Adebayo Omotosho,Omotanwa Adegbola,Barakat Adelakin,Adeyemi Adelakun,Justice Emuoyibofarhe

DOI: https://doi.org/10.48550/arXiv.1502.01233

2015-02-04

Abstract:Existing approaches to protect the privacy of Electronic Health Records are either insufficient for existing medical laws or they are too restrictive in their usage. For example, smart card-based encryption systems require the patient to be always present to authorize access to medical records. Questionnaires were administered by 50 medical practitioners to identify and categorize different Electronic Health Records attributes. The system was implemented using multi biometrics of patients to access patient record in pre-hospital <a class="link-external link-http" href="http://care.The" rel="external noopener nofollow">this http URL</a> software development tools employed were JAVA and MySQL database. The system provides applicable security when patients records are shared either with other practitioners, employers, organizations or research institutes. The result of the system evaluation shows that the average response time of 6 seconds and 11.1 seconds for fingerprint and iris respectively after ten different simulations. The system protects privacy and confidentiality by limiting the amount of data exposed to <a class="link-external link-http" href="http://users.The" rel="external noopener nofollow">this http URL</a> system also enables emergency medical technicians to gain easy and reliable access to necessary attributes of patients Electronic Health Records while still maintaining the privacy and confidentiality of the data using the patients fingerprint and iris.

Cryptography and Security,Computers and Society

Stephen J Tipton,Sara Forkey,Young B Choi

DOI: https://doi.org/10.1007/s10916-016-0465-x

Abstract:This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

Aisha Banu,Sharon Priya S,Poojitha K,Kiruthiga R,Ruby Annette,Subash Chandran

DOI: https://doi.org/10.48550/arXiv.2306.17084

2023-06-26

Abstract:Electronic Health Records (EHRs) have undergone numerous technical improvements in recent years, including the incorporation of mobile devices with the cloud computing technologies to facilitate medical data exchanges between patients and the healthcare professionals. This cutting-edge architecture enables cyber physical systems housed in the cloud to provide healthcare services with minimal operational costs, high flexibility, security, and EHR accessibility. If patient health information is stored in the hospital database, there will always be a risk of intrusion, i.e., unauthorized file access and information modification by attackers. To address this concern, we propose a decentralized EHR system based on Blockchain technology. To facilitate secure EHR exchange across various patients and medical providers, we develop a reliable access control method based on smart contracts. We incorporate Cryptocurrency, specifically Ethereum, in the suggested system to protect sensitive health information from potential attackers. In our suggested approach, both physicians and patients are required to be authenticated. Patients can register, and a block with a unique hash value will be generated. Once the patient discusses the disease with the physician, the physician can check the patient's condition and offer drugs. For experimental findings, we employ the public Block chain Ganache and solidity remix-based smart contracts to protect privacy. Ethers are used as the crypto currencies.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Raza Nowrozy,Khandakar Ahmed,A.S.M. Kayes,Hua Wang,Timothy R. McIntosh

DOI: https://doi.org/10.1145/3653297

IF: 16.6

2024-03-19

ACM Computing Surveys

Abstract:Building a secure and privacy-preserving health data sharing framework is a topic of great interest in the healthcare sector, but its success is subject to ensuring the privacy of user data. We clarified the definitions of privacy, confidentiality and security (PCS) because these three terms have been used interchangeably in the literature. We found that researchers and developers must address the differences of these three terms when developing electronic health record (EHR) solutions. We surveyed 130 studies on EHRs, privacy-preserving techniques, and tools that were published between 2012 and 2022, aiming to preserve the privacy of EHRs. The observations and findings were summarized with the help of the identified studies framed along the survey questions addressed in the literature review. Our findings suggested that the usage of access control, blockchain, cloud-based, and cryptography techniques is common for EHR data sharing. We summarized the commonly used strategies for preserving privacy that are implemented by various EHR tools. Additionally, we collated a comprehensive list of differences and similarities between PCS. Finally, we summarized the findings in a tabular form for all EHR tools and techniques and proposed a fusion of techniques to better preserve the PCS of EHRs.

computer science, theory & methods

Ali Shahzad,Wenyu Chen,Momina Shaheen,Yin Zhang,Faizan Ahmad

DOI: https://doi.org/10.1371/journal.pone.0307039

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

K Vivekrabinson,K Ragavan,P Jothi Thilaga,J Bharath Singh,Vivekrabinson, K

DOI: https://doi.org/10.1007/s10916-024-02053-3

IF: 4.92

2024-03-26

Journal of Medical Systems

Abstract:In today's data-driven world, the exponential growth of digital information poses significant challenges in data management. In recent years, the adoption of cloud-based Electronic Health Records (EHR) sharing schemes has yielded numerous advantages like improved accessibility, availability, and enhanced interoperability. However, the centralized nature of cloud storage presents challenges in terms of information storage, privacy protection, and security. Despite several approaches that have been presented to ensure secure deduplication of similar EHRs, the validation of data integrity without a third-party auditor (TPA) remains a persistent task. Because involving a TPA raises concerns about the confidentiality and privacy of crucial healthcare information. To tackle this challenge, a novel cloud storage auditing technique is proposed that incorporates cross-patient block-level deduplication while upholding strong privacy protection, ensuring that EHR is not compromised. Here, we introduced blockchain technology to achieve integrity verification, thus eliminating the need for a TPA by providing a decentralized and transparent mechanism. Additionally, an index for all EHRs has been generated to facilitate block-level duplicate checks and employ a novel strategy to prevent adversaries from acquiring original information saved in the cloud storage. The security of the proposed approach is established against factorization attacks and decrypt exponent attacks. The performance evaluation demonstrates the superior efficiency of the proposed scheme in terms of file authenticator generation, challenge creation, and proof verification to other existing client-side deduplication approaches.

health care sciences & services,medical informatics

David Odera

DOI: https://doi.org/10.30574/gjeta.2023.14.2.0035

2023-02-28

Global Journal of Engineering and Technology Advances

Abstract:A huge percentage of people especially in developed countries spend a good chunk of their wealth in managing their health conditions. In order to adequately administer healthcare, governments and various organizations have embraced advanced technology for automating the health industry. In recent past, electronic health records have largely been managed by Enterprise Resource Planning and legacy systems. Big data framework steadily emerge as the underlying technology in healthcare, which offers solutions that limits capacity of others systems in terms of storage and reporting. Automation through cloud services supported by storage of structured and unstructured health data in heterogeneous environment has improved service delivery, efficiency, medication, diagnosis, reporting and storage in healthcare. The argument support the idea that big data healthcare still face information security concern, for instance patient image sharing, authentication of patient, botnet, correlation attacks, man-in-the-middle, Distributed Denial of Service (DDoS), blockchain payment gateway, time complexities of algorithms, despite numerous studies conducted by scholars in security management for big data in smart healthcare. Some security technique include digital image encryption, steganography, biometrics, rule-based policy, prescriptive analysis, blockchain contact tracing, cloud security, MapReduce, machine-learning algorithms, anonymizations among others. However, most of these security solutions and analysis performed on structured and semi-structured data as opposed to unstructured data. This may affect the output of medical reporting of patients’ condition particularly on wearable devices and other examinations such as computerized tomography (CT) Scans among others. A major concern is how to identify inherent security vulnerabilities in big healthcare, which generate images for transmission and storage. Therefore, this paper conducted a comparative survey of solutions that specifically safeguards structured and unstructured data using systems that run on big data frameworks. The literature highlights several security advancements in cryptography, machine learning, anonymization and protocols. Most of these security frameworks lacks implementation evidence. A number of studies did not provide comprehensive performance metrics (accuracy, error, recall, precision) of the models besides using a single algorithm without validated justification. Therefore, a critique on the contribution, performance and areas of improvements discussed and summarized in the paper.

