The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates the privacy and accessibility of the electronic protected health information (ePHI) of patients. Ideally, patients should be able to securely authorize access and revoke permission to their ePHI. How should patients grant healthcare providers access to their ePHI within reasonable time frames? Lee et al. propose a key management scheme for securely permitting and rescinding authorization to ePHI. The scheme requires (1) a trusted healthcare certificate authority (HCA) to administer the pairs of public and private keys and certificates to patients and healthcare providers; and (2) smart cards that store keys and execute cryptographic operations to derive keys from master keys, to allow and deny access to ePHI.
展开▼