Medical Information Privacy Assurance: Cryptographic and System Aspects

  • Giuseppe Ateniese
  • Reza Curtmola
  • Breno de Medeiros
  • Darren Davis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2576)


It may be argued that medical information systems are subject to the same type of threats and compromises that plague general information systems, and that it does not require special attention from a research viewpoint. The firsthand experience of experts in information security and assurance who studied or worked with health applications has been of a different sort: While general principles of security still apply in the medical information field, a number of unique characteristics of the health care business environment suggest a more tailored approach. In this paper we describe some recent results of an on-going research on medical information privacy carried out at the Johns Hopkins University under the support of the National Science Foundation (NSF).


Protected Health Information Privacy Regulation Medical Information System System Aspect Group Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Rev. 4, pages 193–220, 1890.CrossRefGoogle Scholar
  2. 2.
    A. F. Westin. Privacy and Freedom. Atheneum, New York, 1967.Google Scholar
  3. 4.
    D. F. Linowes and R. C. Spencer. How employers handle employees’ personal information., 1997.
  4. 6.
    S. Lehrman. Keeping your genes private. GeneLetter.Google Scholar
  5. 7.
    N. Keene, W. Hobbie, and K. Ruccione. Childhood cancer survivors.,
  6. 8.
    C. Jabs. The myth of privacy: Technology is putting your medical history on public view-and you in jeopardy. FamilyPC, 2001.Google Scholar
  7. 11.
    R. J. Anderson. A security policy model for clinical information systems. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996.Google Scholar
  8. 12.
    D. Clark and D. Wilson A comparison of commercial and military security practices. In Proceedings of the IEEE Symposium in Security and Privacy, IEEE Press, 1987.Google Scholar
  9. 13.
    T. Albert. Doctors ask AMA to assure some privacy for their prescription pads., American Medical News. 2000.
  10. 15.
    Ohio State Board of Pharmacy. Confidentiality of patient records. 1999.
  11. 16.
    T. Albert. Records privacy extended to pharmacies., American Medical News. 2001.
  12. 17.
    WebMD Health. My Health Record,
  13. 18.
    Office for Civil Rights. Standards for privacy of individually identifiable health information. 2001.
  14. 20.
    D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology-EUROCRYPT’91, vol. 547 of LNCS, pp. 257–265, Springer-Verlag, 1991.Google Scholar
  15. 21.
    D. Chaum, Security Without Identification: Transactions Systems to Make Big Brother Obsolete, CACM Vol. 28, No. 10, October 1985.Google Scholar
  16. 22.
    D. Chaum and J. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In Advances in Cryptology-CRYPTO’86, pp. 118–167. Springer-Verlag, 1986.Google Scholar
  17. 23.
    I. Damgåard. Payment systems and credential mechanisms with provable security against abuse by individuals. In Advances in Cryptology-CRYPTO’88, pp. 328–335, Springer-Verlag, 1988.Google Scholar
  18. 24.
    L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232–243. Springer-Verlag, 1995.Google Scholar
  19. 25.
    A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym Systems. In Selected Areas in Cryptography. Springer-Verlag 1999.Google Scholar
  20. 26.
    Jan Camenisch and Anna Lysyanskaya. Efficient Non-transferable Anonymous Multi-show Credential System with Optional Anonymity Revocation. In Eurocrypt’ 01. Springer Verlag, 2001.Google Scholar
  21. 27.
    G. Ateniese, M. Joye, J. Camenisch, and G. Tsudik. A Practical and Provably Secure Coalition-resistant Group Signature Scheme. In In Advances in Cryptology-CRYPTO 2000. Volume 1880 of LNCS, pages 255–270, Springer Verlag, August 2000.Google Scholar
  22. 28.
    G. Ateniese and B. de Medeiros. Anonymous E-Prescription. In ACM Workshop on Privacy in the Electronic Society (WPES’ 02),Washington D.C., USA, November 2002.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Reza Curtmola
    • 1
  • Breno de Medeiros
    • 1
  • Darren Davis
    • 1
  1. 1.Department of Computer ScienceThe Johns Hopkins UniversityBaltimoreUSA

Personalised recommendations