Patient-centric health data sovereignty: an approach using Proxy re-encryption

TL;DR

This paper proposes a patient-centric health data sharing platform utilizing Proxy Re-encryption to enhance data sovereignty, allowing patients to control access and revoke permissions, with an analysis of its performance impact.

Contribution

It introduces a novel approach combining Proxy Re-encryption with a trusted entity to enable secure, patient-controlled health data sharing and revocation capabilities.

Findings

The platform effectively enforces patient consent for data sharing.

Proxy Re-encryption introduces manageable performance overhead.

The approach enhances data sovereignty and control in health data management.

Abstract

The exponential growth in the digitisation of services implies the handling and storage of large volumes of data. Businesses and services see data sharing and crossing as an opportunity to improve and produce new business opportunities. The health sector is one area where this proves to be true, enabling better and more innovative treatments. Notwithstanding, this raises concerns regarding personal data being treated and processed. In this paper, we present a patient-centric platform for the secure sharing of health records by shifting the control over the data to the patient, therefore, providing a step further towards data sovereignty. Data sharing is performed only with the consent of the patient, allowing it to revoke access at any given time. Furthermore, we also provide a break-glass approach, resorting to Proxy Re-encryption (PRE) and the concept of a centralised trusted entity that possesses instant access to patients' medical records. Lastly, an analysis is made to assess the performance of the platform's key operations, and the impact that a PRE scheme has on those operations.