A secure revocable personal health record system with policy-based fine-grained access control

Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today´s fast-paced tech-dominant world. In our context, Personal Health Record (PHR) system has become a popular research area for sharing patients information very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Therefore, cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed. Attribute-based encryption can resolve these problems. We have proposed a framework with fine-grained access control mechanism that protects PHRs against service providers, and malicious users. We have used the Ciphertext Policy Attribute Based Encryption system as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation in a hierarchical scheme. The Web Services and APIs for the proposed framework have been developed and implemented, along with an Android mobile application for the system.