• DocumentCode
    3311449
  • Title

    Managing the Privacy and Security of eHealth Data

  • Author

    Soceanu, Alexandru ; Vasylenko, Maksym ; Egner, Alexandru ; Muntean, Traian

  • Author_Institution
    Munich Univ. of Appl. Sci., Munich, Germany
  • fYear
    2015
  • fDate
    27-29 May 2015
  • Firstpage
    439
  • Lastpage
    446
  • Abstract
    The large scale adoption of mobile medicine, supported by an increasing number of medical devices and remote access to health services, correlated with the continuous involvement of the patients in their own healthcare, led to the emergence of tremendous amounts of clinical data. They need to be securely transferred, archived and accessed. This paper refers to a new approach for protecting the privacy and security of clinical data through the use of a state of the art encryption scheme and attribute-based access control authorization framework. As personal medical records are often used by different entities (e.g. Doctors, pharmacists, nurses, etc.), there is a need for different degrees of authorization access for specific parts of the personal dossier. Appropriate cryptographic tools are presented for allowing partial visibility and valid protection on authorized parts for hierarchical privacy protection of eHealth data. The encryption process relies on ARCANA, a security platform developed at ERISCS research laboratory from University Aix-Marseille. It provides the appropriate cryptographic tools for secure hierarchical access to healthcare data. This ensures that the access of various entities to the healthcare data is accurately and hierarchically controlled. The access control framework used in this research is based on XACML, a standard access control decision model specified by OASIS. The applicability and feasibility of XACML-based policies to regulate the access to patient data are demonstrated through SAFAX. SAFAX is a new public authorization framework developed by the Eindhoven University of Technology tested among others on eHealth case studies, in cooperation with Munich University of Applied Sciences. It is envisioned that the usage of data encryption and public authorization solutions to regulate access control on patients clinical data will have a big impact on the patient´s trust in electronic healthcare systems and will speed up their large sca- e adoption.
  • Keywords
    authorisation; cryptography; data privacy; health care; ARCANA; ERISCS research laboratory; Eindhoven University of Technology; OASIS; University Aix-Marseille; XACML-based policies; attribute-based access control authorization framework; clinical data privacy; clinical data security; cryptographic tools; ehealth data; encryption scheme; health services; healthcare; medical devices; mobile medicine; public authorization solutions; remote access; Authentication; Authorization; Data privacy; Medical services; Standards; ABAC; Patient Consent; Privacy; Security; XACML; eHealth; incremental cryptography;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Control Systems and Computer Science (CSCS), 2015 20th International Conference on
  • Conference_Location
    Bucharest
  • Print_ISBN
    978-1-4799-1779-2
  • Type

    conf

  • DOI
    10.1109/CSCS.2015.76
  • Filename
    7168466
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3311449