IEEE World Congress on Services

Delegated Authorization Framework for EHR Services using Attribute Based Encryption

, , and

Medical organizations find it challenging to adopt cloud-based Electronic Health Records (EHR) services due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient-centric approach for EHR management, where the responsibility of authorizing data access is handled at the patients’ end. This creates significant overhead for the patient, who must authorize every access of their health record. It is also not practical given that multiple personnel are typically involved in providing care and that the patient may not always be in a state to provide this authorization. Hence there is a need to develop a proper authorization delegation mechanism for safe, secure, and easy to use cloud-based EHR Service management. We present a novel, centralized, attribute-based authorization mechanism that integrates Attribute-Based Encryption (ABE) and Semantic Web technologies to allow delegated secure access to patient records. This mechanism transfers the service management overhead from the patient to the medical organization and supports easy delegation of cloud-based EHR’s access authority to medical providers.

  • 146430 bytes

attribute-based encryption, authorization, cloud computing, electronic healthcare record, encryption, ontology



Abstract in journal first, conference second track (J1C2) based on this journal version.

Downloads: 318 downloads

UMBC ebiquity