Security and Privacy Issues in Outsourced Personal Health Record

  • Naveen Kumar
  • Anish Mathuria


E-health effectively uses information and communications technology to support health-related services for its users.


  1. 1.
    Gunter, T. D., & Terry, N. P. (2005). The emergence of national electronic health record architectures in the united states and australia: Models, costs, and questions. Journal of Medical Internet Research, 7, 1.CrossRefGoogle Scholar
  2. 2.
    Kaelber, D. C., Jha, A. K., Johnston, D., Middleton, B., & Bates, D. W. (2008). A research agenda for personal health records (phrs). JAMIA, 15(6), 729–736.Google Scholar
  3. 3.
    Liu, L. S., Shih, P. C., & Hayes, G. R. (2011). Barriers to the adoption and use of personal health record systems. In Proceedings of the 2011 iConference, iConference ’11 (pp. 363–370), New York, NY, USA, 2011. ACM.Google Scholar
  4. 4.
    Tang, P. C., & Lansky, D. (2005). The missing link: Bridging the patient?provider health information gap. Health Aff (Millwood), 24(5), 1290–1295.CrossRefGoogle Scholar
  5. 5.
  6. 6.
  7. 7.
    Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., & Sands, D. Z. (2006). Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. JAMIA, 13(2), 121–126.Google Scholar
  8. 8.
    Lindenthal, J. J., & Thomas, C. S. (1982). Psychiatrists, the public, and confidentiality. The Journal of Nervous and Mental Disease, 170(6), 319–23.CrossRefGoogle Scholar
  9. 9.
    Li, M., Yu, S., Lou, W., & Ren, K. (2010). Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In SecureComm (pp. 89–106).Google Scholar
  10. 10.
    Kumar, N., Mathuria, A., & Das, M. L. (2015). Achieving forward secrecy and unlinkability in cloud-based personal health record system. In 2015 IEEE TrustCom/BigDataSE/ISPA, Helsinki, Finland, 20–22 Aug. 2015 (Vol. 1, pp. 1249–1254).Google Scholar
  11. 11.
    Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., & Müller, G. (2011). Aspects of privacy for electronic health records. International Journal of Medical Informatics, 80(2), e26–e31.CrossRefGoogle Scholar
  12. 12.
    Pfitzmann, A., & Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Retrieved Aug. 2010 from v0.34.
  13. 13.
    Safran, C., Bloomrosen, M., Hammond, W. E., Labkoff, S. E., Markel-Fox, S., Tang, P. C., et al. (2007). White paper: Toward a national framework for the secondary use of health data: An american medical informatics association white paper. JAMIA, 14(1), 1–9.Google Scholar
  14. 14.
    Break-glass—An approach to granting access to healthcare systems. Joint security and privacy committee nema/cocir/jira, international medical informatics. Retrieved from
  15. 15.
    Mashima, D., & Ahamad, M. (2012). Enabling robust information accountability in e-healthcare systems. In 3rd USENIX Workshop on Health Security and Privacy, HealthSec’12, Bellevue, WA, USA, 6–7 Aug 2012.Google Scholar
  16. 16.
    Foundation, M. Connecting for health. The personal health working group final report.Google Scholar
  17. 17.
    Law, U. P. (1996). Health insurance portability and accountability act of 1996. In 104th Congress (pp. 104–191).Google Scholar
  18. 18.
    Szolovits, P., Doyle, J., Long, W. J., Kohane, I., & Pauker, S. G. (1994). Guardian angel: Patient-centered health information systems, Technical report, Cambridge, MA, USA.Google Scholar
  19. 19.
    Mandl, K. D., Simons, W. W., Crawford, W. C. R., & Abbett, J. M. (2007). Indivo: a personally controlled health record for health information exchange and communication. BMC Medical Informatics and Decision Making, 7, 25.CrossRefGoogle Scholar
  20. 20.
    Chen, Y.-Y., Lu, J.-C., & ke Jan, J. (2012). A secure EHR system based on hybrid clouds. Journal of Medical Systems 36(5), 3375–3384.Google Scholar
  21. 21.
    Hu, J., Chen, H.-H., & Hou, T.-W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards and Interfaces, 32(5–6), 274–280.CrossRefGoogle Scholar
  22. 22.
    Huang, H.-F., & Liu, K.-C. (2011). Efficient key management for preserving HIPAA regulations. Journal of Systems and Software, 84(1), 113–119.CrossRefGoogle Scholar
  23. 23.
    Lee, W.-B., & Lee, C.-D. (2008). A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine, 12(1), 34–41.CrossRefGoogle Scholar
  24. 24.
    Lee, W.-B., Lee, C.-D., & Ho, K. I.-J. (2014). A HIPAA-compliant key management scheme with revocation of authorization. Computer Methods and Programs in Biomedicine, 113(3), 809–814.CrossRefGoogle Scholar
  25. 25.
    Yu, W. D., & Chekhanovskiy, M. A. (2007). An electronic health record content protection system using smartcard and PMR. In e-Health Networking: Application and Services (pp. 11–18).Google Scholar
  26. 26.
    Odelu, V., Das, A. K., & Goswami, A. (2013). An effective and secure key-management scheme for hierarchical access control in e-medicine system. Journal of Medical Systems, 37, 2.CrossRefGoogle Scholar
  27. 27.
    Keoh, S. L., Asim, M., Kumar, S. S., & Lenoir, P. (2011). Secure spontaneous emergency access to personal health record. In 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use.Google Scholar
  28. 28.
