Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Ming Li,Shucheng Yu,Yao Zheng,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2012.97

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.

Priyanka Kumari Bhansali,Dilendra Hiran,Hemant Kothari,Kamal Gulati

DOI: https://doi.org/10.1108/ijpcc-02-2022-0041

2022-05-18

International Journal of Pervasive Computing and Communications

Abstract:Purpose The purpose of this paper Computing is a recent emerging cloud model that affords clients limitless facilities, lowers the rate of customer storing and computation and progresses the ease of use, leading to a surge in the number of enterprises and individuals storing data in the cloud. Cloud services are used by various organizations (education, medical and commercial) to store their data. In the health-care industry, for example, patient medical data is outsourced to a cloud server. Instead of relying onmedical service providers, clients can access theirmedical data over the cloud. Design/methodology/approach This section explains the proposed cloud-based health-care system for secure data storage and access control called hash-based ciphertext policy attribute-based encryption with signature (hCP-ABES). It provides access control with finer granularity, security, authentication and user confidentiality of medical data. It enhances ciphertext-policy attribute-based encryption (CP-ABE) with hashing, encryption and signature. The proposed architecture includes protection mechanisms to guarantee that health-care and medical information can be securely exchanged between health systems via the cloud. Figure 2 depicts the proposed work's architectural design. Findings For health-care-related applications, safe contact with common documents hosted on a cloud server is becoming increasingly important. However, there are numerous constraints to designing an effective and safe data access method, including cloud server performance, a high number of data users and various security requirements. This work adds hashing and signature to the classic CP-ABE technique. It protects the confidentiality of health-care data while also allowing for fine-grained access control. According to an analysis of security needs, this work fulfills the privacy and integrity of health information using federated learning. Originality/value The Internet of Things (IoT) technology and smart diagnostic implants have enhanced health-care systems by allowing for remote access and screening of patients' health issues at any time and from any location. Medical IoT devices monitor patients' health status and combine this information into medical records, which are then transferred to the cloud and viewed by health providers for decision-making. However, when it comes to information transfer, the security and secrecy of electronic health records become a major concern. This work offers effective data storage and access control for a smart healthcare system to protect confidentiality. CP-ABE ensures data confidentiality and also allows control on data access at a finer level. Furthermore, it allows owners to set up a dynamic patients health data sharing policy under the cloud layer. hCP-ABES proposed fine-grained data access, security, authentication and user privacy of medical data. This paper enhances CP-ABE with hashing, encryption and signature. The proposed method has been evaluated, and the results signify that the proposed hCP-ABES is feasible compared to other access control schemes using federated learning.

Hassan Mansur Hussien,Sharifah Md Yasin,Nur Izura Udzir,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.3390/s21072462

2021-04-02

Abstract:Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie-Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems.

Yogesh M Gajmal,R. Udayakumar

DOI: https://doi.org/10.1080/19393555.2021.1933270

2021-06-28

Information Security Journal: A Global Perspective

Abstract:The outsourcing of Electronic Health Records (EHR) on cloud infrastructures has enabled medical data sharing among several healthcare applications. The blockchain offers security by authenticating users with encryption methods. The collaboration with the cloud provides better management but poses threats to the privacy of the patient. This paper devises a novel blockchain-assisted framework for effective data sharing and retrieval using cloud platforms. Here, the data protection model is devised in EHR application for secure transmission. The entities in the cloud platform include data user, data owner, smart agreement, transactional blockchain, and Inter-Planetary File System (IPFS). Here, the data owner includes a data protection model to secure EHR in which secured EHR is transferred to IPFS before sharing with the data user. The data protection is done by preserving data privacy using Tracy-Singh product and proposed Conditional Autoregressive Value at risk (CAViaR)-based Bird swarm algorithm (CAViaR-based BSA) combination of BSA and CAViaR for generating optimal privacy-preserving coefficients. The objective function is newly devised considering privacy and utility. The proposed CAViaR-based BSA outperformed other methods with minimal responsiveness of 251.339 s, maximal genuine user detection of 32.451%, maximal privacy of 96.5%, and minimal information loss of 3.5%.

