A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations

針對 HIPAA 隱私 / 安全規則的一種密碼金鑰管理方法

IEEE Transactions on Information Technology in Biomedicine, VOL. 12, NO. 1,January 2008

Author: Wei-Bin Lee, Chien-Ding Lee

Adviser ： 鄭錦楸 教授 Reporter ：林彥宏

1

Outline

IntroductionProposed Scheme

Registration PhasesEncryption PhasesDecryption Phases

Dissussionconclusions

2

Introduction

Health Insurance Portability and Accountability Act(HIPAA)

enacted by the United States Congress in 1996

improving healthcare quality

indicate that patients’ privacy should be emphasized

summarizes the status quo of developing the HIPAA in Taiwan

HIPAA is a centralized framework of health information, it can facilitate people to understand about health information issues

increases popular confidence in the confidentiality of health information

internationalization is a tendency

because of difference in history and condition, it is difficult for the HIPAA to directly satisfy different environments

3

Introduction

crucial part of the HIPAA :Privacy Regulations

address the patients’ rights to understand and control the use and disclosure of their protected health information (PHI)

consent exceptions

Security Regulationsbe distinguished by requirement standards and specifications on what to do and how to do it

from different viewpoints to guard integrity, confidentiality, and availability of the health data

4

Introduction

Key management solution is the key to accomplish events:Patient’s Understanding: Digital Signature

Confidentiality: Encryption

Patient’s Control: Knowledge of the Corresponding Key

Data Integrity

Consent Exception

a patient must carry many keys while visiting different hospitals

5

Proposed Scheme

server of the governmental healthcare office (SG)

server of a healthcare provider (SH)

the patient

6

1| whereprimes large are and p-qqp

)GF(in order with thegenerator a be pqg

pgyx x mod key public andkey secret theas choosesSG

KD

KE

h

K

K

key secret with thedecryption theis )(

key secret with theencryption theis )(

functionhash a is )(

7

Proposed Scheme

Registration Phases: SG creates contract which consists of signed consent and patient

dataStep1: choose a random number

Step2: compute as the patient’s master key

Step3: sign the contract as

and

Step4: deliver a health data card with to the patient

w

*qZk

h(w||k)Km w

q p) (gr k modmod

qxr) (h(w)ks - mod1

mw, r, s, K

8

Proposed Scheme

confirm steps:Step1: verify whether

Step2: computer

Step3: computer

Step4: check whether to ensure the content of the

contract

sr 0 and 0

q st - mod1

q p) )y((gr rth(w)t modmod

rr w

qp g q p) g(g xr)t(h(w)xrth(w)t mod) mod(modmod

9

Proposed Scheme

Encryption Phases:

Step1: computer the session key of the patient’s medical record with SH as

Step2: encrypt PHI as

parts remaining theis

ninformatiohealth theofpart PHI theis

R

M

SK

)||Hid)||snh(h(KK mS

patient theofn informatiohealth

entire in thepart unique andcation deidentifi :

provider healthcare theoftion identifica the:

sn

Hid

M

h(M||R)cs(M||cs)ECSK where,

10

Proposed Scheme

Decryption Phases:Consent Case:

patient enter the PIN or biometric information to enable the card

Step1: compute the session key for the and as

Step2: decrypt the encrypted PHI as

Step3: examine the integrity of the whole record by checking

whether

SK Hid sn

)||Hid)||snh(h(KK mS

C

(C)D)s||cMSK(

||R)Mh(sc

Decryption Phases:Consent Exception Case:

Step1: derive the random seed from as

Step2: compute the master key as

Step3: recover the healthcare provider’s session key as

11

Proposed Scheme

k w, r, s

q xrwhsk - mod))((1

mK

)(w||khKm

SK

))(( ||sn||HidKhhK mS

)mod))((()mod))((( q rwh- q rwhkk

xs-βk

qpgg

g

g

yr

qxrwhxsk

qxrwhkx

s

qpgr

qxrwhxsqwh

qxs-xr

qwh

qs-r

k

mod ) mod(

mod )))(((

mod ))((1

mod ) mod(

mod )))(( mod )(

mod

mod )(

mod

12

Dissussion

key generation:key diversification provides a unique cryptographic key for each smart card

efficient, secure, and flexible way to generate and manage keys

key distribution:corresponding can be instantly obtained

unnecessary complicated operations to generation key

key storage:it’s infeasible to derive from

without correct is infeasible

=256bits , =320 bits, total is 72 bytes

smart card is 8192 byte, is restricted 8192-72=8120 bytes

SK

q p gr k mod)mod(k

q xrwhsk - mod))((1 xmK r, s

w

13

Dissussion

Computational Performance: only hash function employ, its computational load is low

and need exponential computations and lead to time consuming

precomputed technology

encryption phase, and

in consent exception, is time consuming

h(w||k)Km

q p) (gr k modmod qxr) (h(w)ks - mod1

)||Hid)||snh(h(KK mS

h(M||R)cs(M||cs)ECSK ,

q xrwhsk - mod))((1

14

Dissussion

Improved digital signature algorithm(DSA)

q p ) y( gr

qsh(w) t

q xr)k( h(w)s

qxr) s( h(w)k

srt

-

modmod

mod

mod

mod1

15

conclusions

they proposed a cryptographic key management solution and complying with the HIPAA privacy/security regulations

in their scheme, the privacy and data integrity of the patient are guaranteed

the rights of the patient are controlled by the key usage

they hope that the scheme can be modified to accommodate further changes in regulations