A privacy-preserving data sharing solution for mobile healthcare

Abstract

Personal Health Records (PHR) is patient-centric healthcare system, which allows patients to control who can get access to their health records and which section of the record can be accessed. Hot issues such as access control, patients control degree, and privacy protection, etc. are still the challenging concerns while designing a secure PHR system. In this paper, we propose dsPPS, a secure integrated PHR framework(from health data collection to health data sharing) that meets patients' full control of their PHR and sufficient privacy preservation. Specifically, dsPPS provides two schemes: Biometric-Based secure health data Collection (BBC) scheme and Attribute-Based health record Accessing (ABA) scheme. While BBC scheme enables patients to collect their scattered health data from multiple typical health systems securely and efficiently, the ABA scheme allows users (health systems) access to the PHR server with their sensitive attributes being protected. Comprehensive analysis is conducted to show the security of dsPPS against typical attacks. In addition, experiments in both smart phone and PC (Intel) platforms demonstrate that dsPPS produces reasonable performance in terms of storage, communication and computational overheads.