A framework for secured and privacy preserving eHealth System

Mahmuda Begum

    Research output: ThesisDoctoral Thesis

    177 Downloads (Pure)


    eHealth, the future of health care system, is gaining popularity in quick succession in the context of Australia. The core of eHealth is the Electronic Health Record (eHR) system which functions to record patient health information. In the era of the current communication networks, healthcare systems should utilise the advantages of storing, fetching and distributing the information between different healthcare stakeholders efficiently. To make the system
    secure in respect to the access to eHRs, the Personally Controlled Electronic Health Record (PCEHR) has recently been proposed. Despite the claim of PCEHR being controlled by the patients, vulnerabilities of disclosing credentials by the healthcare professionals and system operators are still present in the system. Other threats include, but not limited to, sensitive data in wrong hands, vulnerable authentication, and confidentiality. Moreover, an uninterrupted
    application of the security principle of electronic data files necessitates encrypted databases. So far, many research works have been progressed to confirm the patient's privacy. In most of them, the healthcare authority can get the consent to retrieve the patient's eHRs. These vulnerabilities may impact the patients and warrant the necessity of emerging of robust and effective authentication and access control schemes for eHRs.

    In this dissertation we introduce a patient centric cloud-based PCEHR framework, which utilises the homomorphic encryption technique in storing the eHRs. The proposed system guarantees the control of both access and privacy of eHRs stored in the cloud environment.

    Moreover, we propose a robust authentication scheme and a hybrid access control model to enhance the security and privacy of eHRs. Various methods of authentication are available using passwords, secret keys, tokens, and bio-metric features are the ones. An authentication system is required be elementary, fast and protected against unlawful use. In this dissertation, we propose multi-factor, multi-channel based authentication system which
    overcomes most of the drawbacks of existing the authentication system. Moreover, due to the simplicity of the proposed method, it is user friendly while ensures the strong security of the system, at the same time the proposed authentication method 1s quick, convenient, and resistant to compromises.

    For security requirements and protection of medical data it is necessary to implement access control policy in health care. Access control in eHealth solution which is right can ensure authorised access to sensitive records to keep privacy of her. In the traditional models, access control depends on specific attributes of the users and the objects. But the fact is that these access control models in these traditional models missing the notion of "context" which
    is part and parcel of the health care system. In this dissertation, we propose a new access control model combining with Role Based Access Control with context-constraint and Discretionary Access Control model, which restricts the access control and preserve the privacy of the records. We show that the PC EHR framework with the proposed access control method successfully satisfies various security and privacy requirements of the health care system.
    Original languageEnglish
    Awarding Institution
    • Charles Sturt University
    • Mamun, Quazi, Principal Supervisor
    Award date01 Oct 2014
    Place of PublicationAustralia
    Publication statusPublished - 2014


    Dive into the research topics of 'A framework for secured and privacy preserving eHealth System'. Together they form a unique fingerprint.

    Cite this