Title: Multi-authority security framework for scalable EHR systems

Authors: Fatemeh Rezaeibagha; Yi Mu; Willy Susilo; Khin Than Win

Addresses: Centre for Computer and Information Security Research, School of Computing and Information Technology, University of Wollongong, NSW, Australia ' Centre for Computer and Information Security Research, School of Computing and Information Technology, University of Wollongong, NSW, Australia ' Centre for Computer and Information Security Research, School of Computing and Information Technology, University of Wollongong, NSW, Australia ' School of Computing and Information Technology, University of Wollongong, NSW, Australia

Abstract: Electronic health record (EHR) systems can be operated in a large-scale distributed environment, such as cloud computing, which might have to be managed by multiple authorities who control the access to patient records. In this way, a large amount of data from patients can be hosted on a large-scale distributed system. Unfortunately, the security of such systems is usually inadequate, which results in the hindrance of the EHR systems adoption in practice. Attribute-based systems have been a popular choice that could provide a flexible and reliable access control to EHR databases, which are usually managed by a single authority, who is responsible for setting up the system's policy. In a large-scale distributed system, it might be necessary to have multiple authorities, who can handle users located in different areas. Nevertheless, one of the challenges is how to enable multiple authorities with a single access policy. In this paper, we provide a sound solution to this issue. Our EHR system provides a secure environment for EHR users to use the system conveniently and provide the flexibility and scalability.

Keywords: electronic health records; privacy preservation; privacy protection; access control; encryption; multi-authority security; scalable EHR systems; cryptography; cloud computing; multiple authorities; single access policy; distributed systems; e-health; electronic healthcare; information security.

DOI: 10.1504/IJMEI.2016.079368

International Journal of Medical Engineering and Informatics, 2016 Vol.8 No.4, pp.390 - 408

Available online: 21 Sep 2016

Full-text access for editors Access for subscribers Purchase this article Comment on this article