Symmetric key-based patient controlled secured electronic health record management protocol

摘要

In our progressive era of technology, digitization is becoming the link between businesses, people, processes, and data. Since digitization is now a common practice for storing and retrieving data, Electronic Health Record (EHR) management services are rapidly becoming popular as it allows users to store and access their data anywhere at any time. EHR management is bringing many benefits including easy storage, cost effectiveness, shareable with health professionals to a remote location, etc. However it is very challenging to adopt cloud-based EHR services, due to the risk of data breaches and the resulting compromise of patient data. Since EHR stores very sensitive data, a number of security properties including privacy, secrecy, integrity, authenticity and availability of data must be ensured during data transmission, storing and sharing with health professionals. In this study, we have studied symmetric key based technique in designing EHR management protocol. The protocol allows the patient to handle the responsibility of authorizing data access, thus this is a patient-centric protocol. Attributes (e.g., specialization, location, affiliated hospital, etc.) of a health professional is used to delegate access to EHR of a patient, and thus attribute-based access control has been achieved. The protocol we have designed is then validated using AVISPA, an industry-strength security protocol validation tool. AVISPA has confirmed our protocol free from known attacks and confirmed the desired security properties as well.