Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System

Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System

Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems ma...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 6; pp. 9114 - 9128
Main Authors: Seol, Kwangsoo, Kim, Young-Gab, Lee, Euijong, Seo, Young-Duk, Baik, Doo-Kwon
Format: Journal Article
Language:English
Published: Piscataway IEEE 01-01-2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Access control
Biomedical imaging
Computer architecture
data privacy
digital signature
Digital signatures
Document markup languages
Electronic health records
Encryption
Health care facilities
Health services
Medical services
Privacy
Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cloud-based electronic health record (EHR) systems enable medical documents to be exchanged between medical institutions; this is expected to contribute to improvements in various medical services in the future. However, as the system architecture becomes more complicated, cloud-based EHR systems may introduce additional security threats when compared with the existing singular systems. Thus, patients may experience exposure of private data that they do not wish to disclose. In order to protect the privacy of patients, many approaches have been proposed to provide access control to patient documents when providing health services. However, most current systems do not support fine-grained access control or take into account additional security factors such as encryption and digital signatures. In this paper, we propose a cloud-based EHR model that performs attribute-based access control using extensible access control markup language. Our EHR model, focused on security, performs partial encryption and uses electronic signatures when a patient's document is sent to a document requester. We use XML encryption and XML digital signature technology. Our proposed model works efficiently by sending only the necessary information to the requesters who are authorized to treat the patient in question.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2018.2800288