Skip to main content

Advertisement

Log in

Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Abbreviations

EMR:

Electronic medical record

PKI:

Public key infrastructure

Tpass:

Temporary password

IEm:

Inside encrypted message

Cpass:

Customized password

OEm:

Outside encrypted message

Spub:

Server public key

References

  1. Simon, S. R., Evans, J. S., Benjamin, A., Delano, D., and Bates, D. W., Patients’ attitudes toward electronic health information exchange: Qualitative study. J. Med. Internet. Res. 11(3):e30, 2009.

    Article  Google Scholar 

  2. Horan, T. A., Botts, N. E., and Burkhard, R. J., A multidimensional view of personal health systems for underserved populations. J. Med. Internet. Res. 12(3):e32, 2010.

    Article  Google Scholar 

  3. Thompson, L. A., Black, E., Duff, W. P., Paradise Black, N., Saliba, H., and Dawson, K., Protected health information on social networking sites: Ethical and legal considerations. J. Med. Internet. Res. 13(1):954–957, 2011.

    Article  Google Scholar 

  4. Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74(2–4):279–287, 2005.

    Article  Google Scholar 

  5. Jarvis K, NTRU over the Eisenstein Integers. 2011. Carleton University. URL: http://www.ruor.uottawa.ca/en/handle/10393/19862 [accessed 2012-04-24]

  6. Stebila D, Mosca M, Lütkenhaus N. The case for quantum key distribution. Quantum Communication and Quantum Networking, 2010: 283–296. URL: http://arxiv.org/abs/0902.2839 [accessed 2012-04-25]

  7. Dick RS, Steen EB. The computer-based patient record: an essential technology for health care. 1991: Natl Academy Pr. URL: http://www.nap.edu/openbook.php?record_id=5306 [accessed 2012-04-27]

  8. Alanazi, H. O., Jalab, H. A., Alam, G. M., Zaidan, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res 4(19):2059–2074, 2010. http://www.academicjournals.org/jmpr/abstracts/abstracts/abstracts2010/4%20oct/Alanazi%20et%20al.htm [accessed 2012-05-25].

    Google Scholar 

  9. Brandner, R., Haak, V. D., Hartmann, M., Haux, R., and Schmucker, P., Electronic signature of medical documents—integration and evaluation of a public key infrastructure in hospitals. MethodsInf Med Methodik Inf Med 41(4):321–330, 2002.

    Google Scholar 

  10. Pharow, P., and Blobel, B., Security infrastructure services for electronic archives and electronic health records. Stud Health Technol Inf 103:434–440, 2004.

    Google Scholar 

  11. Beyer A, Hellmann S, Hesse M, Holl F, Morcinek P, Paulus S, Reimer H. Criteria for success of identification, authentication and signing methods based on asymmetric cryptographic algorithms (EKIAS) 2007. URL: http://www.security-management.de/de/publikationen/EKIAS-Studie_engl_Download.pdf [accessed 2012-05-24]

  12. Winslade, W. J., Confidentiality of medical records: An overview of concepts and legal policies. J. Legal Med. 3(4):497–533, 1982. 10.1080/01947648209513364 [accessed 2012-05-24].

    Article  Google Scholar 

  13. Judi, H. M., Razak, A. A., Sha’ari, N., and Mohamed, H., Feasibility and critical success factors in implementing telemedicine. Inf. Technol. J. 8(3):326–32, 2009. http://scialert.net/fulltext/?doi=itj.2009.326.332 [accessed 2012-06-24].

    Article  Google Scholar 

  14. Bonander, J., and Gates, J., Public health in an era of personal health records: Opportunities for innovation and new partnerships. J. Med. Internet. Res. 12(3):e33, 2010.

    Article  Google Scholar 

  15. Gorini, A., Gaggioli, A., Vigna, C., and Riva, G., A second life for eHealth: Prospects for the use of 3-D virtual worlds in clinical psychology. J. Med. Internet. Res. 10(3):e21, 2008.

    Article  Google Scholar 

  16. Lin, C. F., Lu, M. S., Chung, C. C., and Ming, C., The establishment of an ethical guideline for genetic testing through citizen consensus via the internet in Taiwan. J. Med. Internet. Res. 12(4):e47, 2010.

    Article  Google Scholar 

  17. Riper, H., Andersson, G., Christensen, H., Cuijpers, P., Lange, A., and Eysenbach, G., Theme issue on e-mental health: A growing field in internet research. J. Med. Internet. Res. 12(5):e74, 2010.

