An Ecosystem for Improving the Quality of Personal Health Records
MetadataShow full item record
The integration of healthcare data networks with personal health record (PHR) systems can reduce unnecessary duplication of lab tests and medical treatment errors, as well as empower patients with the ability to self-manage their own health. However, facilitating health data exchange between the healthcare data networks and the PHR systems is difficult due to the complexity of data sharing agreements, and the costly interfaces that have to be set up between those institutions. A hybrid PHR system architecture can combine the benefits of portable and online PHRs, providing more ubiquitous access to the PHR, while alleviating the need for establishing complex data sharing agreements and costly system interfaces. This architecture must, however, address issues such as PHR data integrity, data misinterpretation, security of the portable and online PHR, as well as privacy. Patients may tamper with their own records for reasons such as hiding a history of drug abuse or avoiding incarceration. We address the PHR data integrity issue by leveraging standardized encryption and digital signature schemes. Patients allowed access to their records may misinterpret intermediary notes by physicians. This can result in more unnecessary encounters with the physician. We resolve the data misinterpretation issue by providing physicians with the ability to store intermediary notes that are only accessible by other physicians. The threat of compromise of a patient's mobile device is tackled by using trusted platform hardware security features in order to launch the mobile application from which the patient can access and manage their PHR. Direct access to the mobile device allows for other attack vectors, such as malicious traffic interception hardware. Our mobile direct access control protocol, built on provably secure cryptographic primitives, aims to provide security from such attack vectors. Privacy issues are tackled with cryptographic access control that employ provably secure primitives, and the use of oblivious search and access, adapted for a multi-client setting and with support for access control. We present a preliminary security assessment of the system, that provides an overview of potential attack scenarios.