Privacy Preservation for Outsourced Medical Data With Flexible Access Control

Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one's EMR if and only if his/her role satisfies the defined access policy. However, these existing schemes allow an adversary to link patients' identities to their doctors. Therefore, classifications of patients' diseases are leaked without adversaries actually seeing patients' EMRs. To address this problem, we present two anonymous schemes. They not only achieve data confidentiality but also realize anonymity for individuals. The first scheme achieves moderate security, where adversaries choose attack targets before obtaining information from the EMR system. The second scheme achieves full security, where adversaries adaptively choose attack targets after interaction with the EMR system. We provide rigorous proof showing the security and anonymity of our schemes. In addition, we propose an approach in which EMR owners can search for their EMRs in an anonymous system. For a better user experience, we apply the online/offine approach to speed up data processing. Experimental results show that the time complexity for key generation and EMR encapsulation can be reduced to milliseconds.