A Patient-Centric Access Control Scheme for Personal Health Records in the Cloud

Abstract

In this paper, we describe a scheme that enables patients to exercise complete control over their personal health records (PHR) stored in the cloud whilst also maintaining confidentiality of their data. The design goals of the proposed scheme include: (1) confidentiality of health data, (2) integrity of health data, (3) authenticity of health data, (4) patient-centric fine-grained access control, and (5) revocation of access control. To achieve these goals, we primarily utilize techniques such as Conditional Proxy Re-Encryption, the Advanced Encryption Standard, and the RSA cryptosystem. In our proposed scheme, patients can easily authorize access privileges for their PHR data for various users. Furthermore, this scheme also provides flexible key management and an efficient encryption mechanism.