Article Preview
Top1. Introduction
The electronic health records (EHR) (Ambinder, E. P., 2005) of the patients include detailed information concerning their health issues and medical history in the healthcare field. The records comprise susceptible data, such as previously diagnosed health diseases and drug maltreatment, of which the patient would prefer to keep confidential. Distribution of such data, whether persistently or unintentionally, could invite grave harmful implications for the corresponding patient. Adverse consequences could range from social disgrace, complications in getting employment or health insurance policies and so forth (Rindfleisch, T. C., 1997). In attempts to bring patients more restraint over their EHRs, legislations such as the Health Insurance Probability and Accountability Act (HIPAA) has been developed. Therefore, the privacy of such records must be protected and, hence, has been under intensive research analysis (Yang et al., 2015; Gong et al., 2015, Salih et al., 2015; Zhou et al., 2015).
When the privacy of the medical records is being preserved, numerous techniques can be utilized. Normally, as shown in Figure 1, privacy can be managed by using cryptography, anonymization, or policy methods (Yang et al., 2015). Anonymization techniques contain, utilizing statistical measures to conceal the identity of the patient amongst other patients before the data is uncovered to the data requestors and is generally used for discharging huge quantities of medical data for analytical purposes (Sweeney, 2002; Agrawal et al., 2007). Cryptography techniques exertion by utilizing security measures such as encryption mechanisms to protect the susceptible records (Stallings et al. 2014; Gasarch et al., 2004). Finally, policy methods preserve the patient’s privacy by employing rules and constraints for authenticating and authorizing access to the private data (Ferraiolo et al., 2001; Sandhu et al., 1996). As a result, preserving privacy of a scrupulous patient, who is currently undergoing a medical diagnosis or procedure, cannot be realized through means of anonymization methods because identity is lost among multiple datasets. Therefore, the feasible solution, in such circumstances, requires utilizing cryptography or policy methods or even a combination of the two (Yang et al., 2015).
Figure 1.
Different privacy preserving approaches
Access control technique is one of the major processes for preserving privacy of the medical records. This technique is elementary security mechanism that works by assessing an access request against a set of constraints and rules before finally granting or denying such access to system resources (Stallings et al., (2014). Several types of access control exist in the literature with different features: Mandatory Access Control (MAC) (Stallings et al., (2014), Role Based Access Control (RBAC) (Sandhu et al., 1996; Reid et al., 2003; Lampson, 1974; Graham et al., 1972, Sandhu et al., 2000), Attribute Based Access Control (ABAC) (Hu et al., 2013) and so on.
While access control can act as a first line of defence against illegal access by denying such access request, it is unable to defend against misuse of system resources by users who have been granted access (Wang et al., 2011). In the medical scenario, healthcare professionals can abuse their access rights with regards to patients’ private health records; which could increase the risk of potential leakage of the sensitive information. In the United States, the Department of Health and Human Services has conducted an investigation with regards to patients’ electronic health records in UCLA (University of California, Los Angeles) hospital and found that they have been excessively viewed by medical staff without a valid reason (Hennessy, 2016).
In order to overcome the potential misuse of already authorized users, access control schemes can be amplified with risk assessment measures. One important measure is calculating the reliability of an access appellant. Reliability can be determined by several means. One way of calculating trust is by analyzing the user’s past behaviour towards a system resource in order to grant or deny future access demand (Josang et al., 2007). In effect, the access control scheme becomes more adaptable and dynamic in responding to access requests due to the variability of the trust level of the access requestor, as opposed to traditional access control schemes (Wang et al., 2011; Hennessy, 2016; Josang et al., 2007; Kandala et al., 2011).