A HIPAA-compliant key management scheme with revocation of authorization

Lee, Wei‐Bin; Lee, Chien-Ding; Ho, Kevin

doi:10.1016/j.cmpb.2014.01.003

Cited by 7 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2008, Lee et al [5] proposed a smart card-based key management solution by integrating various cryptographic techniques to solve the above problems. Then, several methods are proposed to deal with key management concern issues [6]- [10].…”

Section: Introductionmentioning

confidence: 99%

“…The methods in [5]- [10] allow that a patient provides his/her access authorization directly to an authorized user by presenting and enabling a smart card. In this consent case, the patients can correctly control the access to their health information.…”

Section: Introductionmentioning

confidence: 99%

“…It severely affects the data access control and the confidentiality of a patient's medical information. To ensure the patient can monitor their health information even in the exception case, the methods in [5], [10] allow that a patient authorizes healthcare institutes to access his/her medical information within a contract time period. In addition, the method in [10] also allows that a patient is able to revoke the authorization at any time.…”

Section: Introductionmentioning

confidence: 99%

“…To ensure the patient can monitor their health information even in the exception case, the methods in [5], [10] allow that a patient authorizes healthcare institutes to access his/her medical information within a contract time period. In addition, the method in [10] also allows that a patient is able to revoke the authorization at any time. However, the disadvantage of these methods is that the authorized users can access the patient's medical information to use and disclosure as whatever they like before the valid time period expires.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Biometric-based key management for satisfying patient’s control over health information in the HIPAA regulations

2020

KSII TIIS

View full text Add to dashboard Cite

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Biometric-based key management for satisfying patient’s control over health information in the HIPAA regulations

2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…As the authentication mechanism can prevent the medical resources from being accessed by malicious attackers and the session key used to encrypt the packets can ensure the confidentiality of EMR/HER, many authenticated key agreement schemes [9][10][11][12][13] have been developed to protect medical records security and preserve patient's privacy. For example, the authentication schemes for HIPAA privacy and security regulations [9][10][11] were proposed to provide authorization, authentication and key management. The software solution [12] for sharing and querying of HL7 version 3 clinical documents was presented to provide security for data providers and protect the patients' privacy.…”

mentioning

confidence: 99%

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme

Zhang

Zhu

Tang

2017

IEEE J. Biomed. Health Inform.

View full text Add to dashboard Cite

Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

show abstract

Security and Privacy Issues in Outsourced Personal Health Record

Kumar

Mathuria

2017

Research Advances in Cloud Computing

View full text Add to dashboard Cite

A HIPAA-compliant key management scheme with revocation of authorization

Cited by 7 publications

References 15 publications

Biometric-based key management for satisfying patient’s control over health information in the HIPAA regulations

Biometric-based key management for satisfying patient’s control over health information in the HIPAA regulations

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme

Security and Privacy Issues in Outsourced Personal Health Record

Contact Info

Product

Resources

About