A Smart-Card-Enabled Privacy Preserving E-Prescription System

IEEE Transactions on Information Technology in Biomedicine

Volumn 8, Issue 1, 2004, Pages 47-58

  Yang, Yanjiang ^a   Han, Xiaoxi ^b   Bao, Feng ^a   Deng, Robert H ^a  

^a INSTITUTE FOR INFOCOMM RESEARCH   (Singapore)

^b INSTITUTE OF SOFTWARE   (China)

Author keywords

Anonymous; e prescription; Privacy; Pseudonym; Smart card

Indexed keywords

E-PRESCRIPTION; PRIVACY;

DIAGNOSIS; HEALTH CARE; INSURANCE; PATIENT MONITORING; SMART CARDS;

DATA PRIVACY;

ALGORITHM; ARTICLE; COMPUTER SECURITY; CONFIDENTIALITY; DATA BASE; EVALUATION; INFORMATION RETRIEVAL; INSTRUMENTATION; INTERNET; MANAGEMENT; MEDICAL RECORD; METHODOLOGY; PRESCRIPTION;

ALGORITHMS; COMPUTER SECURITY; CONFIDENTIALITY; DATABASE MANAGEMENT SYSTEMS; INFORMATION STORAGE AND RETRIEVAL; INTERNET; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENT IDENTIFICATION SYSTEMS; PRESCRIPTIONS, DRUG;

EID: 1842483150     PISSN: 10897771     EISSN: None     Source Type: Journal    
DOI: 10.1109/TITB.2004.824731     Document Type: Article

References (50)

