Cryptographic Access Control in Electronic Health Record Systems: A Security Implication

An electronic health record (EHR) system is designed to allow individuals and their health care providers to access their key health information online. These systems are considered more efficient, less error-prone and higher availability over traditional paper based systems. However, privacy and security concerns are arguably the major barriers in adoption of these systems globally including Australia. Individuals are unwilling to accept EHR systems unless they ensure their shared key health information is securely stored, a proper access control mechanism is used and any unauthorised disclosure is prevented. In this paper, we propose a cryptographic access control mechanism to protect the health information in EHR systems. We also developed a new encryption framework for the cryptographic access control to maintain a high level of protection. We systematically review the traditional cryptography methods to identify the weaknesses in order to overcome those weaknesses in our new method.