Title: Security and privacy model of an electronic medical record system

Authors: Hyun-A. Park

Addresses: Department of Computer Engineering, College of AI Convergence, Honam University, 120, Honamdae-gil, Gwangsan-gu, Gwangju, South Korea

Abstract: Health information has some unique characteristics. Although it has a lot of personal sensitive information, it should be provided as research data for the development of biomedical science. And, another important characteristic is that the information subject and the information producer are not the same. However, some security scholars have made some errors in applying the security module to the medical information system without considering these characteristics. In this paper, we first analyse the errors. We divide the medical practices performed in the hospital into each process starting from the time the patient visits and registers, and we list the types of medical information used at that stage. Then, we analysed the information subject and information producer for the medical information, set the appropriate encryption key, and designed an encrypted communication protocol for the entire electronic medical record (EMR) data flow. This is a secure and efficient scheme as a hybrid encryption technique that combines a symmetric and an asymmetric encryption technique.

Keywords: medical information; security; privacy; information subject; information producer/manager; information ownership.

DOI: 10.1504/IJHTM.2022.128196

International Journal of Healthcare Technology and Management, 2022 Vol.19 No.3/4, pp.303 - 323

Received: 29 May 2022
Accepted: 05 Oct 2022
Published online: 11 Jan 2023 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article