Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

2010 ◽  
Vol 1 (2) ◽  
pp. 1-21
Author(s):  
Luan Ibraimi ◽  
Qiang Tang ◽  
Pieter Hartel ◽  
Willem Jonker
Keyword(s):  
Access Control ◽  
Health Data ◽  
Third Party ◽  
Personal Health ◽  
Encryption Scheme ◽  
Health Records ◽  
Web Based ◽  
The Third ◽  
Access Control Policies ◽  
Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

2011 ◽  
pp. 391-411 ◽  
Author(s):  
Luan Ibraimi ◽  
Qiang Tang ◽  
Pieter Hartel ◽  
Willem Jonker
Keyword(s):  
Access Control ◽  
Health Data ◽  
Personal Health Records ◽  
Third Party ◽  
Personal Health ◽  
Encryption Scheme ◽  
Web Based ◽  
The Third ◽  
Access Control Policies ◽  
Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

2012 ◽  
pp. 73-93
Author(s):  
Luan Ibraimi ◽  
Qiang Tang ◽  
Pieter Hartel ◽  
Willem Jonker
Keyword(s):  
Access Control ◽  
Health Data ◽  
Personal Health Records ◽  
Third Party ◽  
Personal Health ◽  
Encryption Scheme ◽  
Web Based ◽  
The Third ◽  
Access Control Policies ◽  
Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

scholarly journals Consumers’ Intentions to Adopt Blockchain-Based Personal Health Records and Data Sharing: Focus Group Study (Preprint)

2020 ◽  
Author(s):  
Chang Lu ◽  
Danielle Batista ◽  
Hoda Hamouda ◽  
Victoria Lemieux
Keyword(s):  
Health Care ◽  
Focus Group ◽  
Data Sharing ◽  
Health Data ◽  
Personal Health Records ◽  
Third Party ◽  
Personal Health ◽  
Health Records ◽  
The Third ◽  
The Third Party

BACKGROUND Although researchers are giving increased attention to blockchain-based personal health records (PHRs) and data sharing, the majority of research focuses on technical design. Very little is known about health care consumers’ intentions to adopt the applications. OBJECTIVE This study aims to explore the intentions and concerns of health care consumers regarding the adoption of blockchain-based personal health records and data sharing. METHODS Three focus groups were conducted, in which 26 participants were shown a prototype of a user interface for a self-sovereign blockchain-based PHR system (ie, a system in which the individual owns, has custody of, and controls access to their personal health information) to be used for privacy and secure health data sharing. A microinterlocutor analysis of focus group transcriptions was performed to show a descriptive overview of participant responses. NVivo 12.0 was used to code the categories of the responses. RESULTS Participants did not exhibit a substantial increase in their willingness to become owners of health data and share the data with third parties after the blockchain solution was introduced. Participants were concerned about the risks of losing private keys, the resulting difficulty in accessing care, and the irrevocability of data access on blockchain. They did, however, favor a blockchain-based PHR that incorporates a private key recovery system and offers a health wallet hosted by government or other positively perceived organizations. They were more inclined to share data via blockchain if the third party used the data for collective good and offered participants nonmonetary forms of compensation and if the access could be revoked from the third party. CONCLUSIONS Health care consumers were not strongly inclined to adopt blockchain-based PHRs and health data sharing. However, their intentions may increase when the concerns and recommendations demonstrated in this study are considered in application design.

scholarly journals Consumers’ Intentions to Adopt Blockchain-Based Personal Health Records and Data Sharing: Focus Group Study

10.2196/21995 ◽  
2020 ◽  
Vol 4 (11) ◽  
pp. e21995
Author(s):  
Chang Lu ◽  
Danielle Batista ◽  
Hoda Hamouda ◽  
Victoria Lemieux
Keyword(s):  
Health Care ◽  
Focus Group ◽  
Data Sharing ◽  
Health Data ◽  
Personal Health Records ◽  
Third Party ◽  
Personal Health ◽  
Health Records ◽  
The Third ◽  
The Third Party

Background Although researchers are giving increased attention to blockchain-based personal health records (PHRs) and data sharing, the majority of research focuses on technical design. Very little is known about health care consumers’ intentions to adopt the applications. Objective This study aims to explore the intentions and concerns of health care consumers regarding the adoption of blockchain-based personal health records and data sharing. Methods Three focus groups were conducted, in which 26 participants were shown a prototype of a user interface for a self-sovereign blockchain-based PHR system (ie, a system in which the individual owns, has custody of, and controls access to their personal health information) to be used for privacy and secure health data sharing. A microinterlocutor analysis of focus group transcriptions was performed to show a descriptive overview of participant responses. NVivo 12.0 was used to code the categories of the responses. Results Participants did not exhibit a substantial increase in their willingness to become owners of health data and share the data with third parties after the blockchain solution was introduced. Participants were concerned about the risks of losing private keys, the resulting difficulty in accessing care, and the irrevocability of data access on blockchain. They did, however, favor a blockchain-based PHR that incorporates a private key recovery system and offers a health wallet hosted by government or other positively perceived organizations. They were more inclined to share data via blockchain if the third party used the data for collective good and offered participants nonmonetary forms of compensation and if the access could be revoked from the third party. Conclusions Health care consumers were not strongly inclined to adopt blockchain-based PHRs and health data sharing. However, their intentions may increase when the concerns and recommendations demonstrated in this study are considered in application design.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2016 ◽  
Vol 7 (2) ◽  
pp. 14-29 ◽  
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Sign in / Sign up

Export Citation Format

Share Document