Enhancing Transaction Security for Handling Accountability in Electronic Health Records
Table 1
Notations used in the proposed protocol.
Symbol
Definition
P
The subject and owner of the health records. A patient may have more than one PHR and EHR
C
Information consumer: an external entity that accesses PHRs, for example, a hospital, a lab, an emergency medical technician (EMT), or an insurance company
HCP
Healthcare professional: a hospital-based or clinical issuer of patient EHRs
Q
Any party that is involved in the transaction
V
Verifier, external third party
PID
Identity of the patient
CID
Identity of the information consumer
HCPID
Identity of healthcare professionals
Pri-Q
A private key of party Q, issued by a certificate authority
Pub-Q
A public key of party Q, issued by a certificate authority
T1, T2
Timestamps
h(M)
One-way hash function of message M
{M}Pub-Q
Message M encrypted with the public key of Q
{M}Pri-Q
Message M signed with the private key of Q
SK(A-B)
The session keys shared between party A and party B
ReqPHR
The request to use patient health records sent from the information consumer
PHR
Patients’ health information required by an involved party
Allow/NotAllow
The message status is sent from the patient to the healthcare professional to notify that the patient is allowed or not allowed to use the patient health records
