. J. Med. Syst. 36(3):1689–1696, 2012.
Touati, F., and Tabish, R., U-Healthcare System: State-of-the-Art Review and Challenges. J. Med. Syst. 37(3):1–20, 2013.
Nikooghadam, M., and Zakerolhosseini, A., Secure communication of medical information using mobile agents. J. Med. Syst. 36(6):3839–3850, 2012.
Wu, Z.-Y., Chen, L., and Wu, J.-C., A Reliable RFID Mutual Authentication Scheme for Healthcare Environments. J. Med. Syst. 37(2):1–9, 2013.
Hsu, C.-L., and Lu, C.-F., A Security and Privacy Preserving E-Prescription System Based on Smart Cards. J. Med. Syst. 36(6):3637–3647, 2012.
Chen, H.-M., Lo, J.-W., and Yeh, C.-K., An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. J. Med. Syst. 36(6):3907–3915, 2012.
Wu, S., Chen, K., and Zhu, Y., A Secure Lightweight RFID Binding Proof Protocol for Medication Errors and Patient Safety. J. Med. Syst. 36(5):2743–2749, 2012.
Lee, T.-F., and Liu, C.-M., A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J. Med. Syst. 37(3):1–8, 2013.
Khan, M., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.
Rubio, Ó.J., Alesanco, Á., and García, J., A robust and simple security extension for the medical standard SCP-ECG. J. Biomed. Inf., (0).
Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76(5):491, 2007.
Blobel, B., Nordberg, R., Davis, J. M., and Pharow, P., Modelling privilege management and access control. Int. J. Med. Inform. 75(8):597–623, 2006.
Lekkas, D., Gritzalis, S., and Katsikas, S., Quality assured trusted third parties for deploying secure internet-based healthcare applications. Int. J. Med. Inform. 65(2):79–96, 2002.
Smith, E., and Eloff, J., Security in health-care information systems—current trends. Int. J. Med. Inform. 54(1):39–54, 1999.
Moehr, J., and McDaniel, J., Adoption of security and confidentiality features in an operational community health information network: the Comox Valley experience—case example. Int. J. Med. Inform. 49(1):81–87, 1998.
Blobel, B., Pharow, P., Spiegel, V., Engel, K., and Engelbrecht, R., Securing interoperability between chip card based medical information systems and health networks. Int. J. Med. Inform. 64(2–3):401–415, 2001.
Chen, K., Chang, Y.-C., and Wang, D.-W., Aspect-oriented design and implementation of adaptable access control for Electronic Medical Records. Int. J. Med. Inform. 79(3):181–203, 2010.
Liu, D., Wang, X., Pan, F., Xu, Y., Yang, P., and Rao, K., Web-based infectious disease reporting using XML forms. Int. J. Med. Inform. 77(9):630, 2008.
Schweiger, R., Brumhard, M., Hoelzer, S., and Dudeck, J., Implementing health care systems using XML standards. Int. J. Med. Inform. 74(2–4):267–277, 2005.
Ruotsalainen, P., A cross-platform model for secure Electronic Health Record communication. Int. J. Med. Inform. 73(3):291–296, 2004.
Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inform. 73(3):305–310, 2004.
Rassinoux, A. M., Lovis, C., Baud, R., and Geissbuhler, A., XML as standard for communicating in a document-based electronic patient record: a 3 years experiment. Int. J. Med. Inform. 70(2–3):109–115, 2003.
Stalidis, G., Prentza, A., Vlachos, I. N., Maglavera, S., and Koutsouris, D., Medical support system for continuation of care based on XML web technology. Int. J. Med. Inform. 64(2):385–400, 2001.
Papadakis, I., Chrissikopoulos, V., and Polemi, D., Secure medical digital libraries. Int. J. Med. Inform. 64(2–3):417–428, 2001.
Norifusa, M., Internet security: Difficulties and solutions. Int. J. Med. Inform. 49(1):69, 1998.
This Research has been partially funded from high impact research unite (HIR) at University of Malaya, under grant number UM.C/HIR/MOHE/FCSIT/12. A special thank goes to Multimedia University and Sunway University for providing several researches facilities, important recourses and providing experts consultations to improve this work.
An erratum to this article is available at http://dx.doi.org/10.1007/s10916-015-0189-3.
About this article
Cite this article
Kiah, M.L.M., Nabi, M.S., Zaidan, B.B. et al. An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1. J Med Syst 37, 9971 (2013). https://doi.org/10.1007/s10916-013-9971-2
- EMR security