Enhancing the security and privacy of cloud-based health records systems

Abstract

Electronic health records (EHR) and personal health records (PHR) are emerging services for electronic health. They allow healthcare providers, clinicians and patients to manage, access and share medical data. EHR and PHR increase healthcare e ciency by preventing unnecessary diagnostics. They can assist clinicians in tracking the status of patients’ chronic illnesses and dealing with any encountered problems. There is growing interest in storing patient data in cloud computing storage instead of storing data in healthcare providers’ decentralised data centres. More and more health information is stored in cloud-based storage and this makes securing this information a challenging task. If cloud- based storage is compromised, health information might be revealed. Also, healthcare providers and patients lose control of this information.

To address these challenging issues, there is a need to develop an efficient cryptographic scheme that can secure and preserve the privacy of the stored information. The proposed scheme needs to allow both healthcare providers and patients to gain full control of health information by being able to enforce a fine-grained access policy on each data file stored in the cloud. We propose a multi-authority attribute-based scheme for securing electronic and personal health records. This scheme allows healthcare providers to send encrypted copies of any health record to a patient. It also provides a feature to assist healthcare providers in monitoring patient health. In addition, patients are able to share any record with other users. Using the proposed scheme, all health records (medical files with their directory entries) need to be encrypted before they are uploaded to cloud-based storage. Medical data files are encrypted using a symmetric key while their directory entries are encrypted twice: first using ciphertext-policy attribute-based encryption and second using patient-controlled encryption. Finally, we evaluate the effectiveness and efficiency of the proposed scheme.