IEEE World Congress on Services

Delegated Authorization Framework for EHR Services using Attribute Based Encryption

Maithilee P Joshi, Karuna Pande Joshi, and Tim Finin

September 5, 2021

Medical organizations find it challenging to adopt cloud-based Electronic Health Records (EHR) services due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient-centric approach for EHR management, where the responsibility of authorizing data access is handled at the patients’ end. This creates significant overhead for the patient, who must authorize every access of their health record. It is also not practical given that multiple personnel are typically involved in providing care and that the patient may not always be in a state to provide this authorization. Hence there is a need to develop a proper authorization delegation mechanism for safe, secure, and easy to use cloud-based EHR Service management. We present a novel, centralized, attribute-based authorization mechanism that integrates Attribute-Based Encryption (ABE) and Semantic Web technologies to allow delegated secure access to patient records. This mechanism transfers the service management overhead from the patient to the medical organization and supports easy delegation of cloud-based EHR’s access authority to medical providers.

BibTeX OWL Tweet Scholar

Tags: attribute-based encryption, authorization, cloud computing, electronic healthcare record, encryption, ontology

Type: InProceedings

Publisher: IEEE

Note: Abstract in journal first, conference second track (J1C2) based on this journal version.

Downloads: 299 downloads