An ecosystem for improving the quality of personal health record

Posted on:2018-05-10

Degree:Ph.D

Type:Dissertation

University:Queen's University (Canada)

Candidate:Aboelfotoh, Muhammad Hosam

Full Text:PDF

GTID:1448390002998106

Subject:Computer Science

Abstract/Summary:

The integration of healthcare data networks with personal health record (PHR) systems can reduce unnecessary duplication of lab tests and medical treatment errors, as well as empower patients with the ability to self-manage their own health. However, facilitating health data exchange between the healthcare data networks and the PHR systems is difficult due to the complexity of data sharing agreements, and the costly interfaces that have to be set up between those institutions. A hybrid PHR system architecture can combine the benefits of portable and online PHRs, providing more ubiquitous access to the PHR, while alleviating the need for establishing complex data sharing agreements and costly system interfaces. This architecture must, however, address issues such as PHR data integrity, data misinterpretation, security of the portable and online PHR, as well as privacy. Patients may tamper with their own records for reasons such as hiding a history of drug abuse or avoiding incarceration. We address the PHR data integrity issue by leveraging standardized encryption and digital signature schemes. Patients allowed access to their records may misinterpret intermediary notes by physicians. This can result in more unnecessary encounters with the physician. We resolve the data misinterpretation issue by providing physicians with the ability to store intermediary notes that are only accessible by other physicians. The threat of compromise of a patient's mobile device is tackled by using trusted platform hardware security features in order to launch the mobile application from which the patient can access and manage their PHR. Direct access to the mobile device allows for other attack vectors, such as malicious traffic interception hardware. Our mobile direct access control protocol, built on provably secure cryptographic primitives, aims to provide security from such attack vectors. Privacy issues are tackled with cryptographic access control that employ provably secure primitives, and the use of oblivious search and access, adapted for a multi-client setting and with support for access control. We present a preliminary security assessment of the system, that provides an overview of potential attack scenarios.

Keywords/Search Tags:

System, PHR, Health, Data, Access, Security

Related items

1	Research On Data Security And Privacy Protection In Mobile Health Environment
2	Design And Implementation Of User Interface And Access Control Of Health Data Platform
3	New secure solutions for privacy and access control in Health Information Exchange
4	Secure Electronic Health Record System Based On Online/Offline Access Control In Cloud
5	The Research On Application Of Data Access Middleware In Regional Health Information System
6	Research On Technology In Data Access Security Of Vehicle Networking Based On Multi-properties
7	In The Field Of Health Data Boosting Development Of Health Industry Research On Application Framework Of Opening Safely Medical Data
8	Design On The Health Cloud System Under The IPv6Protocol-based And Security Policy
9	Intelligent Health Promotion Service System For Chronic Exercise Intervention
10	A security framework for DICOM images in health information systems