378 Int. J. Wireless and Mobile Computing, Vol. 7, No. 4, 2014

Copyright © 2014 Inderscience Enterprises Ltd.

Design of an efficient mobile health system for achieving HIPAA privacy-security regulations

Sangram Ray* and G.P. Biswas Department of Computer Science & Engineering, Indian School of Mines, Dhanbad, Dhanbad 826004, Jharkhand, India Email: sangram.ism@gmail.com Email: gpbiswas@gmail.com *Corresponding author

Abstract: A mobile phone based solution to fulfil the Health Insurance Portability and Accountability Act (HIPAA) regulations is proposed in this paper for providing health services to patients especially residing in remote areas. Initially, patients and doctors register to a Medical Centre Server (MCS), which stores all doctors’ information and patients’ Protected Health Information (PHI). During treatment, a patient consults a medical expert system and its output is uploaded to MCS for specialised doctor’s information and accordingly the patient contacts the doctors for treatment. The doctor retrieves the diagnostic results from MCS, gives advices to patient and finally generates the patient’s PHI and uploads it to MCS. A copy of PHI is then sent to the patient by MCS. The proposed scheme, which also includes the treatments in emergency situation and foreign countries, is implementable using existing infrastructure and supports treatment in shortest possible time without patient’s trip to doctors.

Keywords: e-health security; HIPAA; health insurance portability and accountability act; MCS; medical centre server; PHI; protected health information; SAG; secure access gateway; SMS; short message service.

Reference to this paper should be made as follows: Ray, S. and Biswas, G.P. (2014) ‘Design of an efficient mobile health system for achieving HIPAA privacy-security regulations’, Int J. Wireless and Mobile Computing, Vol. 7, No. 4, pp.378–387.

Biographical notes: Sangram Ray is currently a Research Associate in the Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, India and submitted his PhD thesis in Computer Science and Engineering in the same university. He has obtained BSc (Hons) degree in Mathematics from University of Burdwan, West Bengal, India in 2005, MSc in Mathematics and Computing and MTech in Computer Application from Indian School of Mines, Dhanbad, India in 2007 and 2009, respectively. His main research interests include cryptography, network/information security and computer networks.

G.P. Biswas is currently a Professor in the Department of Computer Science & Engineering, Indian School of Mines, Dhanbad, India. He has obtained BSc (Engg.) and MSc (Engg.) in Electrical & Electronics Engineering and Computer Science & Engineering, respectively, and PhD in Computer Science & Engineering from Indian Institute of Technology, Kharagpur, India. He has around 20 years of teaching and research experience, published around 100 research papers in journals and conference/seminar proceedings and has guiding BTech, MTech and PhD students. His research interests include cryptography, network security, cellular automata, VLSI designs and computer networks.

1 Introduction

E-health enables the delivery of health care services through the Internet. Patients and medical experts communicate with each other by exchanging information in an e-health system. The implementation of e-health systems and services in all countries with respect to privacy and security is a challenge which is shared by several health agencies and health authorities at the international, national and local levels. The Health Insurance Portability and Accountability Act (HIPAA) (HIPAA, 1996a; HIPAA, 1996b, pp.104–191;

Yanga et al., 2006) was recognised by the US Congress in 1996 as the US Federal Law that applies to the US healthcare industry. The HIPAA provides a conceptual guideline that should be strictly observed and followed by the organisations to improve the healthcare quality and efficiency. According to the HIPAA’s special indication, patients’ privacy should be accentuated and this principle can be applied to the entire health industry throughout the world. Moreover, the HIPAA, being a national law of the USA, may also be followed by other countries with the specification of their relevant domestic laws.

Design of an efficient mobile health system 379

The HIPAA standard (Collmann et al., 2004; Yanga et al., 2006) has not defined how privacy and security regulations, an essential part of the HIPAA standard, can be accomplished. Many applications such as video conferencing, emails, web-based messaging, health data card, etc. have been developed to support secure communications and information exchanges among doctors and patients (May, 1998, pp.85–92; Agrawal et al., 2005; Yu et al., 2006; Agrawal and Johnson, 2007; Bhatti et al., 2007; Yu and Chekhanovskiy, 2007;Chan et al., 2008; Lee and Lee, 2008; Hu et al., 2010; Huang and Liu, 2011), but none them are widely accepted. The goal of this paper is to present a mobile phone based e-health system for secure and flawless sharing of healthcare information especially for patients staying at remote locations since mobile phone is very common for such people in recent era. Both doctor and patient are benefited in this system; doctors can focus more on priority tasks by saving time normally spent with consulting patients and patients residing in remote location can find out the specialised doctor and get treatment without trips to doctor.

The essential part of the HIPAA (HIPAA, 1996b, pp.104–191) consists of its privacy and security regulations which are strongly related and complement each other to set up guidelines for the protection of a patient’s privacy and health information security. The privacy regulations define the patient’s rights to understand and control the use and disclosure of his Protected Health Information (PHI) which contains patient’s name, address, contact number and medical record based health information. The security regulations defined are given below:

Patients’ understanding: Patients’ right to understand how their PHI will be used and kept.

Confidentiality: Various software safeguards such as encryption is described by security regulations to protect health-data confidentiality during storage and transmissions.

Patients’ control: Patients can control the access to their PHI by managing cryptographic keys.

Data integrity: Patients’ electronic health information should be protected from medical omissions, tampering and unauthorised destruction.

Consent exception: In life-saving purposes and emergency situations, the access of the PHI without the patient’s authorisation is allowed.

To accomplish these regulations, Lee and Lee (2008) proposed a smart card based cryptographic key management scheme for e-healthcare. This scheme requires the presence of the patient’s smartcard for each access to the PHI which is unrealistic. To remove this problem Hu et al. (2010) proposed a Hybrid Public Key Infrastructure solution (HPKI) for HIPAA privacy and security regulations. In this scheme a Smartcard Trust Centre (STC) issues medicare smart cards and patient’s PHI is entirely left to the Medical Centre Server (MCS) during the contract period. This scheme is out of patient’s control as relevant medical service provider has unlimited access to the PHI in patient’s absence during the contract period. In consent exception

case, no clear procedure is given. There is no surety that the uploading data m is of that particular patient and the MCS will destroy the PHI at the end of the contract. Doctors and patients communicate with MCS through Internet to access PHI. This scheme is totally internet-based which is not beneficial to remote patients who cannot access internet. Huang and Liu (2011) proposed a smart card and Elliptic Curve Cryptography (ECC)-based key management scheme for the HIPAA privacy and security regulations. They have just minimised the computation cost of registration, signature verification, encryption and decryption phases, although it also requires the presence of the health data card for each access to the PHI which is unrealistic and is not in favour of the patients staying at remote locations.

To remove these difficulties, a mobile health system is proposed in this paper where SMS acts as a message bearer. The main contribution of this paper is that the proposed system is totally mobile based to help the remote users since all of them have a mobile phone in recent era. A patient gets health services just by sending and receiving SMS using mobile phone (Rongyu et al., 2009). The SMS services and security are provided by the mobile service provider. Initially, the medical expert system helps a patient to identify the type of the disease. Based on the diagnostic result of the medical expert system, the patient sends an SMS request to MCS for a specialised doctor. In our scheme, an SMS-Gateway with security functionalities, called Secure Access Gateway (SAG), is resided in service provider’s infrastructure and is operated by the service provider. After receiving the specialised doctor request from the patient, on behalf of MCS, SAG performs the mutual authentication and cryptographically controls the data transmission. The temporary cryptographic secret session key K is generated by the SAG to upload and retrieve the patient’s PHI from MCS. After completion of each session (upload or retrieval of PHI), the session key K is deleted. Generally, patients’ PHI data have two parts: text-data of small size and a large volume of image-data. The MCS stores the total PHI permanently and sends a copy of text-data to the patient for confirmation and result of treatment. Further, in consent exception cases, the patient is admitted in localised hospital and doctor sends the emergency data retrieval request to the SAG. SAG authenticates the doctor and sends encrypted PHI. The proposed mobile based e-health system can be constructed using various relevant security standards, tools and products which are easily available. Discussions regarding how the proposed scheme fulfils the HIPAA regulations and comparison with the existing schemes have been provided.

