Towards a viable and secure health information system - Part 4

This is the fourth of the series of blog posts that I have been writting on the subject, which was mainly inspired by the paper[1].

For the clarity and the ease of summarizing, let me include the following diagram which illustrates the overall picture on the security requirements of a health information system.

In my previous three posts in this series, I have discussed about Identity Management/Authentication, Authorization and Auditing. In this post, I am going to write about what role cryptographic techniques play in healthcare IS.

4. Cryptographic Techniques
Confidentiality, integrity and non-repudiation are key security requirements that should be met by any health information system. Encryption, digital signature are the de-facto mechanisms of achieving them. However, traditional encryption mechanisms have major limitations in accomplishing the goals of a distributed, country wide health information echo system.

Let me discuss this further adhering to my usual format: i.e discussing views from the paper[1] and me.

•  As in any security sensitive system, data both at rest and on the wire should be encrypted.
• Traditional public key cryptography has limitations to be used in a health information echo system because of the complexity in exchanging keys used to decrypt the EMRs, among the authorized principals who may come from around the country.
• Therefore, keys used to encrypt the data (we can call this cryptographic authorization as well) are not attached to individuals, but attached to role/identity attributes.
• If encrypted data is stored in one machine, the keys to decrypt should be obtained from  another service which is separately managed.
• The metadata related to EMR(which was discussed in detail in my second post) which contains information about access control to EMRs, should be digitally signed.
• Some of the metadata can be encrypted as well. Since the EMRs should be able to be searched from anywhere in the country, the keys to decrypt the metadata should be known to secure search engines but only the authorized personal should be able to decrypt the actual EMR data.

• The paper highlights the research problems motivated by the above requirements.
• Developing techniques to support flexible key management policies 
• Paper recommends using Attribute Based Encryption (ABE) for cryptographic access control and identifies research problems along that line as:

                  - Developing techniques to specify and enforce access control for EMRs based on ABE
                  - Developing key management solutions for ABE
                  - Provide cryptographic mechanisms to properly anonymize records as required by secondary use considerations such as research.

Here are some of my thoughts on the usage of cryptographic techniques in healthcare information systems

• As the paper suggests, Attribute Based Encryption(ABE) would provide a scalable solution for the cryptographic needs of a health information system and also a solution for the key management requirements.The post[2] describes ABE in detail, in summary what happens is:
  "The plaintext is encrypted with a set of attributes. The KGS(Key Generation Server), which possesses the master key, issues different private keys to users after authenticating the attributes they possess".

• The same post[2] describes two flavors of ABE which are Key Policy - Attribute Based Encryption and Ciphertext Policy Attribute Based Encryption. I believe the second one is more scalable since the keys are issued for the attributes that a principal possesses and whether the given cipher text can or can not be decrypted by that key is determined by the access policy enforced in the cipher text.

• In the paper[4], Akinyele et al. have implemented a solution for self protecting EMRs using Attribute Based Access Control. There, they have used a standard format (CCR) and an automated policy engine which assign a access policy for each record in patients' EMRs using which the records are encrypted with ABE.

• However, there is huge trust placed on Key Generation Server for correctly authenticating and validating the attributes that a user possesses before issuing keys. Therefore necessary actions should be taken in order to prevent it being a central point of failure.

• Performance should also be considered along with security. Public key cryptography is known to posses performance bottlenecks than symmetric key cryptography. However, symmetric key cryptography also has its own limitations. The thesis[3] introduces a symmetric cryptographic approach for key management known as Attribute Based Group Key Management.

Above are based on some of my readings about privacy preserving cryptographic techniques which can be used to accomplish the requirements of healthcare IT systems.

Another area related to the above discussion that I need to explore further is privacy preserving secure searching techniques to make the necessary EMRs available for the authorized physicians when they submit the search query from any location in the country.

References:
[1] A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report
[2] Attribute Based Encryption
[3] Privacy Preserving Access Control for Third Party Data Management Systems
[4] Self-Protecting Electronic Medical Records Using Attribute-Based Encryption