A Hybrid Approach Integrating Encryption and Pseudonymization for Protecting Electronic Health Records

J. Heurix, M. Karlinger, M. Schrefl, T. Neubauer
Karl11a (2011)
C. Baumgartner (Ed.): Proceedings of the Eighth IASTED International Conference on Biomedical Engineering (Biomed 2011), February 16-18, 2011, Innsbruck, Austria, ACTA Press, ISBN 978-0889868823, 2011.
Kopie  (Senden Sie ein Email mit  Karl11a  als Betreff an dke.win@jku.at um diese Kopie zu erhalten)


Federated Health Information Systems (FHIS) integrate autonomous information systems of participating health care providers to facilitate the exchange of Electronic Health Records (EHR), which improve the quality and efficiency of patients’ care. However, the main problem with collecting and maintaining the sensitive data in electronic form is the issue of preserving data confidentiality and patients’ privacy. Although multiple technical measures to restrict access to only authorized persons are implemented, they are usually aimed against external attackers. In this work, we propose to integrate pseudonymization and encryption to a hybrid approach which not only protects against external attackers, but also ensures that even potential internal attackers with full data access, like administrators, cannot gain any useful information.