An attribute based access control scheme for secure sharing of electronic health records

Abstract

Electronic health records (EHRs) play a vital role in modern health industry, allowing the possibility of flexible sharing of health information in the quest of provisioning advanced and efficient healthcare services for the users. Although sharing of EHRs has significant benefits, given that such records contain lot of sensitive information, secure sharing of EHRs is of paramount importance. Thus, there is a need for the realization of sophisticated access control mechanisms for secure sharing of EHRs, which has attracted significant interest from the research community. The most prominent access control schemes for sharing of EHRs found in literature are role based and such solutions have the drawback of requiring the users to be registered in the system. Therefore, we propose a secure attribute based EHR sharing scheme using selective disclosure of attributes, which can meet the security requirements of EHRs. The proposed model is policy based and the access decisions are made based on the possibility of a user for being able to provide a proof that the user possesses a set of attributes that satisfies the access policy referenced to the access requested resource. Furthermore, the proposed model is capable of granting access for registered users in the system as well as unregistered but legitimate users, paving the way towards realizing a secure and flexible EHR sharing scheme.