research-article

Enhancing accountability of electronic health record usage via patient-centric monitoring

Authors:

Daisuke Mashima,

Mustaque AhamadAuthors Info & Claims

IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium

Pages 409 - 418

https://doi.org/10.1145/2110363.2110410

Published: 28 January 2012 Publication History

Abstract

Electronic Health Record (EHR) and Personal Health Record (PHR) systems could allow patients to better manage their health information and share it to enhance the quality and efficiency of their healthcare. Unfortunately, misuse of information stored in EHR and PHR systems will create new risks for patients, and we need to empower them to safeguard their health information to avoid problems such as medical identity theft. In this paper, we introduce the notion of accountable use and update of electronic health records and design a patient-centric monitoring system based on it. We develop a system architecture and associated protocols that enable either explicit or implicit patient control over when and how health information is accessed. Our approach provides a reasonable solution rather than addressing the more general information flow control problem in distributed systems. We also implement and evaluate a prototype system motivated by a health record sharing scenario based on NHIN Direct to demonstrate that enhanced accountability can be supported with acceptable performance and integration overheads.

References

[1]

52 arrested in sweeping Medicare fraud case. http://articles.latimes.com/2010/oct/14/local/la-me-healthcare-fraud-raid-20101014.

[2]

CONNECT Community Portal. http://www.connectopensource.org/.

[3]

Direct Project. http://wiki.directproject.org/.

[4]

HealthVault Message Center. http://www.healthvault.com/messagecenter.

[5]

Master Patient Index (MPI). http://healthinformatics.wikispaces.com/Master+Patient+Index.

[6]

Meaningful Use Announcement. http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__meaningful_use_announcement/2996.

[7]

Medical Identity Theft. http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt10.shtm.

[8]

Microsoft HealthVault. http://healthvault.com/.

[9]

Nationwide Health Information Network (NHIN). http://www.hhs.gov/healthit/healthnetwork/background/.

[10]

Notice of Proposed Rulemaking to Implement HITECH Act Modifications. http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechnprm.html.

[11]

The Architecture for Privacy in a Networked Health Information Environment. http://www.markle.org/sites/default/files/P1_CFH_Architecture.pdf.

[12]

National Ambulatory Medical Care Survey: 2008 Summary Tables. http://www.cdc.gov/nchs/data/ahcd/namcs_summary/namcssum2008.pdf, 2008.

[13]

E. Adams, M. Intwala, and A. Kapadia. MeD-Lights: a usable metaphor for patient controlled access to electronic health records. In Proceedings of ACM IHI 2010, pages 800--808. ACM, 2010.

Digital Library

[14]

A. Baker, L. Vega, T. DeHart, and S. Harrison. Healthcare & Security: Understanding & Evaluating the Risks. In Proceedings of HCI International 2011, 2011.

Digital Library

[15]

D. Bell. Secure computer system: Unified exposition and multics interpretation. Technical report, MITRE CORP BEDFORD MA, 1976.

[16]

D. Bell and L. LaPadula. Secure computer systems: Mathematical foundations and model. MITRE CORP BEDFORD MA, 1(M74--244), 1973.

[17]

J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. Patient controlled encryption: ensuring privacy of electronic medical records. In Proceedings of CCSW 2009, pages 103--114. ACM, 2009.

Digital Library

[18]

K. Biba. Integrity considerations for secure computer systems. Technical report, MITRE CORP BEDFORD MA, 1977.

[19]

D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In Advances in Cryptology-Eurocrypt 2004, pages 506--522. Springer, 2004.

[20]

J. Douceur, A. Adya, W. Bolosky, D. Simon, and M. Theimer. Reclaiming space from duplicate files in a serverless distributed file system. 2002.

[21]

L. Fang, W. Susilo, C. Ge, and J. Wang. A secure channel free public key encryption with keyword search scheme without random oracle. Cryptology and Network Security, pages 248--258, 2009.

