Title: Ensuring patients' privacy in a cryptographic-based-electronic health records using bio-cryptography

Authors: Adebayo Omotosho; Justice Emuoyibofarhe; Christoph Meinel

Addresses: Department of Computer Science and Information Technology, Bells University of Technology, P.M.B 1015, Ota, Ogun State, Nigeria ' Department of Computer Science and Engineering, Ladoke Akintola University of Technology, P.M.B 4000, Ogbomoso, Oyo State, Nigeria ' Hasso Plattner Institute (HPI) for IT Systems Engineering, University of Potsdam, Potsdam, 14482, Germany

Abstract: Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patient's health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients' protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction.

Keywords: EHR; electronic health record; biometrics; cryptography; privacy; accountability.

DOI: 10.1504/IJEH.2017.085800

International Journal of Electronic Healthcare, 2017 Vol.9 No.4, pp.227 - 254

Received: 04 May 2016
Accepted: 04 Aug 2016
Published online: 14 Aug 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article