CFP last date
15 May 2024
Reseach Article

A Criticism of the Current Security, Privacy and Accountability Issues in Electronic Health Records

by Adebayo Omotosho, Justice Emuoyibofarhe
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 7 - Number 8
Year of Publication: 2014
Authors: Adebayo Omotosho, Justice Emuoyibofarhe

Adebayo Omotosho, Justice Emuoyibofarhe . A Criticism of the Current Security, Privacy and Accountability Issues in Electronic Health Records. International Journal of Applied Information Systems. 7, 8 ( September 2014), 11-18. DOI=10.5120/ijais14-451225

@article{ 10.5120/ijais14-451225,
author = { Adebayo Omotosho, Justice Emuoyibofarhe },
title = { A Criticism of the Current Security, Privacy and Accountability Issues in Electronic Health Records },
journal = { International Journal of Applied Information Systems },
issue_date = { September 2014 },
volume = { 7 },
number = { 8 },
month = { September },
year = { 2014 },
issn = { 2249-0868 },
pages = { 11-18 },
numpages = {9},
url = { },
doi = { 10.5120/ijais14-451225 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
%0 Journal Article
%1 2023-07-05T18:55:25.148325+05:30
%A Adebayo Omotosho
%A Justice Emuoyibofarhe
%T A Criticism of the Current Security, Privacy and Accountability Issues in Electronic Health Records
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 7
%N 8
%P 11-18
%D 2014
%I Foundation of Computer Science (FCS), NY, USA

Cryptography has been widely accepted for security and partly for privacy control as discovered from past works. However, many of these works did not provide a way to manage cryptographic keys effectively especially in EHR applications, as this is the Achilles heel of cryptographic techniques currently proposed. The issue of accountability for legitimate users also has not been so popular and only a few considered it in EHR. Unless a different approach is used, the reliant on cryptography and password or escrow based system for key management will impede trust of the system and hence its acceptability. Also users with right access should also be monitored without affecting the clinician workflow. This paper presents a detailed review of some selected recent approaches to ensuring security, privacy and accountability in EHR and gaps for future research were also identified.