Aisha Banu,Sharon Priya S,Poojitha K,Kiruthiga R,Ruby Annette,Subash Chandran

DOI: https://doi.org/10.48550/arXiv.2306.17084

2023-06-26

Abstract:Electronic Health Records (EHRs) have undergone numerous technical improvements in recent years, including the incorporation of mobile devices with the cloud computing technologies to facilitate medical data exchanges between patients and the healthcare professionals. This cutting-edge architecture enables cyber physical systems housed in the cloud to provide healthcare services with minimal operational costs, high flexibility, security, and EHR accessibility. If patient health information is stored in the hospital database, there will always be a risk of intrusion, i.e., unauthorized file access and information modification by attackers. To address this concern, we propose a decentralized EHR system based on Blockchain technology. To facilitate secure EHR exchange across various patients and medical providers, we develop a reliable access control method based on smart contracts. We incorporate Cryptocurrency, specifically Ethereum, in the suggested system to protect sensitive health information from potential attackers. In our suggested approach, both physicians and patients are required to be authenticated. Patients can register, and a block with a unique hash value will be generated. Once the patient discusses the disease with the physician, the physician can check the patient's condition and offer drugs. For experimental findings, we employ the public Block chain Ganache and solidity remix-based smart contracts to protect privacy. Ethers are used as the crypto currencies.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Lewis Nkenyereye,S. M. Riazul Islam,Mahmud Hossain,M. Abdullah-Al-Wadud,Atif Alamri

DOI: https://doi.org/10.48550/arXiv.2011.06211

2020-11-12

Abstract:The rapid development of personal health records (PHR) systems enables an individual to collect, create, store and share his PHR to authorized entities. Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions' repositories located in the cloud. The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency, scalability and bandwidth. Fog computing relieves the burden of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers. Aiming at a massive demand of PHR data within a ubiquitous smart city, we propose a secure and fog assisted framework for PHR systems to address security, access control and privacy concerns. Built under a fog-based architecture, the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption (CP-ABE) to guarantee confidentiality and fine-grained access control within the system respectively. We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy. We provide the analysis of the proposed framework in terms of security and performance.

Cryptography and Security

Alaa Haddad,Mohamed Hadi Habaebi,Elfatih A. A. Elsheikh,Rafiqul Islam,Suriza Ahmad Zabidi,Fakher Eldin M. Suliman,Md. Rafiqul Islam

DOI: https://doi.org/10.1371/journal.pone.0301371

IF: 3.7

2024-04-02

PLoS ONE

Abstract:To secure sensitive medical records in the healthcare clouds, this paper proposes an End-to-End Encryption (E2EE) to enhance a patient-centric blockchain-based system for electronic health record (EHR) management. The suggested system with a focus on the patient enables individuals to oversee their medical records within various involved parties by authorizing or withdrawing permission for access to their records. Utilizing the inter-planetary file system (IPFS) for record storage is chosen due to its decentralized nature and its ability to guarantee the unchangeability of records. Then an E2EE enhancement maintains the medical data integrity using dual level-Hybrid encryption: symmetric Advanced Encryption Standard (AES) and asymmetric Elliptic Curve Cryptography (ECC) cryptographic techniques. The proposed system is implemented using the Ethereum blockchain system for EHR data sharing and integration utilizing a web-based interface for the patient and all users to initiate the EHR sharing transactions over the IPFS cloud. The proposed system performance is evaluated in a working system prototype. For different file sizes between 512 KB to 100 MB, the performance metrics used to evaluate the proposed system were the time consumed for generating key, encryption, and decryption. The results demonstrate the proposed system's superiority over other cutting-edge systems and its practical ability to share secure health data in cloud environments.

multidisciplinary sciences

Kirtirajsinh Zala,Hiren Kumar Thakkar,Rajendrasinh Jadeja,Neel H Dholakia,Ketan Kotecha,Deepak Kumar Jain,Madhu Shukla

DOI: https://doi.org/10.1155/2022/3804553

2022-08-18

Abstract:Traditional healthcare services have changed into modern ones in which doctors can diagnose patients from a distance. All stakeholders, including patients, ward boy, life insurance agents, physicians, and others, have easy access to patients' medical records due to cloud computing. The cloud's services are very cost-effective and scalable, and provide various mobile access options for a patient's electronic health records (EHRs). EHR privacy and security are critical concerns despite the many benefits of the cloud. Patient health information is extremely sensitive and important, and sending it over an unencrypted wireless media raises a number of security hazards. This study suggests an innovative and secure access system for cloud-based electronic healthcare services storing patient health records in a third-party cloud service provider. The research considers the remote healthcare requirements for maintaining patient information integrity, confidentiality, and security. There will be fewer attacks on e-healthcare records now that stakeholders will have a safe interface and data on the cloud will not be accessible to them. End-to-end encryption is ensured by using multiple keys generated by the key conclusion function (KCF), and access to cloud services is granted based on a person's identity and the relationship between the parties involved, which protects their personal information that is the methodology used in the proposed scheme. The proposed scheme is best suited for cloud-based e-healthcare services because of its simplicity and robustness. Using different Amazon EC2 hosting options, we examine how well our cloud-based web application service works when the number of requests linearly increases. The performance of our web application service that runs in the cloud is based on how many requests it can handle per second while keeping its response time constant. The proposed secure access scheme for cloud-based web applications was compared to the Ethereum blockchain platform, which uses internet of things (IoT) devices in terms of execution time, throughput, and latency.

Raza Nowrozy,Khandakar Ahmed,A.S.M. Kayes,Hua Wang,Timothy R. McIntosh

DOI: https://doi.org/10.1145/3653297

IF: 16.6

2024-03-19

ACM Computing Surveys

Abstract:Building a secure and privacy-preserving health data sharing framework is a topic of great interest in the healthcare sector, but its success is subject to ensuring the privacy of user data. We clarified the definitions of privacy, confidentiality and security (PCS) because these three terms have been used interchangeably in the literature. We found that researchers and developers must address the differences of these three terms when developing electronic health record (EHR) solutions. We surveyed 130 studies on EHRs, privacy-preserving techniques, and tools that were published between 2012 and 2022, aiming to preserve the privacy of EHRs. The observations and findings were summarized with the help of the identified studies framed along the survey questions addressed in the literature review. Our findings suggested that the usage of access control, blockchain, cloud-based, and cryptography techniques is common for EHR data sharing. We summarized the commonly used strategies for preserving privacy that are implemented by various EHR tools. Additionally, we collated a comprehensive list of differences and similarities between PCS. Finally, we summarized the findings in a tabular form for all EHR tools and techniques and proposed a fusion of techniques to better preserve the PCS of EHRs.

computer science, theory & methods

Zainab Abaid,Arash Shaghaghi,Ravin Gunawardena,Suranga Seneviratne,Aruna Seneviratne,Sanjay Jha

DOI: https://doi.org/10.48550/arXiv.2005.07987

2020-05-16

Abstract:Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions.

Cryptography and Security

Mehedi Masud,Gurjot Singh Gaba,Karanjeet Choudhary,Roobaea Alroobaea,M Shamim Hossain

DOI: https://doi.org/10.1007/s12083-021-01162-x

Abstract:Traditional healthcare services have transitioned into modern healthcare services where doctors remotely diagnose the patients. Cloud computing plays a significant role in this change by providing easy access to patients' medical records to all stakeholders, such as doctors, nurses, patients, life insurance agents, etc. Cloud services are scalable, cost-effective, and offer a broad range of mobile access to patients' electronic health record (EHR). Despite the cloud's enormous benefits like real-time data access, patients' EHR security and privacy are major concerns. Since the information about patients' health is highly sensitive and crucial, sharing it over the unsecured wireless medium brings many security challenges such as eavesdropping, modifications, etc. Considering the security needs of remote healthcare, this paper proposes a robust and lightweight, secure access scheme for cloud-based E-healthcare services. The proposed scheme addresses the potential threats to E-healthcare by providing a secure interface to stakeholders and prohibiting unauthorized users from accessing information stored in the cloud. The scheme makes use of multiple keys formed through the key derivation function (KDF) to ensure end-to-end ciphering of information for preventing misuse. The rights to access the cloud services are provided based on the identity and the association between stakeholders, thus ensuring privacy. Due to its simplicity and robustness, the proposed scheme is the best fit for protecting data security and privacy in cloud-based E-healthcare services.

Krishna Priya Remamany,K. Maheswari,C Ramesh Babu Durai,N. K. Anushkannan,D. Rosy Salomi Victoria,Mohamed Tahar Ben Othman,Monia Hamdi,Habib Hamam