The remaining parts of this paper are organised as follows: Section 2 introduces the Subscriber Identity Module (SIM), the medical expert system and the SAG. In Section 3, the mobile health system is proposed so that the cryptographic mechanisms can fulfil the HIPAA privacy and security regulations. A discussion regarding the HIPAA fulfilment is given in Section 4. Finally, comparison with existing schemes and conclusion are given in Sections 5 and 6, respectively.

380 S. Ray and G.P. Biswas

2 Preliminaries

To facilitate understanding of our proposed scheme, the following articles are briefly introduced.

2.1 Subscriber identity module (SIM)

A SIM is located in the user’s mobile phone (Rongyu et al., 2009). It is an integrated circuit and securely stores the service-subscriber key – International Mobile Subscriber Identity (IMSI) which is used to identify a subscriber on mobile devices. A SIM card contains its unique serial number – Integrated Circuit Card Identifier (ICCID), internationally unique number of the mobile user (IMSI), security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to and two passwords, one is PIN for usual use and other is PUK for unlocking. To authenticate and identify subscribers on the network, SIM card stores network-specific information such as ICCID, IMSI, Authentication Key, Local Area Identity (LAI) and Operator-Specific Emergency Number. The SIM also stores other carrier specific data such as the Short Message Service Centre (SMSC) number, Service Provider Name (SPN), Service Dialling Numbers (SDN), Advice-Of-Charge parameters and Value Added Service (VAS) applications.

2.2 Medical expert system

Medical Expert system (Shortlife, 1986; Grove, 2000; Hwang et al., 2006; Mateo et al., 2008; Osuagwu and Okafor, 2010) is a rule based web oriented system for automated diagnosis of medical diseases. The major purpose of the system is to utilise the power of Internet to spread the expert knowledge of a few highly skilled advanced doctors to other doctors, registered nurses, etc. The very highly skilled doctors create their rules of logic and store them in the knowledge based system. After that the system is able to make automated diagnostic suggestions based on patients’ symptoms and research data analyses, etc. The knowledge based system consists of the following basic components: diagnoses, parameters (symptoms and research results), investigations and rules of logic. Medical diagnoses are grouped hierarchically. Each diagnosis may have set of sub diagnoses, which give more detailed description of the disease. Parameters are essentially pieces of information about the patient conditions. Generally, parameters are divided into two groups: symptoms and research results. The rules of logic suggest certain conclusion based on the patient’s symptoms, research results and previously made diagnoses. The conclusion may be either to suggest diagnosis with certain probability, assign investigation or ask the patient about some more symptoms. The general diagnostic schema used by this system is:

(1) Symptoms (2) More Symptoms (3) Investigations (4) Diagnosis

where Steps 2 and 3 are iterative and can be repeated many times.

2.3 Secure access gateway (SAG)

The SAG is an SMS-Gateway with security functionalities (Rongyu et al., 2009). It is resided in service provider’s infrastructure and is operated by the service provider. It is composed of the Access Point (AP) module, the User Authentication Agent (UAA) module and the Cryptographic Module (CM). The AP module acts as the interface of the service provider. It takes the responsibility for receiving/ sending SMS messages from/to SMSC by communicating with SMSC through SMPP protocol over TCP/IP. The UAA module takes the responsibility to authenticate the mobile clients and provides confidentiality, integrity and non-repudiation for SMS transmissions. The CM is a PKI-based (NIST, 2011; Stallings, 2009; Weise, 2001) computing device which contains the processor, algorithms and cryptographic material to perform the cryptographic operations for the UAA module and AP module without exposing them. It is collaborated with SIM to ensure security i.e. confidentiality, authentication, integrity and non-repudiation at the application level.

