Secure Multi-Party Delegated Authorisation For Access and Sharing of Electronic Health Records

TL;DR

This paper introduces a secure, efficient protocol for pre-delegating access authorization to multiple parties for electronic health records, enabling medical access when patients are unavailable, by combining self-sovereign identity and multi-party computation.

Contribution

It presents a novel protocol that enhances security and efficiency in delegated EHR access, addressing the challenge of patient unavailability during emergencies.

Findings

Increased protocol efficiency and verification speed.

Ensured security and privacy of patient data.

Supported multi-party delegated access in emergencies.

Abstract

Timely sharing of electronic health records (EHR) across providers is essential and significance in facilitating medical researches and prompt patients' care. With sharing, it is crucial that patients can control who can access their data and when, and guarantee the security and privacy of their data. In current literature, various system models, cryptographic techniques and access control mechanisms are proposed which requires patient's consent before sharing. However, they mostly focus on patient is available to authorize the access of the EHR upon requested. This is impractical given that the patient may not always be in a good state to provide this authorization, eg, being unconscious and requires immediate medical attention. To address this gap, this paper proposes an efficient and secure protocol for the pre-delegation of authorization to multi-party for the access of the EHR when patient is unavailable to do so. The solution adopts a novel approach to combine self-sovereign identity concepts and framework with secure multi-party computation to enable secure identity and authorization verification. Theoretical analysis showed that it increased the efficiency of the protocol and verification processes to ensure the security and privacy of patient's data.