Research Summaries

Back Eager: Health Wave-Secure, Federated Protocols for Electronic Medical Records

Fiscal Year 2011
Division Graduate School of Operational & Information Sciences
Department Computer Science
Investigator(s) Peterson, Zachary N.
Sponsor National Science Foundation (NSF)
Summary We propose Health Wave, an experimental framework based on novel cryptographic techniques, providing a fully federated EMR system that supports ubiquitous and secure access to a patient's electronic medical record. Out proposed technologies will provide features not yet seen in existing EMR systems: authentic provenance data, transparent audits with strong attribution, correct and consistent records, ability to meet notions of "meaningful use" and extensible to support future data types and technologies. The HealthWave project extends current research on secure data models for electronic medical records, to the secure protocols used to manage those records: developing novel extensions for existing XML-based EMR standards, extending federation protocols to those models, and extending our earlier work on attribute-based encryption (ABE) in a medical context. We will leverage the existing synchronization capabilities of the Apache Wave protocol to develop novel, attribute-based cryptographic techniques to support strong attribution, provide an unforgettable audit train of modification, securely collect provenance data, provide fine-grained data protection and access control, and provide a consistent view of a patient's federated medical record. Our previous experience in building secure, regulatory complaint systems, indicate that these are ambitious goals, and cannot simply be achieved by applying known cryptographic schemes to exiting EMR standards or federation protocols. This work will require modifying and implementing cryptographic constructs that, to date, have largely been theoretical. It will also likely require inventing new ones when necessary, so that these solutions can be used in a real system. Protocols and data formats will need to be improved to support the metadata and cryptographic material necessary to facilitate the confidentiality, integrity and provenance we require.
Keywords Electronic Medical Record Security
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal