Cross-Domain Data Sharing in Distributed Electronic Health Record Systems

Jinyuan Sun; Yuguang Fang

doi:10.1109/TPDS.2009.124

Publication
2010
Issue No. 6 - June
Abstract - Cross-Domain Data Sharing in Distributed Electronic Health Record Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jinyuan Sun Articles by Yuguang Fang

Cross-Domain Data Sharing in Distributed Electronic Health Record Systems

June 2010 (vol. 21 no. 6)

pp. 754-764

	ASCII Text	x
	Jinyuan Sun, Yuguang Fang, "Cross-Domain Data Sharing in Distributed Electronic Health Record Systems," IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 6, pp. 754-764, June, 2010.

	BibTex	x
	@article{ 10.1109/TPDS.2009.124, author = {Jinyuan Sun and Yuguang Fang}, title = {Cross-Domain Data Sharing in Distributed Electronic Health Record Systems}, journal ={IEEE Transactions on Parallel and Distributed Systems}, volume = {21}, number = {6}, issn = {1045-9219}, year = {2010}, pages = {754-764}, doi = {http://doi.ieeecomputersociety.org/10.1109/TPDS.2009.124}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Parallel and Distributed Systems TI - Cross-Domain Data Sharing in Distributed Electronic Health Record Systems IS - 6 SN - 1045-9219 SP754 EP764 EPD - 754-764 A1 - Jinyuan Sun, A1 - Yuguang Fang, PY - 2010 KW - Cross domain KW - delegation KW - electronic health record KW - privacy KW - security. VL - 21 JA - IEEE Transactions on Parallel and Distributed Systems ER -

Jinyuan Sun, University of Florida, Gainesville

Yuguang Fang, University of Florida, Gainesville

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2009.124

Cross-organization or cross-domain cooperation takes place from time to time in Electronic Health Record (EHR) system for necessary and high-quality patient treatment. Cautious design of delegation mechanism must be in place as a building block of cross-domain cooperation, since the cooperation inevitably involves exchanging and sharing relevant patient data that are considered highly private and confidential. The delegation mechanism grants permission to and restricts access rights of a cooperating partner. Patients are unwilling to accept the EHR system unless their health data are guaranteed proper use and disclosure, which cannot be easily achieved without cross-domain authentication and fine-grained access control. In addition, revocation of the delegated rights should be possible at any time during the cooperation. In this paper, we propose a secure EHR system, based on cryptographic constructions, to enable secure sharing of sensitive patient data during cooperation and preserve patient data privacy. Our EHR system further incorporates advanced mechanisms for fine-grained access control, and on-demand revocation, as enhancements to the basic access control offered by the delegation mechanism, and the basic revocation mechanism, respectively. The proposed EHR system is demonstrated to fulfill objectives specific to the cross-domain delegation scenario of interest.

[1] M.C. Rash, "Privacy Concerns Hinder Electronic Medical Records," Business J. Greater Triad Area, Apr. 2005.
[2] R. Pear, "Warnings over Privacy of US Health Network," New York Times, Feb. 2007.
[3] P. Ray and J. Wimalasiri, "The Need for Technical Solutions for Maintaining the Privacy of EHR," Proc. 28th IEEE EMBS Ann. Int'l Conf., pp. 4686-4689, Sept. 2006.
[4] U. Sax, I. Kohane, and K.D. Mandl, "Wireless Technology Infrastructures for Authentication of Patients: PKI That Rings," J. Am. Medical Informatics Assoc., vol. 12, no. 3, pp. 263-268, 2005.
[5] M.C. Mont, P. Bramhall, and K. Harrison, "A Flexible Role-Based Secure Messaging Service: Exploiting IBE Technology for Privacy in Health Care," Proc. 14th Int'l Workshop Database and Expert Systems Applications (DEXA), 2003.
[6] W.-B. Lee and C.-D. Lee, "A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations," IEEE Trans. Information Technology in Biomedicine, vol. 12, no. 1, pp. 34-41, Jan. 2008.
[7] C.C. Tan, H. Wang, S. Zhong, and Q. Li, "Body Sensor Network Security: An Identity-Based Cryptography Approach," Proc. ACM Conf. Wireless Network Security (WiSec '08), Apr. 2008.
[8] S. Gupta, K.K. Venkatasubramanian, and A. Banerjee, "Ekg-Based Key Agreement in Body Sensor Networks," Proc. Mission Critical Networks Workshop (MCN '08), Apr. 2008.
[9] S.-D. Bao, Y.-T. Zhang, and L.-F. Shen, "Physiological Signal Based Entity Authentication for Body Area Sensor Networks and Mobile Healthcare Systems," Proc. 28th IEEE EMBS Ann. Int'l Conf., pp. 58-65, Sept. 2005.
[10] M. Katzarova and A. Simpson, "Delegation in a Distributed Healthcare Context: A Survey of Current Approaches," Proc. Information Security Conf. (ISC '06), S.K. Katsikas et al., eds. 2006.
[11] O.S.S.T. Committee, SAML V2.0, www.oasis-open.org committees /, 2009.
[12] O. eXstensible Access Control Markup Language Committee, XACML V2.0, www.oasis-open.orgcommittees/, 2009.
[13] V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder, and F. Siebenlist, "X.509 Proxy Certificates for Dynamic Delegation," Proc. Third Ann. PKI R&D Workshop, 2004.
[14] A. Boldyreva, A. Palacio, and B. Warinschi, "Secure Proxy Signature Schemes for Delegation of Signing Rights," Cryptology ePrint Archive, Report 2003/096, http://eprint.iacr.org/2003096.pdf, 2003.
[15] L. Zhang, G.J. Ahn, and B.T. Chu, "A Rule-Based Framework for Role-Based Delegation and Revocation," ACM Trans. Information and System Security, vol. 6, no. 3, pp. 404-441, 2003.
[16] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Oct. 1996.
[17] R.K. Thomas, "Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments," Proc. Second ACM Workshop Role-Based Access Control, pp. 13-19, 1997.
[18] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairings," Advances in Cryptology—Asiacrypt 2001, pp. 514-532, Springer-Verlag, 2001.
[19] C. Gentry and A. Silverberg, "Hierarchical Id-Based Cryptography," Proc. Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 548-556, Dec. 2002.
[20] D. Boneh, G.D. Crescenzo, R. Ostrovsky, and G. Persiano, "Public Key Encryption with Keyword Search," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT), 2004.
[21] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing. Extended Abstract in CRYPTO 2001," SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[22] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi, "Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions," Proc. Int'l Cryptology Conf. (CRYPTO), V. Shoup, ed., 2005.
[23] S.S. Al Riyami and K.G. Paterson, "Certificateless Public Key Cryptography," Proc. Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT '03), pp. 452-487, 2003.
[24] "Liberty Alliance Project," http:/www.projectliberty.org/, 2009.
[25] "Electronic Health Record," http://en.wikipedia.org/wiki Electronic_health_record , 2009.
[26] U.D. of Health & Human Services Website "Health Information Technology," http://www.hhs.govhealthit/, 2009.
[27] H.W. Lim and K.G. Paterson, "Identity-Based Cryptography for Grid Security," Proc. First IEEE Int'l Conf. e-Science and Grid Computing (e-Science '05), H. Stockinger, R. Buyya, and R. Perrott, eds., 2005.
[28] A. Menezes, P.V. Oorschot, and S. Vanston, Handbook of Applied Cryptography. CRC Press, 1996.
[29] J. Sun, C. Zhang, and Y. Fang, "A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks," Proc. IEEE INFOCOM, pp. 1687-1695, Apr. 2008.
[30] F. Hess, "Efficient Identity-Based Signature Schemes Based on Pairings," Selected Areas in Cryptography, pp. 310-324, Springer-Verlag, 2002.
[31] J. Baek, R. Safiavi-Naini, and W. Susilo, "Public Key Encryption with Keyword Search Revisited," Cryptology ePrint Archive, Report 2005/191, http://eprint.iacr.org/2005191.pdf, 2005.
[32] J. Camenisch and A. Lysyanskaya, "Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials," Proc. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '02), pp. 61-76, 2002.
[33] L. Nguyen and R. Safavi-Naini, "Dynamic K-Times Anonymous Authentication," Applied Cryptography and Network Security, pp. 318-333, Springer, 2005.
[34] T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno, "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs," Proc. 17th USENIX Security Symp., pp. 275-290, July 2008.

Index Terms:

Cross domain, delegation, electronic health record, privacy, security.

Citation:

Jinyuan Sun, Yuguang Fang, "Cross-Domain Data Sharing in Distributed Electronic Health Record Systems," IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 6, pp. 754-764, June 2010, doi:10.1109/TPDS.2009.124

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.