Confidentiality Protection of Digital Health Records in Cloud Computing

详细信息    查看全文

• 作者：Shyh-Wei Chen ; Dai Lun Chiang ; Chia-Hui Liu ; Tzer-Shyong Chen…
• 关键词：Personal health record ; Secure transmission ; Privacy preservation ; Cloud computing ; Oblivious transfer
• 刊名：Journal of Medical Systems
• 出版年：2016
• 出版时间：May 2016
• 年：2016
• 卷：40
• 期：5
• 全文大小：1,459 KB
• 参考文献：1.Kohn, L., Corrigan, J., and Donaldson, M., Committee on Quality of Health Care in America IoM. Crossing the quality chasm. National Academy Press, Washington, DC, 2001.
  2.Markle Foundation, Connecting for health: a public private collaborative. New York, The personal health working group final report, 2003.
  3.Pagliari, C., Detmer, D., and Singleton, P., Potential of electronic personal health records. Br. Med. J. 335(7615):330–333, 2007.CrossRef
  4.Computer Science and Telecommunications Board, National Research Council, Networking health: prescriptions for the internet. National Academy Press, Washington, DC, 2000.
  5.The American Health Information Management Association and The American Medical Informatics Association, The value of personal health records: a joint position statement for consumers of health care. J. AHIMA 78(4):22–24, 2007.
  6.Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., and Sands, D. Z., Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inform. Assoc. 13(2):121–126, 2006.CrossRef PubMed PubMedCentral
  7.AHIMA e-HIM Personal Health Record Work Group, Defining the personal health record. J. Am. Health Inf. Manag. Assoc. 76(6):24–25, 2005.
  8.Pratt, W., Unruh, K., Civan, A., and Skeels, M. M., Personal health information management. Commun. ACM 49(1):51–55, 2006.CrossRef
  9.Li, M., Yu, S, Ren, K., Lou, W., Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings, 6th Iternational ICST Conference, Vol. 50, pp. 89–106, 2010.
  10.Sittig, D. F., Personal health records on the internet: a snapshot of the pioneers at the end of the 20th Century. Int. J. Med. Inform. 65(1):1–6, 2002.CrossRef PubMed
  11.Waegemann, C. P., Closer to reality: personal health records represent a step in the right direction for interoperability of healthcare IT systems and accessibility of patient data. Health Manag. Technol. 26(5):16–18, 2005.PubMed
  12.Tang, P. C., and Newcomb, C., Informing patients: a guide for providing patient health information. J. Am. Med. Inform. Assoc. 5(6):563–570, 1998.CrossRef PubMed PubMedCentral
  13.Markle Foundation, The personal health working group final report. Connecting for health: a public-private collaborative. Markle Foundation, 2003.
  14.Google Health, https://​www.​ROORle.​com/​health
  15.Microsoft Health Vault, http://​www.​healthvault.​com
  16.Kaelber, D. C., Jha, A. K., Johnston, D., Middleton, B., and Bates, D. W., A research agenda for personal health records. J. Am. Med. Inform. Assoc. 15(6):729–736, 2008.CrossRef PubMed PubMedCentral
  17.Sunyaev, A., Chornyi, D., Mauro, C., and Kremar, H., Evaluation framework for personal health records: Microsoft HealthVault v.s. Google Health. IEEE Conference on System Sciences, System Sciences (HICSS), pp. 1–10, 2010.
  18.Kim, M. I., and Johnson, K. B., Personal health records: evaluation of functionality and utility. J. Am. Med. Inform. Assoc. 9:171–180, 2002.CrossRef PubMed PubMedCentral
  19.Working Group on Policies for Electronic Information Sharing between Doctors and Patients, Connecting Americans to their healthcare: final report. Markle Foundation, 2004.
  20.Cohen, J. T., HIPAA, The HITECH Act, and How Google May Still Be Able to Distribute, and Profit From, Your Personal Health Info. Health Reform Watch, 2009.
  21.Vaquero, L. M., Rodero-Merino, L., Caceres, J., and Lindner, M., A break in the clouds: towards a cloud definition. ACM SIGCOMM Comput. Commun. Rev. 39(1):50–55, 2009.CrossRef
  22.Mell, P., and Grance, T., The NIST definition of cloud computing. National Institute of Standards and Technology, 2011.
  23.Zissis, D., and Lekkas, D., Securing e-Government and e-Voting with an open cloud computing architecture. Gov. Inf. Q. 28(2):239–251, 2011.CrossRef
  24.Yoo, C. S., Cloud computing: architectural and policy implications. Rev. Ind. Organ. 38(4):405–421, 2011.CrossRef
  25.Vaquero, L. M., Rodero-Merino, L., and Morán, D., Locking the sky: a survey on IaaS cloud Security. Computing 91(1):93–118, 2011.CrossRef
  26.Kandukuri, B. R., Paturi V. R., Rakshit A., “Cloud Security Issues,” 2009 I.E. International Conference on Services Computing, pp. 517–520, 2009.
  27.Parakh, A., and Kak, S., Online data storage using implicit security. Inf. Sci. 179(19):3323–3331, 2009.CrossRef
  28.Crescenzo, G. D., Malkin, T., Ostrovsky, R., Single database private information retrieval implies oblivious transfer. Advances in Cryptology – EUROCRYPT 2000, Bruges, Belgium. Vol. 1807, pp. 122–138, 2000.
  29.Gara, J. A., and MacKenzie, P. D., Concurrent oblivious transfer. Proceedings of 41st Symposium on Foundations of Computer Science, Redondo Beach, California, USA, pp. 314–324, 2000.
  30.Kilian, J., Founding cryptography on oblivious transfer. Proceedings of 20th ACM Symposium on Theory of Computing, Chicago, USA, pp. 20–31, 1988.
  31.Rabin, M. O., How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Lab, Harvard University, 1981.
  32.Even, S., Goldreich, O., and Lempel, A., A randomized protocol for signing contracts. Commun. ACM 28(6):637–647, 1985.CrossRef
  33.Brassard, G., and Cre’peau, C., Oblivious transfer and privacy amplification. EUROCRYPT’97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques, pp. 334–347, 1997.
  34.Huang, H. F., Chang, C. C., and Yeh, J. S., Enhancement of non-interactive oblivious transfer scheme. Proceedings of Fourth International Conference on Information and Management Sciences, pp. 196–199, 2005.
  35.Mu, Y., Zhang, J., Varadharajan, V., and Lin, Y. X., Robust non-interactive oblivious transfer. IEEE Commun. Lett. 7(4):153–155, 2003.CrossRef
  36.Lee, N. Y., and Wang, C. C., Verifiable oblivious transfer protocol. IEICE Trans. Inf. Syst. E88-D(12):2890–2892, 2005.CrossRef
  37.Chang, C. C., and Lee, J. S., Robust t-out-of-n oblivious transfer mechanism based on CRT. J. Netw. Comput. Appl. 32(1):226–235, 2008.CrossRef
  38.Zhang, J., and Wang, Y, Two provably secure k-out-of-n oblivious transfer schemes. Appl. Math. Comput. 169, 2005.
  39.Chu, C.-K., and Tzeng, W.-G., Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries, PKC 2005 LNCS, pp. 172–183, 2005.
  
