Gestão de Privacidade no Armazenamento de Dados do Paciente em Registros Médico-Hospitalares Eletrônicos
Resumo
O aumento constante do uso de registros eletrônicos para controle de usuários, possibilita observar que quaisquer dados, sejam gerais ou pessoais, interessam a alguém (incluindo adversários ou indivíduos mal-intencionados). É fundamental garantir a segurança e a privacidade de tais dados, desse modo os proprietários destas informações não serão prejudicados caso terceiros obtenham acesso aos seus dados pessoais. Para garantir isto, busca-se implementar um serviço de gerenciamento, através de métodos criptográficos, que cifram informações sensíveis e as tornem legíveis somente a quem tiver permissão para acessá-las. Assim, minimizando os riscos de uma possível obtenção por meio de ataques e/ou uso não autorizado destas informações por adversários.
Palavras-chave:
Segurança em redes
Referências
American Health Information Management Association (2018). Fundamentals for Building a Master Patient Index/Enterprise MasterPatient Index (Updated). Journal of AHIMA, pages 1–15.
Bost, R. and Fouque, P.-A. (2019). Security-efficiency tradeoffs in searchable encryption. Proceedings on Privacy Enhancing Technologies, 4:132–151.
Chen, L., Lee, W.-K., Chang, C.-C., Choo, K.-K. R., and Zhang, N. (2019). Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems, 95:420–429.
Chierichetti, F. and Kumar, R. (2015). Lsh-preserving functions and their applications. Journal of the ACM (JACM), 62(5):33.
Cormen, T., Leiserson, C., and Rivest, R. (2017). Algoritmos. Elsevier Brasil.
Curtmola, R., Garay, J., Kamara, S., and Ostrovsky, R. (2011). Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5):895–934.
European Union (2016). Regulation 2016/679 of the European parliament and the Council of the European Union. Official Journal of the European Communities, 2014(March 2014):1–88.
Gauravaram, P. (2012). Security analysis of salt—— password hashes. In 2012 International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 25–30. IEEE.
Kainda, R., Flechais, I., and Roscoe, A. (2010). Security and usability: Analysis and evaluation. In Availability, Reliability, and Security, 2010. ARES’10 International Conference on, pages 275–282. IEEE.
Kellaris, G., Kollios, G., Nissim, K., and O’Neill, A. (2017). Accessing data while preserving privacy. arXiv preprint arXiv:1706.01552.
Landry, J. P., Pardue, J. H., Johnsten, T., Campbell, M., and Patidar, P. (2011). A threat tree for health information security and privacy. In AMCIS.
Li, H., Yang, Y., Dai, Y., Bai, J., Yu, S., and Xiang, Y. (2017). Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data. IEEE Transactions on Cloud Computing.
Li, H., Zhu, L., Shen, M., Gao, F., Tao, X., and Liu, S. (2018). Blockchain-based data preservation system for medical data. Journal of medical systems, 42(8):141.
Ma, M., He, D., Khan, M. K., and Chen, J. (2018). Certificateless searchable public key encryption scheme for mobile healthcare system. Computers & Electrical Engineering, 65:413–424.
Patrı́cio, C. M., Maia, M. M., Machiavelli, J. L., and Navaes, M. d. A. (2011). O prontuário eletrônico do paciente no sistema de saúde brasileiro: uma realidade para os médicos? Scientia Medica, 21(3).
Rijmen, V. and Daemen, J. (2001). Advanced encryption standard. Proceedings of Federal Information Processing Standards Publications, National Institute of Standards and Technology, pages 19–22.
Schabetsberger, T., Wozak, F., Katt, B., Mair, R., Hirsch, B., Hörbst, A., et al. (2010).
Implementation of a secure and interoperable generic e-health infrastructure for shared electronic health records based on ihe integration profiles. In Medinfo, pages 889–893.
Senado Federal (2018). Lei Geral Brasileira de Proteção de Dados. PROJETO DE LEI DA CÂMARA No 53, DE 2018 (no 4.060/2012, na Câmara dos Deputados), pages 1–226.
Singh, G. (2013). A study of encryption algorithms (rsa, des, 3des and aes) for information security. International Journal of Computer Applications, 67(19).
Win, K. T. (2005). A review of security of electronic health records. Health Information Management, 34(1):13–18.
