Security and privacy of electronic patient records

Currently, most of patient’s medical records are stored in digital form in storages called Electronic Patient Record (EPR). These records contain highly sensitive information and many countries have enacted special legislation to prevent its misuse. In the context of security of EPR, privacy and accountability of parties involved in accessing medical records and the EPR availability need special at¬tention. Firstly, the participation of various parties in the process of providing health care services to patients carries risks of compromising privacy if records and the identities of patients and healthcare practitioner’s (HCP’s) cum doctors are not well protected. Secondly, both the doctors and patients should share the records access accountability consequences such that in case of disputes it should be possible to link the disputable case to either the patient or the HCP. In view of the above, this thesis presents a security system that protects the EPR and guarantees the privacy of patients in normal and emergency situations. Special attention has been paid to emergency situations in which the security system has made sure that all the necessary patient’s medical data can still be accessible in time. The system also provides HCP’s privacy by making the identity of the HCP anonymous but can be revealed in case a dispute occurs. In this system, a smartcard has been used as an EPR access means for both patients and HCP in both emergency and normal situations with the exception that, in emergency situations only the patient’s smartcard and the HCP’s mobile smartcard reader are used. The security system (EPR security system) has been developed using cryptography schemes, namely forward signatures, encryption, and forward group signatures and other conventional encryption and signature schemes to provide patient’s privacy, EPR integrity and confidentiality, patient’s privacy and HCP’s identity anonymity. The system security has been evaluated using formal and informal methods. Standard attacks and a scenario for an unconventional attack were used in the evaluation. Standard attacks have been evaluated using the at¬tack trees method, whereas the scenario for an unconventional attack has been evaluated using the informal method. The findings show that the system is able to protect the security and privacy of electronic patient records against EPR con¬fidentiality, integrity, availability, accountability and, patient’s and HCP’s privacy threats.