Medical Information Privacy Assurance: Cryptographic and System Aspects
It may be argued that medical information systems are subject to the same type of threats and compromises that plague general information systems, and that it does not require special attention from a research viewpoint. The firsthand experience of experts in information security and assurance who studied or worked with health applications has been of a different sort: While general principles of security still apply in the medical information field, a number of unique characteristics of the health care business environment suggest a more tailored approach. In this paper we describe some recent results of an on-going research on medical information privacy carried out at the Johns Hopkins University under the support of the National Science Foundation (NSF).
KeywordsProtected Health Information Privacy Regulation Medical Information System System Aspect Group Signature Scheme
Unable to display preview. Download preview PDF.
- 2.A. F. Westin. Privacy and Freedom. Atheneum, New York, 1967.Google Scholar
- 4.D. F. Linowes and R. C. Spencer. How employers handle employees’ personal information. http://www.kentlaw.edu/ilw/erepj/v1n1/lino-main.htm, 1997.
- 6.S. Lehrman. Keeping your genes private. GeneLetter.Google Scholar
- 7.N. Keene, W. Hobbie, and K. Ruccione. Childhood cancer survivors. http://www.patientcenters.com/survivors/news/jobs.html, OncoNurse.com.
- 8.C. Jabs. The myth of privacy: Technology is putting your medical history on public view-and you in jeopardy. FamilyPC, 2001.Google Scholar
- 11.R. J. Anderson. A security policy model for clinical information systems. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996.Google Scholar
- 12.D. Clark and D. Wilson A comparison of commercial and military security practices. In Proceedings of the IEEE Symposium in Security and Privacy, IEEE Press, 1987.Google Scholar
- 13.T. Albert. Doctors ask AMA to assure some privacy for their prescription pads. http://www.ama-assn.org/sci-pubs/amnews/pick_00/prl11225.htm, American Medical News. 2000.
- 15.Ohio State Board of Pharmacy. Confidentiality of patient records. http://www.state.oh.us/pharmacy/rules/4729-05-29.html. 1999.
- 16.T. Albert. Records privacy extended to pharmacies. http://www.ama-assn.org/sci-pubs/amnews/pick_01/prsb0402.htm, American Medical News. 2001.
- 17.WebMD Health. My Health Record, http://my.webmd.com/my_health_record.
- 18.Office for Civil Rights. Standards for privacy of individually identifiable health information. http://www.hhs.gov/ocr/hipaa/finalmaster.html. 2001.
- 20.D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology-EUROCRYPT’91, vol. 547 of LNCS, pp. 257–265, Springer-Verlag, 1991.Google Scholar
- 21.D. Chaum, Security Without Identification: Transactions Systems to Make Big Brother Obsolete, CACM Vol. 28, No. 10, October 1985.Google Scholar
- 22.D. Chaum and J. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In Advances in Cryptology-CRYPTO’86, pp. 118–167. Springer-Verlag, 1986.Google Scholar
- 23.I. Damgåard. Payment systems and credential mechanisms with provable security against abuse by individuals. In Advances in Cryptology-CRYPTO’88, pp. 328–335, Springer-Verlag, 1988.Google Scholar
- 24.L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, pp. 232–243. Springer-Verlag, 1995.Google Scholar
- 25.A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym Systems. In Selected Areas in Cryptography. Springer-Verlag 1999.Google Scholar
- 26.Jan Camenisch and Anna Lysyanskaya. Efficient Non-transferable Anonymous Multi-show Credential System with Optional Anonymity Revocation. In Eurocrypt’ 01. Springer Verlag, 2001.Google Scholar
- 27.G. Ateniese, M. Joye, J. Camenisch, and G. Tsudik. A Practical and Provably Secure Coalition-resistant Group Signature Scheme. In In Advances in Cryptology-CRYPTO 2000. Volume 1880 of LNCS, pages 255–270, Springer Verlag, August 2000.Google Scholar
- 28.G. Ateniese and B. de Medeiros. Anonymous E-Prescription. In ACM Workshop on Privacy in the Electronic Society (WPES’ 02),Washington D.C., USA, November 2002.Google Scholar