Volume 6 , Issue 2 , PP: 96-100, 2021 | Cite this article as | XML | Html | PDF | Full Length Article
Shibin David 1 * , K. Martin Sagayam 2 , Ahmed A. Elngar 3
Doi: https://doi.org/10.54216/JCIM.060202
The main goal of HIPAA (Health Insurance Portability and Accountability Act) is to protect health information of individuals against access without consent or authorization. Security and privacy are the main issues in HIPAA. A compliant key management solution is used to reduce harm and risk while providing cryptographic mechanisms. Using ECC (Elliptic Curve Cryptography) we ensure more security for access of patient’s health records. This provides same level of security for access of patient’s health records. Patient’s health Information is stored in RFID cards. Finally, the proposed method ensures higher level of security than other existing cryptographic techniques. ECC provides more security even with small key sizes. Proposed scheme describes the various counter measures for improving security and a key recovery mechanism for the protection of keys.
Health Insurance Portability and Accountability Act (HIPAA), Electronic Protected Health Information (EPHI), Key management, RFID cards
[1] Alese, B. K., Philemon E. D., Falaki, S. O. (2012), “Comparative Analysis of Public-Key Encryption Schemes”, International Journal of Engineering and Technology Volume 2 No. 9.
[2] Andrew Clarke, Robert Steele (2012), “Secure and Reliable Distributed Health Records: Achieving Query Assurance across Repositories of Encrypted Health Data”, 45th International Conference on System Sciences.
[3] C.-D. Lee,K.I.-J. Ho, W.-B. Lee (2011), “A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations”, IEEE Transactions on Information Technology in Biomedicine 15 (July (4)) 550–556.
[4] Dr. Najib A. kofahi (2013), “An Empirical Study to Compare the Performance of some Symmetric and Asymmetric Ciphers”, International Journal of Security and Its Applications Vol.7, No.5.
[5] H.-F.Huang, K.-C. Liu (2011), “Efficient key management for preserving HIPAA regulations”, Journal of Systems and Software 84 (2011) 113–119.
[6] J. Hu, H.-H. Chen, T.-W. Hou (2010), “A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations”, Computer Standards & Interfaces 32 (October (5/6)) (2010) 274–280.
[7] J. Li, J.-S. Lee, C.-C.Chang (2008), “Preserving PHI in compliance with HIPAA privacy/security regulations using cryptographic techniques”, International Conference on Intelligent Information Hiding and Multimedia Signal Processing.
[8] Jelena Mirkovic, Haakon Bryhni, Cornelia M. Ruland (2011) “Secure Solution for Mobile Access to Patient’s Health Care Record”, IEEE 13th conference.
[9] Jerry Krasner (2004), “Using Elliptic Curve Cryptography (ECC) for Enhanced Embedded Security”, American Technology International.
[10] Jinyuan Sun, Xiaoyan Zhu, Chi Zhang, and Yuguang Fang (2011), “HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare”, 31st International Conference on Distributed Computing Systems.
[11] Johann Grobsch adl and Dan Page (2012), “Efficient Java Implementation of Elliptic Curve”.
[12] Joppe W. Bos, J. Alex Halderman, Nadia Heninger, “Elliptic curve cryptography in practice”.
[13] Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter (2009), “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records”, Microsoft, November 13.
[14] Kamlesh Gupta and Sanjay Silakari (2011), “ECC Over RSA for Asymmetric Encryption: A Review”, IJCSI International Journal of Computer Sciences Issues, vol 18, Issue 3, no 2.
[15] Konstantinos Chalkias, George Filiadis, and George Stephanides (2007), “Implementing Authentication Protocol for Exchanging Encrypted Messages via an Authentication Server based on Elliptic Curve Cryptography with the ElGamal’s Algorithm”, International Journal of Computer, Information, Systems and Control Engineering Vol:1 No:7.
[16] M.A.C. Dekkera, S. Etalle (2007), “Audit-Based Access Control for Electronic Health Records”, Electronic Notes in Theoretical Computer Science 168 ,221–236.
[17] Marci Meingast, Tanya Roosta, Shankar Sastry (2006), “Security and Privacy Issues with Health Care Information Technology”, Proceedings of the 28th IEEE EMBS Annual International Conference New York City, USA, Aug 30-Sept 3.
[18] Mario Sicuranza Angelo Esposito (2013), “An Access Control Model for easy management of patient privacy in EHR systems”, The 8th International Conference for Internet Technology and Secured Transactions (ICITST).
[19] Ms. Shubhi Gupta, Ms. Swati Vashisht (2014) “Implementation of ECC Using Socket Programming in Java” IOSR Journal of Computer Engineering 8727Volume 16, Issue 4.
[20] Pavan Roy Marupally, Vamsi Paruchuri Sriram Chellappan(2009), “Privacy Preserving Portable Health Record (P3HR)” International Conference on Network-Based Information Systems.
[21] Sangram Ray, G.P. Biswas (2013), “A Certificate Authority (CA)-based cryptographic solution for HIPAA privacy/security regulations”, Journal of King Saud University – Computer and Information Sciences.
[22] Sangram Ray, G. P. Biswas (2012), “Design of RSA-CA Based E-Health System for Supporting HIPAA Privacy-Security Regulations” 2nd International Conference on Communication, Computing & Security [ICCCS].
[23] Swadeep Singh, Anupriya Garg and Anshul Sachdeva (2013), “Comparison of Cryptographic Algorithms: ECC & RSA”, International Journal of Computer Science and Communication Engineering IJCSCE Special issue on “Recent Advances in Engineering & Technology” NCRAET.
[24] V. Gayoso Mart´nez and L. Herandez Encinas (2013) “Implementing ECC with Java Standard Edition 7” International Journal of Computer Science and Artificial Intelligence Dec. 2013, Vol. 3 Issue . 4, PP. 134-142.
[25] V.Gayoso Martinez and Hernandoz (2010), “A Survey of the Elliptic Curve Integrated Encryption Scheme”, Journal of Computer Science And Engineering, Volume 2, Issue 2.
[26] Wei-Bin Lee, Chien-Ding Lee (2008), “A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations”, IEEE Transactions on Information technology in Biomedicine 12(January (1)) .
[27] Yanjiang Yang, Xiaoxi Han, Feng Bao, and Robert H. Deng (2004), “A Smart-Card-Enabled Privacy Preserving E-Prescription System”, IEEE transactions on information technology in biomedicine, vol 8, no. 1, March.