Ask a question to Desklib · AI bot


Security Protocols Used for Protecting the Electronic Health Records

Added on -2019-09-23

This paper analyzes the use of cryptography protocols to secure transactions in electronic health record systems (EHRS). It discusses general security protocols such as key agreement, identification and authentication, and password authentication and key exchange, as well as application-related security protocols like WAP, Bluetooth, and ZigBee. The paper also defines PHR, EMR, and EHR and explains the interrelationship between them. Finally, it describes the methodology used in EHR and the system model, including data collection and integration, secure storage and management, and secure usage of data.
| 7 pages
| 3694 words

Trusted by 2+ million users,
1000+ happy students everyday

SECURITY PROTOCOLS USED FOR PROTECTING THE ELECTRONIC HEALTHRECORDSABSTRACTThe technology growth is increasing rapidlythereby it tends to concentrate on securetransactions in an Electronic Health Recordsystem (EHRS). In this model the mainnecessity of security protocol is forauthentication. In medical health care mostof the people use their transaction card forpayment so there should be a secureprotocol to protect the user’s authenticationrecords. For secure transactionscryptographic protocols should be usedbetween the two transaction parties toperform the task securely. In this paper astudy of cryptography protocol is analyzedto know how the data is secured inelectronic health record system. 1.INTRODUCTIONCryptography is one of the main techniqueswhich are used for data security. In e-healthcare system, various data such aspatient’s personal information, healthinformation and transactions information arestored. So these data should be securedusing cryptographic protocols. Cryptographyprotocol is used as a security protocol toprotect the data communication between twomembers. Generally, cryptography protocoluses some procedures or schemes to performthe security mechanism. Consider thetransaction mechanism in the e-health caresystem. When the user performs the creditor debit card transaction some mechanismslike digital signature schemes are used forsecurity. Some of the examples ofcryptography protocols are TLS, SSH,Kerberos, IPSec, etc. Nowadays peoplewidely use EHRS to build a secureenvironment in the medical industry. Forthis system, cloud computing is one of theimportant factors to provide theinfrastructure for manipulating the data.Every health care provider has their owndatabase for EMRs (Electronic MedicalRecords). The data are stored in acentralized system where every patient canhave different health care providers likespecialists, therapists, physicians etc. sothere is a need for cloud infrastructure forthe additional storage of records. EMRinvolves in sharing of records that are said tobe electronic health records [1][7]. 2.GENERAL SECURITY PROTOCOLSIn general, there are some security protocolssuch as key agreement protocol,identification and authentication protocoland Password authentication and key changeprotocols [8]Key agreementThis protocol is used by two users to sharethe single key. For example, if a message isto be sent to bob it should be sent securelywith the secret key. Authentication is givento the user when he holds the private key orpublic key pair. The specific pair of the keyused in such session is called ephemeralkeys. Generally, in key distribution, oneuser has the control to edit the key pair butin key agreement, both the user has thecontrol to change the key pair and both areinvolved in key generation method. Identification and authenticationprotocolsThis protocol is used for enabling the user tocreate authentication in online. Every userhas a private key or public key that is yet to
be verified. During the verification publickey is verified with the identified key toprove their identity of the user.Identification and authentication is a similarprocess where identification is identifyingthe user with the matching keys whereasauthentication is verifying whether the keyis relevant to users key. So the output of theauthentication gives the original user.Password authentication and keyexchange protocolsIn password authentication key andexchange protocols password is used as akey whereas in key agreement the key usedis just the secret code. If the user sends themessage with the password then thechallenge is to design the protocol to secureagainst dictionary attacks. The user shouldbe aware of setting the password so that theintruder may not guess the password.3.APPLICATION RELATEDSECURITY PROTOCOLSSecurity protocols which are used in therestricted areas of wireless or mobilecommunication are WAP protocols,Bluetooth and ZigBee [8].WAP protocolsWAP is Wireless Application Protocol. It isused as a communication protocol foraccessing the data wirelessly in the mobilenetwork. It provides direct connectivitybetween the wireless devices and theinternet. This function can be created usingopen source environment and it can becreated using any type of operating system.BLUETOOTHBluetooth is a wireless technology that isused for sending and receiving the data withthe shorter distance in the mobile networksusing the personal area network. Bluetoothprotocol consists of various protocols suchas baseband, link manager protocol, logicallink control and adaptation layer, servicediscovery protocol. Each protocol has theirspecifications and its limitations. ZIGBEEZigbee is a communication technologywhich is operated with the lower rangeswhen compared to the Bluetooth. The aim ofthis technology is to provide high range byusing mesh network.4.DEFINITIONS OF PHR, EHR ANDEMRThe main terms involved in health caresystem are PHR (Personal Health Record),Electronic Medical Record (EMR) and EHR(Electronic Health Record). Let us see thedefinitions for the following terms [1] [11]. PHRThe personal health record is a descriptionof the patient's health conditions which ismaintained individually by them. There willbe a complete summary of the patient'shealth history and it can be obtained byusing the systems like EMR and EHRs. Thisinformation can be accessible fromanywhere and anytime with any devices. EMRElectronic Medical Record is an observationof patient’s details when the patients areencountered at the health care centre as aninpatient and outpatient process. Thedescription of the patients is held by thehealthcare organization. Electronic MedicalRecord is created by the inspectors whoneed to monitor, document and manage thehealth of the patients within the healthcareorganization. The records are created bythem and it is monitored by them in order toknow the details of the patients and to givetreatment accordingly. In EMR there will beclinic data repository (CDR), clinic decision
support system (CDSS), order entry,medical vocabulary, pharmacy managementand administration record. EHRElectronic Health Record is a part ofElectronic Medical Record where the healthrecord is maintained by the healthcareorganization to monitor the patient. Ingeneral, EHR consists of many patientsdetails with the worldwide region, state orcommunity. The main aim of EHR is toform a document of patient’s record tosupport the patients at present and future totreat them accordingly. This documentationprovides the need for clinicians to patient’shealth care.5.PROCESS OF EHRThe process of EHR is shown belowFigure 1.System processThe interrelationship between PHR, EHRand EMR:Finally, the medical records of patients canbe viewed by PHR, EHR and EMR. Allthree are partially overlapped. With the helpof PHR, EHR can be created. With the helpof EMR, EHR is created. The main aim ofhealth care system is to provide thehealthcare information with the desiredinformation. 6.METHODOLOGY USED IN EHRIn electronic health record system, usually,every patient will have the microprocessorfor authentication. The description of thepatients will be secured with the help ofcryptographic algorithms where it is securedwith the basic cryptographic principles suchas confidentiality and authenticity. A certainalgorithm is developed to know which key isused for the patients and which key is usedfor the doctor's accessibility of healthrecords. The patients is given with thepublic key to access the health recordwhereas the doctors are provided with theprivate key to access the health record of thepatients. The data can be stored and obtainedfrom anytime and anywhere with thedevices. The description of the patients andthe doctor's prescriptions can be viewedonly with the valid authentication. There arehealthcare professionals to monitor thepatient's health record, document and updatethe existing health record [2] [11]. 7.SYSTEM MODELThe system model consists of three modules.They are EHR data collection andintegration, secure storage and managementand secure usage of data [2][3]. Figure 2. System modelDATA COLLECTION ANDINTEGRATION:This process is the major task to start thesystem management. In order to create theEHR the patient's history should begathered. So the data collection andintegration is done by the healthcareorganization. The main requirement forintegrating the data is before integration thedata should be verified in terms of basic

Found this document preview useful?

You are reading a preview
Upload your documents to download
Become a Desklib member to get accesss

Students who viewed this