Privacy-Preserving Personal Health Record (P3HR): A Secure Android Application

Abstract

In contrast to the Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems that are created to maintain and manage patient data by health professionals and organizations, Personal Health Record (PHR) systems are operated and managed by patients. Therefore, it necessitates increased attention to the importance of security and privacy challenges, as patients are most often unfamiliar with the potential security threats that can result from release of their health data. On the other hand, the use of PHR systems is increasingly becoming an important part of the healthcare system by sharing patient information among their circle of care. To have a system with a more favorable interface and a high level of security, it is crucial to provide a mobile application for PHR that fulfills six important features: (1) ease the usage for various patient demographics and their delegates, (2) security, (3) quickly transfer patient data to their health professionals, (4) give the ability of access revocation to the patient, (5) provide ease of interaction between patients and their circle of care, and (6) inform patients about any instances of access to their data by their circle of care. In this work, we propose an implementation of a Privacy-Preserving PHR system (P3HR) for Android devices to fulfill the above six characteristics, using a Ciphertext Policy Attribute Based Encryption to enhance security and privacy of the system, as well as providing access revocation in a hierarchical scheme of the health professionals and organizations involved. Using this application, patients can securely store their health data, share the records, and receive feedback and recommendations from their circle of care.