A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations

Hu, Jiankun; Chen, Hsiao‐Hwa; Hou, Ting‐Wei

doi:10.1016/j.csi.2009.04.005

Cited by 99 publications

(43 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In [7], the authors present a hybrid public key infrastructure solution to comply with the HIPAA (Health Insurance Portability and Accountability Act) privacy and security regulations in systems supporting Internet-enabled healthcare applications. The proposed schema is contact based instead of adopting conventional session based cryptographic key management.…”

Section: Related Workmentioning

confidence: 99%

PKI Security in Large-Scale Healthcare Networks

2010

View full text Add to dashboard Cite

This is the unspecified version of the paper.This version of the publication may differ from the final published version. However, there is a plethora of challenges in these healthcare PKI infrastructures. Especially, there are a lot of challenges for PKI infrastructures deployed over largescale healthcare networks. In this paper, we propose a PKI infrastructure to ensure security in a large-scale Internet-based healthcare network connecting a wide spectrum of healthcare units geographically distributed within a wide region. Furthermore, the proposed PKI infrastructure facilitates the trust issues that arise in a large-scale healthcare network including multi-domain PKI infrastructures. Permanent

show abstract

Section: Related Workmentioning

confidence: 99%

PKI Security in Large-Scale Healthcare Networks

2010

View full text Add to dashboard Cite

show abstract

“…The protection of personal information is a concern (Hoang et al, 2009;Hu and Han, 2009;Hu et al, 2010). The emergence of biometric security technology resolved this problem to some extent.…”

Section: Introductionmentioning

confidence: 99%

A pitfall in fingerprint bio-cryptographic key generation

Zhang¹,

Li³

et al. 2011

Computers & Security

Self Cite

View full text Add to dashboard Cite

“…However, if the protected data is indeed transmitted, it should be protected through cryptographic techniques and A should attain access to the decryption key only in case of (auditable) overrides. One solution that is used by many architectures is to put in place a central key distribution server infrastructure, e.g., (Hu et al 2010;Anciaux et al 2008). In this case, S2 would encrypt the protected parts of X's medical record prior to sending it to A and then deposit the decryption key at a central key server.…”

Section: Introductionmentioning

confidence: 99%

Protecting privacy during peer-to-peer exchange of medical documents

Weber-Jahnke

Obry

2011

Inf Syst Front

View full text Add to dashboard Cite

Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient's disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient's disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized "shared health record" (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-topeer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge.

show abstract

A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations

Cited by 99 publications

References 6 publications

PKI Security in Large-Scale Healthcare Networks

PKI Security in Large-Scale Healthcare Networks

A pitfall in fingerprint bio-cryptographic key generation

Protecting privacy during peer-to-peer exchange of medical documents

Contact Info

Product

Resources

About