2692-4048ISSN (Online)
2770-0070ISSN (Print)
Volume 5 , Issue 2 , PP: 51-61, 2021 | Cite this article as | XML | Html | PDF | Full Length Article
Shibin David 1 * , Andrew J 2 , K. Martin Sagayam 3 , Ahmed A. Elngar 4
Doi: https://doi.org/10.54216/FPA.050201
Security plays a major role in most fields including the pharmaceutical field. Authorization and Authentication are the key concepts in supporting notable areas of the cyber-health world. HIPAA's (Health Insurance Portability and Accountability Act) ultimate focus is to preserve the privacy of the health records of an individual without disclosing it and preventing the data from unauthorized access. A complaint key management solution is applied to the patient's health records to reduce the risk factor while engaging with cryptographic mechanisms. Though there are many existing cryptographic algorithms such as Elliptic curve cryptography, and Elgammal's key exchange algorithm which provides security to the access of patient's health records, the proposed key management solution will overlay the same variant of security to the Electronic Health Records (EHR). This paper provides the countermeasures for improving security and suggests a key recovery mechanism for the protection of keys used in the security mechanism.
Health Insurance Portability and Accountability Act (HIPAA) , Electronic Protected Health Information (ePHI) , Key management , RFID cards
[1] Alese, B. K., Philemon, E. D., &Falaki, S. O. Comparative analysis of public-key encryption schemes. International Journal of Engineering and Technology, 2(9), 1552-1568. (2012).
[2] Clarke, A., & Steele, R. Secure and reliable distributed health records: Achieving query assurance across repositories of encrypted health data. In 2012 45th Hawaii International Conference on System Sciences (pp. 3021-3029).IEEE. (2012).
[3] Lee, C. D., Ho, K. I. J., & Lee, W. B. A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine, 15(4), 550-556.(2011).
[4] Dr. Najib A. kofahi.An empirical study to compare the performance of some symmetric and asymmetric ciphers. International Journal of Security and Its Applications, 7(5), 1-16.(2013).
[5] Huang, H. F., & Liu, K. C. Efficient key management for preserving HIPAA regulations. Journal of Systems and Software, 84(1), 113-119. (2011).
[6] Hu, J., Chen, H. H., &Hou, T. W. A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces, 32(5-6), 274-280. (2010)
[7] Li, J., Lee, J. S., & Chang, C. C. Preserving PHI in compliance with HIPAA privacy/security regulations using cryptographic techniques. In 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (pp. 1545-1548). IEEE. (2008).
[8] David, S., Xavier, B., & Kathrine, J. W. A panoramic overview on fast encryption techniques for outsourced data in mobile cloud computing environment.In 2017 International Conference on Inventive Computing and Informatics (ICICI) (pp. 476-480).IEEE. (2018).
[9] Dunlop, L. Electronic health records: Interoperability challenges Patients' right to privacy. Shidler JL Com. & Tech., 3, 1. (2006).
[10] Hripcsak, G., & Albers, D. J. Next-generation phenotyping of electronic health records. Journal of the American Medical Informatics Association, 20(1), 117-121. (2013).
[11] Benaloh, J., Chase, M., Horvitz, E., &Lauter, K. Patient controlled encryption: ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 103-114). (2009).
[12] Krasner, J. Using Elliptic Curve Cryptography (ECC) for Enhanced Embedded Security-Financial Advantages of ECC over RSA or Diffie-Hellman (DH). Embedded Market Forecasters, American Technology. (2004).
[13] Sun, J., Zhu, X., Zhang, C., & Fang, Y. HCPP: Cryptography based secure EHR system for patient privacy and emergency healthcare. In 2011 31st International Conference on Distributed Computing Systems (pp. 373-382).IEEE. (2011).
[14] Großschädl, J., Page, D., & Tillich, S. Efficient java implementation of elliptic curve cryptography for J2ME-Enabled mobile devices. In IFIP international workshop on information security theory and practice (pp. 189-207).Springer, Berlin, Heidelberg.(2012).
[15] Bos, J. W., Halderman, J. A., Heninger, N., Moore, J., Naehrig, M., &Wustrow, E. Elliptic curve cryptography in practice. In International Conference on Financial Cryptography and Data Security (pp. 157-175).Springer, Berlin, Heidelberg. (2014).
[16] Meystre, S. M., Savova, G. K., Kipper-Schuler, K. C., & Hurdle, J. F. Extracting information from textual documents in the electronic health record: a review of recent research. Yearbook of medical informatics, 17(01), 128-144. (2008).
[17] Palojoki, S., Mäkelä, M., Lehtonen, L., &Saranto, K. An analysis of electronic health record–related patient safety incidents.Health informatics journal, 23(2), 134-145. (2017).
[18] Vijayakumar, P., Anand, K., Bose, S., Maheswari, V., Kowsalya, R., &Kannan, A. Hierarchical key management scheme for securing mobile agents with optimal computation time. Procedia engineering, 38, 1432-1443. (2012).
[19] McDonald, Clement. J., Tang, P. C., &Hripcsak, G. Electronic health record systems.In Biomedical Informatics (pp. 391-421).Springer, London. (2014).
[20] Mirkovic, J., Bryhni, H., &Ruland, C. M. Secure solution for mobile access to patient's health care record. In 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services (pp. 296-303).IEEE. (2011).
[21] Hripcsak, G., Albers, D. J., &Perotte, A. Parameterizing time in electronic health record studies. Journal of the American Medical Informatics Association, 22(4), 794-804. (2015).
[22] Ratwani, R. M., Fairbanks, R. J., Hettinger, A. Z., & Benda, N. C. Electronic health record usability: analysis of the user-centered design processes of eleven electronic health record vendors. Journal of the American Medical Informatics Association, 22(6), 1179-1182. (2015).
[23] Sciancalepore, S., Piro, G., Boggia, G., & Bianchi, G. Public key authentication and key agreement in IoT devices with minimal airtime consumption. IEEE Embedded Systems Letters, 9(1), 1-4. (2016).
[24] Gupta, K., &Silakari, S. Ecc over rsa for asymmetric encryption: A review. International Journal of Computer Science Issues (IJCSI), 8(3), 370.(2011).
[25] Fraser, H., Biondich, P., Moodley, D., Choi, S., Mamlin, B., &Szolovits, P. Implementing electronic medical record systems in developing countries. Journal of Innovation in Health Informatics, 13(2), 83-95. (2005).
[26] Krawczyk, H. Cryptographic extraction and key derivation: The HKDF scheme. In Annual Cryptology Conference (pp. 631-648).Springer, Berlin, Heidelberg. (2010).
[27] Yang, Y., Han, X., Bao, F., & Deng, R. H. A smart-card-enabled privacy preserving E-prescription system. IEEE Transactions on Information Technology in Biomedicine, 8(1), 47-58. (2004).
[28] Ray, S., &Biswas, G. P. A Certificate Authority (CA)-based cryptographic solution for HIPAA privacy/security regulations. Journal of King Saud University-Computer and Information Sciences, 26(2), 170-180. (2014).
[29] Sicuranza, M., & Esposito, A. An access control model for easy management of patient privacy in EHR systems.In 8th International Conference for Internet Technology and Secured Transactions (ICITST
