Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology

2018 ◽  
Vol 39 ◽  
pp. 283-297 ◽  
Author(s):  
Gaby G. Dagher ◽  
Jordan Mohler ◽  
Matea Milojkovic ◽  
Praneeth Babu Marella
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Privacy Preserving ◽  
Health Records ◽  
Blockchain Technology ◽  
Electronic Health

scholarly journals Efficient Privacy-Preserving Access Control Scheme in Electronic Health Records System

Sensors ◽  
2018 ◽  
Vol 18 (10) ◽  
pp. 3520 ◽  
Author(s):  
Yang Ming ◽  
Tingting Zhang
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Personal Information ◽  
Privacy Preserving ◽  
Security And Privacy ◽  
Medical Systems ◽  
Health Records ◽  
Access Policy ◽  
Diffie Hellman ◽  
Electronic Health

The sharing of electronic health records (EHR) in cloud servers is an increasingly important development that can improve the efficiency of medical systems. However, there are several concerns focusing on the issues of security and privacy in EHR system. The EHR data contains the EHR owner’s sensitive personal information, if these data are obtained by a malicious user, it will not only cause the leakage of patient’s privacy, but also affect the doctor’s diagnosis. It is a very challenging problem for the EHR owner fully controls over own EHR data as well as preserves the privacy of himself. In this paper, we propose a new privacy-preserving access control (PPAC) scheme for EHR. To achieve fine-grained access control of the EHR data, we utilize the attribute-based signcryption (ABSC) mechanism to signcrypt data based on the access policy for the linear secret sharing schemes. Employing the cuckoo filter to hide the access policy, it could protect the EHR owner’s privacy information. In addition, the security analysis shows that the proposed scheme is provably secure under the decisional bilinear Diffie-Hellman exponent assumption and the computational Diffie-Hellman exponent assumption in the standard model. Furthermore, the performance analysis indicates that the proposed scheme achieves low costs of communication and computation compared with the related schemes, meanwhile preserves the EHR owner’s privacy. Therefore, the proposed scheme is better suited to EHR system.

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

scholarly journals Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

2019 ◽  
Vol 15 (6) ◽  
pp. 155014771984605 ◽  
Author(s):  
Tehsin Kanwal ◽  
Ather Abdul Jabbar ◽  
Adeel Anjum ◽  
Saif UR Malik ◽  
Abid Khan ◽  
...  
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Cloud Service ◽  
Control Model ◽  
Hybrid Cloud ◽  
Access Control Model ◽  
Health Records ◽  
Fine Grained ◽  
Electronic Health ◽  
Records Access

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

Sign in / Sign up

Export Citation Format

Share Document