Ibrahim Abunadi,Ramasamy Lakshmana Kumar,Ramasamy Kumar

DOI: https://doi.org/10.3390/s21082865

IF: 3.9

2021-04-19

Sensors

Abstract:In the current epoch of smart homes and cities, personal data such as patients’ names, diseases and addresses are often violated. This is frequently associated with the safety of the electronic health records (EHRs) of patients. EHRs have numerous benefits worldwide, but at present, EHR information is subject to considerable security and privacy issues. This paper proposes a way to provide a secure solution to these issues. Previous sophisticated techniques dealing with the protection of EHRs usually make data inaccessible to patients. These techniques struggle to balance data confidentiality, patient demand and constant interaction with provider data. Blockchain technology solves the above problems since it distributes information in a transactional and decentralized manner. The usage of blockchain technology could help the health sector to balance the accessibility and privacy of EHRs. This paper proposes a blockchain security framework (BSF) to effectively and securely store and keep EHRs. It presents a safe and proficient means of acquiring medical information for doctors, patients and insurance agents while protecting the patient’s data. This work aims to examine how our proposed framework meets the security needs of doctors, patients and third parties and how the structure addresses safety and confidentiality concerns in the healthcare sector. Simulation outcomes show that this framework efficiently protects EHR data.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Song Luo,N. Han,Tan Hu,YuHua Qian

DOI: https://doi.org/10.1155/2024/5569121

IF: 1.938

2024-02-03

International Journal of Distributed Sensor Networks

Abstract:As network technology advances and more people use devices, data storage has become a significant challenge due to the explosive growth of information and the threat of data leaks. In traditional medical institutions, most medical data is stored centrally through cloud computing technology in the institution’s data center. This centralized storage method has many security risks, and once the central server is attacked, it will lead to the loss of medical data, which will lead to the leakage of patients’ private data. At the same time, electronic medical records are the most critical data in the current medical field. In the traditional centralized healthcare service system (HSS), there are data leakage problems and tampering with electronic medical records due to human factors. At the same time, each hospital is built independently, resulting in the current centralized healthcare service system having a data silo problem, making it difficult to share medical data between institutions securely. With the increase in the number of users in the system, the electronic medical record data in the system also increases gradually, resulting in the increasing overhead of decryption calculation. Therefore, this paper proposes a blockchain-based access control scheme with multiparty authorization to ensure the security of electronic medical records. The scheme uses an SM encryption algorithm to encrypt the medical data in the system. It adds the patient’s signature to ensure the confidentiality and security of the data, and the encrypted electronic medical records (EMRs) are stored in the InterPlanetary File System (IPFS) to realize the distributed storage of EMR. In addition, role-based multiauthorization access control is implemented through smart contract-based to ensure the security of EMR. We have analyzed the security of this paper’s solution and compared its performance with the existing schemes based on other cryptographic algorithms. The experimental results show that the proposed solution significantly improves the secure sharing of EMR and provides system performance.

