GIT-CERCS-09-11
Apurva Mohan, David Bauer, Douglas M. Blough, Mustaque Ahamad, Bhuvan Bamba, Ramkumar Krishnan, Ling Liu, Daisuke Mashima, Balaji Palanisamy,
A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing
The storage of health records in electronic format, and the wide-spread sharing
of these records among different health care providers, have enormous potential
benefits to the U.S. healthcare system. These benefits include both improving the quality of health care delivered to patients and reducing the costs of
delivering that care. However, maintaining the security of electronic health
record systems and the privacy of the information they contain is paramount to
ensure that patients have confidence in the use of such systems. In this
paper, we propose a framework for electronic health record sharing that is
patient centric, i.e. it provides patients with substantial control over how
their information is shared and with whom; provides for verifiability of original sources of health information and the integrity of the data; and permits fine-grained decisions about when data can be shared based on the use of
attribute-based techniques for authorization and access control. We present
the architecture of the framework, describe a prototype system we have built
based on it, and demonstrate its use within a scenario involving emergency
responders' access to health record information.