A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations 針對 HIPAA 隱私 / 安全規則的一種密碼金鑰管理方法 IEEE Transactions on Information Technology.

Slides:

Advertisements

Similar presentations

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

Advertisements

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Rule Training

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Westbrook Technologies from Document Management’s Role in HIPAA.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

FIT3105 Smart card based authentication and identity management Lecture 4.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

HIPAA Health Insurance Portability & Accountability Act of 1996.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.

1 Three-Party Authenticated Key Agreements and Its Applications- PCSs Roaming Protocol 李添福 (Tian-Fu Lee) 國立成功大學資訊工程博士 Cryptography/ Network security/ Wireless.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Key Mangement Marjan Causevski Sanja Zakovska. Contents Introduction Key Management Improving Key Management End-To-End Scheme Vspace Scheme Conclusion.

Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

1 Embedding Compression in Chaos- Based Cryptography 嵌入壓縮功能到混亂加密法 IEEE Transactions on Circuits and Systems—II: Express Briefs, VOL. 55, NO. 11, NOV

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

1 Digitally Signed Document Sanitizing Scheme Based on Bilinear Maps Kunihiko Miyazaki, Goichiro Hanaoka, Hideki Imai ASIACCS’06, March 21–24, 2006, Taipei,

Chapter 4 Using Encryption in Cryptographic Protocols & Practices.

P2: Privacy-Preserving Communication and Precise Reward Architecture for V2G Networks in Smart Grid P2: Privacy-Preserving Communication and Precise Reward.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HIPAA Health Insurance Portability and Accountability Act of 1996.

Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

1 Commutative Encryption and Watermarking in Video Compression 交換式加密及浮水印法應用在視頻壓縮 IEEE Transactions on Circuits and Systems for Video Technology, VOL. 17,

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

The UVa Healthcare System Medical Privacy "Whatsoever things I see or hear concerning the life of men, in my attentance on the sick or even apart therefrom,

When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.

HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Advanced Science and Technology Letters Vol.40 (Healthcare and Nursing 2013), pp Requirement of Authentication.

1 Analysis of Fractional Window Recoding Methods and Their Application to Elliptic Curve Cryptosystems 片斷視窗編碼法的分析及應用到 ECC IEEE Transactions on Computers,

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

Sanitizable Signatures ESORICS 2005, LNCS 3679, pp. 159–177, Springer-Verlag Berlin Heidelberg 2005 Author: Giuseppe Ateniese, Daniel H. Chou, Breno.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

e-Health Platform End 2 End encryption

Efficient password authenticated key agreement using smart cards

Advanced Science and Technology Letters

Disability Services Agencies Briefing On HIPAA

The Secure Sockets Layer (SSL) Protocol

Privacy Protection for E-Health Systems by

Presentation transcript:

A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations 針對 HIPAA 隱私 / 安全規則的一種密碼金鑰管理方法 IEEE Transactions on Information Technology in Biomedicine, VOL. 12, NO. 1,January 2008 Author: Wei-Bin Lee, Chien-Ding Lee Adviser ：鄭錦楸教授 Reporter ：林彥宏 1

Outline Introduction Proposed Scheme Registration Phases Encryption Phases Decryption Phases Dissussion conclusions 2

Introduction Health Insurance Portability and Accountability Act(HIPAA) enacted by the United States Congress in 1996 improving healthcare quality indicate that patients’ privacy should be emphasized summarizes the status quo of developing the HIPAA in Taiwan HIPAA is a centralized framework of health information, it can facilitate people to understand about health information issues increases popular confidence in the confidentiality of health information internationalization is a tendency because of difference in history and condition, it is difficult for the HIPAA to directly satisfy different environments 3

Introduction crucial part of the HIPAA : Privacy Regulations address the patients’ rights to understand and control the use and disclosure of their protected health information (PHI) consent exceptions Security Regulations be distinguished by requirement standards and specifications on what to do and how to do it from different viewpoints to guard integrity, confidentiality, and availability of the health data 4

Introduction Key management solution is the key to accomplish events: Patient’s Understanding: Digital Signature Confidentiality: Encryption Patient’s Control: Knowledge of the Corresponding Key Data Integrity Consent Exception a patient must carry many keys while visiting different hospitals 5

Proposed Scheme server of the governmental healthcare office (SG) server of a healthcare provider (SH) the patient 6

7 Proposed Scheme Registration Phases: SG creates contract which consists of signed consent and patient data Step1: choose a random number Step2: compute as the patient’s master key Step3: sign the contract as and Step4: deliver a health data card with to the patient

8 Proposed Scheme confirm steps: Step1: verify whether Step2: computer Step3: computer Step4: check whether to ensure the content of the contract

9 Proposed Scheme Encryption Phases: Step1: computer the session key of the patient’s medical record with SH as Step2: encrypt PHI as

10 Proposed Scheme Decryption Phases: Consent Case: patient enter the PIN or biometric information to enable the card Step1: compute the session key for the and as Step2: decrypt the encrypted PHI as Step3: examine the integrity of the whole record by checking whether

Decryption Phases: Consent Exception Case: Step1: derive the random seed from as Step2: compute the master key as Step3: recover the healthcare provider’s session key as 11 Proposed Scheme

12 Dissussion key generation: key diversification provides a unique cryptographic key for each smart card efficient, secure, and flexible way to generate and manage keys key distribution: corresponding can be instantly obtained unnecessary complicated operations to generation key key storage: it’s infeasible to derive from without correct is infeasible =256bits, =320 bits, total is 72 bytes smart card is 8192 byte, is restricted =8120 bytes

13 Dissussion Computational Performance: only hash function employ, its computational load is low and need exponential computations and lead to time consuming precomputed technology encryption phase, and in consent exception, is time consuming

14 Dissussion Improved digital signature algorithm(DSA)

15 conclusions they proposed a cryptographic key management solution and complying with the HIPAA privacy/security regulations in their scheme, the privacy and data integrity of the patient are guaranteed the rights of the patient are controlled by the key usage they hope that the scheme can be modified to accommodate further changes in regulations