Patient privacy protection using anonymous access control techniques

Weerasinghe, D., Rajarajan, M., Elmufti, K. & Rakocevic, V. (2008). Patient privacy protection using anonymous access control techniques. Methods of Information in Medicine, 47(3), pp. 235-240. doi: 10.3414/ME9116

[img]
Preview
PDF
Download (323kB) | Preview

Abstract

Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

Item Type: Article
Uncontrolled Keywords: anonymous medical service, record linkage, healthcare security, patient privacy, RECORD LINKAGE PROCEDURE, FOLLOW-UP, INFORMATION
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
R Medicine > RA Public aspects of medicine
Divisions: School of Engineering & Mathematical Sciences > Engineering
URI: http://openaccess.city.ac.uk/id/eprint/620

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics