Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 6/2012

01-12-2012 | Original Paper

Secure Dynamic Access Control Scheme of PHR in Cloud Computing

Authors: Tzer-Shyong Chen, Chia-Hui Liu, Tzer-Long Chen, Chin-Sheng Chen, Jian-Guo Bau, Tzu-Ching Lin

Published in: Journal of Medical Systems | Issue 6/2012

Login to get access

Abstract

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system “personal health records (PHR)” is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.
Literature
1.
Committee on Quality of Health Care in America IoM, Crossing the quality chasm. National Academy Press, Washington, DC, 2001.
2.
Kaelber, D. C., Jha, A. K., Johnston, D., Middleton, B., and Bates, D. W., A research agenda for personal health records. J. Am. Med. Inform. Assoc. 15(6):729–736, 2008.CrossRef
3.
Pagliari, C., Detmer, D., and Singleton, P., Potential of electronic personal health records. Br. Med. J. 335(7615):330–333, 2007.CrossRef
4.
National Research Council, Networking health: prescriptions for the internet. National Academy Press, Washington, DC, 2000.
5.
AHIMA, AMIA, The value of personal health records: a joint position statement for consumers of healthcare. J. Am. Med. Inform. Assoc. 78(4):22–24, 2007.
6.
Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., and Sands, D. Z., Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inform. Assoc. 13(2):121–126, 2006.CrossRef
7.
Li, M., Yu, S., Ren, K., and Lou, W., “Securing Personal Health Records in Cloud Computing: Patient-centric and Fine-grained Data Access Control in Multi-owner Settings,” Security and Privacy in Communication Networks, pp. 89-106, 2010.
8.
Shortliffe, E. H., The evolution of electronic medical records. Acad. Med. 74:414–419, 1999.CrossRef
9.
Cimino, J. J., Socratous, S. A., and Clayton, P. D., Internet as clinical information system: application development using the world wide Web. J. Am. Med. Informat. Assoc. 2:273–284, 1995.CrossRef
10.
Schneider, J. H., Online personal medical records: Are they reliable for acute/critical care? Soc. Crit. Care Med. 29:196–201, 2001.CrossRef
11.
Department of Health and Human Services, Security and electronic signature standards. Fed. Regist. 63(155):43241–43243, 1998.
12.
Google health, Available: http://​www.​google.​com/​intl/​en-US/​health/​about/​index.​html
13.
Microsoft health Vault, Available:http://​www.​ healthvault.com/Personal/index.html
14.
US Public Law, “"Health Insurance Portability and Accountability Act of 1996,” 104th Congress, Public Law 104–191, 1996.
15.
Yanga, C. M., Lina, H. C., Changb, P., and Jianc, W. S., Taiwan’s Perspective on electronic medical Records’ security and privacy protection: lessons learned from HIPAA. Comput. Meth. Programs. Biomed. 82:277–282, 2006.CrossRef
16.
Qualys On Demand Vulnerability Management, “CASE STUDY: Geisinger Health System—Bringing HIPAA Compliance to an Electronic Medical Record System,” http://​www.​qualys.​com/​docs/​geisinger.​pdf
17.
“Meeting HITECH’s Challenge to the Health Care Industry,” An Oracle White Paper, May 2010.
18.
Atluri, V., and Huang, W., “An Authorization Model for Workflows,” Proceedings of the Fourth European Symposium on Research in Computer Security, pp. 25-27, 1996.
19.
Barkley, J. F., Ferraiolo, D. F., and Kuhn, D. R., “A role based access control model and reference implementation within a corporate intranet”. ACM Trans. Inform. Syst.Secur. (TISSEC) 2:34–64, 1999.CrossRef
20.
Botha, R., “CoSAWoE – A Model for Context-sensitive Access Control in Workflow Environments,” South Africa computer journal, 2001.
21.
Coyne, E., Fenstein, H., Sandhu, R., and Youman, C., Role-based access control models. IEEE Computer 29(2):38–47, 1996.CrossRef
