This is a paper I wrote together with Thomas Hupperich, Hans Löhr, and Ahmad-Reza Sadeghi. I presented a poster on it at the 2nd ACM SIGHIT International Health Informatics Symposium (IHI 2012) in Florida, USA. In this paper we present a new security architecture for Electronic Health Records (EHR) systems in which we let the patients control the confidentiality of their EHR data in an easy an flexible way. Existing approaches to protect the privacy of EHRs are either insufficient with respect to strict privacy laws or they are too restrictive in their usage. For example, smartcard-based encryption systems require the patient to be always present to authorize access to medical records. In our approach, we propose a security architecture for EHR infrastructures that provides more flexibility but retains the security of patient-controlled encryption. In our proposal patients are able to authorize access to their records remotely (e.g. via phone) and time-independent for later processing by the physician. The security of our approach relies on modern cryptographic schemes, in particular Attribute-Based Encryption, and their incorporation into an EHR infrastructure.
The key idea of our approach is to avoid the use of smartcards as a direct input for encrypting and decrypting EHRs. Before medical data is to be stored on an EHR server, the patient provides his smartcard only to generate a transac- tion code (TAC) which will be used as authorization secret. The encryption key is only based on the TAC and the pa- tient’s identity. When the EHR is to be read again, the patient gives the TAC to the health professional who needs to access the EHR. The novelty in this approach is that pa- tients do not need to be present with their smartcards for decryption, but can provide the TAC via, e.g., phone.
More information: [Paper]