    Narayan, S., Gagné, M., & Safavi-Naini, R. (2010). Privacy preserving EHR system using attribute-based infrastructure. In CCSW (pp. 47–52).Google Scholar
  29. 29.
    Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In CCSW (pp. 103–114).Google Scholar
  30. 30.
    Liu, C.-H., Chen, T.-S., Chen, T.-L., Chen, C.-S., Bau, J.-G., & Lin, T.-C. (2012). Secure dynamic access control scheme of PHR in cloud computing. Journal of Medical Systems 36(6), 4005–4020.Google Scholar
  31. 31.
    Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., & Alem, L. (2014). A platform for secure monitoring and sharing of generic health data in the cloud. Future Generation Computer Systems, 35, 102–113.CrossRefGoogle Scholar
  32. 32.
    Dekker, M. A. C., & Etalle, S. (2007). Audit-based access control for electronic health records. Electronic Notes in Theoretical Computer Science, 168, 221–236.CrossRefGoogle Scholar
  33. 33.
    Beedham, H., & Wilson-Barnett, J. (1995). Hiv and aids care: Consumers’ views on needs and services. Journal of Advanced Nursing, 22(4), 677–86.CrossRefGoogle Scholar
  34. 34.
    Ford, C. A., Millstein, S. G., Halpern-Felsher, B. L., & Irwin Jr, C. E. (1997). Influence of physician confidentiality assurances on adolescents’ willingness to disclose information and seek future health care. A randomized controlled trial. JAMA, 278(12), 1029–1034.Google Scholar
  35. 35.
    Rodriguez, M. A., Craig, A. M., Mooney, D. R., & Bauer, H. M. (1998). Patient attitudes about mandatory reporting of domestic violence. implications for health care professionals. Western Journal of Medicine, 169(6), 337–341.Google Scholar
  36. 36.
    Applebaum, P. S. (2002). Privacy in psychiatric treatment: Threats and response. American Journal of Psychiatry, 159.Google Scholar
  37. 37.
    Bass, A. (1995). Hmo puts confidential records on-line: Critics say computer file-keeping breaches privacy of mental health patients. Boston Globe.Google Scholar
  38. 38.
    Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5), 557–570.MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    Machanavajjhala, A., Kifer, D., Gehrke, J., & Venkitasubramaniam, M. (2007). L-diversity: Privacy beyond k-anonymity. TKDD, 1, 1.CrossRefGoogle Scholar
  40. 40.
    Li, N., Li, T., & Venkatasubramanian, S. (2007). t-closeness: Privacy beyond k-anonymity and l-diversity. In ICDE (pp. 106–115).Google Scholar
  41. 41.
    Heurix, J., Karlinger, M., Schrefl, M., & Neubauer, T. (2011). A hybrid approach integrating encryption and pseudonymization for protecting electronic health records. In Proceedings of the Eighth IASTED International Conference on Biomedical Engineering (2011).Google Scholar
  42. 42.
    Aamot, H., Kohl, C. D., Richter, D., & Knaup-Gregori, P. (2013). Pseudonymization of patient identifiers for translational research. BMC Medical Informatics and Decision Making, 13, 75.CrossRefGoogle Scholar
  43. 43.
    Chaum, D. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84–88.CrossRefGoogle Scholar
  44. 44.
    Blanchet, B. (2001). An, & efficient cryptographic protocol verifier based on prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14) (pp. 82–96), 11–13 June 2001. Cape Breton, Nova Scotia, Canada.Google Scholar
  45. 45.
    Neubauer, T., & Heurix, J. (2011). A methodology for the pseudonymization of medical data. International Journal of Medical Informatics, 80(3), 190–204.CrossRefGoogle Scholar
  46. 46.
    Meyer, F. D., Moor, G. D., & Fourquet, R. (2008). Privacy protection through pseudonymisation in eHealth. Studies in Health Technology and Informatics, 141, 111–118.Google Scholar
  47. 47.
    Pommerening, K. et al. (2006). Pseudonymization service and data custodians in medical research networks and biobanks. In GI Jahrestagung (1) (pp. 715–721).Google Scholar
  48. 48.
    Kim, E., Mayani, A., Modi, S., Kim, Y., & Soh, C. (2005). Evaluation of patient-centered electronic health record to overcome digital divide. In Annual International Conference of the IEEE Engineering in Medicine and Biology Society (Vol. 2), pp. 1091–1094.Google Scholar
  49. 49.
    Archer, N., Fevrier-Thomas, U., Lokker, C., McKibbon, K. A., & Straus, S. E. (2011). Personal health records: A scoping review. JAMIA, 18(4), 515–522.Google Scholar
  50. 50.
    Kim, E. H., Stolyar, A., Lober, W. B., Herbaugh, A. L., Shinstrom, S. E., Zierler, B. K., et al. (2009). Challenges to using an electronic personal health record by a low-income elderly population. JMIR, 11, 4.Google Scholar
  51. 51.
    Lober, W. B., Zierler, B., Herbaugh, A., Shinstrom, S. E., Stolyar, A., Kim, E. H., & Kim, Y. (2006). Barriers to the use of a personal health record by an elderly population. In AMIA Annual Symposium Proceedings/AMIA Symposium.Google Scholar
  52. 52.
    Yamin, C. K., Emani, S., Williams, D. H., Lipsitz, S. R., Karson, A. S., Wald, J. S., et al. (2011). The digital divide in adoption and use of a personal health record. Archives of Internal Medicine, 171(6), 568–574.CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.IIIT VadodaraGandhinagarIndia
  2. 2.DA-IICT GandhinagarGandhinagarIndia

Personalised recommendations