DOI: https://doi.org/10.3390/app122412720

2022-12-12

Applied Sciences

Abstract:Wearable technology-supported cloud-based smart health (s-health) has emerged as a promising answer to increase the efficiency and quality of healthcare as a result of rapid improvements in Internet of Things (IoT) technologies. However, the issues of data security and privacy preservation have not been fully resolved. In recent years, ciphertext policy attribute-based encryption (CP-ABE), which was developed as a versatile and potent cryptographic fundamental to accomplish one-to-many encryption with fine-grained access control, has been seen as a viable answer to the security issue in the cloud. The attribute values in the access policy, however, are supplied in cleartext in standard CP-ABE. This will conveniently reveal the data owners’ privacy (patients). Because the Internet of Things (IoT) in healthcare stores sensitive data in the cloud, security is crucial. The data must always be accessed via an access key when using traditional encryption techniques. Though the data cannot be accessed right away in an emergency, this offers greater security. The healthcare IoT created the break-glass concept to address this. The encryption technique is integrated with the broken glass idea to offer data protection and simple access in emergency scenarios. The majority of research papers employ cypher text policy attribute-based encryption (CP-ABE) with the broken glass idea to secure electronic health records. For improving data accessibility in the smart healthcare environment, modified cypher text policy attribute-based encryption (MCP-ABE) with the broken glass (BG) technique is suggested. Greater information security is achieved with this method, but the access policy is also dependent on keys that are vulnerable to hacking. To analyze the access policy individually throughout the key generation process, the attribute-based encryption procedure in this case uses the bloom filter. Information about the access policy is kept intact, which enhances the security of the keys. To continue serving patients and saving their lives, this modified CP-ABE is integrated with break glass in the smart healthcare facility. The experimental results demonstrated that, when compared to the lightweight break-glass procedure, the proposed solution is likewise the best in terms of decreased overhead. The main benefit of this strategy is that it uses the bloom filter concept in the MCP-ABE process, which protects the access policy attributes, to ensure that the key is never compromised. For data access in smart healthcare to preserve patients’ lives, the proposed MCP-ABE with broken glass is best.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Peng Li,Dehua Zhou,Haobin Ma,Junzuo Lai

DOI: https://doi.org/10.1016/j.sysarc.2023.103033

IF: 5.836

2023-11-27

Journal of Systems Architecture

Abstract:With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Leyou Zhang,Tianshuai Zhang,Qing Wu,Yi Mu,Fatemeh Rezaeibagha

DOI: https://doi.org/10.1109/jiot.2021.3137240

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Personal health records (PHRs) are located in a patient-centered electronic health system in which users can store and share medical information. However, PHRs have recently been plagued by security issues, such as the leakage of personal health information, illegal access to patient data, and data tampering. Recent security developments, such as introducing an access control policy with attribute-based encryption (ABE) or utilizing blockchain, have only been partially successful in solving these issues. Ongoing challenges to PHR sharing include single points of failure, node cheating attacks, and fair keyword search issues. In this article, we tackle these challenges by introducing a distributed PHR-sharing scheme based on blockchain and ciphertext policy ABE (CP-ABE), which allows for fast and efficient encryption and decryption. Blockchain maintains the integrity and the tracing source of the data while also recording all operations on the data in the form of transactions. In addition, the blockchain nodes act as attribute authorities to construct the CP-ABE cryptosystem. The tracing of malicious blockchain nodes is realized by tracing cryptography algorithms. Furthermore, the fair retrieval of ciphertext is achieved by employing smart contracts. To overcome the limited storage capacity of blockchain, we adopt both the on-chain and off-chain storage modes in our new system. Security analysis indicates that our new scheme remains intact when threatened by an indistinguishable chosen plaintext attack (IND-CPA) and an indistinguishable chosen keywords attack (IND-CKA). As such, we conclude that our proposed approach is feasible and efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic

Honglei Li,Xiao Yang,Hongxin Wang,Wujia Wei,Weilian Xue

DOI: https://doi.org/10.1155/2022/2058497

2022-03-04

Abstract:The sharing of electronic healthcare records (EHRs) is important to healthcare and medical research. However, institutions are faced with difficulties in privacy protection and efficiently secure data exchange. The main objective of this study is to propose a controllable secure blockchain-based EHRs sharing scheme. For this purpose, blockchain technologies are combined with interplanetary file systems (IPFS) to provide efficient secure EHRs sharing. Firstly, the IPFS-based EHR file system (IEFS) is designed to save and share large-size EHR files among medical institutions. With the high-throughput content-addressed block storage model and appropriate redundant backup of IPFS, IEFS is tamper-resistant and free of a single point of failure. Secondly, the blockchain is used to implement the blockchain-based EHR abstract system (BEAS) to manipulate EHR abstracts access. In BEAS, the EHR file addresses generated by IEFS are encrypted and saved in EHR abstracts for privacy protection. Since EHR abstracts are encrypted by patients' public keys, the sharing of EHR files is under the control of patients. In our experiment, a prototype system is developed to validate the proposed scheme. The experimental results showed that (1) EHRs are securely shared under the control of patients and (2) EHR files are retrieved at an acceptable speed supported by IPFS technology. In this paper, solutions to some important practical issues such as incapacitated patients, encryption key forgetting/missing, and efficient interaction of doctors with EHRs sharing scheme are also seriously discussed.

