Scopus

An Implementation of Rights Management Mechanism Within the e-Healthcare Domain

Năm XB 2025 Tạp chí / Hội thảo International Conference on Computational Intelligence in Engineering Science (ICCIES2025) 350-363 Đơn vị CNTT DOI / Link https://doi.org/10.1007/978-3-031-98170-8_27 ↗

Tác giả

Quy-Anh Bui ; Quoc-Binh Nguyen ; Van-Viet Nguyen

Tóm tắt

The Health Insurance Portability and Accountability Act (HIPAA) emphasizes safeguarding the privacy and security of the Electronic Protected health information (e-PHI). While past researches have mainly addressed e-PHI protection during storage, transmission, and processing, securing decrypted e-PHI during processing remains a pressing issue. Although watermarking techniques can trace unauthorized disclosures of medical images, they fall short of preventing unauthorized actions like copying or modification. To address this, the study introduces a novel e-PHI management system based on Digital Rights Management (DRM) and a tailored key management scheme. The system orchestrates comprehensive control over e-PHI activities, aligning access and manipulation rights to the specific responsibilities and patient-authorized permissions. By addressing the vulnerabilities of decrypted e-PHI, the approach …

Tài liệu tham khảo

[1] Summary of the HIPAA privacy rule. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

[2] The HIPAA Privacy Rule’s Right Of Access and Health Information Technology. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/healthit/eaccess.pdf

[3] Collmann, J., Lambert, D., Brummett, M.: Beyond good practice: why HIPAA only addresses part of the data security problem. Int. Congr. Ser. 1268, 113–118 (2004)

[4] Lee, W., Lee, C.: A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1), 34–41 (2008)

[5] Lee, C., Ho, K.I., Lee, W.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15(4), 550–556 (2011)

[6] Fitri, N., Harun M., Rasyid, A., Sudarsono, Al.: Secure attribute-based encryption with access control to data medical records. In: International Electronics Symposium on Knowledge Creation and Intelligent Computing (IES-KCIC), Bali, Indonesia, pp. 105–111 (2019)

[7] Hu, J., Chen, H.-H., Hou, T.-W.: A hybird public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput. Standards Interfaces 32(5–6), 274–280 (2010)

[8] Ray, S., Biswas, G.P.: A Certificate Authority (CA)-based cryptographic solution for HIPAA privacy/security regulations. J. King Saud Univ. Comput. Inf. Sci. 26(2), 170–180 (2014)

[9] Wang, C., Xu, X., Shi D., Lin, W.: An efficient cloud-based personal health records system using attribute-based encryption and anonymous multi-receiver ıdentity-based encryption. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Guangdong, pp. 74–81 (2014)

[10] Fan, K., Huang, N., Wang, Y., Li, H., Yang, Y.: Secure and efficient personal health record scheme using attribute-based encryption. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, New York, NY, pp. 111–114 (2015)

[11] Yan, H., Li, X., Li, J.: Secure personal health record system with attribute-based encryption in cloud computing. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Guangdong, pp. 329–332 (2014)

[12] Israelson, J., Cankaya, E.C.: A hybrid web based personal health record system shielded with comprehensive security. In: 2012 45th Hawaii International Conference on System Sciences, Maui, HI, pp. 2958–2968 (2012)

[13] Van Gorp, P., Comuzzi, M.: MyPHRMachines: lifelong personal health records in the cloud. In: 2012 25th IEEE International Symposium on Computer-Based Medical Systems (CBMS), Rome, pp. 1–6 (2012)

[14] Lee, C., Ho, K.I., Lee, W.: A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15(4), 550–556 (2011)

[15] Rivest, L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)

[16] Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

[17] Shamir, A.: Identity-Based Cryptosystems and Signature Schemes, vol. 196. Springer, Heidelberg (2000)

[18] Sohn, D.: Understanding DRM, vol. 5, no. 7, pp. 32–39. ACM, New York (2007)

[19] Subramanya, S., Yi, B.: Digital rights management. IEEE Potentials 25(2), 31–34 (2006)

[20] Office DRM ownerguard. http://armjisoft.com/office-drm-ownerguard/

[21] TCG Design, Implementation, and Usage Principles. https://trustedcomputinggroup.org/wp-content/uploads/Best_Practices_Principles_Document_V2_0.pdf

[22] Saparkhojayev, N., Dauitbayeva, A., Nurtayev, A., Baimenshina, G.: NFC-enabled access control and management system. In: 2014 International Conference on Web and Open Access to Learning (ICWOAL), Dubai, pp. 1–4 (2014)

[23] Ulz, T., Pieber, T., Höller, A., Haas S., Steger, C.: Secured and easy-to-use NFC-based device configuration for the ınternet of things. IEEE J. Radio Freq. Identif. 1(1), 75–84 (2017)

[24] Government Public Key Infrastructure. http://grca.nat.gov.tw/GRCAeng/index.html

[25] Could Physical NHI Cards Go the Way of History. https://news.pts.org.tw/article/402475

[26] Bui, Q., Lee, W., Lee, J., Wu, H., Liu, J.: Biometric-based key management for satisfying patient’s control over health information in the HIPAA regulations. KSII Trans. Internet Inf. Syst. 14(1), 437–454 (2020)

[27] Castro, D., Impedovo, F., Pirlo, G.: A medical ımage encryption scheme for secure fingerprint-based authenticated transmission. Appl. Sci. 13(6099) (2023)