scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations

01 Jan 2008-Vol. 12, Iss: 1, pp 34-41
TL;DR: In this paper, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms to comply with the HIPAA regulations.
Abstract: The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.
Citations
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

2,188 citations

Journal Article
TL;DR: The Health Insurance Portability and Accountability Act, also known as HIPAA, was designed to protect health insurance coverage for workers and their families while between jobs and establishes standards for electronic health care transactions.
Abstract: The Health Insurance Portability and Accountability Act, also known as HIPAA, was first delivered to congress in 1996 and consisted of just two Titles. It was designed to protect health insurance coverage for workers and their families while between jobs. It establishes standards for electronic health care transactions and addresses the issues of privacy and security when dealing with Protected Health Information (PHI). HIPAA is applicable only in the United States of America.

561 citations

Proceedings ArticleDOI
08 Oct 2010
TL;DR: It is shown how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.
Abstract: Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees security and privacy of medical data stored in the cloud. We show how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.

276 citations

Journal ArticleDOI
TL;DR: This work proposes an improved scheme for authentication scheme for mobile devices in telecare medicine information system that is not only more secure than Wu et al.
Abstract: It is important to guarantee the privacy and the security of the users in the telecare medicine information system. Recently, Wu et al.'s proposed an authentication scheme for mobile devices in telecare medicine information system. They added the pre-computing idea within the communication process to avoid the time-consuming exponential computations. They also claimed their scheme can withstand various attacks. We will show that their scheme suffers from the impersonation attack to the insider's attack. In order to overcome the weaknesses, we propose an improved scheme to eliminate the weakness. Our scheme is not only more secure than Wu et al.'s scheme, but also has better performance. Then our scheme is more efficient and appropriate to collocating with low power mobile devices for the telecare medicine information system.

248 citations


Cites background from "A Cryptographic Key Management Solu..."

  • ...Specifically speaking, the most concerned security issue is of how to ensure information privacy and security during transmission through the insecure Internet[ 2 ]....

    [...]

Journal ArticleDOI
TL;DR: A novel authentication scheme is proposed that is added the pre-computing idea within the communication process to avoid the time-consuming exponential computations and is shown to be more secure and practical for telecare medicine environments.
Abstract: The telecare medicine information system enables or supports health-care delivery services. In recent years, the increased availability of lower-cost telecommunications systems and custom made physiological monitoring devices for patients have made it possible to bring the advantages of telemedicine directly into the patient's home. These systems are moving towards an environment where automated patient medical records and electronically interconnected telecare facilities are prevalent. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. Many schemes based on cryptography have been proposed for the goals. However, much of the schemes are vulnerable to various attacks, and are neither efficient, nor user friendly. Specially, in terms of efficiency, some schemes need the exponential computation resulting in high time cost. Therefore, we propose a novel authentication scheme that is added the pre-computing idea within the communication process to avoid the time-consuming exponential computations. Finally, it is shown to be more secure and practical for telecare medicine environments.

234 citations


Cites background from "A Cryptographic Key Management Solu..."

  • ...[ 2 ]. Other protected health information, such as the electronic medical record...

    [...]

References
More filters
Journal ArticleDOI
Taher Elgamal1
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

7,514 citations

01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

2,188 citations

Journal Article
TL;DR: The Health Insurance Portability and Accountability Act, also known as HIPAA, was designed to protect health insurance coverage for workers and their families while between jobs and establishes standards for electronic health care transactions.
Abstract: The Health Insurance Portability and Accountability Act, also known as HIPAA, was first delivered to congress in 1996 and consisted of just two Titles. It was designed to protect health insurance coverage for workers and their families while between jobs. It establishes standards for electronic health care transactions and addresses the issues of privacy and security when dealing with Protected Health Information (PHI). HIPAA is applicable only in the United States of America.

561 citations

01 Jan 1998
TL;DR: An Act to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage.
Abstract: An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

535 citations

Journal Article
TL;DR: The Department of Health and Human Services modifies certain standards in the Rule entitled "Standards for Privacy of Individually Identifiable Health Information'' to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule's provisions.
Abstract: The Department of Health and Human Services ("HHS'' or "Department'') modifies certain standards in the Rule entitled "Standards for Privacy of Individually Identifiable Health Information'' ("Privacy Rule''). The Privacy Rule implements the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996. The purpose of these modifications is to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule's provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule.

320 citations