Loading…
A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations
The Health Insurance Portability and Accountability Act (HIPAA) has set privacy and security regulations for the US healthcare industry. HIPAA has also established principles for security standards that global e-health industry tends to follow. In this paper, a hybrid public key infrastructure solut...
Saved in:
Published in: | Computer standards and interfaces 2010-10, Vol.32 (5), p.274-280 |
---|---|
Main Authors: | , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The Health Insurance Portability and Accountability Act (HIPAA) has set privacy and security regulations for the US healthcare industry. HIPAA has also established principles for security standards that global
e-health industry tends to follow. In this paper, a hybrid public key infrastructure solution (HPKI) is proposed to comply with the HIPAA regulations. The main contribution is the new
e-health security architecture that is contract oriented instead of session oriented which exists in most literatures. The proposed HPKI has delegated the trust and security management to the medical service provider during the contract period, which is more realistic. It is much an analogy to existing paper based health care systems in terms of functional structure. The cryptographically strong PKI scheme is deployed for the mutual authentication and the distribution of sensitive yet computational non-intensive data while efficient symmetric cryptographic technology is used for the storage and transmission of high volume of medical data such as medical images. One advantage is that the proposed HPKI can be constructed from existing cryptographic technologies where various relevant security standards, tools and products are available. Discussion has been provided to illustrate how proposed schemes can address the HIPAA privacy and security regulations. |
---|---|
ISSN: | 0920-5489 1872-7018 |
DOI: | 10.1016/j.csi.2009.04.005 |