electrical medical records
play

Electrical Medical Records La Trobe University, Monash University, - PowerPoint PPT Presentation

Dec 21, 2023 •32 likes •472 views

Efficient and Secure Cloud Based Healthcare Systems for the Storage of Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT What We Will Cover Today Introduction and Motivation Introduction

  1. Efficient and Secure Cloud ‐ Based Healthcare Systems for the Storage of Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT

  2. What We Will Cover Today • Introduction and Motivation • Introduction • About Us and the Project • Defining the Problem • Motivating Example • Manual Encryption Approach • Manual Encryption Example • Attribute Based Encryption • Overview • ABE example • Project Overview and Design • Project Overview • System Model and Design • Implementation Status 2

  3. Introduction • About me • Name: Dr. Russell Paulet • Role: Research assistant and software engineer 3

  4. About Us and the Project • Project: Efficient and Secure Cloud ‐ Based Healthcare Systems for the Storage of Electrical Medical Records • Research Team • Xun Yi (RMIT) • Hua Wang (VU) • Joseph Liu (Monash) • Naveen Chilamkurti (La Trobe) • Hui Cui (previously RMIT) • Russell Paulet (RMIT) • The target audience for this project is the health-care industry • This is the domain from which we draw examples and demonstrate the ABE implementation 4

  5. Defining the Problem • Storing medical records as physical (paper-based) documents offers a high degree of security and privacy • But using physical medical records have a number of limitations • Easy to repeat medical tests because some records may be inaccessible or missing • Appropriate sharing of medical records is labour intensive • Either via transportation or copying of records 5

  6. Defining the Problem • The use of e-Health records addresses the limitations associated with the management of physical health records • Records are more readily available when needed • Since e-Health records are more accessible, they also become more vulnerable to attack • So access control is typically restricted by using software to protect e-Health records • Where access to the records is granted only if some policy or rule is satisfied 6

  7. Defining the Problem • Of course, the management of e-Health records has associated maintenance costs • Computing resources • Staffing resources • These costs can be significant when there are a large number of records to manage • Also, the number of records grow over time • One way to reduce these costs is to outsource to a cloud provider • This concept is known as Economies-of- Scale 7

  8. Defining the Problem • Thus, we want to store e-Health records in the cloud to enjoy the benefits of economies-of-scale, but want to enforce secure access control of e-Health records • This includes ensuring privacy of the e-Health records • Delegating this responsibility to the Server Cloud cloud provider would require absolute trust to establish and maintain the privacy of the records 8

  9. Defining the Problem • Additionally, an adversary may exploit vulnerabilities to override correct behaviour of the e-Health application running on the cloud • Either by breaking the security checks of the application or directly accessing the data • This project aims to use encryption to address these challenges in a Server Cloud more secure way • While reducing record management complexity 9

  10. Motivating Example • A common model for access control is Role Based Access Control (RBAC) • Which means that the access policy is defined over roles (or attributes) of users • For our example we will consider the following users with their attributes User Attributes User Attributes John123 Doctor,Cardiology Jane84 Nurse,Cardiology Jay456 Doctor,Neurology Joe88 Receptionist,Cardiology Bob42 Nurse,Neurology Alice77 Technician,Cardiology • Suppose that we want to encrypt a record ℛ under policy 𝒬 : 𝒬 =“(Doctor OR Nurse OR Receptionist) AND (Cardiology)” 10

  11. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 11

  12. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 12

  13. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 13

  14. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 14

  15. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 15

  16. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 16

  17. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 17

  18. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 18

  19. Manual Encryption Approach User Attributes Key 𝐿 1 John123 Doctor, Server Cloud Cardiology 𝐿 2 Jay456 Doctor, Encryption ID User Encryption Neurology 𝐹 𝐿 1 (ℛ) 1 John123 𝐿 3 Bob42 Nurse, Store ℛ 𝐹 𝐿 4 (ℛ) 2 Jane84 Neurology 𝐿 4 Jane84 Nurse, 𝐹 𝐿 5 (ℛ) 3 Joe88 Cardiology 𝐿 5 Joe88 Receptionist, Cardiology 𝐿 6 Alice77 Technician, Cardiology 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 19