Digital Library

[22]

R. Gardner, S. Garera, M. Pagano, M. Green, and A. Rubin. Securing medical records on smart phones. In Proceedings of SPIMACS 2009, pages 31--40. ACM, 2009.

Digital Library

[23]

R. Geambasu, J. John, S. Gribble, T. Kohno, and H. Levy. Keypad: An Auditing File System for Theft-Prone Devices. In Proceedings of EuroSys 2011, 2011.

Digital Library

[24]

B. Hicks, S. Rueda, D. King, T. Moyer, J. Schiffman, Y. Sreenivasan, P. McDaniel, and T. Jaeger. An architecture for enforcing end-to-end access control over web applications. In Proceeding of SACMAT 2010, pages 163--172. ACM, 2010.

Digital Library

[25]

M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Proceedings of EUROCRYPT 1996, pages 143--154. Springer-Verlag, 1996.

Digital Library

[26]

H. Löhr, A. Sadeghi, and M. Winandy. Securing the e-health cloud. In Proceedings of ACM IHI 2010, pages 220--229. ACM, 2010.

Digital Library

[27]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proc. 2001 USENIX Annual Technical Conference-FREENIX Track, pages 29--40, 2001.

Digital Library

[28]

P. MacKenzie and M. Reiter. Networked cryptographic devices resilient to capture. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on, pages 12--25. IEEE, 2001.

Digital Library

[29]

D. Mashima, M. Ahamad, and S. Kannan. User-centric handling of identity agent compromise. In Proceedings of ESORICS 2009, pages 19--36, 2009.

Digital Library

[30]

J. McCune, T. Jaeger, S. Berger, R. Caceres, and R. Sailer. Shamon: A system for distributed mandatory access control. 2006.

[31]

S. Narayan, M. Gagné, and R. Safavi-Naini. Privacy preserving EHR system using attribute-based infrastructure. In Proceedings of CCSW 2010, pages 47--52. ACM, 2010.

Digital Library

[32]

B. Neuman and S. Stubblebine. A note on the use of timestamps as nonces. ACM SIGOPS Operating Systems Review, 27(2):10--14, 1993.

Digital Library

[33]

R. Steinfeld, L. Bull, H. Wang, and J. Pieprzyk. Universal designated-verifier signatures. Advances in Cryptology-Asiacrypt 2003, pages 523--542, 2003.

[34]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proceedings of OSDI 2006, pages 263--278. USENIX Association, 2006.

Digital Library

Cited By

Zala KThakkar HDholakia NShukla MThumar D(2024)Designing an Attribute-Based Encryption Scheme with an Enhanced Anonymity Model for Privacy Protection in E-HealthSN Computer Science10.1007/s42979-023-02541-25:2Online publication date: 13-Jan-2024
https://dl.acm.org/doi/10.1007/s42979-023-02541-2
Avasthi SChauhan R(2024)Privacy-Preserving Deep Learning Models for Analysis of Patient Data in Cloud EnvironmentComputational Intelligence in Healthcare Informatics10.1007/978-981-99-8853-2_20(329-347)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-981-99-8853-2_20
Shiraishi M(2023)Secure Cloud Data Encryption2023 2nd Asia-Pacific Computer Technologies Conference (APCT)10.1109/APCT58752.2023.00014(34-37)Online publication date: Jan-2023
https://doi.org/10.1109/APCT58752.2023.00014
Show More Cited By

Index Terms

Recommendations

EEMI-An Electronic Health Record for Pediatricians: Adoption Barriers, Services and Use in Mexico

The use of paper health records and handwritten prescriptions are prone to preset errors of misunderstanding instructions or interpretations that derive in affecting patients' health. Electronic Health Records EHR systems are useful tools that among ...
Challenges and opportunities in evolving TreC personal health record platform
PervasiveHealth '17: Proceedings of the 11th EAI International Conference on Pervasive Computing Technologies for Healthcare

Electronic Health Records (EHR) have been one of the factors in transforming healthcare and health management by providing electronic access to information recorded on paper charts. However, increasing interest of patients to be actively involved in the ...
Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

