Secure EHR Sharing Scheme Based on Limited Sanitizable Signature

Many sanitizable signature schemes have been proposed to facilitate and secure the secondary use of medical data. These schemes allow a patient, authorized by the doctor, to modify and re-sign his/her electronic health record (EHR) to hide sensitive information and the new signature can be verified successfully. However, this may lead to fraud because patients may forge medical records for profit. To further standardize sanitization and reduce the sanitizers power, this paper proposes a new limited sanitizable signature scheme, which allows the signer to not only decide which message blocks can be modified but also determine the maximum of modifiable blocks and the expiration time for sanitization. We also propose a secure EHR sharing scheme suitable for medical scenarios based on the above limited sanitizable signature to realize privacy preserving medical data sharing. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be accepted.