Fine Grained Access of Interactive Personal Health Records

Abstract

Electronic Personal Healthcare Records (PHRs) provide the means for individuals to hold, update and share their medical information in a digitally accessible form. However, the sensitive nature of healthcare information and the functional limitations of PHRs has resulted in their acceptance remaining relatively low. This is primarily due to fears of security and privacy in the current central authority based technologies on offer. In order to alleviate these concerns, whilst maintaining security, ease of access and distribution, we propose a PHR format that utilizes and extends a secure composite document format, Publicly Posted Composite Documents [1], originally designed for cross-organizational business workflows. The proposed PHR ensures data is always encrypted whilst traversing non-secure channels, with fine-grained access control built in to enable multiple people to have differential access to the same PHR. End-to-end encryption using Password Key Derivation Functions ensures no central authority is required to have access to plaintext data or decryption keys. This allows safe cooperation with Cloud Service Providers (CSPs) who act as the primary storage and vehicle by which PHRs can be shared. Our PHRs are designed to be partially downloaded and exported on request, and to gather PHR formatted data securely from an ecosystem of healthcare devices.