3 Proposed mobile health system to fulfil HIPAA privacy and security regulations

In this section, the mobile phone-based e-health system is proposed to provide an end-to-end secure communication between the medical service provider and patients using mobile phone.

3.1 System architecture

The basic system architecture for the security framework is shown in Figure 1 and composed of the following five entities, namely a mobile client (patient/doctor), a medical expert system, a MCS to store all relevant data including the patient’s PHI data which is not accessible without the patient’s permission, a SAG which resides in medical service provider’s infrastructure and a Mobile Operator (MO) which provides the public mobile network for SMS transmission. To enter in the proposed mobile health system, each patient has to register at the national MCS to become eligible to get healthcare services provided by the national medical service provider. Doctors are also registered at MCS with their specialisation and mobile phone number. The MCS has its own database and stores all relevant data including doctor’s information and patient’s PHI data which is not accessible without the patient’s permission. Patients and doctors get access to MCS by sending SMS.

Design of an efficient mobile health system 381

Figure 1 Overall system architecture of mobile health system

The workflow of this system architecture is as follows:

Step 1: Initially, a patient provides his disease symptoms to the medical expert system. The expert system performs an investigation on the patient’s conditions and may ask for more symptoms of disease.

Step 2: The medical expert system diagnoses the patient’s symptoms and provides the diagnostic result and medical test advice to the patient.

Step 3: Patient completes the medical test and sends an SMS request to MCS for a specialised doctor and to upload the diagnostic result and medical test report.

Step 4: On behalf of MCS, SAG performs the mutual authentication, allows the patient to upload diagnostic result and medical test report, searches the information of a doctor with the patient’s specified specialisation from the MCS and sends the identity and mobile no of the specialised doctor to the patient.

Step 5: The patient sends treatments request to the specialised doctor chosen by the MCS and may send his diagnostic result provided by the medical expert system and the medical test report through SMS to the specialised doctor on his requirement.

Step 6: The doctor retrieves the diagnostic result and medical test report from the MCS (or sent by the patient) and starts treatment.

Step 7: The patient consults with the specialised doctor and responses on doctor’s query through mobile phone conversation.

Step 8: After completion of treatment, the doctor generates the patient’s PHI and uploads it to MCS.

Step 9: MCS stores the PHI and sends a copy of the uploaded PHI to the patient.

Step 10: In future treatment of the particular patient, Steps 1–9 will be followed and the doctor may retrieve the patient’s previous PHI stored at MCS.

3.2 Notations used

For the sake of clarity, the common notations as used in other proposed methods are given now although some of them are already defined.

H (_) A secure one-way hash function such as SHA1

E Encryption

P Patient

MCS Medical Centre Server

SAG Secure Access Gateway

IDP The identity of patient

IDDOC The identity of Doctor

IDSAG The identity of SAG

RP A nonce of patient

RDOC A nonce of doctor

RSAG A nonce of SAG

g Generator of a multiplicative group of large prime order p

CAP Public key certificate of patient

CADOC Public key certificate of doctor

CASAG Public key certificate of SAG

(PRP, PUP) The patient’s private/public key pair

382 S. Ray and G.P. Biswas

(PRDOC, PUDOC) The doctor’s private/public key pair

(PRSAG, PUSAG) The SAG’s private/public key pair

3.3 Authentication and registration of patient and doctor

In registration phase, the SIM card (patient/doctor) and the SAG authenticate themselves to each other by using CA signed public key certificate temporarily and establish a registration key. The maximum validity period of the registration key is specified by the SAG. The registration key generation process is same for both doctor and patient. The generation of patient’s registration key as shown in Figure 2 is illustrated as follows.

Figure 2 Authentication and registration protocol

Step 1: Patient → SAG: Reg. req., IDP, RP, Signed consent

Patient sends an SMS requesting for registration to SAG. He provides his identity, signed consent and a nonce RP to SAG.

Step 2: SAG → Patient: SAGPRE (RSAG, RP), CASAG

SAG receives the SMS containing the patient’s registration request, signed consent and patient’s identity. SAG generates a nonce RSAG and signs the RSAG and RP using his private key. Then SAG sends the signed challenge and SAG’s public key certificate to the patient. The cryptographically signed challenge ensures that only SAG can create it.

