A Model for Xml-based Electronic Health Record System

Gayathri N.; Priya A.; Sridhar S.; Charlyn Pushpa Latha G.

doi:10.61841/t5rgzy70

Authors

Gayathri N. Assistant Professor, Department of Electronics and Communication Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences Author
Priya A. Assistant Professor, Department of Electronics and Communication Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences Author
Sridhar S. Assistant Professor, Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences. Author
Charlyn Pushpa Latha G. Associate Professor, Department of Information Technology, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai Author

DOI:

https://doi.org/10.61841/t5rgzy70

Keywords:

Cloud Storage, Access Control, Privacy Preserving, Cloud Security, XML (Extensible Markup Language), Attribute-based Encryption Scheme

Abstract

Cloud-based electronic health record (EHR) frameworks change medicinal reports to be exchanged between medical institutions; this can be relied upon to add to improvements in various therapeutic administrations; this can be expected to contribute enhancements in numerous medical services in the future. However, because the system design becomes more difficult, cloud-based EHR systems might introduce further security threats in comparison to existing singular systems. Thus, patients privacy in any healthcare system that's supported the quality of every patient within the health record system. So as to shield the privacy of patients, several approaches are planned to produce access management to patient documents once providing health services. However, most current systems don't support fine-grained access management or take into consideration further security factors like coding and digital signatures. In this paper, we've a bent to propose a cloud-based EHR model that performs attribute-based access management exploitation of extensible access management language. Our EHR exhibit on security performs fractional mystery composing and uses electronic marks once a patient record is circulated to a report requester. We have a tendency to use XML coding and XML digital signature technology. Our planned model works expeditiously and solely provides the mandatory data to requesters, who are for more efficiency and increased patient safety.

Downloads

Download data is not yet available.

References

[1] Tang, P.C., Ash, J.S., Bates, D.W., Overhage, J.M., & Sands, D.Z. (2006). Personal health records:

definitions, benefits, and strategies for overcoming barriers to adoption. Journal of the American Medical

Informatics Association, [Online]. 13(2), 121-126.

[2] Waegemann, C.P. (2003). Ehr vs. cpr vs. emr. Healthcare Informatics Online, [Online]. 1, 1-4. Available:

https://pdfs.semanticscholar.org/ce2f/cf783c1fa2afdaa81c5a46c317e7ed ff04bc.pdf

[3] van der Linden, H., Kalra, D., Hasman, A., &Talmon, J. (2009). Interorganizational future proof EHR

systems: a review of the security and privacy related issues. International journal of medical informatics,

[Online]. 78(3), 141-160. Available: http://www.sciencedirect.com/science/article/pii/S1386505608001081

[4] Tang, P. C. (2003). Key capabilities of an electronic health record system. Washington, DC, Institute of

Medicine of the National Academies. [Online]. Available: http://www.nationalacademies.org/hmd/Reports/

2003/Key-Capabilitiesof-an-Electronic-Health-Record-System.aspx

[5] Miller, R.H., West, C., Brown, T.M., Sim, I., & Ganchoff, C. (2005). The value of electronic health records

in solo or small group practices. Health Affairs, [Online]. 24(5), 1127-1137.

[6] Middleton, B., Bloomrosen, M., Dente, M.A., Hashmat, B., Koppel, R., Overhage, J.M., & Zhang, J.

(2013). Enhancing patient safety and quality of care by improving the usability of electronic health record

systems: recommendations from AMIA. Journal of the American Medical Informatics Association,

[Online]. 20(e1), e2-e8.

[7] Simon, S.R., Kaushal, R., Cleary, P.D., Jenter, C.A., Volk, L.A., Poon, E.G., & Bates, D.W. (2007).

Correlates of electronic health record adoption in office practices: a statewide survey. Journal of the

American Medical Informatics Association, [Online]. 14(1), 110-117.

[8] Ratnam, K.A., & Dominic, P.D.D. (2012, June). Cloud servicesEnhancing the Malaysian healthcare sector.

In Computer & Information Science (ICCIS), 2012 International Conference on. [Online]. Available:

http://ieeexplore.ieee.org/abstract/document/6297101/

[9] Zhang, R., & Liu, L. (2010, July). Security models and requirements for healthcare application clouds. In

Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on. [Online]. Available:

http://ieeexplore.ieee.org/abstract/document/5557983/

[10] Benaloh, J., Chase, M., Horvitz, E., &Lauter, K. (2009, Nov.). Patient controlled encryption: ensuring

privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing

security. [Online]. Available: http://dl.acm.org/citation.cfm?id=1655024

[11] Ray, P., &Wimalasiri, J. (2006, Aug.). The need for technical solutions for maintaining the privacy of

EHR. In Engineering in Medicine and Biology Society, 2006. EMBS'06. 28th Annual International

Conference of the IEEE. [Online]. Available: http://ieeexplore.ieee.org/abstract/document/4462848/

[12] Abbas, A., & Khan, S. U. (2014). A review on the state-of-the-art privacypreserving approaches in the ehealth clouds. IEEE Journal of Biomedical and Health Informatics, [Online]. 18(4), 1431-1441.

[13] eXtensible Access Control Markup Language (XACML) Version 3.0, OASIS Standard, 22 Jan. 2013,

Available: http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

[14] XML Encryption Syntax and Processing, W3C Recommendation, 10 Dec 2002, Available:

http://www.w3.org/TR/xmlenc-core/.

[15] Standards for Privacy of Individually Identifiable Health Information: Final Rule. Dec. 28, 2000.

[16] openEHR Community: openEHR, Available: http://www.openehr.org

[17] HL7: Health level 7 (HL7), Available: http://www.hl7.org

[18] Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V.: Hl7 clinical document

architecture, release 2.0. ANSI Standard (2004)

[19] C 32 - HITSP Summary Documents Using HL7 Continuity of Care Document (CCD) Component.

Available: http://www.hitsp.org/ConstructSet_Details.aspx?&PrefixAlpha=4&Prefi xNumeric=32

[20] HITECH Act enforcement interim final rule. US Department of Health and Human Services. 2013

[21] ASTM E2369 - Standard Specification for Continuity of Care Record (CCR), Available:

https://www.astm.org/Standards/E2369.htm

[22] Pussewalage, H.S.G., & Oleshchuk, V.A. (2016). Privacy preserving mechanisms for enforcing security

and privacy requirements in E-health solutions. International Journal of Information Management,

[Online]. 36(6), 1161-1173.

[23] Fernández-Alemán, J. L., Señor, I. C., Lozoya, P.Á.O., & Toval, A. (2013). Security and privacy in

electronic health records: A systematic literature review. Journal of biomedical informatics, [Online].

46(3), 541- 562.

[24] Anwar, M., Joshi, J., & Tan, J. (2015). Anytime, anywhere access to secure, privacy-aware healthcare

services: Issues, approaches and challenges. Health Policy and Technology, [Online]. 4(4), 299-311.

[25] Bhuyan, S., Kim, H., Isehunwa, O.O., Kumar, N., Bhatt, J., Wyant, D. K., Dasgupta, D. (2017). Privacy

and security issues in mobile health: current research and future directions. Health Policy and Technology.

[Online]. Available: http://www.sciencedirect.com/science/article/pii/S2211883717300047

[26] Camara, C., Peris-Lopez, P., &Tapiador, J. E. (2015). Security and privacy issues in implantable medical

devices: A comprehensive survey. Journal of biomedical informatics, [Online]. 55, 272-289.

[27] Al-Janabi, S., Al-Shourbaji, I., Shojafar, M., &Shamshirband, S. (2017). Survey of main challenges

(security and privacy) in wireless body area networks for healthcare applications. Egyptian Informatics

Journal, [Online]. 18(2), 113-122.

[28] Bahga, A., & Madisetti, V.K. (2013). A cloud-based approach for interoperable electronic health records

(EHRs). IEEE Journal of Biomedical and Health Informatics. [Online]. 17(5), 894-906.

[29] Hsieh, G., & Chen, R. J. (2012, Dec.). Design for a secure interoperable cloud-based Personal Health

Record service. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International

Conference on. [Online]. Available: http://ieeexplore.ieee.org/abstract/document/6427582/

[30] XML Signature Syntax and Processing (Second Edition), W3C Recommendation, 10 June 2008, Available:

http://www.w3.org/TR/xmldsig- core/.

[31] Rezaeibagha, F., & Mu, Y. (2016). Distributed clinical data sharing via dynamic access-control policy

transformation. International journal of medical informatics. [Online]. 89, 25-31.

[32] Premarathne, U., Abuadbba, A., Alabdulatif, A., Khalil, I., Tari, Z., Zomaya, A., &Buyya, R. (2016).

Hybrid cryptographic access control for cloud-based EHR systems. IEEE Cloud Computing. [Online]. 3(4),

58-64.

[33] Peleg, M., Beimel, D., Dori, D., & Denekamp, Y. (2008). Situation-based access control: Privacy

management via modeling of patient data access scenarios. Journal of biomedical informatics. [Online].

41(6), 1028-1040.

[34] Gajanayake, R., Iannella, R., & Sahama, T. (2014). Privacy oriented access control for electronic health

records. Electronic Journal of Health Informatics. [Online]. 8(2), 15.

