Title :
Managing the Privacy and Security of eHealth Data
Author :
Soceanu, Alexandru ; Vasylenko, Maksym ; Egner, Alexandru ; Muntean, Traian
Author_Institution :
Munich Univ. of Appl. Sci., Munich, Germany
Abstract :
The large scale adoption of mobile medicine, supported by an increasing number of medical devices and remote access to health services, correlated with the continuous involvement of the patients in their own healthcare, led to the emergence of tremendous amounts of clinical data. They need to be securely transferred, archived and accessed. This paper refers to a new approach for protecting the privacy and security of clinical data through the use of a state of the art encryption scheme and attribute-based access control authorization framework. As personal medical records are often used by different entities (e.g. Doctors, pharmacists, nurses, etc.), there is a need for different degrees of authorization access for specific parts of the personal dossier. Appropriate cryptographic tools are presented for allowing partial visibility and valid protection on authorized parts for hierarchical privacy protection of eHealth data. The encryption process relies on ARCANA, a security platform developed at ERISCS research laboratory from University Aix-Marseille. It provides the appropriate cryptographic tools for secure hierarchical access to healthcare data. This ensures that the access of various entities to the healthcare data is accurately and hierarchically controlled. The access control framework used in this research is based on XACML, a standard access control decision model specified by OASIS. The applicability and feasibility of XACML-based policies to regulate the access to patient data are demonstrated through SAFAX. SAFAX is a new public authorization framework developed by the Eindhoven University of Technology tested among others on eHealth case studies, in cooperation with Munich University of Applied Sciences. It is envisioned that the usage of data encryption and public authorization solutions to regulate access control on patients clinical data will have a big impact on the patient´s trust in electronic healthcare systems and will speed up their large sca- e adoption.
Keywords :
authorisation; cryptography; data privacy; health care; ARCANA; ERISCS research laboratory; Eindhoven University of Technology; OASIS; University Aix-Marseille; XACML-based policies; attribute-based access control authorization framework; clinical data privacy; clinical data security; cryptographic tools; ehealth data; encryption scheme; health services; healthcare; medical devices; mobile medicine; public authorization solutions; remote access; Authentication; Authorization; Data privacy; Medical services; Standards; ABAC; Patient Consent; Privacy; Security; XACML; eHealth; incremental cryptography;
Conference_Titel :
Control Systems and Computer Science (CSCS), 2015 20th International Conference on
Conference_Location :
Bucharest
Print_ISBN :
978-1-4799-1779-2
DOI :
10.1109/CSCS.2015.76