3d International ICST Conference on Pervasive Computing Technologies for Healthcare

Research Article

Privacy-aware access to Patient-controlled Personal Health Records in emergency situations

Download
  • @INPROCEEDINGS{10.4108/ICST.PERVASIVEHEALTH2009.6008,
        author={Md. Nurul Huda and Shigeki Yamada and Noboru Sonehara},
        title={Privacy-aware access to Patient-controlled Personal Health Records in emergency situations},
        proceedings={3d International ICST Conference on Pervasive Computing Technologies for Healthcare},
        proceedings_a={PERVASIVEHEALTH},
        year={2009},
        month={8},
        keywords={Personal health record, privacy, emergency access, healthcare service.},
        doi={10.4108/ICST.PERVASIVEHEALTH2009.6008}
    }
    
  • Md. Nurul Huda
    Shigeki Yamada
    Noboru Sonehara
    Year: 2009
    Privacy-aware access to Patient-controlled Personal Health Records in emergency situations
    PERVASIVEHEALTH
    ICST
    DOI: 10.4108/ICST.PERVASIVEHEALTH2009.6008
Md. Nurul Huda1,*, Shigeki Yamada1,*, Noboru Sonehara1,*
  • 1: National Institute of Informatics, 2-1-2 Hitotsubashi, Chiyoda-ku, Tokyo, Japan
*Contact email: huda@nii.ac.jp, shigeki@nii.ac.jp, sonehara@nii.ac.jp

Abstract

Patient-controlled Personal Health Record (PHR) systems may facilitate a patient not only to share her health records with healthcare professionals but also to control her health privacy, in a convenient and easy way. Governed by privacy protection laws, explicit consent/permission of the respective patient is a prerequisite for sharing personal health records. However, in emergency situations, when the patient becomes unable to give consent on her PHRs, healthcare professionals of emergency care units may need to access her health history for better and safer care. In this paper, we have introduced a novel privacy-aware protocol for handling access to patient-controlled PHR by healthcare professionals in emergency situations. The protocol is for the Privacy-aware Patient-controlled Personal Health Record (P3HR) system. It uses strong authentication using health IC cards, authorizes healthcare professionals and embeds emergency access report into the patients health IC card by which we achieve non-repudiation. Use of a dynamic access token in the authorization process protects replay attack. Intuitive privacy analysis shows that the proposed solution can preserve patients privacy from unauthorized parties while granting traceable access to personal health records by authorized healthcare professionals in emergency situations.