Title: Security and privacy model of an electronic medical record system
Authors: Hyun-A. Park
Addresses: Department of Computer Engineering, College of AI Convergence, Honam University, 120, Honamdae-gil, Gwangsan-gu, Gwangju, South Korea
Abstract: Health information has some unique characteristics. Although it has a lot of personal sensitive information, it should be provided as research data for the development of biomedical science. And, another important characteristic is that the information subject and the information producer are not the same. However, some security scholars have made some errors in applying the security module to the medical information system without considering these characteristics. In this paper, we first analyse the errors. We divide the medical practices performed in the hospital into each process starting from the time the patient visits and registers, and we list the types of medical information used at that stage. Then, we analysed the information subject and information producer for the medical information, set the appropriate encryption key, and designed an encrypted communication protocol for the entire electronic medical record (EMR) data flow. This is a secure and efficient scheme as a hybrid encryption technique that combines a symmetric and an asymmetric encryption technique.
Keywords: medical information; security; privacy; information subject; information producer/manager; information ownership.
DOI: 10.1504/IJHTM.2022.128196
International Journal of Healthcare Technology and Management, 2022 Vol.19 No.3/4, pp.303 - 323
Received: 29 May 2022
Accepted: 05 Oct 2022
Published online: 11 Jan 2023 *