|
Privacy-preserving emergency access control for personal health records |
|---|---|
| รหัสดีโอไอ | |
| Creator | 1. Sangsuree Vasupongayya 2. Phuwanai Thummavet |
| Title | Privacy-preserving emergency access control for personal health records |
| Publisher | Maejo University |
| Publication Year | 2558 |
| Journal Title | Maejo International Journal of Science and Technology |
| Journal Vol. | 9 |
| Journal No. | 1 |
| Page no. | 108 |
| Keyword | personal health record,privacy,security,ciphertext-policy attribute-based encryption,threshold cryptosystem |
| ISSN | 1905-7873 |
| Abstract | Recently, a flexible scheme for handling personal health records (PHRs) in emergency situations has been proposed. Under such a scheme, each PHR is classified as secure, restricted, or exclusive information. Secure PHRs are immediately available to the emergency response unit (ERU) staff. Restricted PHRs require additional approvals from a set of authorised people who are pre-selected by the PHR owner. Exclusive PHRs are only accessible by the owner. Previous work assumed that all ERU staff is trustworthy. To be practical, this work eliminates such an assumption. Several mechanisms are applied to ensure the usability and security of the newly proposed scheme. For example, an accessrequest authentication mechanism is applied to enhance the trustworthiness of the requests that are invoked by the ERU staff. Moreover, a transaction auditing mechanism is applied to provide a non-repudiation feature. This paper discusses the usability and security issues of the proposed scheme in practice and suggests how to classify a PHR considering the above-mentioned privacy levels. |