  1. Alanazi, H. O. , Jalab, H. A, Alam, G. M, Zaidan, B. B. and Zaidan, A. A. (2010): Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. Journal of Medicinal Plants Research Vol. 4(19), pp. 2059-2074.
  2. Alhaqbani, B and Fidge, C. (2008) Access Control Requirements for Processing Electronic Health Records. BPM 2007 Workshops, LNCS 4928, pp. 371–382. Springer-Verlag Berlin Heidelberg.
  3. Al-Tarawneh M. S. , Khor L. C. , Woo W. L. , Dlay S. S. (2006). "Crypto key generation using contour graph algorithm", in Proceedings of the 24th IASTED international conference on Signal processing, pattern recognition, and applications (SPPRA'06) Anaheim, CA, USA, pp. 95-98.
  4. Asok, S. B, Karthigaikumar, P. , Sandhya R, Naveen J. K, Mangai, S. (2013). Iris Based Cryptography. International Journal of Advanced Research in Computer and Communication Engineering Vol. 2, Issue 2. Pp 1310 - 1313
  5. Bell, E. T. (2006). Medical Records: From Clipboard To Point-and-Click, The Institute.
  6. Benaloh, J. (2009). Key compression and its application to digital fingerprinting. Technical Report Technical Report, Microsoft Research.
  7. Benaloh, J. , Chase, M. , Horvitz, E. , Lauter, K. (2009) Patient controlled encryption:ensuring privacy of electronic medical records. Proceedings of the 2009 ACM workshop on Cloud computing security, New York, NY, USA, pp. 103 - 114, CCSW '09, ACM.
  8. Bowen, B. M. , Hershkop, S. , Keromytis, A. ,D. , Stolfo, S. J (2009) Baiting inside attackers using decoy documents. In Proceedings of the 5th international ICST conference on security and privacy in communication networks (SecureComm 2009), Athens.
  9. Brands S. (2003). Privacy and Security in Electronic Health. Available at www. credentica. com/ehealth. pdf? (Accessed 9/03/2013)
  10. Cavoukian, A. , Stoianov, A. (2007): Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security and Privacy. Information and privacy commission of Ontario. Canada. http://www. ipc. on. ca/images/Resources/up-1bio_encryp. pdf.
  11. Chhanabhai, P. , Holt, A. (2007): Consumers are Ready to Accept the Transition to Online and Electronic Records if They can be Assured of the Security Measures. Medscape General Medicine 9(1):8
  12. Curtmola R. , Garay A. , J, Kamara, S. , and Ostrovsky, R. ( 2006). Searchable symmetric encryption: Improved definitions and efficient constructions. In ACM Conference on Computer and Communications Security. ACM, New York. pp 79 - 88.
  13. Daglish, D. , Norm, A. (2009): Electronic Personal Health Record Systems: A Brief Review of Privacy, Security, and Architectural Issues. 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, pp. 110 – 120.
  14. Darnasser, M. (2013) Toward privacy-preserving emergency access in EHR systems with data auditing. Thesis. Rochester Institute of Technology.
  15. Davida G. I. , Frankel Y. , and Matt B. J. (1998). On enabling secure applications through off-line biometric identification. In Proc. of the IEEE 1998 Symp. on Security and Privacy, pp. 148–157, Oakland, Ca.
  16. Dharanya, S. , Indira priyadharshini, D. , Blessy, S. (2013). Achieving Secure Personal Health Records Using Multiple-Authority Attribute Based Encryption. IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1. pp 1 – 5.
  17. Díaz-Palacios,J. R,Romo-Aledo,V. J, Chinaei,A. H. (2012). Biometric Access Control for e-Health Records in Pre-hospital Care. ACM EDBT/ICDT '13, March 18 - 22 2013, Genoa, Italy.
  18. di Vimercati S, C. , Foresti, S. , Jajodia S. , Paraboschi, S. , Samarati, P. (2007). Overencryption: Management of Access Control Evolution on Outsourced Data. Proc. 33rd International Conf. on Very Large Data Bases (VLDB '07), Vienna, Austria, September 23-28. pp 123-134.
  19. Dong, J and Tan, T. (2008) Security Enhancement of Biometrics, Cryptography and Data Hiding by Their Combinations. 5th International Conference on Visual Information Engineering (VIE 2008). Xian China. July 29 - Aug. 1. Pp 239 – 244.
  20. Evered M. and Bögeholz S. (2004). A Case Study in Access Control Requirements for a Health Information System, Proc. Australasian Information Security Workshop, (AISW 2004), Conferences in Research and Practice in Information Technology, Vol. 32, Dunedin, New Zealand.
  21. Fairhurst, M. , Hoque, S. , Howells, G. , Deravi, F. (2005). Evaluating Biometric Encryption Key Generation. In Proceedings of The Third COST 275 Workshop: Biometrics on the Internet. University of Hertfordshire, UK 27-28 October 2005. Pp 93 – 96.
  22. Geetika and Kaur, M. (2013). Fuzzy Vault with Iris and Retina: A Review. International Journal of Advanced Research in Computer Science and Software Engineering. Volume 3, Issue 4. Pp 294 – 297.
  23. Hao, F. , Anderson, R. , and Daugman, J. (2006). Combining Cryptography with Biometrics Effectively," IEEE Transactions on Computers, vol. 55, no. 9, pp. 1081- 1088.
  24. Ilioudis, C. and Pangalos, G. (2001). Security issues for Web based Electronic Health Care Record?, Third European Conference on Electronic Health Records (EuroRec?99), Seville, Spain.