• 作者单位：Shyh-Wei Chen (1)
  Dai Lun Chiang (1)
  Chia-Hui Liu (2)
  Tzer-Shyong Chen (3)
  Feipei Lai (1)
  Huihui Wang (4)
  Wei Wei (5)
  
  1. Department of Biomedical Electronics and Bioinformatics, National Taiwan University, Taipei, Taiwan
  2. Department of Digital Literature and Arts, St. John’s University, Taipei, Taiwan
  3. Department of Information Management, Tunghai University University, Taichung, Taiwan
  4. Department of Engineering, Jacksonville University, 2800 University Blvd N, Jacksonville, FL, 32211, USA
  5. School of Computer and Engineering, Xi’an University of Technology, Xi’an, China
  
• 刊物类别：Mathematics and Statistics
• 刊物主题：Statistics
  Statistics for Life Sciences, Medicine and Health Sciences
  Health Informatics and Administration
  
• 出版者：Springer Netherlands
• ISSN：1573-689X

文摘

Electronic medical records containing confidential information were uploaded to the cloud. The cloud allows medical crews to access and manage the data and integration of medical records easily. This data system provides relevant information to medical personnel and facilitates and improve electronic medical record management and data transmission. A structure of cloud-based and patient-centered personal health record (PHR) is proposed in this study. This technique helps patients to manage their health information, such as appointment date with doctor, health reports, and a completed understanding of their own health conditions. It will create patients a positive attitudes to maintain the health. The patients make decision on their own for thoese whom has access to their records over a specific span of time specified by the patients. Storing data in the cloud environment can reduce costs and enhance the share of information, but the potential threat of information security should be taken into consideration. This study is proposing the cloud-based secure transmission mechanism is suitable for multiple users (like nurse aides, patients, and family members).