Step 3: Patient → SAG: PPRE (IDSAG||RSAG), CAP

Patient receives the signed challenge of SAG and also gets back his challenge RP signed by the SAG. He concatenates the SAG’s identity and RSAG, signs on it using his private key and sends it to the SAG together with his public key certificate.

Step 4: SAG → Patient: WP, PPUE (

PREGK ),SAGPRE (H(IDP,

IDSAG, WP, PREGK ))

SAG gets back his challenge and confirmed the mutual authentication. SAG extracts patient’s public key from the certificate of patient. Now SAG creates contract WP consisting of the signed consent, the validity period, the data received from the patient etc. and generates patient’s registration key

PREG PK H W k , where k € Zq is a random

number. As WP is public, MCS sends it directly to the patient together with the cryptographically signed hash value of WP, patient’s identity, SAG’s identity and registration key to ensure that only SAG can create it. The signed hash value can prove the legality of the contract. The registration key is stored at MCS by a secure SSL channel and a copy is sent to the patient encrypted with patient’s public key which ensures that only the patient can decrypt it.

3.4 Treatment procedure

The treatment procedure of the proposed mobile health system is sequentially divided into eight phases namely: (a) Patient’s consultation with medical expert system; (b) Communication between patient and MCS for specialised doctor and to upload initial medical test reports; (c) Patient’s consultation with doctor and PHI data generation; (d) PHI data upload to MCS by the doctor; (e) PHI data retrieval from MCS; (f) Next treatment cycle; (g) PHI data retrieval in emergency condition and (h) Treatment at foreign countries.

3.4.1 Patient’s consultation with medical expert system

To get a medical treatment, the patient comes to a nearby medical expert system and enters his disease symptoms to the medical expert system. The medical expert system performs an investigation on the patient’s conditions and may ask for more symptoms of disease. Then it diagnoses the patient’s symptoms and provides the diagnostic result and medical test advice to the patient which gives a primary idea about the disease of the patient.

3.4.2 Communication between patient and MCS for specialised doctor

Patient performs the medical test and sends an SMS request to medical service provider to find a specialised doctor and to upload medical test reports. On behalf of MCS, SAG authenticates the patient, stores the medical test reports and sends him an SMS containing the identity and phone number to communicate with the registered specialised doctor as shown in Figure 3 illustrated as follows.

Figure 3 Specialised doctor requesting protocol

Design of an efficient mobile health system 383

Initially, two numbers p and g are chosen by the patient and the SAG where, p is a large prime number and g is a generator of order p – 1 in the group < Zp

*, × >. These two chosen numbers are public and can be sent openly through SMS. The steps to establish a symmetric session key are as follows:

Step 1: Patient → SAG: Spl. doctor req, IDP, WP, R1, N1

Patient chooses a large random number x such that 0 ≤ x ≤ p – 1 and calculates R1 = gx mod p. Now the patient sends an SMS to SAG containing specialised doctor request, his identity, contract WP, R1 and a nonce N1.

Step 2: SAG → Patient: REGP

KE (R2), EK (N2 || N1)

SAG similarly chooses a large random number y such that 0 ≤ y ≤ p –1 and calculates R2 = gy mod p. After receiving the patient’s request, SAG finds out the patient’s registration key

PREGK using patient’s identity and uses it to encrypt R2.

So only the patient can be able to decrypt it. Now SAG

calculates the secret session key 1 modP

yREGK H R p K

and generates a nonce N2. The secret pre-shared registration key is used to calculate K for protecting it from the man-in-the-middle attack. Now it encrypts (N2 || N1) using the symmetric key K to send a challenge to patient. Lastly, SAG sends an SMS containing the encrypted R2 and the encrypted challenge to the patient.

