Consumer Oriented Privacy Preserving Access Control for Electronic Health Records in the Cloud

This paper addresses privacy issues in managing electronic health records by a third party cloud based service. Compared to traditional authentication-authorization mechanisms, the proposed approach minimizes the leakage of identity information of involved participants through unlinkability. Furthermore, it gives the ability to health record owners for making access control decisions. This solution employs an identity management scheme that enhances consumer privacy by preventing consumer profiling based on the credentials used to satisfy the service provider policies. The paper proposes a set of mechanisms to allow authenticated unlinkable access to electronic health records, while giving the record owners ability to make access control decisions. The security evaluation for accessing data in the cloud is detailed, and the implementation of the system is evaluated in this paper.