Privacy Preservation for Outsourced Medical Data With Flexible Access Control

Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one's EMR if and only...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2018-01, Vol.6, p.14827-14841
Main Authors: Zhou, Xingguang, Liu, Jianwei, Wu, Qianhong, Zhang, Zongyang
Format: Article
Language:English
Subjects:
Access control
Data privacy
Data processing
Electronic health records
electronic medical record
Encryption
Medical services
Patients
Physicians
Privacy
Privacy preservation
Security
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one's EMR if and only if his/her role satisfies the defined access policy. However, these existing schemes allow an adversary to link patients' identities to their doctors. Therefore, classifications of patients' diseases are leaked without adversaries actually seeing patients' EMRs. To address this problem, we present two anonymous schemes. They not only achieve data confidentiality but also realize anonymity for individuals. The first scheme achieves moderate security, where adversaries choose attack targets before obtaining information from the EMR system. The second scheme achieves full security, where adversaries adaptively choose attack targets after interaction with the EMR system. We provide rigorous proof showing the security and anonymity of our schemes. In addition, we propose an approach in which EMR owners can search for their EMRs in an anonymous system. For a better user experience, we apply the online/offline approach to speed up data processing. Experimental results show that the time complexity for key generation and EMR encapsulation can be reduced to milliseconds.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2018.2810243