An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations

Rima Addas; Ning Zhang

doi:10.1007/978-3-642-25364-5_38

An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by healthcare providers and third party users, which will consequently improve patient care. However, uncontrolled access to distributed EPRs can introduce serious concerns related to patient privacy. This indicates that there is a need for a stronger fine-grained access control mechanism to be used in e-health applications. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method offers a number of significant features: (1) it makes use of credentials to support the three-levels of accesses; (2) it simplifies key management distribution; (3) it allows better performance; (4) it supports separation of duties among trusted third parties (ensuring accountability); (5) it improves scalability. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform. © 2011 Springer-Verlag Berlin.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)\|Lect. Notes Comput. Sci.
Place of Publication	Heidelberg
Publisher	Springer Nature
Pages	547-561
Number of pages	14
Volume	7058
ISBN (Print)	9783642253638
DOIs	https://doi.org/10.1007/978-3-642-25364-5_38
Publication status	Published - 2011
Event	7th Conference of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB 2011 - Graz Duration: 1 Jul 2011 → …

Conference

Conference	7th Conference of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB 2011
City	Graz
Period	1/07/11 → …

Keywords

Credentials
Distributed EPRs
e-Health
Identity Privacy (Anonymity)
Linkability
Performance
Security

Access to Document

10.1007/978-3-642-25364-5_38

Cite this

Addas, R., & Zhang, N. (2011). An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci. (Vol. 7058, pp. 547-561). Springer Nature. https://doi.org/10.1007/978-3-642-25364-5_38

@inproceedings{984f970a2ee14e01910e98395baa712c,

title = "An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations",

abstract = "The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by healthcare providers and third party users, which will consequently improve patient care. However, uncontrolled access to distributed EPRs can introduce serious concerns related to patient privacy. This indicates that there is a need for a stronger fine-grained access control mechanism to be used in e-health applications. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method offers a number of significant features: (1) it makes use of credentials to support the three-levels of accesses; (2) it simplifies key management distribution; (3) it allows better performance; (4) it supports separation of duties among trusted third parties (ensuring accountability); (5) it improves scalability. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform. {\textcopyright} 2011 Springer-Verlag Berlin.",

keywords = "Credentials, Distributed EPRs, e-Health, Identity Privacy (Anonymity), Linkability, Performance, Security",

author = "Rima Addas and Ning Zhang",

year = "2011",

doi = "10.1007/978-3-642-25364-5_38",

language = "English",

isbn = "9783642253638",

volume = "7058",

pages = "547--561",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci.",

publisher = "Springer Nature",

address = "United States",

note = "7th Conference of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB 2011 ; Conference date: 01-07-2011",

}

Addas, R & Zhang, N 2011, An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci.. vol. 7058, Springer Nature, Heidelberg, pp. 547-561, 7th Conference of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB 2011, Graz, 1/07/11. https://doi.org/10.1007/978-3-642-25364-5_38

An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations. / Addas, Rima; Zhang, Ning.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci.. Vol. 7058 Heidelberg: Springer Nature, 2011. p. 547-561.

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations

AU - Addas, Rima

AU - Zhang, Ning

PY - 2011

Y1 - 2011

N2 - The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by healthcare providers and third party users, which will consequently improve patient care. However, uncontrolled access to distributed EPRs can introduce serious concerns related to patient privacy. This indicates that there is a need for a stronger fine-grained access control mechanism to be used in e-health applications. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method offers a number of significant features: (1) it makes use of credentials to support the three-levels of accesses; (2) it simplifies key management distribution; (3) it allows better performance; (4) it supports separation of duties among trusted third parties (ensuring accountability); (5) it improves scalability. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform. © 2011 Springer-Verlag Berlin.

AB - The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by healthcare providers and third party users, which will consequently improve patient care. However, uncontrolled access to distributed EPRs can introduce serious concerns related to patient privacy. This indicates that there is a need for a stronger fine-grained access control mechanism to be used in e-health applications. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method offers a number of significant features: (1) it makes use of credentials to support the three-levels of accesses; (2) it simplifies key management distribution; (3) it allows better performance; (4) it supports separation of duties among trusted third parties (ensuring accountability); (5) it improves scalability. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform. © 2011 Springer-Verlag Berlin.

KW - Credentials

KW - Distributed EPRs

KW - e-Health

KW - Identity Privacy (Anonymity)

KW - Linkability

KW - Performance

KW - Security

U2 - 10.1007/978-3-642-25364-5_38

DO - 10.1007/978-3-642-25364-5_38

M3 - Conference contribution

SN - 9783642253638

VL - 7058

SP - 547

EP - 561

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci.

PB - Springer Nature

CY - Heidelberg

T2 - 7th Conference of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB 2011

Y2 - 1 July 2011

ER -

Addas R, Zhang N. An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|Lect. Notes Comput. Sci.. Vol. 7058. Heidelberg: Springer Nature. 2011. p. 547-561 doi: 10.1007/978-3-642-25364-5_38

An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this