Research Article
Privacy-Preserving Data Sharing using Multi-layer Access Control Model in Electronic Health Environment
@ARTICLE{10.4108/eai.13-7-2018.159356, author={Shekha Chenthara and Khandakar Ahmed and Frank Whittaker}, title={Privacy-Preserving Data Sharing using Multi-layer Access Control Model in Electronic Health Environment}, journal={EAI Endorsed Transactions on Scalable Information Systems}, volume={6}, number={22}, publisher={EAI}, journal_a={SIS}, year={2019}, month={7}, keywords={Electronic Health Records, security, privacy, MLAC, cyber-attacks, Provenance}, doi={10.4108/eai.13-7-2018.159356} }
- Shekha Chenthara
Khandakar Ahmed
Frank Whittaker
Year: 2019
Privacy-Preserving Data Sharing using Multi-layer Access Control Model in Electronic Health Environment
SIS
EAI
DOI: 10.4108/eai.13-7-2018.159356
Abstract
Electronic Health Data (EHD) is an emerging health information exchange model that facilitates healthcare providers and patients to efficiently store and share their private healthcare information from any place and at any time as per demand. Generally, Cloud services provide the infrastructure by reducing the cost of storing, processing and updating information with improved efficiency and quality. However, the privacy of Electronic Health Records (EHR) is a significant hurdle while outsourcing private health data in the cloud because there is a higher peril of leaking health information to unauthorized parties. Several existing techniques are able to analyse the security and privacy issues associated with e-healthcare services. These methods are designed for single database, or databases, with an authentication centre and thus cannot adequately protect the data from insider attacks. Therefore, this research study mainly focusses on how to ensure the patient privacy while sharing the sensitive data between same or different organisations as well as healthcare providers in a cloud environment. This paper proposes a multi-layer access control mechanism named MLAC Model to construct a secure and privacy-preserving EHR system that enables patients to share their data with stakeholders. In this paper, we use a Dual layer access control model named Pseudo-Role Attribute based access control (PR-ABAC) mechanism that integrates attributes with roles for the secure sharing of EHR between multiple collaborators. The proposed framework also uses the concept of Provenance to ensure the Integrity of patient data. This work is expected to provide a foundation for developing security solutions against cyber-attacks, and thus contribute to the robustness of healthcare information sharing environments.
Copyright © 2019 Shekha Chenthara et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.