Privacy-Preserving Patient Identity Management Framework for Secure Healthcare Access

TL;DR

This paper introduces a privacy-preserving patient identity management framework that enhances healthcare data privacy while maintaining operational efficiency, using formal methods and simulation for validation.

Contribution

It proposes a novel patient-centric identity management framework with formal specification, privacy protections, and operational feasibility tailored for healthcare settings.

Findings

Framework ensures privacy through pseudonyms and traceability controls.

Formal verification confirms security and privacy properties.

Simulation shows the system operates within clinical latency requirements.

Abstract

Effective healthcare delivery depends on accurate longitudinal health records and addressing patients' concerns regarding the privacy of their information. While patient authentication is essential, reusing patient identifiers exposes individuals to linkability (associating multiple visits) and traceability (tying visits to real-world identities) risks. This paper presents a privacy-preserving, patient-centric identity management framework specifically tailored to the operational and regulatory requirements of healthcare. The framework balances operational reliability with strong privacy protections through a rooted trust anchor, anonymous pseudonyms, and a conditional traceability mechanism. It is formally specified, and its security and privacy properties are evaluated through MSRA-based architectural analysis and complementary formal verification. Simulation-based evaluation demonstrates that the framework's identity workflows are operationally feasible within the latency bounds typical of clinical environments.