    Article  Google Scholar 

  18. Weitzman, E. R., Kaci, L., and Mandl, K. D., Acceptability of a personally controlled health record in a community-based setting: Implications for policy and design. J. Med. Internet. Res. 11(2):e14, 2009.

    Article  Google Scholar 

  19. O’Grady, L., Witteman, H., Bender, J. L., Urowitz, S., Wiljer, D., and Jadad, A. R., Measuring the impact of a moving target: Towards a dynamic framework for evaluating collaborative adaptive interactive technologies. J. Med. Internet. Res. 11(2):e20, 2009.

    Article  Google Scholar 

  20. Fernandez-Luque, L., Karlsen, R., and Bonander, J., Review of extracting information from the social web for health personalization. J. Med. Internet. Res. 13(1):e15, 2011.

    Article  Google Scholar 

  21. Jones, R., Sharkey, S., Smithson, J., Ford, T., Emmens, T., Hewis, E., Sheaves, B., and Owens, C., Using metrics to describe the participative stances of members within discussion forums. J. Med. Internet. Res. 13(1):e3, 2011.

    Article  Google Scholar 

  22. Holländare, F., Andersson, G., and Engström, I., A comparison of psychometric properties between internet and paper versions of two depression instruments (BDI-II and MADRS-S) administered to clinic patients. J. Med. Internet. Res. 12(5):e49, 2010.

    Article  Google Scholar 

  23. Alanizi, H. O., Mat Kiah, M. L., Zaidan, A. A., Zaidan, B. B., and Alam, G. H., Secure topology for electronic medical record transmissions. Int. J. Pharmacol. 6(6):954–958, 2010. http://scialert.net/fulltext/?doi=ijp.2010.954.958&org=11 [accessed 2012-03-24].

    Article  Google Scholar 

  24. El Emam K, Jonker E, Sampson M, Krleza-Jeric K, Neisa A. The use of electronic data capture tools in clinical trials: Web-survey of 259 Canadian trials. Journal of medical Internet research, 2009. 11(1). [CrossRef]

  25. Wiljer, D., Urowitz, Apatu, E., Dellenardo, C., Eysenbach, G., Harth, T., Pai, H., and Leonard, K. J., Patient accessible electronic health records: Exploring recommendations for successful implementation strategies. J. Med. Internet. Res. 10(4):e34, 2008.

    Article  Google Scholar 

  26. Powell, J., Inglis, N., Ronnie, J., and Large, S., The characteristics and motivations of online health information seekers: Cross-sectional survey and qualitative interview study. J Med Internet Res 13(1):e20, 2011.

    Article  Google Scholar 

  27. Lindquist, A. M., Johansson, P. E., Petersson, G. I., Saveman, B. I., and Nilsson, G. C., The use of the personal digital assistant (PDA) among personnel and students in health care: A review. J Med Internet Res 10(4):e31, 2008.

    Article  Google Scholar 

  28. Brooks, R. G., and Menachemi, N., Physicians’ use of email with patients: Factors influencing electronic communication and adherence to best practices. J Med Internet Res 8(1):e2, 2006.

    Article  Google Scholar 

  29. Rind, D. M., Kohane, I. S., Szolovits, P., Safran, C., Chueh, H. C., and Barnett, G. O., Maintaining the confidentiality of medical records shared over the Internet and the World Wide Web. Ann. Intern. Med. 127(2):138–141, 1997.

    Article  Google Scholar 

  30. de Meyer, F., Lundgren, P. A., de Moor, G., Fiers, T., et al., Determination of user requirements for the secure communication of electronic medical record information. Int. J. Med. Inform. 49(1):125–130, 1998.

    Article  Google Scholar 

  31. Epstein, M. A., Pasieka, M. S., Lord, W. P., and Mankovich, N. J., Security for the digital information age of medicine: Issues, applications, and implementation. J. Digit. Imaging 11(1):33–44, 1998.

    Article  Google Scholar 

  32. O’Brien, D. G., and Yasnoff, W. A., Privacy, confidentiality, and security in information systems of state health agencies. Am. J. Prev. Med. 16(4):351–358, 1999.

    Article  Google Scholar 

  33. Anderson, J. G., Security of the distributed electronic patient record: A case-based approach to identifying policy issues. Int. J. Med. Inform. 60(2):111–118, 2000.

