Secure Multi-Party Delegated Authorisation For Access and Sharing of Electronic Health Records (2203.12837v1)

Abstract: Timely sharing of electronic health records (EHR) across providers is essential and significance in facilitating medical researches and prompt patients' care. With sharing, it is crucial that patients can control who can access their data and when, and guarantee the security and privacy of their data. In current literature, various system models, cryptographic techniques and access control mechanisms are proposed which requires patient's consent before sharing. However, they mostly focus on patient is available to authorize the access of the EHR upon requested. This is impractical given that the patient may not always be in a good state to provide this authorization, eg, being unconscious and requires immediate medical attention. To address this gap, this paper proposes an efficient and secure protocol for the pre-delegation of authorization to multi-party for the access of the EHR when patient is unavailable to do so. The solution adopts a novel approach to combine self-sovereign identity concepts and framework with secure multi-party computation to enable secure identity and authorization verification. Theoretical analysis showed that it increased the efficiency of the protocol and verification processes to ensure the security and privacy of patient's data.