Step 3: Patient → SAG: EK (N1 || N2 || test reports)

The patient decrypts the encrypted R2 using his secret registration key

PREGK and calculates session key K H

2 modP

xREGR p K . Using this K, he decrypts the SAG’s

challenge. Now he switches the order of N2 and N1 to prevent a replay attack by an adversary and encrypts it together with the medical test report using K. Then the patient sends an SMS containing this encrypted message to respond the SAG’s challenge, to authenticate the SAG and to upload medical test reports at MCS.

Step 4: SAG → Patient: EK (IDDOC, mobile phone no.)

SAG gets back his challenge, completes the mutual authentication and stores the patient’s medical test reports. Now SAG searches the information of a doctor with the patient’s specified specialisation from the MCS. After finding a specialised doctor, SAG gets the doctor’s identity, his phone number and his specialisation. Now SAG encrypts the doctor’s identity and his mobile phone number using the session key K and sends this encrypted message to the patient.

The patient decrypts the received SMS using K and gets the specialised doctor’s identity and his phone number to contact for treatment.

3.4.3 Patient’s consultation with doctor

The patient gets the specialised doctor’s identity and his phone number from MCS. Now he consults with the doctor

for treatment through mobile phone and can send his initial diagnostic result provided by the medical expert system and the medical test report to the specialised doctor on his requirement or the doctor can retrieve these from MCS as shown in Figure 5. After completion of the treatment procedure, the doctor generates the patient’s PHI data and communicates with MCS to upload it.

3.4.4 PHI data upload to MCS and patient

After completion of the treatment procedure, the doctor generates the patient’s PHI data. The PHI data is divided into two categories namely text-data and image-data. The text-data consists of sensitive textual data including name, address, medical text results, etc. and the image-data consists of large volume of medical images. Now the doctor performs the mutual authentication to upload the signed and encrypted data to MCS through PHI data uploading protocol as shown in Figure 4 illustrated as follows.

Figure 4 PHI data uploading protocol

Step 1: Doctor → SAG: IDDOC, upload, IDP, R1, N1

The doctor chooses a large random number x such that 0 ≤ x ≤ p – 1 and calculates R1 = gx mod p. Now he sends the SMS to SAG containing PHI data upload request, his identity, the patient’s identity, R1 and a nonce N1.

Step 2: SAG → Doctor: REGDOC

KE (R2), EK (N2 || N1)

SAG chooses a large random number y such that 0 ≤ y ≤ p – 1 and calculates R2 = gy mod p. After receiving doctor’s request, SAG finds out the doctor’s registration key

DOCREGK

and uses it to encrypt R2. So, only the doctor can be able to decrypt it. Now SAG calculates the secret session key

1 modDOC

yREGK H R p K and generates a nonce N2. The

secret pre-shared registration key is used to calculate K for protecting it from the man-in-the-middle attack. Now it encrypts (N2 || N1) using the symmetric key K to send

384 S. Ray and G.P. Biswas

a challenge to the doctor. Then SAG sends an SMS containing the encrypted R2 and the encrypted challenge to the doctor.

Step 3: Doctor → SAG: EK (N1 || N2 || PHI), DOCPRE (H (PHI))

The doctor decrypts the encrypted R2 using his secret registration key

DOCREGK and calculates 2( modxK H R p

)DOCREGK . Using this K, he decrypts the SAG’s challenge. Now

he switches the order of N2 and N1 to prevent the replay attack by an adversary and concatenates it with the patient’s PHI. The doctor then encrypts it using K and sends an SMS containing this encrypted message and signed hash value of the patient’s PHI to upload the patient’s PHI to the MCS.

Step 4: SAG → Patient: REGP

KE (PHI), SAGPRE (H (PHI ||

IDDOC)

SAG decrypts the encrypted data using K and gets the patient’s PHI. Now SAG calculates the hash value of the received PHI data and compares it with the signed hashed value of PHI data sent by the doctor. If both of them match, SAG sends the PHI to MCS by a secure SSL channel to store it. MCS stores the PHI data and sends an SMS to the patient containing a copy of the uploaded PHI text-data encrypted using the patient’s registration key. A signed hash value of uploaded PHI and the doctor’s identity is also sent to ensure the patient that the particular PHI is uploaded by the particular doctor.

