SIM: A smartphone-based identity management framework and its application to Arkansas trauma image repository

Secure and convenient user identity management is particularly important to the success of EMR, EHR, and PHR systems. Unfortunately, widely-used identity management mechanisms that solely rely on username/password are inadequate to meet the strong security and privacy requirements for protecting sensitive user information and medical data. Two-factor authentication approaches that are more convenient and user friendly than existing solutions have been given top priority in the healthcare sector where the majority of healthcare practitioners and patients are not tech-savvy. In this paper, we present a smartphone-based identity management framework-SIM-to enhance the security and usability of user identity management in healthcare information systems. SIM leverages the popularity and computational power of smartphone. Within the SIM framework, a person employs a smartphone to centrally store and manage her identity credentials and authenticates herself to healthcare applications using two-factor authentication without typing any identity credentials. Moreover, SIM provides patients with a patient-controlled authorization mechanism to help patients manage the accesses to their PHRs in a secure and convenient manner. Using an existing EMR system-Arkansas Trauma Image Repository-as an example, we demonstrate that SIM can be applied to a real-world healthcare information system to enhance its protection of user credentials and sensitive information.