Abstract
In recent years, the electronic health record (eHR) system is regarded as one of the biggest developments in healthcare domains. A personally controlled electronic health record (PCEHR) system, offered by the Australian government makes the health system more agile, reliable, and sustainable. Although the existing PCEHR system is proposed to be fully controlled by the patients, however there are ways for healthcare professionals and database/system operators to reveal the records for corruption as system operators are assumed to be trusted by default. Moreover, as a consequence of increased threats to security of electronic health records, an actual need for a strong and effective authentication and access control methods has raised. Furthermore, due to the sensitive nature of eHRs, the most important challenges towards fine-grained, cryptographically implemented access control schemes which guarantee data privacy and reliability, verifying that only authorized people can access the corresponding health records. Moreover, an uninterrupted application of the security principle of electronic data files necessitates encrypted databases. In this paper we concentrates the above limitations together by proposing a robust authentication scheme and a hybrid access control model to enhance the security and privacy of eHRs. Homomorphic encryption technique is applied in storing and working with the eHRs in the proposed cloud-based PCEHR framework. The proposed model ensures the control of both security and privacy of eHRs accumulated in the cloud database.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National E Health Transition Authority (NEHTA): Draft concept of operations: relating to the introduction of apersonally controlled electronic health record (PCEHR) system (2011)
Gajanayake, R., Iannella, R., Sahama, T.: Privacy oriented access control for electronic health records. In: Data Usage Management on the Web Workshop at the Worldwide Web Conference. ACM (2012)
Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: the evolution of access control models. Technical report HPL-2009-30, HP Labs (2009)
Barua, M., Liang, X., Lu, R., Shen, X.: PEACE: an efficient and secure patient-centric access control scheme for eHealth care system. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 970–975 (2011)
Santos-Pereira, C., Augusto, A.B., Cruz-Correia, R.: A secure RBAC mobile agent access control model for healthcare institutions. In: IEEE 26th International Symposium on Computer-Based Medical Systems (CBMS), pp. 349–354 (2011)
Alhaqbani, B., Fidge, C.: Access control requirements for processing electronic health records. In: Business Process Management Workshops, vol. 4928, pp. 371–382 (2007)
Chen, T.S., Liu, C.H., Chen, T.L., Chen, C.S., Bau, J.G., Lin, T.C.: Secure dynamic access control scheme of PHR in cloud computing. J. Med. Syst. 36(6), 4005–4020 (2012)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Norwood (2003)
Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient records. IEEE Inf. Technol. Biomed. 7(1), 202–207 (2003)
Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 57–64 (2002)
Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: The Second Australian Information Security Workshop, Dunedin, vol. 32, pp. 53–61 (2004)
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 102–110 (2005)
Naikuo, Y., Howard, B., Ning, Z.: A purpose-based access control model. J. Inf. Assur. Secur. 1, 51–58 (2006)
Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Proceedings of the 6th International ICST Conference, SecureComm, pp. 89–106 (2010)
Ding, Y., Klein, K.: Model-driven application-level encryption for the privacy of E-health data. In: International Conference on Availability, Reliability, and Security, ARES, pp. 341–346 (2010)
Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 103–114 (2009)
Jin, J., Ahn, G., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, ACM SACMAT, pp. 125–134 (2009)
Van der Haak, M., Wol, A.C., Brandner, R., Drings, P., Wannenmacher, M., Wetter, T.: Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2-3), 117–130 (2003)
Ateniese, G., Curtmola, R., de Medeiros, B., Davis, D.: Medical information privacy assurance: cryptographic and system aspects. In: Proceedings of the 3rd International Conference on Security in Communication Network, SCN, pp. 199–218 (2002)
Dijk, M.V., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt, pp. 24–43 (2010)
Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: The Proceedings of the 3rd ACM workshop on Cloud Computing Security Workshop, CCSW, pp. 113–124 (2009)
National Health Information Management Advisory Council: Health Online: A Health Information Action Plan for Australia, 2nd edn. (2001)
He, D., Kumar, N., Wang, H., Wang, L., Choo, K.-K.R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans. Dependable Secure Comput. (2017). doi:10.1109/TDSC.2016.2596286
Casola, V., Castiglione, A., Choo, K.-K.R., Esposito, C.: Healthcare-related data in the cloud: challenges and opportunities. IEEE Cloud Comput. 3(6), 10–14 (2016)
Guo, C., Zhuang, R., Jie, Y., Ren, Y., Wu, T., Choo, K.-K.R.: Fine-grained database field search using attribute-based encryption for e-healthcare clouds. J. Med. Syst. 40(11) (2016). Article 235
D’Orazio, C., Choo, K.-K.R.: A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In: Proceedings of 48th Annual Hawaii International Conference on System Sciences (HICSS 2015), 5–8 January 2015, pp. 5175–5184. IEEE Computer Society Press (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Mamun, Q. (2018). A Conceptual Framework of Personally Controlled Electronic Health Record (PCEHR) System to Enhance Security and Privacy. In: Abawajy, J., Choo, KK., Islam, R. (eds) International Conference on Applications and Techniques in Cyber Security and Intelligence. ATCI 2017. Advances in Intelligent Systems and Computing, vol 580. Edizioni della Normale, Cham. https://doi.org/10.1007/978-3-319-67071-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-67071-3_37
Published:
Publisher Name: Edizioni della Normale, Cham
Print ISBN: 978-3-319-67070-6
Online ISBN: 978-3-319-67071-3
eBook Packages: EngineeringEngineering (R0)