  25. Juels A. , Sudan, M. (2002): A Fuzzy Vault Scheme, Proc. of IEEE International Symposium on Information Theory, Lausanne, Switzerland pp. 408
  26. Juels, A. and Wattenberg, M. (1999). A Fuzzy Commitment Scheme, Proceedings of Sixth ACM Conference on Computer and Communications Security, Singapore, November 1999, pp. 28–36.
  27. Li. , M, Yu, S. , Zheng, Y. , Ren, K. , Lou, W. (2012) Scalable and Secuomputing using Attribute-based Encryption. IEEE transactions on parallel and distributed systems vol. 24, no. 1, pp 131 – 143.
  28. Riedl, B. , Grascher,V. , Neubauer,T. (2008). A Secure e-Health Architecture based on the Appliance of Pseudonymization. In journal of software, vol. 3, no. 2, pp 23 - 32
  29. Mashima, D. , Ahamad, M. (2012). Enhancing Accountability of Electronic Health Record Usage via Patient-centric Monitoring. Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium ACM IHI'12, January 28–30, 2012, Miami, Florida, USA. Pp 409 – 418
  30. Meenakshi, V. S. , Padmavathi, G. (2010). Securing Revocable Iris and Retinal Templates using Combined User and Soft Biometric based Password Hardened Multimodal Fuzzy Vault. IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 5. Pp 159 - 167
  31. Meingast, M. , Roosta, T. , Sastry, S. (2006). Security and Privacy Issues with Health Care Information Technology. Proceedings of the 28th IEEE EMBS Annual International Conference, New York City , USA, August 30- September 3. Pp 5453 – 5457
  32. Moore, A. P. , Cappelli, D. M. , Trzeciak, R. F. (2008). "The 'Big Picture' of Insider IT Sabotage Across U. S. Critical Infrastructures," in Insider Attack and Cyber Security: Beyond the Hacker, eds. Stolfo, S. J. , et. al. , Springer Science + Business Media, LLC, 2008. Also published in SEI Technical Report - CMU/SEI-2008-TR-009. htp://www. cert. org/archive/pdf/08tr009. pdf (Accessed 05/05/2013)
  33. Nandakumar, K,, Jain, A. K, Pankanti, S. (2007). Fingerprint-Based Fuzzy Vault: Implementation and Performance. IEEE transactions on Information Forensics and Security, vol. 2, issue: 4. Pp 744 – 757.
  34. Nandakumar, K. , Jain, A. , K. (2008). Multibiometric Template Security Using Fuzzy Vault. 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS 2008). Sept 29 – Oct 1. Arlington, VA. Pp 1 – 6.
  35. Noor, S. , Mahmood, S. , Khan, K. (2012). Reluctance of US Doctors in Adopting EHR Technology. Global Journal of Management and Business Research Volume 12. Issue 23. Pp 18 – 22.
  36. Petkovi?, M. , Ibraimi, L. (2013). Privacy and Security in e-Health Applications. Ch 58, pp 1141. IGI Global. www. igi-global. com/chapter/privacy-security-health-applications/73884 (Accessed 29/08/2014)
  37. Pope, J. (2006). "Implementing EHRs requires a shift in thinking. PHRs–the building blocks of EHRs– may be the quickest path to the fulfillment of disease management. " Health Management Technology, vol. 27(6), p. 24.
  38. Rogerson, S . (2000). Electronic Patient Records. The Institute for the Management of Information Systems IMIS Journal. Vol 10, no 5, pp 1 - 5.
  39. Schneier, B. (1999). Biometrics: Uses and Abuses. Inside Risks 110, Communications of the ACM, vol. , 42, no 8, pp 1. www. schneier. com/essay-019. html (Accessed 29/08/2014)
  40. Sowkarthika. S , Radha. N. (2012). Securing Iris Templates using Double Encryption Method. International Journal of Advanced Research in Computer Science and Software Engineering. Volume 2, Issue 11. Pp 259 – 264
  41. Sun, J. , Zhu, X. , Zhang, C, Fang, Y. (2011). HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare. IEEE 31st International Conference on Distributed Computing Systems (ICDCS), Minneapolis, MN, pp373 – 382
  42. Uludag, U. , Pankanti, S. , Prabhakar, S. , and Jain, A. K. . (2004). Biometric cryptosystems: issues and challenges," Proceedings of the IEEE, vol. 92, no. 6, pp. 948 – 960.
  43. Uludag, U. (2006). Secure biometric systems. Ph. D. Dissertation, Michigan State University, http://biometrics. cse. msu. edu/Publications/Thesis/UmutUludag_SecureBSecureBio_PhD06. pdf ( Accessed 03/04/2013).
  44. Uludag, U. , Jain, A. K. (2006). Securing Fingerprint Template: Fuzzy Vault with Helper Data, Proceedings of CVPR Workshop on Privacy Research In Vision, New York. p. 163
  45. Venckauskas, A, Morkevicius, N, Kulikauskas, K. (2012). Study of Finger Vein Authentication Algorithms for Physical Access Control. Electronics and Electrical Engineering, No. 5(121). – pp. 101–104.
  46. Venckauskas, A and Nanevicius, P. (2013). Cryptographic Key Generation from Finger Vein. International Journal of Engineering Sciences and Research Technology. 2(4), pp 733 – 738
  47. Reddy, E. S. , Babu, I. R. (2008). Performance of Iris Based Hard Fuzzy Vault. International Journal of Computer Science and Network Security IJCSNS, vol. 8 No. 1. pp 297 – 304.
  48. Finkle, J and Humer, C. (2014). Community Health says data stolen in cyber attack from China. Available at http://www. reuters. com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818 (Accessed 19/08/2014)
Index Terms

Computer Science
Information Sciences


EHR Privacy Security Accountability Bio cryptography.