22.
Denning, D. E., “Cryptographic Checksums for Multilevel Database Security,” Proceedings of the 1984 IEEE Symposium on Security and Privacy, pp. 52–61, 1984.
23.
Bardram, J. E., Pervasive healthcare as a scientific discipline. Methods. Inform. Med. 47:129–142, 2008.
24.
http://www.tafm.org.tw/data/012/meeting/209.pdf
25.
US Department of Health and Human Services, “Personal Health Records and Personal Health Record Systems,” National Committee on Vital and Health Statistics, pp. 15, 2006.
26.
Vaquero, L. M., Rodero-Merino, L., Caceres, J., and Lindner, M., A break in the clouds: towards a cloud definition. ACM SIGCOMM Comput. Comm. 39(1):50–55, 2008.CrossRef
27.
Mell, P. and Grance, T., “The NIST Definition of Cloud Computing,” National Institute of Standards and Technology. 2009.
28.
Brunette, G. and Mogull, R., “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,” Cloud Security Alliance, 2009.
29.
Gens, F., “"New IDC IT Cloud Services Survey: Top Benefits and Challenges,” IDC eXchange, 2009
30.
Minister of Justice, “Personal Information Protection and Electronic Documents Act (PIPEDA),” 2011.
31.
Benaloh,J., Chase,M., Horvitz,E., and Lauter, K., “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records,” In Proceedings of the ACM workshop on Cloud computing security, pp. 103-114, 2009.
32.
Stalling,W., “Network and Network Security – Principles and Practice,” Prentice Hall International Edition, pp. 1-14, 1995.
33.
Stallings, W., “Cryptography and Network Security, Principles and Practice,” Prentice Hall, 2003
34.
AIM (Advance Informatics in Medicine), “Secure Environment for Information Systems in Medicine,” SEISMED (A2033)/SP14/HILD/05.07. 95.
35.
Shamir, A., “Identity-based Cryptosystems and Signature Schemes,” Advances in Cryptology-Proceedings of CRYPTO’84, Springer-Verlag LNCS 196, pp.47-53, 1985.
36.
National Bureau of Standards, FIPS pub. 46, “Data Encryption Standard,” US Department of Commerce, January 1977.
37.
Lai, X., and Massey, J., “"A proposal for a New block encryption standard”, Proceedings of Eurocrypt’91, Springer-Verlag. LNCS 473:389–404, 1991.MathSciNet
38.
Miller, V., “Use of Elliptic Curves in Cryptography”, Advances in Cryptology-Crypto’85. LNCS 218:417–426, 1985.MathSciNet
39.
Rivest, R., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-Key cryptosystems. Commun. ACM 21(2):120–126, 1978.MathSciNetMATHCrossRef
40.
ElGamal, T., “A Public-Key Cryptosystem and a Signature Scheme based on Discrete Logarithms”, Advances in Cryptology-Crypto’85, Springer-Verlag. LNCS 196:10–18, 1985.MathSciNet
41.
Metadata
Title
Secure Dynamic Access Control Scheme of PHR in Cloud Computing
Authors
Tzer-Shyong Chen
Chia-Hui Liu
Tzer-Long Chen
Chin-Sheng Chen
Jian-Guo Bau
Tzu-Ching Lin
Publication date
01-12-2012
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 6/2012
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-012-9873-8

Other articles of this Issue 6/2012

Journal of Medical Systems 6/2012 Go to the issue

Original Paper

An Authentication Scheme to Healthcare Security under Wireless Sensor Networks

Original Paper

A Review of Tags Anti-collision and Localization Protocols in RFID Networks

Original Paper

Cloud Based Emergency Health Care Information Service in India

Original Paper

A Novel Approach for Evaluating the Risk of Health Care Failure Modes

Original Paper

Using Electronic Medical Record Systems for Admission Decisions in Emergency Departments: Examining the Crowdedness Effect

Original Paper

Sharing Personal Health Information Via Service-Oriented Computing: A Case of Long-Term Care