1. C. Lambrinoudakis and S. Gritzalis, "Managing medical and insurance information through a smait-card-based information system," J. Med. Syst., vol. 24, no. 4, pp. 213-234, 2000.
2. J. L. Zoreda and J. M. Oton, Smart Cards. Norwood, MA: Artech House, 1994.
3. T. S. Chan, "Integrating smart card access to web-based medical information system," in Proc. ACM Symp. Applied Computing, 2003, pp. 246-250.
4. D. F. Linowes and R. C. Spencer. (1997) How empolyers handle employees' personal information. [Online]. Available: http://www.kentlaw.edu/ilw/erepj/ v1n1/lino-main.htm
5. N. Keene, W. Hobbie, and K. Ruccione, Childhood Cancer Survivors: A Practical Guide to Your Future: O'Reilly & Associates Inc., 2000.
6. R. Weiss, "Ignorance undercuts gene tests' potential," The Washington Post, p. A1, 2000.
7. National Standards to Protect the Privacy of Personal Health Information, Office for Civil Rights. (2001). [Online]. Available: http://www.hhs.gov/ocr/ hipaa/
8. T. Albert. (2000) Doctors ask AMA to assure some privacy for their prescription pads. [Online]. Available: http://www.ama-assn.org/sci-pubs/amnews/ pick_00/prl11225.htm,
9. Food and Drugs Administration. Medwatch: The FDA Safety Information and Adverse Event Reporting Program. [Online]. Available: http://www.fda.gov/ medwatch/
10. Standards for Privacy of Individually Identifiable Health Information, Office for Civil Rights. (2001). [Online]. Available: http://www.hhs.gov/ocr/ hipaa/finalmaster.html
11. Health Care Financing Administration. (2001) Study of Pharmaceutical Benefit Management. [Online]. Available: http://www.hcfa.gov/research/pharmbm. pdf
12. J. Ledbetter. (1999) Is Buying Drugs on the Web too Easy?. [Online]. Available: http://www.cnn.com/TECH/computing/9906/29/drugs.idg/index.html
13. California Board of Pharmacy, California Pharmacy Laws Sacramento, CA.
14. G. Ateniese and B. Medeiros, "Anonymous e-prescriptions," in Proc. ACM Workshop Privacy in the Electronic Society (WPES02), 2002.
15. G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, "A practical and provably secure colalition-resistant group signature scheme, advances in cryptology," in Proc. CRYPTO'00 (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 2000, vol. 1880, pp. 255-270.
16. V. Maruaa Jr, "Protecting doctor's identity in drug prescription analysis," Health Informatics J., vol. 4, p. 4, 1998.
17. B. Schneier and A. Shostack, "Breaking up is hard to do: Modeling security threats for smart cards," in Proc. USENIX Workshop on Smart Card Technology, 1999, pp. 175-185.
18. B. Lee, H. Kim, and K. Kim, "Strong proxy signature and its applications," in Proc. SCIS, 2001, pp. 603-608.
19. H. M. Sun and B. T. Hsieh, "On the security of some proxy signature schemes," Cryptology ePrint Archive no. 068, 2003.
20. M. Mambo, K. Usuda, and E. Okamoto, "Proxy signature for delegating signing operation," in Proc. 3rd ACM Conf. Computer and Communications Security, 1996.
21. S. Kim, S. Park, and D. Won, "Proxy signatures, revisited," in Proc. Int. Conf. Information and Communication Security (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1997, vol. 1334, pp. 223-232.
22. H. Pertersen and P. Horster, "Sefl-certified keys-concepts and applications," in Proc. Communications and Multimedia Security, IFIP, 1997, pp. 102-116.
23. K. Zhang, "Threshold proxy signature schemes," in Proc. Information Security Workshop. Japan, 1997, pp. 191-197.
24. N. Y. Lee, T. Hwang, and C. H. Wang, "On Zhang' s nonrepudiable proxy signature schemes," in Proc. 3rd Australasian Conf. Information Security and Privacy, 1998, pp. 415-422.
25. C. Schnorr, "Efficient identification and signature for smart cards," in Advances in Cryptology, CRYPTO'89 (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1989, vol. 435, pp. 235-251.
26. V. Varadharajan, P. Allen, and S. Black, "An analysis of the proxy problem in distributed systems," in Proc. IEEE Symp. Research in Security and Privacy, 1991, pp. 255-275.
27. B. C. Neuman, "Proxy-based authorization and accounting for distributed systems," in Proc. 13th Int. Conf. Distributed Computing Systems, 1993, pp. 283-291.
28. B. Lee, H. Kim, and K. Kim, "Secure mobile agent using strong non-designated proxy signature," in Proc. ACISP (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 2001, vol. 2119, pp. 474-486.
29. A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf, "Pseudonym systems," in Selected Areas in Cryptography (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1999, vol. 1758.
30. J. Camenisch, J. M. Piveteau, and M. Stadler, "Blind signatures based on the discrete logarithm problem," in Advances in Cryptology, EURO-CRYPT '94, vol. 950, LNCS, 1994, pp. 428-432.
31. D. Pointcheval and J. Stern, "Provably secure blind signature schemes," in Advances in Cryptology, ASIACRYPT'96 (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1996, vol. 1163, pp. 252-265.
32. Council of Europe, "On the Protection of Medical Data," Recommendation R(75), 1997.
33. Council of Europe. [Online]. Available: http://www.healthsmartcard.net/
34. R. Neame, "Smart cardsCthe key to trustworthy health information systems," BMJ, vol. 314, pp. 573-577, 1997.
35. Council of Europe. [Online]. Available: http://www.gprd.com
36. B. Blobel and P. Pharow, "Security infrastructure of an oncological network using health professional cards," in Health Cards '97 (Series in Health Technology and Informatics). Amsterdam, The Netherlands: IOS Press, 1997, vol. 49, pp. 323-334.
37. "Health Informatics-Secure User Identification-Strong Authentication Using Microprocessor Cards (SEC-ID/CARDS)," report, CEN TC 251 prENV 13729, 1999.
38. (1999) The German HPC Specification for An Electronic Doctor's Licence, Version 0.81. HPC. [Online]. Available: http://www.hpc-protocol.de
39. New Zealand Privacy Commissioner, "Health Information Privacy Code,", 1994.
40. European Committee for Standardization. Technical Committee for Health Informatics. Rep. CEN/TC251. [Online]. Available: www.centc251.org
41. Y. J. Yang, "Security Issues in Health Care,", Term Rep., 2003.
42. "The European Union Privacy Directive," report, 95/46/EC.
43. "Bill to Protect Personal Data,", Japan, 1999.
44. "Act for the Protection of Personal Information Maintained by Public Agencies,", South Korea, 1994.
45. ISO/IEC, "Information Technology-Identification Cards-Integrated Circuit(s) Cards With Contacts-Part 4: Interindustry Commands for Interchange," standard, Std. ISO/IEC 7816-4, 1995.
46. _, "Information Technology-Identification Cards-Integrated Circuit(s) Cards With Contacts-Part 8 Security Related Interindustry Commands," standard, Std. ISO/IEC 7816-8, 1999.
47. _, "Information Technology-Identification Cards-Integrated Circuit(s) Cards With Contacts-Part 9 Additional Interindustry Commands and Security Attributes," standard, Std. ISO/IEC 7816-9, 2000.
48. [Online]. Available: http://www.infineon.com/
49. [Online]. Available: http://www.atmel.com/
50. G. Bleumer and M. Schunter, "Privacy oriented clearing for the german health care system," in Personal Information Security, Engineering and Ethics, I. R. Anderson, Ed. New York: Springer-Verlag, 1997, pp. 175-194.