Auditing and Revocation Enabled Role-Based Access Control over Outsourced Private EHRs

Electronic Health Record (EHR) systems have an abundance of convenience for telediagnosis, medical data sharing and management. The main obstacle for wide adoption of EHR systems is due to the privacy concerns of patients. In this work, we propose a role-based access control (RBAC) scheme for EHR systems to secure private EHRs. In our RBAC, there are two main types of roles, namely independent patients and hierarchically organized medical staff. A patient is identified by his/her identity, and a medical staff is recognized by his/her role in the medical institute. A user can comprehend an EHR only if he/she satisfies the access policy associated with this EHR, which implies a fine-grained access control. A public auditor is employed to verify whether the EHR is correctly encapsulated with the specified access policy, which provides an a priori approach to find fraudulent EHRs and prevent potential medical disputes. Moreover, our RBAC enforces a forward revocation mechanism. A revoked user cannot access to the future EHRs even if his/her previous role satisfies the access policy. We analyse the security and efficiency of our RBAC, showing that it is an practical solution to secure EHRs.