Cryptographically Enforced Data Access Control in Personal Health Record Systems

Personal Health Record (PHR) systems play a vital role during digital transformation of healthcare. These systems provide many value-added features like viewing one's health related information, secure transmission and tracking of that information with the health service providers. A cloud assisted PHR system maximizes the possibility for PHR systems to interoperate with other systems in health information management environments. Each patient needs to encrypt his/her PHR data before uploading it in the cloud since the patients will lose their physical access to their health data stored in cloud servers. Moreover, to achieve fine-grained data access control on encrypted PHR data in an effective and scalable manner is a challenging task. Since there are multiple owners or patients are available in a PHR system and existing data access control schemes are mostly designed for the single-authority/owner scenarios, a novel patient-centric data access control scheme called Revocable Multi Authority Attribute Set Based Encryption (R- MA- ASBE) is proposed. The proposed scheme inherits flexibility, scalability and fine-grained patient-centric data access control.