Patient privacy protection using anonymous access control techniques

Article English OPEN
Weerasinghe, D. ; Rajarajan, M. ; Elmufti, K. ; Rakocevic, V. (2008)

Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.
  • References (25)
    25 references, page 1 of 3

    1. Wang J, Du H. Setting up a wireless local area network (WLAN) for a healthcare system. International Journal of Electronic Healthcare 2005; 1 (3); 335-348.

    2. Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V. Xml security based access control for healthcare information in mobile environment. Proceedings of the Pervasive Health Conference and Workshops, 2006; 2006 Nov 29; Innsbruck, Austria. IEEE Explore; 2006. pp 1-6.

    3. Gritzalis S, Lambrinoudakis C, Lekkas D, Deftereos S. Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Transactions on Information Technology in Biomedicine 2005; 9 (3): 413-423.

    4. Rindfleisch TC. Privacy, information technology, and healthcare. Commun. ACM 1997; 40 (8); 92-100.

    5. Data Protection & Medical Research, Parliamentary POSTnote, Parliamentary Office of Science and technology, January 2005 (cited 2007 Nov 10); 235. Available from: www.parliament.uk/ documents/upload/POSTpn235.pdf.

    6. Kerkri EM, Quantin C, Allaert FA, Cottin Y, et al. An approach for integrating heterogeneous information sources in a medical data warehouse. Journal of Medical Systems 2001; 25 (3): 167-176.

    7. Christen P. Privacy-preserving data linkage and geocoding: Current approaches and research directions. Proceedings of the Sixth IEEE International Conference on Data Mining. Hong Kong, 2006.

    8. Quantin C, Binquet C, Allaert FA, Gouyon B, Pattisina R, Le Teuff G, Ferdynus C, Gouyon JB. Decision analysis for the assessment of a record linkage procedure. Methods Inf Med 2005; 44; 72-79.

    9. Geller LN, Alper JS, Billings PR, Barash CI, Beckwith J, Natowicz MR. Individual, family, and societal dimensions of genetic discrimination: A case study analysis. Science and Engineering Ethics 1996; 2 (1); 71-88.

    10. Alan WM. Buying prescription drugs on the internet: Promises and pitfalls. Clevel Clin j med 2006; 73 (3); 282-288.

  • Metrics
    0
    views in OpenAIRE
    0
    views in local repository
    149
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    City Research Online - IRUS-UK 0 149
Share - Bookmark