Securing patient-centric personal health records sharing system in cloud computing

Author

Chen Danwei ; Chen Linling ; Fan Xiaowei ; He Liwen ; Pan Su ; Hu Ruoxiang

Author_Institution

Nanjing Univ. of Posts & Telecommun., Nanjing, China

Volume

11

Issue

13

fYear

2014

fDate

Supplement 2014

Firstpage

121

Lastpage

127

Abstract

Personal health record (PHR) enables patients to manage their own electronic medical records (EMR) in a centralized way, and it is often outsourced to be stored in a third-party server. In this paper we propose a novel secure and scalable system for sharing PHRs. We focus on the multiple data owner scenario, and divide the users in the system into multiple security domains that greatly reduce the key management complexity for owners and users. A high degree of patient privacy is guaranteed by exploiting hierarchical and multi-authority attribute-sets based encryption (HM-ASBE). Our system not only supports compound attributes due to flexible attribute sets combinations, but also achieves fine-grained access control. Our scheme supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios.

Keywords

authorisation; cloud computing; computational complexity; cryptography; medical information systems; EMR; PHR; break-glass access; cloud computing; electronic medical records; emergency scenarios; fine-grained access control; management complexity; multiauthority attribute-sets based encryption; multiple security domains; on-demand user-attribute revocation; patient privacy; patient-centric personal health records sharing system security; third-party server; Access control; Cloud computing; Encryption; Gold; Medical services; Servers; attribute-based encryption; data privacy; fine-grained access control; personal health records;

fLanguage

English

Journal_Title

Communications, China

Publisher

ieee

ISSN

1673-5447

Type

jour

DOI

10.1109/CC.2014.7022535

Filename

7022535