    Article  Google Scholar 

  34. Ferreira A, Correia R, Antunes L, Palhares E, Marques P, Costa P, Pereira ADC. Integrity for electronic patient record reports. 2004: IEEE. URL: http://www.computer.org/portal/web/csdl/abs/proceedings/cbms/2004/2104/00/21040004abs.htm [accessed 2012-05-22]

  35. Stepnowsky, C., Palau, J., Marler, M., and Gifford, A., Pilot randomized trial of the effect of wireless telemonitoring on compliance and treatment efficacy in obstructive sleep apnea. J Med Internet Res 9(2):e14, 2007.

    Google Scholar 

  36. El Emam, K., Moreau, K., and Jonker, E., How strong are passwords used to protect personal health information in clinical trials. J Med Internet Res 13(1):e18, 2011.

    Article  Google Scholar 

  37. Bonet M, Pitassi T, Raz R, No Feasible Interpolation for TC. 1997 URL: http://citeseerx.ist.psu.edu/viewdoc/summary;jsessionid=EF0B3B7D858A1C6E33FCB6C9EC634906?doi=10.1.1.36.1819 [accessed 2012-05-18]

  38. Kurosawa K, Okada K, Tsujii S. Low exponent attack against elliptic curve RSA. Advances in Cryptology—ASIACRYPT’94, 1994: p. 376–383 URL: http://www.iacr.org/cryptodb/data/paper.php?pubkey=293 [accessed 2012-04-18]

  39. Lei F, Chen W, Chen K. Improvement of Adaptive Threshold RSA. EC2ND 2005–2006, Section III:, 157–164, DOI: 10.1007/1-84628-352-3_16 URL: http://www.springerlink.com/content/v452076185267t28/ [accessed 2012-05-18]

  40. Saxena N. Public key cryptography sans certificates in ad hoc networks. Springer, 2006 URL: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.77.6956 [accessed 2012-05-06]

  41. kolodziejczyk L, Thapen N. The polynomial and linear hierarchies in models where the weak pigeonhole principle fails, 2006. URL: http://www.math.cas.cz/~thapen/lintime.pdf [accessed 2012-05-18]

  42. Guan D. Introduction to Security Proof of Cryptosystems. 2007 URL: http://guan.cse.nsysu.edu.tw/note/provable.pdf [accessed 2012-05-19]

  43. Tartary C. Authentication for Multicast Communication. Macquarie University, 2007. URL: http://itcs.tsinghua.edu.cn/~ctartary/Thesis_Christophe_Tartary.pdf [accessed 2012-05-22]

  44. Maitra S, Sarkar S. Revisiting Wiener’s attack–new weak keys in RSA. Information Security, 2008: p. 228–243. URL: http://www.iacr.org/cryptodb/data/paper.php?pubkey=17905 [accessed 2012-05-17]

  45. Schridde C, Smith M, Freisleben B. TrueIP: prevention of IP spoofing attacks using identity-based cryptography. 2009: ACM URL: http://arnetminer.org/publication/trueip-prevention-of-ip-spoofing-attacks-using-identity-based-cryptography-1264749.html [accessed 2012-05-16]

  46. Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76(5–6):442–448, 2007.

    Article  Google Scholar 

  47. Bos, J., Digital signatures and the electronic health records: Providing legal and security guarantees. Int. J. Biomed. Comput. 42(1–2):157–163, 1996.

    Article  Google Scholar 

  48. Blobel, B., and Roger-France, F., A systematic approach for analysis and design of secure health information systems. Int. J. Med. Inform. 62(1):51–78, 2001.

    Article  Google Scholar 

  49. Smith, J. P., Authentication of digital medical images with digital signature technology. Radiology 194(3):771–774, 1995.

    Article  Google Scholar 

  50. Janbandhu, P., and Siyal, M., Novel biometric digital signatures for Internet-based applications. Inf Manag Comput Secur 9(5):205–212, 2001. http://www.emeraldinsight.com/journals.htm?articleid=862802 [accessed 2012-05-16].

    Google Scholar 

  51. Gobi, M., and Vivekanandan, K., A new digital envelope approach for secure electronic medical records. IJCSNS 9(1):1, 2009. http://paper.ijcsns.org/07_book/200901/20090101.pdf [accessed 2012-05-25].

