Status : Verified
Personal Name Felizmenio, Edgardo Jr. P.
Resource Title Evaluating the viability of ciphertext-policy attribute-based encryption on service-oriented health information exchange systems
Date Issued 05 June 2018
Abstract A health information system (HIS) is computer program for automating healthcare-related tasks which may store personal information. Due to the increasing demand for data sharing between HIS, organizations implement a Health Information Exchange (HIE), which is a larger system for exchanging healthcare data among institutions, providers, and repositories. One approach in implementing HIEs is through the adoption of the Service-Oriented Architecture (SOA), a design paradigm which when followed, will provide several benefits such as increased return of investment, increased organizational agility, and reduced IT burden.

One implementation of a SOA-based HIE is the Open Health Information Exchange (OpenHIE). OpenHIE has been proven to work in several countries, however, several security features such as fine-grained access control, security levels in data, and consent management are not implemented. These features can be satisfied through the implementation of an authorization scheme using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). CP-ABE is a mechanism for hiding personal information by encrypting data using attributes such as administrative role, privileges, personal profile, etc.

This work evaluated the viability of CP-ABE as an authorization scheme for SOA-based HIEs such as OpenHIE. Results show that the adoption of CP-ABE will require alterations to the HIE processes that carry out healthcare-related tasks. The results also show that the adoption of CP-ABE will require additional resources to deploy the HIE. Resources include network bandwidth, storage space in servers, and number of machines/processors. More attributes and more users lead to more resources required to finish a transaction in the HIE.
Degree Course MS Computer Science
Language English
Keyword Health Information Exchange; Ciphertext-Policy Attribute Based Encryption; Service Oriented Architecture
Material Type Thesis/Dissertation