A HIPAA-compliant key management scheme with revocation of authorization

Wei-Bin Lee; Chien-Ding Lee; Kevin I-J Ho

doi:10.1016/j.cmpb.2014.01.003

A HIPAA-compliant key management scheme with revocation of authorization

Comput Methods Programs Biomed. 2014 Mar;113(3):809-14. doi: 10.1016/j.cmpb.2014.01.003. Epub 2014 Jan 9.

Authors

Wei-Bin Lee¹, Chien-Ding Lee², Kevin I-J Ho³

Affiliations

¹ Department of Information Engineering and Computer Science, Feng Chia University, Taiwan, ROC.
² Department of Information Engineering and Computer Science, Feng Chia University, Taiwan, ROC; Department of Information Systems, Changhua Christian Hospital, Taiwan, ROC. Electronic address: P9521801@fcu.edu.tw.
³ Department of Computer Science and Communication Engineering, Providence University, Taiwan, ROC.

PMID: 24480372
DOI: 10.1016/j.cmpb.2014.01.003

Abstract

Patient control over electronic protected health information (ePHI) is one of the major concerns in the Health Insurance and Accountability Act (HIPAA). In this paper, a new key management scheme is proposed to facilitate control by providing two functionalities. First, a patient can authorize more than one healthcare institute within a designated time period to access his or her ePHIs. Second, a patient can revoke authorization and add new authorized institutes at any time as necessary. In the design, it is not required to re-encrypt ePHIs for adding and revoking authorizations, and the implementation is time- and cost-efficient. Consent exception is also considered by the proposed scheme.

Keywords: Cryptography; Health Insurance and Accountability Act (HIPAA); Key management; Revocation.

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Computational Biology
Computer Security
Confidentiality*
Consent Forms
Electronic Health Records* / organization & administration
Guideline Adherence
Health Insurance Portability and Accountability Act*
Humans
Taiwan
United States