earticle

영어

Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient’s health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. We propose a new column-level access control mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to reduce the number of keys held by each user in the system. Therefore, the number keys maintained by the data owner is also reduced. The experimental results show that our proposals can ensure system’s availability. So they are applicable in the real world.