Secure and efficient mobile personal data sharing in resource constrained environments

Abstract

Although personal health record (PHR) systems are widely used in the developed world, little has been done to explore the utility of these PHR systems in the developing world. One of the key reasons behind this is the fact that a lot of areas in the developing world suffer from technological impediments that are a result of poor infrastructure, low literacy, intermittent power connectivity, and unstable bandwidth connectivity. In technological resource constrained environments such as these, deploying standard PHR systems is challenging and so it makes sense to redesign these systems to cope with the environmental limitations in order to offer users a usable and reliable platform. Furthermore, healthcare data is inherently privacy and security sensitive so, in re-designing the PHR system the security and privacy requirements need also be taken into consideration. The idea in this case, is to opt for security mechanisms that offer the same levels of security as is the case in the standard PHR systems that are used in the developed world, but that are also lightweight in terms of performance and storage overhead. In this paper, based on the observation that mobile phone use is widely proliferated in developing countries, we propose an access control framework supported by identity-based encryption for a secure Mobile-PHR system. Results from our prototype evaluation (laboratory and field studies) indicate that the proposed IBE scheme effectively secures PHRs beyond the healthcare provider's security domain and is efficient performance-wise.