With an increasing emphasis on pervasive healthcare services, providing a high degree of privacy to patients is becoming a major challenge due to: (a) an increased number of avenues, such as device, access points, switches and database; (b) more threats ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium

January 2012

914 pages

ISBN:9781450307819

DOI:10.1145/2110363

General Chairs:
Gang Luo
IBM Research, USA
,
Jiming Liu
Hong Kong Baptist University
,
Program Chair:
Christopher C. Yang
Drexel University

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGHIT: ACM Special Interest Group on Health Informatics

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 January 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IHI '12

Sponsor:

SIGHIT

IHI '12: ACM International Health Informatics Symposium

January 28 - 30, 2012

Florida, Miami, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
627
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zala KThakkar HDholakia NShukla MThumar D(2024)Designing an Attribute-Based Encryption Scheme with an Enhanced Anonymity Model for Privacy Protection in E-HealthSN Computer Science10.1007/s42979-023-02541-25:2Online publication date: 13-Jan-2024
https://dl.acm.org/doi/10.1007/s42979-023-02541-2
Avasthi SChauhan R(2024)Privacy-Preserving Deep Learning Models for Analysis of Patient Data in Cloud EnvironmentComputational Intelligence in Healthcare Informatics10.1007/978-981-99-8853-2_20(329-347)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-981-99-8853-2_20
Shiraishi M(2023)Secure Cloud Data Encryption2023 2nd Asia-Pacific Computer Technologies Conference (APCT)10.1109/APCT58752.2023.00014(34-37)Online publication date: Jan-2023
https://doi.org/10.1109/APCT58752.2023.00014
Shahriar HHaddad HFarhadi M(2022)Assessing HIPAA Compliance of Open Source Electronic Health Record ApplicationsResearch Anthology on Securing Medical Systems and Records10.4018/978-1-6684-6311-6.ch048(995-1011)Online publication date: 3-Jun-2022
https://doi.org/10.4018/978-1-6684-6311-6.ch048
Vinayagam PHameem Irfana ASireesha KTabassum Fathima NTanuja K(2022)An AI Tool for Emergency Medical Assistance system2022 3rd International Conference on Smart Electronics and Communication (ICOSEC)10.1109/ICOSEC54921.2022.9951990(1115-1121)Online publication date: 20-Oct-2022
https://doi.org/10.1109/ICOSEC54921.2022.9951990
Funde SSwain G(2022)Big Data Privacy and Security Using Abundant Data Recovery Techniques and Data Obliviousness MethodologiesIEEE Access10.1109/ACCESS.2022.321130410(105458-105484)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3211304
Zala KThakkar HJadeja RSingh PKotecha KShukla M(2022)PRMS: Design and Development of Patients’ E-Healthcare Records Management System for Privacy Preservation in Third Party Cloud PlatformsIEEE Access10.1109/ACCESS.2022.319809410(85777-85791)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3198094
Tazi FDykstra JRajivan PDas S(2022)SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in HealthcareSocio-Technical Aspects in Security10.1007/978-3-031-10183-0_8(153-181)Online publication date: 14-Jul-2022
https://doi.org/10.1007/978-3-031-10183-0_8
Nachandiya NAjibesin ALonge ODama B(2021)Design and Implementation of mHealth App Using Zoho CreatorAdvances in Science and Technology10.4028/www.scientific.net/AST.107.159107(159-173)Online publication date: 28-Jun-2021
https://doi.org/10.4028/www.scientific.net/AST.107.159
Igumbor JBosire EVicente-Crespo MIgumbor EOlalekan UChirwa TKinyanjui SKyobutungi CFonn S(2021)Considerations for an integrated population health databank in Africa: lessons from global best practicesWellcome Open Research10.12688/wellcomeopenres.17000.16(214)Online publication date: 23-Aug-2021
https://doi.org/10.12688/wellcomeopenres.17000.1
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents