511 430
Full Length Article
Fusion: Practice and Applications
Volume 5 , Issue 2, PP: 51-61 , 2021 | Cite this article as | XML | Html |PDF


Augmenting security for electronic patient health record (ePHR) monitoring system using cryptographic key management schemes

Authors Names :   Shibin David   1 *     Andrew J   2     K. Martin Sagayam   3     Ahmed A. Elngar   4  

1  Affiliation :  Department of Computer Science and Engineering, Karunya Institute of Technology and Sciences, Coimbatore, India

    Email :  zionshibin@gmail.com

2  Affiliation :  Department of Computer Science and Engineering, Karunya Institute of Technology and Sciences, Coimbatore, India

    Email :  onesimu@gmail.com

3  Affiliation :  Department of Electronics and Communication Engineering, Karunya Institute of Technology and Sciences, Coimbatore, India

    Email :  martinsagayam.k@gmail.com

4  Affiliation :   Faculty of Computers and Artificial Intelligence, Beni-Suef University, Beni-Suef, 62511, Egypt

    Email :  elngar_7@yahoo.co.uk

Doi   :   https://doi.org/10.54216/FPA.050201

Received: February 02, 2021 Accepted: August 07, 2021

Abstract :

Security plays a major role in most fields including the pharmaceutical field. Authorization and Authentication are the key concepts in supporting notable areas of the cyber-health world. HIPAA's (Health Insurance Portability and Accountability Act) ultimate focus is to preserve the privacy of the health records of an individual without disclosing it and preventing the data from unauthorized access. A complaint key management solution is applied to the patient's health records to reduce the risk factor while engaging with cryptographic mechanisms. Though there are many existing cryptographic algorithms such as Elliptic curve cryptography, and Elgammal's key exchange algorithm which provides security to the access of patient's health records, the proposed key management solution will overlay the same variant of security to the Electronic Health Records (EHR). This paper provides the countermeasures for improving security and suggests a key recovery mechanism for the protection of keys used in the security mechanism.

Keywords :

Health Insurance Portability and Accountability Act (HIPAA); Electronic Protected Health Information (ePHI); Key management; RFID cards

References :

[1] Alese, B. K., Philemon, E. D., &Falaki, S. O. Comparative analysis of public-key encryption schemes.

International Journal of Engineering and Technology, 2(9), 1552-1568. (2012).

[2] Clarke, A., & Steele, R. Secure and reliable distributed health records: Achieving query assurance

across repositories of encrypted health data. In 2012 45th Hawaii International Conference on System

Sciences (pp. 3021-3029).IEEE. (2012).

[3] Lee, C. D., Ho, K. I. J., & Lee, W. B. A novel key management solution for reinforcing compliance

with HIPAA privacy/security regulations. IEEE Transactions on Information Technology in

Biomedicine, 15(4), 550-556.(2011).

[4] Dr. Najib A. kofahi.An empirical study to compare the performance of some symmetric and

asymmetric ciphers. International Journal of Security and Its Applications, 7(5), 1-16.(2013).

[5] Huang, H. F., & Liu, K. C. Efficient key management for preserving HIPAA regulations. Journal of

Systems and Software, 84(1), 113-119. (2011).

[6] Hu, J., Chen, H. H., &Hou, T. W. A hybrid public key infrastructure solution (HPKI) for HIPAA

privacy/security regulations. Computer Standards & Interfaces, 32(5-6), 274-280. (2010)

[7] Li, J., Lee, J. S., & Chang, C. C. Preserving PHI in compliance with HIPAA privacy/security

regulations using cryptographic techniques. In 2008 International Conference on Intelligent

Information Hiding and Multimedia Signal Processing (pp. 1545-1548). IEEE. (2008).

[8] David, S., Xavier, B., & Kathrine, J. W. A panoramic overview on fast encryption techniques for

outsourced data in mobile cloud computing environment.In 2017 International Conference on

Inventive Computing and Informatics (ICICI) (pp. 476-480).IEEE. (2018).

[9] Dunlop, L. Electronic health records: Interoperability challenges Patients' right to privacy. Shidler JL

Com. & Tech., 3, 1. (2006).

[10] Hripcsak, G., & Albers, D. J. Next-generation phenotyping of electronic health records. Journal of the

American Medical Informatics Association, 20(1), 117-121. (2013).

[11] Benaloh, J., Chase, M., Horvitz, E., &Lauter, K. Patient controlled encryption: ensuring privacy of

electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security

(pp. 103-114). (2009).

[12] Krasner, J. Using Elliptic Curve Cryptography (ECC) for Enhanced Embedded Security-Financial

Advantages of ECC over RSA or Diffie-Hellman (DH). Embedded Market Forecasters, American

Technology. (2004).

[13] Sun, J., Zhu, X., Zhang, C., & Fang, Y. HCPP: Cryptography based secure EHR system for patient

privacy and emergency healthcare. In 2011 31st International Conference on Distributed Computing

Systems (pp. 373-382).IEEE. (2011).

[14] Großschädl, J., Page, D., & Tillich, S. Efficient java implementation of elliptic curve cryptography for

J2ME-Enabled mobile devices. In IFIP international workshop on information security theory and

practice (pp. 189-207).Springer, Berlin, Heidelberg.(2012).

[15] Bos, J. W., Halderman, J. A., Heninger, N., Moore, J., Naehrig, M., &Wustrow, E. Elliptic curve

cryptography in practice. In International Conference on Financial Cryptography and Data Security

(pp. 157-175).Springer, Berlin, Heidelberg. (2014).

[16] Meystre, S. M., Savova, G. K., Kipper-Schuler, K. C., & Hurdle, J. F. Extracting information from

textual documents in the electronic health record: a review of recent research. Yearbook of medical

informatics, 17(01), 128-144. (2008).

[17] Palojoki, S., Mäkelä, M., Lehtonen, L., &Saranto, K. An analysis of electronic health record–related

patient safety incidents.Health informatics journal, 23(2), 134-145. (2017).

[18] Vijayakumar, P., Anand, K., Bose, S., Maheswari, V., Kowsalya, R., &Kannan, A. Hierarchical key

management scheme for securing mobile agents with optimal computation time. Procedia engineering,

38, 1432-1443. (2012).

[19] McDonald, Clement. J., Tang, P. C., &Hripcsak, G. Electronic health record systems.In Biomedical

Informatics (pp. 391-421).Springer, London. (2014).

[20] Mirkovic, J., Bryhni, H., &Ruland, C. M. Secure solution for mobile access to patient's health care

record. In 2011 IEEE 13th International Conference on e-Health Networking, Applications and

Services (pp. 296-303).IEEE. (2011).

[21] Hripcsak, G., Albers, D. J., &Perotte, A. Parameterizing time in electronic health record studies.

Journal of the American Medical Informatics Association, 22(4), 794-804. (2015).

[22] Ratwani, R. M., Fairbanks, R. J., Hettinger, A. Z., & Benda, N. C. Electronic health record usability:

analysis of the user-centered design processes of eleven electronic health record vendors. Journal of

the American Medical Informatics Association, 22(6), 1179-1182. (2015).

[23] Sciancalepore, S., Piro, G., Boggia, G., & Bianchi, G. Public key authentication and key agreement in

IoT devices with minimal airtime consumption. IEEE Embedded Systems Letters, 9(1), 1-4. (2016).

[24] Gupta, K., &Silakari, S. Ecc over rsa for asymmetric encryption: A review. International Journal of

Computer Science Issues (IJCSI), 8(3), 370.(2011).

[25] Fraser, H., Biondich, P., Moodley, D., Choi, S., Mamlin, B., &Szolovits, P. Implementing electronic

medical record systems in developing countries. Journal of Innovation in Health Informatics, 13(2),

83-95. (2005).

[26] Krawczyk, H. Cryptographic extraction and key derivation: The HKDF scheme. In Annual Cryptology

Conference (pp. 631-648).Springer, Berlin, Heidelberg. (2010).

[27] Yang, Y., Han, X., Bao, F., & Deng, R. H. A smart-card-enabled privacy preserving E-prescription

system. IEEE Transactions on Information Technology in Biomedicine, 8(1), 47-58. (2004).

[28] Ray, S., &Biswas, G. P. A Certificate Authority (CA)-based cryptographic solution for HIPAA

privacy/security regulations. Journal of King Saud University-Computer and Information Sciences,

26(2), 170-180. (2014).

[29] Sicuranza, M., & Esposito, A. An access control model for easy management of patient privacy in

EHR systems.In 8th International Conference for Internet Technology and Secured Transactions


Cite this Article as :
Shibin David , Andrew J , K. Martin Sagayam , Ahmed A. Elngar, Augmenting security for electronic patient health record (ePHR) monitoring system using cryptographic key management schemes, Fusion: Practice and Applications, Vol. 5 , No. 2 , (2021) : 51-61 (Doi   :  https://doi.org/10.54216/FPA.050201)