computer science, information systems,telecommunications

Hemant B. Mahajan

DOI: https://doi.org/10.1007/s11277-022-09535-y

IF: 2.017

2022-09-15

Wireless Personal Communications

Abstract:Since the last decade, cloud-based Electronic Health Records (EHRs) have achieved important consideration to facilitate remote access of patient medical records. The modern evolution of Healthcare 4.0 applying the Internet of Things (IoT) elements with cloud computing reforms to obtain remote medical services has grown the researcher's recognition with the perspective of the smart city. The Healthcare 4.0 standard has consists of different layers to perform medical operations like periodic data sensing, data storage, data sharing, and auditing. The delicate and private medical records of victims lead to numerous difficulties while defending them from hackers. Therefore saving, obtaining, and distributing the patient medical data on the remote storage requires safety attentions so that medical records should not be compromised by the authorized user's components of E-healthcare systems. To achieve secure medical data storage, sharing, and accessing in Cloud Service Provider (CSP), various cryptography algorithms have been designed so far. But these traditional resolutions disappointed to manage the trade-off among the provisions of EHR safety in terms of computational competence, user-side verification, service-side verification, security, and without the trusted third party. Blockchain-based security techniques achieved notable recognition due to the strength to give strong security provisions for medical records storage and sharing with the least computation forces. The blockchain made focused on bitcoin technology among the researchers. Employing the blockchain in healthcare systems has been of current interest. This paper aims to present a systematic study of different blockchain-based solutions for the smart healthcare 4.0 system. The recent blockchain-based security solutions have been reviewed first and, then we presented a research gap considering the various parameters. The outcome of this paper discusses the current research gaps, the challenges of implementing the blockchain-based secure healthcare system, and the future roadmap or solutions.

telecommunications

Shtwai Alsubai,Abdullah Alqahtani,Harish Garg,Mohemmed Sha,Abdu Gumaei

DOI: https://doi.org/10.1007/s40747-024-01477-1

IF: 6.7

2024-05-31

Complex & Intelligent Systems

Abstract:Abstract Electronic health records (EHRs) are important for the efficient management of healthcare data. However, Healthcare data travels across an open route, i.e., the Internet, making EHR security a difficult process to do. This puts healthcare data vulnerable to cyber assaults. A possible method for protecting EHRs is blockchain technology. In this work, we develop an EHR architecture based on blockchain, which ensures all stakeholder's safety and privacy. We analyze various security architectures used for EHRs and the standard encryption system is integrated with quantum computing (QC). To safeguard the conventional traditional encrypting system against quantum assaults, we provide a hybrid signature technique that combines the Elliptic Curve Digital Signature Algorithm (ECDSA) and Dilithium within the anti-quantum lattice-based blind signature. Based on the difficulty of lattice problems over finite fields, Dilithium is a lattice-based signature method that is substantially safe against selected message assaults. The developed technique creates high entropy secret keys using the lattice basis delegation mechanism. The combination of ECDSA and Dilithium provides an efficient and secure signature system that is resilient to quantum attacks. The proposed scheme ensures that only authorized users with a defined role can use the database to access the data. We evaluate the efficiency of our scheme by comparing its performance to other state-of-the-art solutions in terms of transaction throughput, resource utilization, and communication cost. Results demonstrate that the developed technique outperforms the existing techniques in terms of efficiency and security.

computer science, artificial intelligence

Sourav Kunal,Parth Gandhi,Digvijaysinh Rathod,Ruhul Amin,Sachin Sharma

DOI: https://doi.org/10.4103/jehp.jehp_984_23

2024-03-28

Abstract:Background: Ensuring the security and privacy of patient data is a critical concern in the healthcare industry. The growing utilization of electronic data transmission and storage in medical records has amplified apprehensions about data security. However, due to varying stakeholder interests, not all data can be freely shared, necessitating the development of secure protocols. Materials and methods: This study presents a highly secure protocol that integrates blockchain technology, patient biometric information, and robust cryptographic algorithms (elliptic curve cryptography (ECC) and advanced encryption algorithm (AEC)) to facilitate data encryption and decryption. The protocol encompasses secure login, secure key sharing, and data sharing mechanisms among miners, offering comprehensive security measures. To validate the effectiveness of the proposed protocol, both informal and formal security analyses are conducted. The security protocol description language in Scyther is utilized to evaluate the protocol's resilience against attacks. Results: The culmination of this research is a secure protocol that leverages blockchain technology and ECC for the secure storage and sharing of medical records. The protocol covers all stages, including system setup, user registration, login mechanisms, key exchange between users and blockchain, communication between blockchains, and interaction with other miners, with a steadfast emphasis on security. Furthermore, the protocol's communication and computation costs are assessed, with a comparison to existing blockchain-based schemes. Informal proofs establish the protocol's security against common attacks faced by medical institutions. Formal simulation of the protocol using the Scyther tool provides definitive evidence of its resistance to attacks. Conclusions: As a result, this protocol presents a viable real-time implementation solution for safeguarding patient data within the healthcare domain, representing a significant contribution to data security.

MyeongHyun Kim,SungJin Yu,JoonYoung Lee,YoHan Park,YoungHo Park

DOI: https://doi.org/10.3390/s20102913

IF: 3.9

2020-05-21

Sensors

Abstract:In the traditional electronic health record (EHR) management system, each medical service center manages their own health records, respectively, which are difficult to share on the different medical platforms. Recently, blockchain technology is one of the popular alternatives to enable medical service centers based on different platforms to share EHRs. However, it is hard to store whole EHR data in blockchain because of the size and the price of blockchain. To resolve this problem, cloud computing is considered as a promising solution. Cloud computing offers advantageous properties such as storage availability and scalability. Unfortunately, the EHR system with cloud computing can be vulnerable to various attacks because the sensitive data is sent over a public channel. We propose the secure protocol for cloud-assisted EHR system using blockchain. In the proposed scheme, blockchain technology is used to provide data integrity and access control using log transactions and the cloud server stores and manages the patient’s EHRs to provide secure storage resources. We use an elliptic curve cryptosystems (ECC) to provide secure health data sharing with cloud computing. We demonstrate that the proposed EHR system can prevent various attacks by using informal security analysis and automated validation of internet security protocols and applications (AVISPA) simulation. Furthermore, we prove that the proposed EHR system provides secure mutual authentication using BAN logic analysis. We then compare the computation overhead, communication overhead, and security properties with existing schemes. Consequently, the proposed EHR system is suitable for the practical healthcare system considering security and efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mahdi Nikooghadam,Haleh Amintoosi

DOI: https://doi.org/10.48550/arXiv.1906.08424

2019-06-20

Abstract:Telecare medical information systems are gaining rapid popularity in terms of providing the delivery of online health-related services such as online remote health profile access for patients and doctors. Due to being installed entirely on Internet, these systems are exposed to various security and privacy threats. Hence, establishing a secure key agreement and authentication process between the patients and the medical servers is an important challenge. Recently, Khatoon <a class="link-external link-http" href="http://et.al" rel="external noopener nofollow">this http URL</a> proposed an ECC-based unlink-able authentication and key agreement method for healthcare related application in smart city. In this article, we provide a descriptive analysis on their proposed scheme and prove that Khatoon et al.'s scheme is vulnerable to known-session-specific temporary information attack and is not able to provide perfect forward secrecy.

Cryptography and Security

Ravi Teja Batchu,Abeer Alsadoon,P.W.C. Prasad,Rasha S. Ali,Tarik A. Rashid,Ghossoon Alsadoon,Oday D. Jerew

DOI: https://doi.org/10.1080/19361610.2021.1947112

2021-07-05

Abstract:Health records data security is one of the main challenges in e-health systems. Authentication is one of the essential security services to support the stored data confidentiality, integrity, and availability. This research focuses on the secure storage of patient and medical records in the healthcare sector where data security and unauthorized access is an ongoing issue. A potential solution comes from biometrics, although their use may be time-consuming and can slow down data retrieval. This research aims to overcome these challenges and enhance data access control in the healthcare sector through the addition of biometrics in the form of fingerprints. The proposed model for application in the healthcare sector consists of Collection, Network communication, and Authentication (CNA) using biometrics, which replaces an existing password-based access control method. A sensor then collects data and by using a network (wireless or Zig-bee), a connection is established, after connectivity analytics and data management work which processes and aggregate the data. Subsequently, access is granted to authenticated users of the application. This IoT-based biometric authentication system facilitates effective recognition and ensures confidentiality, integrity, and reliability of patients, records and other sensitive data. The proposed solution provides reliable access to healthcare data and enables secure access through the process of user and device authentication. The proposed model has been developed for access control to data through the authentication of users in healthcare to reduce data manipulation or theft.

