K Pradeep Kumar, Ashwini M Sangolkar
Abstract: Personal health record (PHR) is integrated patient-centric model of health information exchange, that outsourced to be stored at a third party, like cloud providers. In this paper, we developed a novel patient-centric framework as wll as a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. For achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt every patients PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. it enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme. Index TermsPersonal health records, cloud computing, data privacy, fine-grained access control, attribute-based encryption.
Keywords: Personal health records, cloud computing, data privacy, fine-grained access control, attribute-based encryption