Faheem Ahmad Reegu,Hafiza Abas,Yonis Gulzar,Qin Xin,Ali A. Alwan,Abdoh Jabbari,Rahul Ganpatrao Sonkamble,Rudzidatul Akmam Dziyauddin

DOI: https://doi.org/10.3390/su15086337

IF: 3.9

2023-04-08

Sustainability

Abstract:The healthcare industry has been transitioning from paper-based medical records to electronic health records (EHRs) in most healthcare facilities. However, the current EHR frameworks face challenges in secure data storage, credibility, and management. Interoperability and user control of personal data are also significant concerns in the healthcare sector. Although block chain technology has emerged as a powerful solution that can offer the properties of immutability, security, and user control on stored records, its potential application in EHR frameworks is not yet fully understood. To address this gap in knowledge, this research aims to provide an interoperable blockchain-based EHR framework that can fulfill the requirements defined by various national and international EHR standards such as HIPAA and HL7. The research method employed is a systematic literature review to explore the current state of the art in the field of EHRs, including blockchain-based implementations of EHRs. The study defines the interoperability issues in the existing blockchain-based EHR frameworks, reviews various national and international standards of EHR, and further defines the interoperability requirements based on these standards. The proposed framework can offer safer methods to interchange health information for the healthcare sector and can provide the properties of immutability, security, and user control on stored records without the need for centralized storage. The contributions of this work include enhancing the understanding of the potential application of blockchain technology in EHR frameworks and proposing an interoperable blockchain-based EHR framework that can fulfill the requirements defined by various national and international EHR standards. Overall, this study has significant implications for the healthcare sector, as it can enhance the secure sharing and storage of electronic health data while ensuring the confidentiality, privacy, and integrity of medical records.

environmental sciences,environmental studies,green & sustainable science & technology

Pasupathy Vimalachandran,Hua Wang,Yanchun Zhang,Ben Heyward,Yueai Zhao

DOI: https://doi.org/10.48550/arXiv.1802.00575

2018-02-02

Abstract:As a consequence of the huge advancement of the Electronic Health Record (EHR) in healthcare settings, the My Health Record (MHR) is introduced in Australia. However security and privacy of the MHR system have been encumbering the development of the system. Even though the MHR system is claimed as patient-cenred and patient-controlled, there are several instances where healthcare providers (other than the usual provider) and system operators who maintain the system can easily access the system and these unauthorised accesses can lead to a breach of the privacy of the patients. This is one of the main concerns of the consumers that affect the uptake of the system. In this paper, we propose a patient centred MHR framework which requests authorisation from the patient to access their sensitive health information. The proposed model increases the involvement and satisfaction of the patients in their healthcare and also suggests mobile security system to give an online permission to access the MHR system.

Computers and Society

A. Saranya,R. Naresh,Santhi Karuppiah,M. Jenifer

DOI: https://doi.org/10.1007/s00500-023-09514-w

IF: 3.732

2024-01-06

Soft Computing

Abstract:Electronic health records (EHRs) storage in mobile cloud environments has changed in recent years, with mobile devices coupled with cloud computing to allow patient-provider medical data transfers. This sophisticated concept allows low-cost, flexible healthcare using EHRs. However, this article implements e-health data privacy and network security. An electronic payment methodology for electronic health systems is being developed in this article to allow patients to connect with a trusted physician quickly by measuring their trust by an algorithm called fuzzy attributes optimization (FAO) was used in the bright yellow sunflower optimization (BYSO) procedure. Finally, an authorization and authentication structure must be developed to ensure that all actions involving the access of payment data are under the control of the user and the physician. Identification, authentication, and authorization may all be accomplished with the help of the Trust Impute Trio Hellman algorithm. A prototype implementation of the suggested approach was used to evaluate its effectiveness in the system. It's interesting to note that, despite the patient's option to hide their identity and establish a temporary one to complete the service, the recommended method does not require the patient to submit their identity on the doctor's website. In terms of secrecy, integrity, nonrepudiation, availability of anonymity, and authentication and authorization, our system has been determined to be much more secure than conventional techniques.

computer science, artificial intelligence, interdisciplinary applications