Cryptography and Security,Artificial Intelligence

Pasupathy Vimalachandran,Hua Wang,Yanchun Zhang,Ben Heyward,Yueai Zhao

DOI: https://doi.org/10.48550/arXiv.1802.00575

2018-02-02

Abstract:As a consequence of the huge advancement of the Electronic Health Record (EHR) in healthcare settings, the My Health Record (MHR) is introduced in Australia. However security and privacy of the MHR system have been encumbering the development of the system. Even though the MHR system is claimed as patient-cenred and patient-controlled, there are several instances where healthcare providers (other than the usual provider) and system operators who maintain the system can easily access the system and these unauthorised accesses can lead to a breach of the privacy of the patients. This is one of the main concerns of the consumers that affect the uptake of the system. In this paper, we propose a patient centred MHR framework which requests authorisation from the patient to access their sensitive health information. The proposed model increases the involvement and satisfaction of the patients in their healthcare and also suggests mobile security system to give an online permission to access the MHR system.

Computers and Society

Faheem Ullah,Jingsha He,Nafei Zhu,Ahsan Wajahat,Ahsan Nazir,Sirajuddin Qureshi,Muhammad Salman Pathan,Soumyabrata Dev

DOI: https://doi.org/10.1016/j.heliyon.2024.e34407

IF: 3.776

2024-08-10

Heliyon

Abstract:In the realm of modern healthcare, Electronic Health Records EHR serve as invaluable assets, yet they also pose significant security challenges. The absence of EHR access auditing mechanisms, which includes the EHR audit trails, results in accountability gaps and magnifies security vulnerabilities. This situation effectively paves the way for unauthorized data alterations to occur without detection or consequences. Inadequate EHR compliance auditing procedures, particularly in verifying and validating access control policies, expose healthcare organizations to risks such as data breaches, and unauthorized data usage. These vulnerabilities result from unchecked unauthorized access activities. Additionally, the absence of EHR audit logs complicates investigations, weakens proactive security measures, and raises concerns to put healthcare institutions at risk. This study addresses the pressing need for robust EHR auditing systems designed to scrutinize access to EHR data, encompassing who accesses it, when, and for what purpose. Our research delves into the complex field of EHR auditing, which includes establishing an immutable audit trail to enhance data security through blockchain technology. We also integrate Purpose-Based Access Control (PBAC) alongside smart contracts to strengthen compliance auditing by validating access legitimacy and reducing unauthorized entries. Our contributions encompass the creation of audit trail of EHR access, compliance auditing via PBAC policy verification, the generation of audit logs, and the derivation of data-driven insights, fortifying EHR access security.

Yujin Han,Yawei Zhang,Sten H Vermund

DOI: https://doi.org/10.3390/ijerph192315577

2022-11-24

Abstract:Compared with traditional paper-based medical records, electronic health records (EHRs) are widely used because of their efficiency, security, and reducing data redundancy. However, EHRs still manifest poor interoperability and privacy issues are unresolved. As a distributed ledger protocol composed of encrypted blocks of data organized in chains, blockchain represents a potential tool to solve the shortcomings of EHRs in terms of interoperability and privacy. In this paper, we define EHRs and blockchain technology and introduce several classic schemes based on blockchain technology to strengthen EHR interoperability and privacy protection. We then review ongoing challenges in the areas of data management efficiency, fairness of access, and trust in the systems. In this commentary, we suggest ongoing research needs for health informatics, data sciences, and ethics to establish EHRs based on blockchain technology. Blockchain-based EHR schemes must address the potential inequality of healthcare resources, the huge carbon footprint of computational needs, and potential distrust of health providers and patients that may ensue with wider use of blockchain technology.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.