Multi-authority security framework for scalable EHR systems

摘要

Electronic health record (EHR) systems can be operated in a large-scale distributed environment, such as cloud computing, which might have to be managed by multiple authorities who control the access to patient records. In this way, a large amount of data from patients can be hosted on a large-scale distributed system. Unfortunately, the security of such systems is usually inadequate, which results in the hindrance of the EHR systems adoption in practice. Attribute-based systems have been a popular choice that could provide a flexible and reliable access control to EHR databases, which are usually managed by a single authority, who is responsible for setting up the system's policy. In a large-scale distributed system, it might be necessary to have multiple authorities, who can handle users located in different areas. Nevertheless, one of the challenges is how to enable multiple authorities with a single access policy. In this paper, we provide a sound solution to this issue. Our EHR system provides a secure environment for EHR users to use the system conveniently and provide the flexibility and scalability.