  20. Manual Encryption Approach • The main problem with this approach is that there is a ciphertext for each user who satisfies the policy (which is required for security) • Which can result in significant overheads for storage and communication • If the record needs to be updated, then all the copies need to be updated too • Also observe that this requires us to obtain the key for each user that satisfies the policy • Obviously a user’s key must be current and valid • Moreover, the data owner must manually encrypt records according to the policy before uploading the records to the cloud • Selecting the appropriate keys for any given policy is complex and error prone 20

  21. Attribute Based Encryption Overview • We can overcome these problems by utilising Attribute Based Encryption (ABE) • Attribute Based Encryption was introduced by Amit Sahai and Brent Waters in 2005 • Informally, an Attribute Based Encryption scheme allows us to encode a policy into the encryption process • Where decryption is only possible if a user has the attributes that satisfy the policy • The user is assigned attributes according to their roles in the organisation • We will now explore how Attribute Based Encryption can be employed for our example 21

  22. Attribute Based Encryption 𝒧 𝑄𝑝𝑚𝑗𝑑𝑧 AND John123 Attributes={Doctor,Cardiology} Cardiology OR Nurse Doctor Receptionist 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 22

  23. Attribute Based Encryption 𝒧 𝑄𝑝𝑚𝑗𝑑𝑧 AND John123 Attributes={Doctor,Cardiology} Cardiology OR Nurse Doctor Receptionist 𝒬 =“( Doctor OR Nurse OR Receptionist) AND (Cardiology)” 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tragedy of the Anticommons in Digital Right Management of Medical Records Quanyan Zhu 1 ,

Tragedy of the Anticommons in Digital Right Management of Medical Records Quanyan Zhu 1 ,

Tragedy of the Anticommons in Digital Right Management of Medical Records Quanyan Zhu 1 , Carl Gunter 2 and Tamer Baar 1 1 Coordinated Science Laboratory Department of Electrical and

336 views • 20 slides
MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL

MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL

MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL RECORDS Request Forms HIPPA Authorizations 78B-5-619 Patient Access to Medical RecordsThird Party Access Hitech Act Requests This

479 views • 19 slides
Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Management of Patient Records Management of Medical Records Management of Services Price management Relations with Insurance Company Financial Management and Accounting Medical Supplies Management Auxiliary

952 views • 9 slides
Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of

Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of

Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of Nursing, Seoul National University Seoul, Korea Background Electronic medical records (EMR) improves the ac cessibility of medical information and

252 views • 13 slides
Integrating Medical Sensor Systems into Electronic Medical Records: The ITALH Project and Testbed

Integrating Medical Sensor Systems into Electronic Medical Records: The ITALH Project and Testbed

Integrating Medical Sensor Systems into Electronic Medical Records: The ITALH Project and Testbed Ruzena Bajcsy, Shankar Sastry, Mike Eklund Tanya Roosta, Marci Meingast, Edgar Lobotan Adeeti Ullal, Rustom Dessai, Willy Cheung, Albert Chang

498 views • 15 slides
ELECTRONIC MEDICAL RECORDS FOR So, what is Project Buendia? Essentially, we're building an

ELECTRONIC MEDICAL RECORDS FOR So, what is Project Buendia? Essentially, we're building an

Hi, I'm Fabian. I'm the lead software engineer on MSFs Electronic Medical Records for Emergencies Project. Were working on Project Buendia, an OpenMRS deployment for humanitarian relief scenarios. Today I'm going to be talking a little

483 views • 9 slides
Considering governance for patient access to e- medical records Karen Day Sue Wells

Considering governance for patient access to e- medical records Karen Day Sue Wells

Considering governance for patient access to e- medical records Karen Day Sue Wells k.day@auckland.ac.nz +64 27 820 1125 Open Sesame Study KarenJDay Background Our eHealth vision is for New Zealanders and the health professionals

416 views • 13 slides
Advancing clinical research using electronic medical records (EMRs) at a paediatric hospital Ahuva

Advancing clinical research using electronic medical records (EMRs) at a paediatric hospital Ahuva

Advancing clinical research using electronic medical records (EMRs) at a paediatric hospital Ahuva Segal Senior EMR Research Analyst Mike South Chief Medical Information Officer Outline Overview of RCH EMR Project Making our EMR

