An Access Control Framework for Protecting Personal Electronic Health Records

Abstract

The increasing expansion of wireless systems and the extensive popularity and usage of mobile devices such as mobile phones and wireless tablets represents a great opportunity to use mobile devices as widespread health data access tools. Unfortunately, some problems impeding the general acceptance of mhealth such as privacy protection, limitation of wireless networks and handheld devices are still common. Challenges such as unreliable data repositories and limited connection speeds in resource limited environments are also evident. The inadequate capabilities of hand-held devices and wireless systems make these Public Key Cryptography based frameworks unsuitable for mobile networks. Moreover, these protocols were designed to preserve customary flow of health data, which is vulnerable to attack and increase the user’s risk. This research drew its foundations from literature and theoretical review and used qualitative approaches. In this paper, the researchers build on existing concepts of Medical Information Systems and use of Symmetric Key Infrastructure to design a framework for secure access to personal electronic health records. The framework provides identity protection for a patient from all forms of unathorised data access. The framework not only reduces the computational operations between the engaging parties, but also achieves privacy protection for the user. Validation results from ICT experts demonstrate that the designed framework is applicable for secure access to personal medical health records in resource limited settings.