Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1103

Patient Information Transfer System Using OAuth 2.0 Delegation Token  

Park, Jungsoo (Soongsil University)
Jung, Souhwan (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1103-1113 More about this Journal
Abstract
Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.
Keywords
OAuth; EMR; Delegation Token; JWT;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Esposito, Christian, Mario Ciampi, and Giuseppe De Pietro. "An event-based notification approach for the delivery of patient medical information." Information Systems 39 (2014): 22-44   DOI
2 Chen, Hannah S., et al. "Blockchain in Healthcare: A Patient-Centered Model." Biomedical journal of scientific & technical research, 20.3 (2019): 15017.
3 Tobiano, Georgia, et al. "Patient engagement in admission and discharge medication communication: A systematic mixed studies review." International journal of nursing studies 95 (2019): 87-102.   DOI
4 Oh, Am-Suk. "A Study on HL7 Standard Message for Healthcare System Based on ISO/IEEE 1107," International Journal of Smart Home 9.6 (2015): 113-118
5 Tobiano, Georgia, et al. "Patient engagement in admission and discharge medication communication: A systematic mixed studies review." International journal of nursing studies 95 (2019): 87-102.   DOI
6 Lee, Byung Mun, and Jinsong Ouyang. "Intelligent healthcare service by using collaborations between IoT personal health devices," blood pressure 10 (2014): 11   DOI
7 Yea, Sang-Jun, Chang-Sop Yang, and Chul Kim. "Design Korean Medicine Health Information Model 장 with Health 2.0 Framework." The Journal of the Korea Contents Association 13.11 (2013): 807-814.   DOI
8 Yun-Young Sok, and Seok-Hyun Kim "Integrated Medical Information System Implementation for the u-Healthcare Service Environment," The Journal of The Korea Contents Society14.5(2014):1-7.
9 Goldstein, Melissa M. "Health information privacy and health information technology in the US correctional setting." American journal of public health 104.5 (2014): 803-809.   DOI
10 Biller-Andorno, Nikola, and Thomas Zeltner. "Individual Responsibility and Community Solidarity-The Swiss Health Care System." New England Journal of Medicine 373.23 (2015): 2193-2197.   DOI
11 Hawkes, Nigel. "NHS data sharing deal with Google prompts concern." BMJ 353 (2016): i2573.   DOI
12 Kwak, Sang-Hyun, et al. "Current status of intensive care units registered as critical care subspecialty training hospitals in Korea." Journal of Korean medical science 29.3 (2014): 431-437.   DOI
13 ByungKwan Lee, and EunHee Jeon "A Role based Health Data Access Control Model for Patient Information Protection on Cloud Computing Environment," Journal of Security Engineering Vol.13, No.3 (2016), 183-194   DOI
14 Bum-Ki Lee, et al. "Design and Implementation of The Capability Token based Access Control System in the Internet of Things," Journal of The Korea Institute of Information Security and Cryptology 25.2 (2015): 439-448   DOI
15 Campbell, B., et al. "OAuth Working Group Internet-Draft Intended status: Standards Track," 2012.
16 Hardt, D., "The OAuth 2.0 Authorization Framework," RFC 6749, October 2012.
17 Tassanaviboon, Anuchart, and Guang Gong. "Oauth and abe based authorizationin semi-trusted cloud computing: aauth," Proceedings of the second international workshop on Data intensive computing in the clouds. ACM, 2011.
18 Jones, Michael, et al. "JSON Web Token (JWT)," RFCC 7519, may 2015.
19 Weerasinghe, Dasun, Yogachandran Rahulamathavan, and Muttukrishnan Rajarajan. "Secure trust delegation for sharing patient medical records in a mobile environment, Health Policy and Technology 2.1 (2013): 36-44.   DOI
20 Chong Min Hong, and Weon Shin "Security Requirements of Order Communication System in Hospitals for Compliance with Personal Information Protection Act," Journal of Security Engineering Vol.10, No.5 (2013), 513-526   DOI
21 Yoo, Sang-Ho, et al. "Ethical principles and practice guidelines concerning the usage of public database for medical researches." Journal of the Korean Medical Association 56.11 (2013): 1031-1038.   DOI