Toward improved security and privacy in modern healthcare

The conversion of paper-based medical records into electronic formats is set to bring many benefits to healthcare. This includes creating a more seamless exchange of electronic health records (EHRs) between providers, improving healthcare while lowering its costs, and providing patients with increased access to their EHRs.;As more medical providers migrate to EHRs, it is imperative that the security and privacy of patient data be upheld. EHRs introduce several security and privacy risks that their paper-based counterparts do not attract, including a lower cost of copying and transferring, easier methods of taking numerous EHRs offsite, and security risks that are introduced once providers' systems are networked and connected to the Internet.;With these issues in mind, the President's Council of Advisors on Science and Technology (PCAST) published a report in December 2010 that described the current state of healthcare and provided recommendations for improvement. In this thesis, we aim to address several of the research goals left open by this report. This includes the following research projects:;· Self-protecting EHRs using attribute-based encryption. This allows medical providers to export their EHRs outside of their trust boundaries to redundant locations, including patients' mobile devices.;· Stronger guarantees of security and privacy in user identity and authentication. Our solution leverages recent advances in trusted hardware to provide a Trusted Identity Manager that runs within a secure container on the user's system.;· Secure systems for storing EHRs on smart phones. Patients can easily access their EHRs at any time. In addition, emergency medical personnel can access the patient's records if the patient is present (even if she is unconscious).;· A file system architecture that provides isolation between system components. For example, all users on the system can have a completely isolated yet logically complete view of the file system.;· Automation of the conversion of pairing-based encryption schemes into their outsourced-decryption versions. This enables highly expressive yet computationally-intensive decryption routines to be performed on resource-constrained devices.;We envision that the research solutions presented in this thesis will advance the state of the art in modern healthcare security and usability.