Abstract

In this study, we introduce Usage-Based Encryption (UBE) approach for a secure, efficient, ubiquitous and versatile management of Electronic Health Records (EHRs) on cloud. The primordial feature lies in delegating the fundamental security guidelines and procedures to the patient in terms of encryption, access control and digital signatures. In contrast with other frequently used approaches, the proposed scheme grants the patient enhanced independence from cloud providers' policies and thus, renders increased administrative authority while sustaining a highly flexible and resourceful configuration. A comprehensive scheme is painstakingly detailed to encompass all tangible situations pertaining to a highly effective control of the EHR in a platform-free sphere. As a matter of fact, encryption and hashing modi operandi are scrupulously and relevantly fixed on to guarantee Confidentiality, Integrity and Availability (CIA). Furthermore, privileges and revocation of access are discussed in their minutiae from a usage perspective to provide patients broader maneuverability of their health records prior to housing them on clouds.

Keywords:

Access control, CIA, cloud, Electronic Health Record (EHR), Usage Based Encryption (UBE),

References

1. Akkar, M.L. and C. Giraud, 2001. An implementation of DES and AES, secure against some attacks. Proceeding of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer-Verlag, Berlin, Heidelberg, New York, pp: 309-318.
   CrossRef    
2. Alanazi, H.O., A.A. Zaidan, B.B. Zaidan, M.L.M. Kiah and S.H. Al-Bakri, 2015. Meeting the security requirements of electronic medical records in the ERA of high-speed computing. J. Med. Syst., 39(1): 165.
   CrossRef    PMid:25481568    
3. Ali, M., S.U. Khan and A.V. Vasilakos, 2015. Security in cloud computing: Opportunities and challenges. Inform. Sciences, 305: 357-383.
   CrossRef    
4. Alshehri, S., S.P. Radziszowski and R.K. Raj, 2012. Secure access for healthcare data in the cloud using ciphertext-policy attribute-based encryption. Proceeding of the IEEE 28th International Conference on Data Engineering Workshops (ICDEW), pp: 143-146.
   CrossRef    
5. Alyass, A., M. Turcotte and D. Meyre, 2015. From big data analysis to personalized medicine for all: Challenges and opportunities. BMC Med. Genomics, 8(1): 33.
   CrossRef    PMid:26112054 PMCid:PMC4482045    
6. Bahga, A. and V.K. Madisetti, 2013. A cloud-based approach for interoperable electronic health records (EHRs). IEEE J. Biomed. Health Inform., 17(5): 894-906.
   CrossRef    PMid:25055368    
7. Ball, M.J. and J. Lillis, 2001. E-health: Transforming the physician/patient relationship. Int. J. Med. Inform., 61(1): 1-10.
   CrossRef    
8. Basu, S., A.H. Karp, J. Li, J. Pruyne, J. Rolia et al., 2012. Fusion: Managing healthcare records at cloud scale. Computer, 45(11): 42-49.
   CrossRef    
9. Bates, D.W., M. Cohen, L.L. Leape, J.M. Overhage, M.M. Shabot et al., 2001. Reducing the frequency of errors in medicine using information technology. J. Am. Med. Inform. Assoc., 8(4): 299-308.
   CrossRef    PMid:11418536 PMCid:PMC130074    
10. Bogdanov, A., D. Khovratovich and C. Rechberger, 2011. Biclique cryptanalysis of the full AES. Proceeding of the International Conference on the Theory and Application of Cryptology and Information Security, pp: 344-371.
    CrossRef    
11. Bresó, A., C. Sáez, J. Vicente, F. Larrinaga, M. Robles and J.M. García-Gómez, 2015. Knowledge-based personal health system to empower outpatients of diabetes mellitus by means of P4 medicine. Methods Mol. Biol., 1246: 237-257.
    CrossRef    PMid:25417090    
12. Burnett, S. and S. Paine, 2001. The RSA Security's Official Guide to Cryptography. Osborne/McGraw-Hill, New York.
    Direct Link
13. Cao, Y.Y. and C. Fu, 2008. An efficient implementation of RSA digital signature algorithm. Proceeding of the IEEE International Conference on Intelligent Computation Technology and Automation (ICICTA), 2: 100-103.
    CrossRef    PMCid:PMC2570555    
14. Collins, S.A., S. Bakken, D.K. Vawdrey, E. Coiera and L. Currie, 2011. Model development for EHR interdisciplinary information exchange of ICU common goals. Int. J. Med. Inform., 80(8): e141-e149.
    CrossRef    PMid:20974549 PMCid:PMC3044780    
15. Cramer, R. and V. Shoup, 1998. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Proceeding of the Annual International Cryptology Conference, pp: 13-25.
    CrossRef    
16. Daemen, J. and V. Rijmen, 2002. The Design of Rijndael: AES--the Advanced Encryption Standard. Springer-Verlag, Berlin, Heidelberg, New York.
    CrossRef    
17. Deepika, K., N. Naveen Prasad, S. Balamurugan and S. Charanyaa, 2015. Evolution of cloud computing: A state-of-the-art survey. IJIRCCE, 3(1): 174-179.
    CrossRef    
18. Dolin, R.H., 1997. Outcome analysis: Considerations for an electronic health record. MD Comput. Comput. Med. Practice, 14(1): 50-56.
    Direct Link
19. Eastlake, D. and P. Jones, 2001. RFC 3174, US Secure Hash Algorithm 1 (SHA1). Retrieved form: https://www.rfc-editor.org/info/rfc3174.
    Direct Link
20. Flores, M., G. Glusman, K. Brogaard, N.D. Price and L. Hood, 2013. P4 medicine: How systems medicine will transform the healthcare sector and society. Per. Med., 10(6): 565-576.
    CrossRef    PMid:25342952 PMCid:PMC4204402    
21. Garets, D. and M. Davis, 2006. Electronic Medical Records vs. Electronic Health Records: Yes, there is a Difference. Policy White Paper, Chicago, HIMSS Analytics, pp: 1-14.
    
22. Gaubatz, G., J.P. Kaps and B. Sunar, 2004. Public key cryptography in sensor networks-revisited. Proceeding of the European Workshop on Security in Ad-Hoc and Sensor Networks, pp: 2-18.
    Direct Link
23. Gilbert, H. and H. Handschuh, 2003. Security analysis of SHA-256 and sisters. Proceeding of the International Workshop on Selected Areas in Cryptography. Springer-Verlag, Berlin, Heidelberg, New York, NY., pp: 175-193.
    PMid:12699326    
24. Griebel, L., H.U. Prokosch, F. Köpcke, D. Toddenroth, J. Christoph, I. Leb, I. Engel and M. Sedlmayr, 2015. A scoping review of cloud computing in healthcare. BMC Med. Inform. Decis. Mak., 15(1): 17.
    CrossRef    PMid:25888747 PMCid:PMC4372226    
25. Grollmann, J. and A.L. Selman, 1988. Complexity measures for public-key cryptosystems. SIAM J. Comput., 17(2): 309-335.
    CrossRef    
26. Guo, L. and W.C. Yau, 2015. Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage. J. Med. Syst., 39(2): 11.
    CrossRef    PMid:25634700    
27. Hood, L. and S.H. Friend, 2011. Predictive, personalized, preventive, participatory (P4) cancer medicine. Nat. Rev. Clin. Oncol., 8(3): 184-187.
    CrossRef    PMid:21364692    
28. Hood, L. and M. Flores, 2012. A personal view on systems medicine and the emergence of proactive P4 medicine: Predictive, preventive, personalized and participatory. N. Biotechnol., 29(6): 613-624.
    CrossRef    PMid:22450380    
29. Iakovidis, I., 1998. Towards personal health record: Current situation, obstacles and trends in implementation of electronic healthcare record in Europe. Int. J. Med. Inform., 52(1-3): 105-115.
    CrossRef    
30. Jin, Z. and Y. Chen, 2015. Telemedicine in the cloud era: Prospects and challenges. IEEE Pervas. Comput., 14(1): 54-61.
    CrossRef    
31. Kluge, E.H.W., 2004. Informed consent and the security of the electronic health record (EHR): Some policy considerations. Int. J. Med. Inform., 73(3): 229-234.
    CrossRef    PMid:15066551    
32. Liu, C., R. Ranjan, X. Zhang, C. Yang and J. Chen, 2015. A Big Picture of Integrity Verification of Big Data in Cloud Computing. In: Khan, S. and A. Zomaya (Eds.), Handbook on Data Centers, Springer, New York, pp: 631-645.
    CrossRef    
33. Liu, J., E. Ahmed, M. Shiraz, A. Gani, R. Buyya and A. Qureshi, 2015. Application partitioning algorithms in mobile cloud computing: Taxonomy, review and future directions. J. Netw. Comput. Appl., 48: 99-117.
    CrossRef    
34. Löhr, H., A.R. Sadeghi and M. Winandy, 2010. Securing the e-health cloud. Proceedings of the 1st ACM International Health Informatics Symposium (IHI '10), pp: 220-229.
    CrossRef    
35. McEvoy, R.P., F.M. Crowe, C.C. Murphy and W.P. Marnane, 2006. Optimisation of the SHA-2 family of hash functions on FPGAs. Proceeding of the IEEE Computer Society Annual Symposium on Emerging VLSI Technologies and Architectures (ISVLSI'06), pp: 317-322.
    CrossRef    
36. McLoone, M. and J.V. McCanny, 2001. Single-chip FPGA implementation of the advanced encryption standard algorithm. Proceeding of the International Conference on Field Programmable Logic and Applications. Springer-Verlag, Berlin, Heidelberg, New York, pp: 152-161.
    CrossRef    
37. Morton, M.E. and S. Wiedenbeck, 2009. A framework for predicting EHR adoption attitudes: A physician survey. Perspect. Health Inf. Manag., 6(Fall): 1a.
    PMid:20169013    
38. Nagaty, K.A., 2015. A Secured Hybrid Cloud Architecture for mHealth Care. In: Adibi, S. (Ed.), Mobile Health. Springer Series in Bio-/Neuroinformatics. Springer, Cham, 5: 541-588.
    CrossRef    
39. Narayan, S., M. Gagné and R. Safavi-Naini, 2010. Privacy preserving EHR system using attribute-based infrastructure. Proceeding of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW '10), pp: 47-52.
    CrossRef    
40. Nechvatal, J., E. Barker, L. Bassham, W. Burr, M. Dworkin et al., 2001. Report on the development of the Advanced Encryption Standard (AES). J. Res. Natl. Inst. Stand. Technol., 106(3): 511-577.
    CrossRef    PMid:27500035    
41. Negi, A., P. Sharma, P. Chaudhary and H. Gupta, 2015. New method for obtaining digital signature certificate using proposed RSA algorithm. Int. J. Comput. Appl., 121(23).
    Direct Link
42. Pack, A.I., 2016. Application of personalized, predictive, preventative, and participatory (P4) medicine to obstructive sleep apnea. A roadmap for improving care? Ann. Am. Thorac. Soc., 13(9): 1456-1467.
    CrossRef    PMid:27387483    
43. Papagounos, G. and B. Spyropoulos, 1999. The multifarious function of medical records: Ethical issues. Methods Inf. Med., 38(4-5): 317-320.
    PMid:10805021    
44. Pointcheval, D., 1999. New public key cryptosystems based on the dependent-RSA problems. Proceeding of the International Conference on the Theory and Applications of Cryptographic Techniques, Springer-Verlag, Berlin, Heidelberg, New York, NY., pp: 239-254.
    CrossRef    
45. Rijmen, V. and J. Daemen, 2001. Advanced encryption standard. Proceeding of Federal Information Processing Standards Publications, National Institute of Standards and Technology, pp: 19-22.
    
46. Sanchez-Avila, C. and R. Sanchez-Reillol, 2001. The Rijndael block cipher (AES proposal): A comparison with DES. Proceeding of the IEEE 35th International Carnahan Conference on Security Technology, pp: 229-234.
    CrossRef    
47. Shortliffe, E.H. and J.J. Cimino, 2013. Biomedical Informatics: Computer Applications in Healthcare and Biomedicine. Springer Science+Business Media, LLC, New York.
    
48. Sklavos, N. and O. Koufopavlou, 2003. On the hardware implementations of the SHA-2 (256, 384, 512) hash functions. Proceeding of the International Symposium on Circuits and Systems (ISCAS'03).
    CrossRef    
49. Somani, U., K. Lakhani and M. Mundra, 2010. Implementing digital signature with RSA encryption algorithm to enhance the data security of cloud in cloud computing. Proceeding of the 1st IEEE International Conference on Parallel Distributed and Grid Computing (PDGC), pp: 211-216.
    CrossRef    
50. Standard, F.I.P., 2001. Announcing the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication, 197: 1-51.
    
51. Thakur, J. and N. Kumar, 2011. DES, AES and Blowfish: Symmetric key cryptography algorithms simulation based performance analysis. Int. J. Emerg. Technol. Adv. Eng., 1(2): 6-12.
    
52. Topol, E.J., 2015. The Patient Will See You Now: The Future of Medicine is in Your Hands. Basic Books, New York.
    
53. Wander, A.S., N. Gura, H. Eberle, V. Gupta and S.C. Shantz, 2005. Energy analysis of public-key cryptography for wireless sensor networks. Proceeding of the 3rd IEEE International Conference on Pervasive Computing and Communications (PerCom, 2005), pp: 324-328.
    CrossRef    
54. Wang, H., B. Sheng, C.C. Tan and Q. Li, 2008. Comparing symmetric-key and public-key based security schemes in sensor networks: A case study of user access control. Proceeding of the 28th International Conference on Distributed Computing Systems (ICDCS'08), pp: 11-18.
    CrossRef    
55. Xavier, N. and V. Chandrasekar, 2015. Cloud computing data security for personal health record by using attribute based encryption. Bus. Manage., 7(1).
    
56. Yang, J.J., J.Q. Li and Y. Niu, 2015. A hybrid solution for privacy preserving medical data sharing in the cloud environment. Future Gener. Comp. Sy., 43-44: 74-86.
    CrossRef    
57. Younesi, E. and M. Hofmann-Apitius, 2013. From integrative disease modeling to predictive, preventive, personalized and participatory (P4) medicine. EPMA J., 4(1): 23.
    CrossRef    PMid:24195840 PMCid:PMC3832251    
58. Zhang, R. and L. Liu, 2010. Security models and requirements for healthcare application clouds. Proceeding of the IEEE 3rd International Conference on Cloud Computing (CLOUD), pp: 268-275.
    CrossRef    
59. Zhang, X.M. and N. Zhang, 2011. An open, secure and flexible platform based on internet of things and cloud computing for ambient aiding living and telemedicine. Proceeding of the 2011 International Conference on Computer and Management (CAMAN), pp: 1-4.
    CrossRef    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.