A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations

Research output: Contribution to journalArticlepeer-review

86 Citations (Scopus)

Abstract

The Health Insurance Portability and Accountability Act (HIPAA) has set privacy and security regulations for the US healthcare industry. HIPAA has also established principles for security standards that global e-health industry tends to follow. In this paper, a hybrid public key infrastructure solution (HPKI) is proposed to comply with the HIPAA regulations. The main contribution is the new e-health security architecture that is contract oriented instead of session oriented which exists in most literatures. The proposed HPKI has delegated the trust and security management to the medical service provider during the contract period, which is more realistic. It is much an analogy to existing paper based health care systems in terms of functional structure. The cryptographically strong PKI scheme is deployed for the mutual authentication and the distribution of sensitive yet computational non-intensive data while efficient symmetric cryptographic technology is used for the storage and transmission of high volume of medical data such as medical images. One advantage is that the proposed HPKI can be constructed from existing cryptographic technologies where various relevant security standards, tools and products are available. Discussion has been provided to illustrate how proposed schemes can address the HIPAA privacy and security regulations.

Original languageEnglish
Pages (from-to)274-280
Number of pages7
JournalComputer Standards and Interfaces
Volume32
Issue number5-6
DOIs
Publication statusPublished - 2010 Oct

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Law

Fingerprint Dive into the research topics of 'A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations'. Together they form a unique fingerprint.

Cite this