    Google Scholar 

  52. Cipresso, P., Gaggioli, A., Serino, S., Cipresso, S., and Riva, G., How to create memorizable and strong passwords. J Med Internet Res 14(1):e10, 2012. http://www.jmir.org/2012/1/e10/.

    Article  Google Scholar 

  53. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  54. Wu, Z. Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y.-F., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  55. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

  56. Lee, T.-F., and Liu, C.-M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 37(3):9933, 2013.

    Article  Google Scholar 

  57. He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  58. Das, A. K., and Goswami, A., A secure and efficient uniqueness and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  59. Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

    Article  Google Scholar 

  60. Ashok Kumar, D., Bezawada Bruhadeshwar, An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System. J. Med. Syst 37(4):1–17, 2013.

    Google Scholar 

  61. Kiah, M. L., Nabi, M. S., Zaidan, B. B., and Zaidan, A. A., An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1. J. Med. Syst. 37(5):1–18, 2013.

    Article  Google Scholar 

  62. Li, Y.-C., Hung, M.-C., Hsiao, S.-J., Tsai, K.-D., and Chang, M.-M., an assessment of patient safety in acupuncture process under EMR support. J. Med. Syst. 35(6):1447–1453, 2011. 1,789 KB.

    Article  Google Scholar 

  63. Ullah, S., and Alamri, A., A secure RFID-based WBAN for healthcare applications. J. Med. Syst. 37(5):1–9, 2013.

    Article  Google Scholar 

  64. Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–6, 2013.

    MATH  Google Scholar 

  65. Lee, T. F., An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 37(6):9985, 2013.

    Article  Google Scholar 

  66. Hsu, C.-L., Lee, M.-R., and Su, C.-H., The role of privacy protection in healthcare information systems adoption. J. Med. Syst. 37:9966, 2013.

    Article  Google Scholar 

  67. Zaidan, B. B., Zaidan, A. A., and Mat Kiah, M. L., Impact of data privacy and confidentiality on developing telemedicine applications: A review participates opinion and expert concerns. Int. J. Pharmacol. 7(3):382–387, 2011.

    Article  Google Scholar 

  68. Nabi, M. S. A., Mat Kiah, M. L., Zaidan, B. B., Zaidan, A. A., and Alam, G. M., Suitability of using SOAP protocol to secure electronicmedical record databases transmission. Int. J. Pharmacol. 6(6):959–964, 2010.

    Article  Google Scholar 

  69. Hamdan, O., Alanazi, H. A., Jalab, G. M., Alam, B. B., and Zaidan, A. A., Securing electronic medical records transmissionsover unsecured communications: An overview for bettermedical governance. J. Med. Plant Res. 4(19):2059–2074, 2010.

    Google Scholar 

  70. Kiah, M. L. M., Al-Bakri, S. H., Zaidan, A. A., Zaidan, B. B., and Hussain, M., Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture. J. Med. Syst. 38(10):1–11, 2014.

    Google Scholar 

  71. Kiah, M. L. M., Haiqi, A., Zaidan, B. B., and Zaidan, A. A., Open source EMR software: Profiling, insights and hands-on analysis. Computer methods and programs in biomedicine 117(Issue 2):360–382, 2014.

    Article  Google Scholar 

  72. Kiah, M. L. M., Zaidan, B. B., Zaidan, A. A., Nabi, M., and Ibraheem, R., MIRASS: medical informatics research activity support system using information mashup network. J. Med. Syst. 38(4):1–15, 2014.

    Article  Google Scholar 

  73. Mohamed S Nabi, ML Mat Kiah, A.A.Zaidan, B.B.Zaidan, Suitability of adopting S/MIME and OpenPGP email messages protocol to secure electronic medical records, Second International Conference on Future Generation Communication Technology (FGCT), 93–97, 2013

Download references

Acknowledgments

This research has been funded from University Malaya High Impact Research (HIR) Grant, under Grant No. UM.C/HIR/MOHE/FCSIT/12. The authors would like to acknowledge Universiti Pendidikan Sultan Idris and University Technology Malaysia for providing several researches facilities and important resources as well as for providing expert consultations to improve this work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to A. A. Zaidan.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Appendix

Appendix

Table 3 Critical reviews of secure EMRs

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alanazi, H.O., Zaidan, A.A., Zaidan, B.B. et al. Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing. J Med Syst 39, 165 (2015). https://doi.org/10.1007/s10916-014-0165-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0165-3

Keywords

Navigation