After receiving, the patient decrypts it using his registration key, gets the PHI and calculates the hash value of it concatenated with the doctor’s identity. Then he compares it with the signed hashed PHI data sent by the SAG. If both are match, the patient stores the PHI data.

3.4.5 PHI data retrieval from MCS

During the treatment procedure, the doctor retrieves the patient’s diagnostic result provided by the medical expert system and the medical test reports and may require the previous PHI data stored at MCS. To retrieve these from MCS, the doctor performs mutual authentication with SAG through PHI data retrieval protocol as shown in Figure 5 illustrated as follows.

Figure 5 PHI data retrieval protocol

Step 1: Doctor → SAG: IDDOC, upload, IDP, R1, N1

The doctor chooses a large random number x such that 0 ≤ x ≤ p – 1 and calculates R1 = gx mod p. Now he sends an SMS to SAG containing PHI data retrieve request, his identity, patient’s identity, R1 and a nonce N1.

Step 2: SAG → Doctor: REGDOC

KE (R2), EK (N2 || N1)

SAG also chooses a large random number y such that 0 ≤ y ≤ p – 1 and calculates R2 = gy mod p. After receiving doctor’s request, SAG finds out the doctor’s registration key

DOCREGK

and uses it to encrypt R2. So, only the doctor can be able to decrypt it. Now SAG calculates the secret session key

1 modDOC

yREGK H R p K and generates a nonce N2. The

secret pre-shared registration key is used to calculate K for protecting it from the man-in-the-middle attack. Now it encrypts (N2 || N1) using the symmetric key K to send a challenge to the doctor. Lastly, SAG sends an SMS containing the encrypted R2 and the encrypted challenge to the doctor.

Step 3: Doctor → SAG: EK (N1 || N2)

The doctor decrypts the encrypted R2 using his secret registration key

DOCREGK and calculates 2( modxK H R p

)DOCREGK . Using this K, he decrypts the SAG’s challenge.

Now he switches the order of N2 and N1 to prevent the replay attack by an adversary and encrypts it using K. Then the doctor sends an SMS containing this encrypted message to respond the SAG’s challenge and to authenticate the SAG.

Step 4: SAG → Doctor: EK (PHI), H (IDDOC || IDP || PHI)

After completion of mutual authentication, SAG encrypts the patient’s PHI using the K. Now SAG sends an SMS containing the encrypted PHI and the hash value of the patient’s PHI concatenated with the doctor’s identity and the patient’s identity.

After receiving the SMS, doctor decrypts it using K and compares it with the hash value of concatenated PHI. If they are equal, the doctor accepts the PHI and makes the treatment.

During this treatment procedure if the doctor wants to upload patient’s new PHI data, he can upload the signed and encrypted data to MCS through PHI data uploading protocol as shown in Figure 4 using the same K. After completion of the treatment procedure SAG will delete the K as same as previous.

3.4.6 Next treatment cycle

After completion of the first treatment procedure, in subsequent treatment phases, the patient authenticates the SAG using his registration key and follows the treatment procedure step by step as discussed previously. During the next treatment procedure if the doctor wants to upload the patient’s new PHI data, he can upload the signed and encrypted data to MCS through PHI data uploading protocol as shown in Figure 4 and if he wants to retrieve the patient’s previous PHI data, he can retrieve the same from MCS through PHI data retrieval protocol as shown in Figure 5.

Design of an efficient mobile health system 385

Figure 6 Treatment at foreign country

3.4.7 PHI data retrieval on patient’s emergency

In emergency situations, the patient is admitted at nearest hospital and a doctor sends an SMS containing emergency PHI data retrieve request to MCS to retrieve the patient’s PHI providing his identity and the patient’s identity as shown in Figure 5.

During this emergency situation the doctor can’t upload patient’s new PHI data since the patient is not in sense. When the patient will be in sense, the doctor can upload the signed and encrypted data to MCS through PHI data uploading protocol as shown in Figure 4 using the same K of that emergency session. When the emergency appointment will be over MCS will delete the K as explained previously.

