Journal of Engineering Science and Technology (Jun 2009)
A PRIVACY MANAGEMENT ARCHITECTURE FOR PATIENT-CONTROLLED PERSONAL HEALTH RECORD SYSTEM
Abstract
Patient-controlled personal health record systems can help make health care safer, cheaper, and more convenient by facilitating patients to 1) grant any care provider access to their complete personal health records anytime from anywhere, 2) avoid repeated tests and 3) control their privacy transparently. In this paper, we present the architecture of our Privacy-aware Patient-controlled Personal Health Record (P3HR) system through which a patient can view her integrated health history, and share her health information transparently with others (e.g., healthcare providers). Access to the health information of a particular patient is completely controlled by that patient. We also carry out intuitive security and privacy analysis of the P3HR system architecture considering different types of security attacks. Finally, we describe a prototype implementation of the P3HR system that we developed reflecting the special view of Japanese society. The most important advantage of P3HR system over other existing systems is that most likely P3HR system provides complete privacy protection without losing data accuracy. Unlike traditional partially anonymous health records (e.g., using k-anonymity or l-diversity), the health records in P3HR are closer to complete anonymity, and yet preserve data accuracy. Our approach makes it very unlikely that patients could be identified by an attacker from their anonymous health records in the P3HR system.
