Electronic health record (EHR) is a repository of a patient medical record stored in digital format. MR is accessible by different healthcare professionals, administrative staffs, patients, and their relatives. The key highlight of EHR is that it is possible to exchange health information of patients between different healthcare providers. This MR property supports patients with efficient and high -quality healthcare delivery. MR has several advantages in improving efficiency, lowering costs, and medical errors. Usually, MR is outsourced to the third party such as cloud or fog. These third party service providers facilitate unlimited resources for storage and computing. This information technology infrastructure enables the medical record of a person to be stored in one place is accessed from any part of the world. Despite EBR's numerous advantages, it poses many security issues because EHR is exposed to third -party service providers and users of different kinds. Infringement of data privacy, data integrity, and user privacy are the main security issues. Researchers have come up with many ideas since 1982 to improve EHR's security. Then they concluded that these breaches of security might be confined by encrypting EHR before being out sourced to the third party. Researchers have used different encryption techniques to encrypt EHR, such as symmetric key encryption, public key encryption, and identity based encryption. All of the above techniques of encryption fall with their common disadvantages. Currently, researchers apply attribute -based encryption (ABE) in EHR because it provides additional security requirement of fl exibility and control unauthorized access. The ABE scheme allows the MR owner to choose authorized users to access various parts of the MR, and the MR owner can enforce write access control and read user access control policies. Multiauthority ABE is developed to provide efficient key management and to avoid key escrow. Authentication of users can also maintain EHR's privacy and security. We discuss existing encryption techniques and authentication techniques in this chapter to maintain the privacy and security of EHR being outsourced to the third party. In addition, the advantage of enabling blockchain technology is also discussed in securing EHR

Chapter Contents:

• 7.1 Introduction
• 7.1.1 Contributions
• 7.1.2 Organizations
• 7.2 Existing technology
• 7.2.1 Cloud computing
• 7.2.2 Fog computing
• 7.3 Security requirement for EHR
• 7.3.1 Data integrity
• 7.3.2 Interoperability
• 7.3.3 Data privacy
• 7.3.4 Fine-grained access control
• 7.3.5 Availability
• 7.3.6 User privacy
• 7.3.7 Scalability
• 7.3.8 User revocation
• 7.4 Attacks over EHR
• 7.4.1 Destruction and modification
• 7.4.2 Denial of service
• 7.4.3 Disclosure
• 7.4.4 Repudiation
• 7.4.5 Masquerading
• 7.4.6 Insider attack
• 7.4.7 Spoofing attack
• 7.5 Maintaining security and privacy of EHR in existing technologies
• 7.5.1 Symmetric key encryption
• 7.5.2 Public key encryption
• 7.5.3 Identity-based encryption
• 7.5.4 Attribute-based encryption
• 7.5.5 Multiauthority attribute-based encryption
• 7.5.6 Hierarchical attribute-based encryption
• 7.5.7 Attribute set based encryption
• 7.5.8 Hierarchical attribute set based encryption
• 7.5.9 Comparison of various encryption techniques
• 7.5.10 Various authentication schemes
• 7.5.10.1 Digital signature schemes
• 7.5.10.2 Username/password
• 7.5.10.3 Password/PIN
• 7.5.10.4 Login/password with digital certificate
• 7.5.10.5 Credential system
• 7.5.10.6 Smart card based authentication schemes
• 7.5.10.7 Biometric-based authentication
• 7.5.10.8 Comparison of various authentication schemes
• 7.6 A recent development to maintain privacy and security of EHR
• 7.6.1 Blockchain technology
• 7.6.2 Advantages of blockchain over EHR
• 7.6.3 Comparison of cloud computing and blockchain
• 7.7 Conclusion
• References

Inspec keywords: authorisation; electronic health records; data privacy; cryptography

Other keywords: hird party service providers; public key encryption; multiauthority ABE; data privacy; identity based encryption; encryption techniques; patient medical record; healthcare delivery; electronic health record; access control policies; attribute -based encryption; user privacy; data integrity; symmetric key encryption; EHR

Subjects: Medical administration; Data security