Two-layer ciphertext-policy attribute-based proxy re-encryption for supporting PHR delegation

Medical treatment sometimes requires a case forwarding to a doctor who has a specific expertise. Typically, an electronic medical record (EMS) of a patient can be passed to another doctor without asking the patient because EMS belongs to the healthcare organization. Personal health record (PHR), however, is different because PHR is owned by an individual (e.g., patient) and all accesses to the PHR is controlled by its owner. This work proposes a two-layer ciphertext-policy attribute-based proxy re-encryption scheme (2-layer CP-AB-PRE) for the PHR delegation process. The inner layer policy belongs to the PHR owner while the outer layer policy belongs to the doctors or experts that might want to delegate the PHR to other doctors or experts. This way, the PHR can be delegated to others while the PHR owner still has the control on his/her data. The evaluation results on the size of the resulting ciphertext PHR produced by the proposed method, are shown. The security issues of the proposed method are also discussed.