Emergency Access Authorization for Personally Controlled Online Health Care Data
Personally controlled health records (PCHR) systems have emerged to allow patients to control their own medical data. In a PCHR system, all the access privileges to a patient’s data are granted by the patient. However, in many emergency cases, it is impossible for the patient to participate in access authorization on site when immediate medical treatment is needed. To solve the emergency access authorization problem in the absence of patients, we consider two cases: a) the requester is already in the PCHR system but has not obtained the access privilege of the patient’s health records, and b) the requester does not even have an account in the PCHR system to submit its request. For each of the two cases, we present a method for emergency access authorization, utilizing the weighted voting and source authentication cryptographic techniques. Our methods provide an effective, secure and private solution for emergency access authorization, that makes the existing PCHR system frameworks more practical and thus improves the patients’ experiences of health care when using PCHR systems. We have implemented a prototype system as a proof of concept.
KeywordsElectronic health record Personally controlled health records Access authorization Emergency
- 1.The American Recovery and Reinvestment Act of 2009 (ARRA), P.L. 111C5, 6. 123 Stat 115, 17 February 2009.Google Scholar
- 2.Agrawal, D., and Srikant, R., Privacy-preserving data mining. In: Proc. ACM SIGMOD. pp. 439–450, 2000.Google Scholar
- 3.Grimson, W., Jung, B., van Mulligen, E. M., van Ginneken, A. M., Pardon, S., and Sottile, P. A., Extensions to the HISA standard—The SynEx computing environment. Methods Inf. Med. 41:401–10, 2002.Google Scholar
- 5.Brickell, J., and Shmatikov, V., Efficient anonymity-preserving data collection. In: Proc. of ACM KDD, 2006.Google Scholar
- 6.Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B., Multicast security: A taxonomy and some efficient constructions. In: Proceedings of IEEE INFOCOM ’99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE. Vol. 2, pp. 708–716, 1999.Google Scholar
- 7.Chen, K., and Liu, L., Privacy preserving data classification with rotation perturbation. In: Proceeding of ICDM’05. pp. 589–592. Washington: IEEE Computer Society, 2005.Google Scholar
- 8.Du, W., and Zhan, Z., Using randomized response techniques for privacy preserving data mining. In: Proceeding of SIGKDD’03. pp. 505–510, 2003.Google Scholar
- 12.HIPPA, National Standards to Protect the Privacy of Personal Health Information, [Online]. Available at: http://www.hhs.gov/ocr/hipaa/finalreg.html, 2006.
- 13.Haaka, Mvd, Wolffa, A. C., Brandnera R, Dringsb P, Wannenmacherc M, and Wetter T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70(2–3):117–130, 2003.Google Scholar
- 15.LeFevre, K., Dewitt, D. J., and Ramakrishnan, R., Incognito: Efficient full-domain k-anonymity. In: Proceedings of the 2005 ACM SIGMOD, 12–16 June 2005.Google Scholar
- 17.Narayanan, A., and Shmatikov, V., Obfuscated databases and group privacy. In: Proc. of ACM CCS, 2005.Google Scholar
- 18.The Personal Health Working Group, The personal health working group final report. Washington, DC: Connecting for Health: A Public–Private Collaborative, 2003.Google Scholar
- 19.Committee on Data Standards for Patient Safety, Board on Health Care Services, Key capabilities of an electronic health record system. Washington, DC: Institute of Medicine of the National Academies, 2003.Google Scholar
- 22.Teng, Z., and Du, W., Comparisons of K-anonymization and randomization schemes under linking attacks. In: Proceedings of the 2006 ICDM. pp. 1091–1096, 2006.Google Scholar
- 23.Tannenbaum, T., Excursions in modern mathematics, 6th Ed. Upper Saddle River: Prentice Hall, 48C83, 2006.Google Scholar
- 24.Thompson, T. G., and Brailer, D. J., The decade of health information technology: Delivering consumer-centric and information-rich health care. Available at: http://www.hsrnet.net/nhii/materials/strategic_framework.pdf, Accessed 24 August 2004.