Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud
This addresses privacy and control issues for patients in healthcare by offering a novel approach to PHR management, though it appears incremental in improving existing systems.
The paper tackled the challenge of secure and privacy-preserving management of Personal Health Records (PHRs) by introducing the Health Access Broker (HAB), a patient-controlled service that allows flexible storage without trusted components and uses auditing and intrusion-detection to ensure data security.
Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions.