The potential benefits from electronic medical records (EMRs), including lab tests, images, diagnoses, prescriptions, and medical histories are without precedent. Patients and insurers can avoid repeating studies that, for example, expose people to additional radiation and incur unnecessary costs. Providers can instantly access patient histories , and patients can take ownership of their medical records, with the potential for greater privacy, and better access to their records when they are needed. However, while the promises of EMRs are many, moving from paper-based systems to electronic ones is not without risk. For example, it is a lot easier for an attacker to sneak out of a hospital (or data center) with a USB stick in their pocket containing 8,000 patient records, than with the equivalent paper records. Moving electronic records online makes them particularly vulnerable to Internet-based attacks. These threats are getting worse, as attacks grow in sophistication. This project will focus on developing new security technologies to enable deployment of secure EMRs by utilizing new cryptographic techniques and building a pilot system to deploy within a major hospital. The pilot will enable storage of protected records across a distributed environment that includes untrusted outsourced databases and mobile devices. Patients will be able to interface with Public Healthcare Record (PHR) systems such as Google Health and Microsoft Health Vault or other cloud services. The project includes developing a key management scheme that is able to support the unique requirements of this model and algorithms, including auditing, key revocation, and traitor tracing.