Zhang, R., Xue, R., and Liu, L. (2017). Searchable encryption for healthcare clouds: a survey. IEEE Transactions on Services Computing, 11(6):978–996.
Zhang, Y., Zheng, D., and Deng, R. H. (2018). Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal, 5(3):2130–2145.
Bost, R. and Fouque, P.-A. (2019). Security-efficiency tradeoffs in searchable encryption. Proceedings on Privacy Enhancing Technologies, 4:132–151.
Chen, L., Lee, W.-K., Chang, C.-C., Choo, K.-K. R., and Zhang, N. (2019). Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems, 95:420–429.
Chierichetti, F. and Kumar, R. (2015). Lsh-preserving functions and their applications. Journal of the ACM (JACM), 62(5):33.
Cormen, T., Leiserson, C., and Rivest, R. (2017). Algoritmos. Elsevier Brasil.
Curtmola, R., Garay, J., Kamara, S., and Ostrovsky, R. (2011). Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5):895–934.
European Union (2016). Regulation 2016/679 of the European parliament and the Council of the European Union. Official Journal of the European Communities, 2014(March 2014):1–88.
Gauravaram, P. (2012). Security analysis of salt—— password hashes. In 2012 International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 25–30. IEEE.
Kainda, R., Flechais, I., and Roscoe, A. (2010). Security and usability: Analysis and evaluation. In Availability, Reliability, and Security, 2010. ARES’10 International Conference on, pages 275–282. IEEE.
Kellaris, G., Kollios, G., Nissim, K., and O’Neill, A. (2017). Accessing data while preserving privacy. arXiv preprint arXiv:1706.01552.
Landry, J. P., Pardue, J. H., Johnsten, T., Campbell, M., and Patidar, P. (2011). A threat tree for health information security and privacy. In AMCIS.
Li, H., Yang, Y., Dai, Y., Bai, J., Yu, S., and Xiang, Y. (2017). Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data. IEEE Transactions on Cloud Computing.
Li, H., Zhu, L., Shen, M., Gao, F., Tao, X., and Liu, S. (2018). Blockchain-based data preservation system for medical data. Journal of medical systems, 42(8):141.
Ma, M., He, D., Khan, M. K., and Chen, J. (2018). Certificateless searchable public key encryption scheme for mobile healthcare system. Computers & Electrical Engineering, 65:413–424.
Patrı́cio, C. M., Maia, M. M., Machiavelli, J. L., and Navaes, M. d. A. (2011). O prontuário eletrônico do paciente no sistema de saúde brasileiro: uma realidade para os médicos? Scientia Medica, 21(3).
Rijmen, V. and Daemen, J. (2001). Advanced encryption standard. Proceedings of Federal Information Processing Standards Publications, National Institute of Standards and Technology, pages 19–22.
Schabetsberger, T., Wozak, F., Katt, B., Mair, R., Hirsch, B., Hörbst, A., et al. (2010).
Implementation of a secure and interoperable generic e-health infrastructure for shared electronic health records based on ihe integration profiles. In Medinfo, pages 889–893.
Senado Federal (2018). Lei Geral Brasileira de Proteção de Dados. PROJETO DE LEI DA CÂMARA No 53, DE 2018 (no 4.060/2012, na Câmara dos Deputados), pages 1–226.
Singh, G. (2013). A study of encryption algorithms (rsa, des, 3des and aes) for information security. International Journal of Computer Applications, 67(19).
Win, K. T. (2005). A review of security of electronic health records. Health Information Management, 34(1):13–18.
Zhang, R., Xue, R., and Liu, L. (2017). Searchable encryption for healthcare clouds: a survey. IEEE Transactions on Services Computing, 11(6):978–996.
Zhang, Y., Zheng, D., and Deng, R. H. (2018). Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal, 5(3):2130–2145.
Publicado
16/09/2019
Como Citar
DEMO, Fabio; PRIESNITZ FILHO, Walter.
Gestão de Privacidade no Armazenamento de Dados do Paciente em Registros Médico-Hospitalares Eletrônicos. In: ESCOLA REGIONAL DE REDES DE COMPUTADORES (ERRC), 17. , 2019, Alegrete.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 57-64.
DOI: https://doi.org/10.5753/errc.2019.9212.
