Self-Protecting Electronic Medical Records Using Attribute-Based Encryption
Loading...
Authors
Akinyele, Joseph A.
Lehmann, Christoph U.
Green, Matthew D.
Pagano, Matthew W.
Peterson, Zachary N.J.
Rubin, Aviel D.
Subjects
Advisors
Date of Issue
2010
Date
Publisher
Language
Abstract
We provide a design and implementation of self-protecting electronic medical records (EMRs) us-
ing attribute-based encryption. Our system allows healthcare organizations to export EMRs to storage
locations outside of their trust boundary, including mobile devices, Regional Health Information Organi-
zations (RHIOs), and cloud systems such as Google Health. In contrast to some previous approaches to
this problem, our solution is designed to maintain EMR availability even when providers are o ine, i.e.,
where network connectivity is not available (for example, during a natural disaster). To balance the needs
of emergency care and patient privacy, our system is designed to provide for ne-grained encryption and
is able to protect individual items within an EMR, where each encrypted item may have its own access
control policy. To validate our architecture, we implemented a prototype system using a new dual-policy
attribute-based encryption library that we developed. Our implementation, which includes an iPhone
app for storing and managing EMRs o ine, allows for
exible and automatic policy generation. An
evaluation of our design shows that our ABE library performs well, has acceptable storage requirements,
and is practical and usable on modern smartphones.
Type
Article
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.