961 views • 42 slides
Electronic medical records Purposes Structures Related nomenclatures

Electronic medical records Purposes Structures Related nomenclatures

Electronic medical records Purposes Structures Related nomenclatures Implementations References Purposes Collecting relevant data Reporting Management of medical data Administrative management Attestation and

571 views • 38 slides
Clinician burnout: a hot topic and getting hotter. Are electronic medical records fuelling the

Clinician burnout: a hot topic and getting hotter. Are electronic medical records fuelling the

Clinician burnout: a hot topic and getting hotter. Are electronic medical records fuelling the fire? Mike South , Paediatrician & Chief Medical Information Officer Clinician burnout: a hot topic and getting hotter. Are electronic medical

1.21k views • 82 slides
Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does that mean? The guardian ofyour schools records Rule 2380 The RL knows what records are kept in your school The RL is the expert!

361 views • 13 slides
Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of Parkinsons Disease with the use of Lipophilic Beta-Blockers He Zhang Assistant Professor Dept. of Information Systems & Decision Sciences,

348 views • 14 slides
Centralised versus Decentralised Management of Patients Medical Records Catherine QUANTIN 1 ,

Centralised versus Decentralised Management of Patients Medical Records Catherine QUANTIN 1 ,

Centralised versus Decentralised Management of Patients Medical Records Catherine QUANTIN 1 , Gouenou COATRIEUX, Maniane FASSA, Vincent BRETON, David-Olivier JAQUET-CHIFFELLE, Paul de VLIEGER, Norbert LYPSZYC, Jean-Yves BOIRE, Christian ROUX,

482 views • 23 slides
ELECTRONIC MEDICAL RECORDS FOR EMERGENCIES / PROJECT BUENDIA WORKS EVERYWHERE EXTREMELY

ELECTRONIC MEDICAL RECORDS FOR EMERGENCIES / PROJECT BUENDIA WORKS EVERYWHERE EXTREMELY

Fabian Tamp @capnfabs ELECTRONIC MEDICAL RECORDS FOR EMERGENCIES / PROJECT BUENDIA WORKS EVERYWHERE EXTREMELY ADAPTABLE Photos: MSF PORTABLE EASY TO ANALYSE EASY TO BACK UP EASY TO ACCESS HISTORICAL DATA BETTER DESIGN FOR DECISION SUPPORT

631 views • 15 slides
Risk and Records at UTS Records Management Program > University Records, Governance Support

Risk and Records at UTS Records Management Program > University Records, Governance Support

THINK.CHANGE.DO Risk and Records at UTS Records Management Program > University Records, Governance Support Unit, Registrar, DVC (Corporate Services) 6 dedicated f/t positions > Devolved system 2 campuses (city campus over

325 views • 13 slides
Electrical Electrical Requirements Permit Application OVERVIEW Required Plans

Electrical Electrical Requirements Permit Application OVERVIEW Required Plans

Electrical Electrical Requirements Electrical Requirements Presented by: Mark Izzo Electrical Plan Examiner 1 C I T Y O F C H I C A G O D E P A R T M E N T O F B U I L D I N G S Electrical Electrical

331 views • 8 slides
Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc. Supervisor: F. Turkmen PhD February 6, 2017 University of Amsterdam Introduction Problem Securely storing BigData on NoSQL database systems.

669 views • 48 slides
Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike, Jeremy & Paul The popular compression utility for Microsoft Windows computers Easy-to-use AES encryption - Advanced Encryption version

492 views • 38 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary Webinar From healthsystemCIO.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck:

468 views • 22 slides
Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What Security Really Looks Like at UBC New s-w orthy Security I ncidents UBC Laptop Loss & UVic Loss of 11,845 VGH Loss of 450 medical Recovery with

426 views • 17 slides
Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal Shebaro Shebaro (Computer Science (Computer Science- - UNM) UNM) Bilal Jedidiah R. Crandall R. Crandall (Computer Science (Computer Science- -

464 views • 33 slides
Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff

Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff

Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff Overview Requirements Responsibilities Schedule Encryption Algorithm C+ + Function Overview Function Algorithms Final

572 views • 38 slides

More recommend