scholarly journals Efficient Privacy-Preserving Access Control Scheme in Electronic Health Records System

Sensors ◽  
2018 ◽  
Vol 18 (10) ◽  
pp. 3520 ◽  
Author(s):  
Yang Ming ◽  
Tingting Zhang
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Personal Information ◽  
Privacy Preserving ◽  
Security And Privacy ◽  
Medical Systems ◽  
Health Records ◽  
Access Policy ◽  
Diffie Hellman ◽  
Electronic Health

The sharing of electronic health records (EHR) in cloud servers is an increasingly important development that can improve the efficiency of medical systems. However, there are several concerns focusing on the issues of security and privacy in EHR system. The EHR data contains the EHR owner’s sensitive personal information, if these data are obtained by a malicious user, it will not only cause the leakage of patient’s privacy, but also affect the doctor’s diagnosis. It is a very challenging problem for the EHR owner fully controls over own EHR data as well as preserves the privacy of himself. In this paper, we propose a new privacy-preserving access control (PPAC) scheme for EHR. To achieve fine-grained access control of the EHR data, we utilize the attribute-based signcryption (ABSC) mechanism to signcrypt data based on the access policy for the linear secret sharing schemes. Employing the cuckoo filter to hide the access policy, it could protect the EHR owner’s privacy information. In addition, the security analysis shows that the proposed scheme is provably secure under the decisional bilinear Diffie-Hellman exponent assumption and the computational Diffie-Hellman exponent assumption in the standard model. Furthermore, the performance analysis indicates that the proposed scheme achieves low costs of communication and computation compared with the related schemes, meanwhile preserves the EHR owner’s privacy. Therefore, the proposed scheme is better suited to EHR system.

scholarly journals A Distributed Access Control with Outsourced Computation in Fog Computing

2019 ◽  
Vol 2019 ◽  
pp. 1-10 ◽  
Author(s):  
Qihua Wang ◽  
Huaqun Wang ◽  
Yufeng Wang ◽  
Rui Guo
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Rapid Development ◽  
Security And Privacy ◽  
Health Records ◽  
Fine Grained ◽  
Outsourced Computation ◽  
Cloud Server ◽  
Electronic Health ◽  
Internet Of Things Technology

With the rapid development of information technology and the Internet of Things Technology (IOT), data security and healthy privacy are getting a lot of attention. In order to store, access, and share electronic health records, storage of this data is transferred to a third-party-cloud server. The security and privacy of electronic health records stored at date center or cloud server are not guaranteed. Before being sent to date center or cloud server, this data should be encrypted. Designing an efficient and secure fine-grained access control strategy for personal health records is facing enormous challenges. Security and privacy for electronic health records are very important because the electronic health data which plays an important role in medical server and treatment is directly associated with a particular patient. Attribute-based encryption (ABE) can effectively achieve fine-grained access control. However, the computation of bilinear pairings requires a large amount of computation overhead in ABE scheme. In order to decrease the computational overhead and ensure the confidentiality of electronic health records, a distributed fine-grained access control scheme with outsourced computation for IOT is proposed in this paper. Little calculation is executed by the receiver and sender in our proposed scheme. Outsourcing computing reduces the computing burden. The analyses of safety and performance show that our proposed scheme is safe and effective compared with previous schemes.

scholarly journals De-identifying Spanish medical texts - named entity recognition applied to radiology reports

2021 ◽  
Vol 12 (1) ◽  
Author(s):  
Irene Pérez-Díez ◽  
Raúl Pérez-Moraga ◽  
Adolfo López-Cerdán ◽  
Jose-Maria Salinas-Serrano ◽  
María de la Iglesia-Vayá
Keyword(s):  
Electronic Health Records ◽  
English Language ◽  
Personal Information ◽  
Named Entity Recognition ◽  
Entity Recognition ◽  
Medical Texts ◽  
Health Records ◽  
Named Entity ◽  
Radiology Reports ◽  
Electronic Health

Abstract Background Medical texts such as radiology reports or electronic health records are a powerful source of data for researchers. Anonymization methods must be developed to de-identify documents containing personal information from both patients and medical staff. Although currently there are several anonymization strategies for the English language, they are also language-dependent. Here, we introduce a named entity recognition strategy for Spanish medical texts, translatable to other languages. Results We tested 4 neural networks on our radiology reports dataset, achieving a recall of 97.18% of the identifying entities. Alongside, we developed a randomization algorithm to substitute the detected entities with new ones from the same category, making it virtually impossible to differentiate real data from synthetic data. The three best architectures were tested with the MEDDOCAN challenge dataset of electronic health records as an external test, achieving a recall of 69.18%. Conclusions The strategy proposed, combining named entity recognition tasks with randomization of entities, is suitable for Spanish radiology reports. It does not require a big training corpus, thus it could be easily extended to other languages and medical texts, such as electronic health records.

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

Sign in / Sign up

Export Citation Format

Share Document