[35] Lunardelli, A., Matteucci, I., Mori, P., & Petrocchi, M. (2013, June). A prototype for solving conflicts in

XACML-based e-Health policies. In Computer-Based Medical Systems (CBMS), 2013 IEEE 26th

International Symposium on. [Online]. Available: http://ieeexplore.ieee.org/abstract/document/6627838/

[36] Calvillo-Arbizu, J., Roman-Martinez, I., &Roa-Romero, L. M. (2014, June). Standardized access control

mechanisms for protecting ISO 13606- based electronic health record systems. In Biomedical and Health

Informatics (BHI), 2014 IEEE-EMBS International Conference on. [Online]. Available:

http://ieeexplore.ieee.org/abstract/document/6864421/

[37] Gope, P., & Amin, R. (2016). A novel reference security model with the situation based access policy for

accessing ephr data. Journal of medical systems, [Online]. 40(11), 242.

[38] Alshehri, S., Radziszowski, S. P., & Raj, R. K. (2012, April). Secure access for healthcare data in the cloud

using ciphertext-policy attributebased encryption. In Data Engineering Workshops (ICDEW), 2012 IEEE

28th International Conference on (pp. 143-146). IEEE. [Online].

[39] Yang, K., Liu, Z., Jia, X., & Shen, X. S. (2016). Time-domain attributebased access control for cloud-based

video content sharing: A cryptographic approach. IEEE Transactions on Multimedia, [Online] 18(5), 940-

950.

[40] Chen, Y.Y., Lu, J.C., & Jan, J. K. (2012). A secure EHR system based on hybrid clouds. Journal of

medical systems, [Online]. 36(5), 3375-3384.

[41] Mohandas, A. (2014, October). Privacy preserving content disclosure for enabling sharing of electronic

health records in cloud computing. In Proceedings of the 7th ACM India Computing Conference (p. 7).

ACM. [Online]. Available: https://dl.acm.org/citation.cfm?id=2675753

[42] Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., & Müller, G. (2011). Aspects of privacy for electronic

health records. International journal of medical informatics, [Online]. 80(2), e26-e31.

[43] Fong, P.W. (2011, February). Relationship-based access control: protection model and policy language. In

Proceedings of the first ACM conference on Data and application security and privacy (pp. 191-202).

ACM. [Online]. Available: https://dl.acm.org/citation.cfm?id=1943539

[44] Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health

records in cloud computing using attributebased encryption. IEEE transactions on parallel and distributed

systems, [Online]. 24(1), 131-143.

[45] Chen, Y.Y., Lu, J.C., & Jan, J.K. (2012). A secure EHR system based on hybrid clouds. Journal of medical

systems, [Online]. 36(5), 3375-3384.

[46] Abomhara, M., Yang, H., &Køien, G. M. (2016, October). Access control model for cooperative healthcare

environments: Modeling and verification. In Healthcare Informatics (ICHI), 2016 IEEE International

Conference on (pp. 46-54). IEEE. [Online].

[47] Sicuranza, M., & Esposito, A. (2013, December). An access control model for easy management of patient

privacy in EHR systems. In Internet Technology and Secured Transactions (ICITST), 2013 8th

International Conference for (pp. 463-470). IEEE. [Online].

[48] Oracle’s Java SE Development Kit 8, Available: http://docs.oracle.com/javase/8/docs/

[49] WSO2 Balana 1.0.0, 30 Jan. 2015, Available: http://xacmlinfo.org/category/balana/

[50] XML Security Library 1.2.24, 20 Apr. 2017, Available: https://www.aleksey.com/xmlsec/

[51] Libxml2 Library, Available: http://xmlsoft.org/downloads.html

[52] OpenSSL 1.1.0e Library, OpenSSL Software Foundation,16 Feb 2017, https://www.openssl.org

[53] Johnson, A. E., Pollard, T. J., Shen, L., Lehman, L. W. H., Feng, M., Ghassemi, M., & Mark, R. G. (2016).

MIMIC-III, a freely accessible critical care database. Scientific data, 3. Available: https://www.ncbi.nlm.

nih.gov/pmc/articles/PMC4878278/

[54] VistA Monograph (2012) [Online]. Available: www.va.gov/vista monograph

[55] Neubauer, T., &Heurix, J. (2011). A methodology for the pseudonymization of medical data. International

journal of medical informatics, [Online]. 80(3), 190-204.

[56] Sandıkkaya, M.T., De Decker, B., & Naessens, V. (2010, December). Privacy in commercial medical

storage systems. In International Conference on Electronic Healthcare (pp. 247-258). Springer, Berlin,

Heidelberg. [Online]. Available: https://link.springer.com/chapter/10.1007/978-3-642-23635-8_32

[57] Sharma, S., & Balasubramanian, V. (2014, November). A biometric based authentication and encryption

Framework for Sensor Health Data in Cloud. In Information Technology and Multimedia (ICIMU), 2014

Internatio nal Conference on (pp. 49-54). IEEE. [Online].

[58] Au, R., &Croll, P. (2008, January). Consumer-centric and privacy preserving identity management for

distributed e-health systems. In Hawaii International Conference on System Sciences, Proceedings of the

41st Annual (pp. 234-234). IEEE. [Online].

[59] Sandhu, R., Ferraiolo, D., & Kuhn, R. (2000, July). The NIST model for role-based access control: towards

a unified standard. In ACM workshop on Role-based access control. [Online]. Available:

http://csrc.nist.gov/staff/Kuhn/towards-std.pdf

[60] S. Zeadally and M. Badra, Eds., Privacy in a Digital, Networked World: Technologies, Implications and

Solutions. London, U.K.: Springer, Oct. 2015. [Online]. Available: https://link.springer.com/ content/

pdf/10.1007/978-3-319-08470-1.pdf

[61] Sahai, A., & Waters, B. (2005, May). Fuzzy identity-based encryption. In Eurocrypt. [Online]. 3494, 457-

473.

[62] Wang, C., Liu, X., & Li, W. (2013). Design and implementation of a secure cloud-based personal health

record system using ciphertext-policy attribute-based encryption. International Journal of Intelligent

Information and Database Systems, [Online]. 7(5), 389-399.

[63] Lin, H., Shao, J., Zhang, C., & Fang, Y. (2013). CAM: cloud-assisted privacy preserving mobile health

monitoring. IEEE Transactions on Information Forensics and Security, [Online]. 8(6), 985-997.

[64] Lakshmi, R.N., Laavanya, R., Meenakshi, M., & Dhas, C.S.G. (2015). Analysis of Attribute Based

Encryption Schemes. International Journal of Computer Science and Engineering, [Online]. 3(3), 1076-

1081.

[65] Kaur, R., & Kaur, A. (2012, September). Digital signature. In Computing Sciences (ICCS), 2012

International Conference on (pp. 295-301). IEEE. [Online]. A

[66] Rajendran T et al. “Recent Innovations in Soft Computing Applications”, Current Signal Transduction

Therapy. Vol. 14, No. 2, pp. 129 – 130, 2019.

[67] Emayavaramban G et al. “Indentifying User Suitability in sEMG based Hand Prosthesis for using Neural

Networks”, Current Signal Transduction Therapy. Vol. 14, No. 2, pp. 158 – 164, 2019.

[68] Rajendran T & Sridhar KP. “Epileptic seizure classification using feed forward neural network based on

parametric features”. International Journal of Pharmaceutical Research. 10(4): 189-196, 2018.

[69] Hariraj V et al. “Fuzzy multi-layer SVM classification of breast cancer mammogram images”,

International Journal of Mechanical Engineering and Technology, Vol. 9, No.8, pp. 1281-1299, 2018.

[70] Muthu F et al. “Design of CMOS 8-bit parallel adder energy efficient structure using SR-CPL logic style”.

Pakistan Journal of Biotechnology. Vol. 14, No. Special Issue II, pp. 257-260, 2017.

[71] Keerthivasan S et al. “Design of low intricate 10-bit current steering digital to analog converter circuitry

using full swing GDI”. Pakistan Journal of Biotechnology. Vol. 14, No. Special Issue II, pp. 204-208,

2017.

[72] Vijayakumar P et al. “Efficient implementation of decoder using modified soft decoding algorithm in

Golay (24, 12) code”. Pakistan Journal of Biotechnology. Vol. 14, No. Special Issue II, pp. 200-203, 2017.

[73] Rajendran T et al. “Performance analysis of fuzzy multilayer support vector machine for epileptic seizure

disorder classification using auto regression features”. Open Biomedical Engineering Journal. Vol. 13, pp. 103-113, 2019.

[74] Rajendran T et al. “Advanced algorithms for medical image processing”. Open Biomedical Engineering Journal, Vol. 13, 102, 2019.

[75] Anitha T et al. “Brain-computer interface for persons with motor disabilities - A review”. Open Biomedical Engineering Journal, Vol. 13, pp. 127-133, 2019.

[76] Yuvaraj P et al. “Design of 4-bit multiplexer using sub-threshold adiabatic logic (stal)”. Pakistan Journal of Biotechnology. Vol. 14, No. Special Issue II, pp. 261-264, 2017.