3.4.8 Foreign access of patient’s PHI

When a patient wants to get treatment from foreign countries, he has to send an SMS containing the treatment request, his public key certificate, his identity and his nationality to that foreign MCS. After receiving these, foreign SAG creates a contract WP′ which is public and consists of the signed consent, the data received from the patient etc. After generation of WP′, the foreign SAG computes patient’s foreign registration key and follow the treatment procedure, PHI data upload and retrieval protocol as shown previously. To get the patient’s previous PHI, foreign MCS performs mutual authentication with the patient’s home MCS, generates a secret shared key and follow the same PHI data retrieval protocol as previously discussed. During this treatment procedure the foreign doctor can upload the signed and encrypted data to foreign MCS through PHI data uploading protocol as shown in Figure 4 using the same K of that session. When the treatment is over, the foreign MCS deletes the K accordingly.

4 Analysis of the proposed work to fulfil the HIPAA regulations

To illustrate the security of our scheme for fulfilment of the HIPAA privacy and security regulations, the summarised events are analysed in the following:

Patients’ understanding: In this scheme, the electronically signed consent is required from patients to registrar at the medical service provider. This will set up the terms and regulations regarding how his PHI data will be

accessed and stored in the MCS according to the security protocols illustrated above. It also explains how his PHI data can be retrieved in his emergency situation.

Confidentiality: The generation of temporary cryptographic secret contract key K ensures that the cryptographic key is securely generated by the SAG with the doctor and protected from the man-in-the-middle attack. To upload or retrieve, the PHI data are encrypted using K to obtain confidentiality. The encrypted data are sent securely where SMS is a medium. The mobile based authentication protocol discussed above can provide cryptographic security against unauthorised access of patient’s PHI. So it is reasonable to assure that the confidentiality of the patient’s PHI is secured in our scheme.

Patients’ control: The main difference between the proposed scheme and existing scheme of Hu et al. (2010) is that our scheme is totally mobile based and permission to upload and retrieve the patient’s PHI data is controlled by the MCS with the patient’s consent, where the existing scheme is only Internet based and out of the patient’s control. To decrypt the encrypted PHI, the corresponding temporary cryptographic secret contract key K must be obtained. When a new PHI is uploaded at MCS, a copy of that is sent by MCS to the patient to support the patient’s consent. A symmetric encryption and decryption scheme is organised using K for storage and transmission of the patient’s PHI. Thus, the proposed scheme is under the patient’s control. The cryptographic strength of the proposed patient’s control scheme is strong as the conventional symmetric cryptography since the MCS is trusted.

Data integrity: In our scheme, the key exchange based authentication and symmetric cryptosystem in the patient’s PHI data uploading and retrieval protocol ensures the data integrity. Each encrypted data are sent through SMS which supports the security of short message exchange. The PHI data is encrypted using K, so no one can alter it. The patient’s consent against respective K cryptographically ensures the non-repudiation. The protection of data integrity and data redundancy is ensured by the delivered copy of uploaded PHI to the patient.

Consent exception: The proposed scheme provides the cryptographic security control for the life-saving emergency cases. In emergency situation any registered doctor can send emergency request. SAG authenticates the doctor and sends the patient’s PHI encrypted using K.

Thus, the proposed mobile health system fulfils the HIPAA privacy-security regulations.

386 S. Ray and G.P. Biswas

5 Comparison of the proposed scheme with existing schemes

In this section, the performance evaluation of the proposed scheme and comparison with three existing schemes are given for the validation of our claim.

Initially, Lee and Lee (2008), to address the HIPAA privacy and security regulations in e-health system, proposed a session based cryptographic key management solution using Rivest, Shamir and Adleman (RSA) algorithm of public key cryptography. This scheme requires the presence of the patient’s smart card for each access to the PHI data as it stores the patient’s PHI and patient’s master key. It is a session based scheme, because it generates a new key in each session based on the master key stored in the smart card. This scheme is not efficient since a huge amount of PHI data (text-data/image-data) is stored in the smart card and a new session key is generated in each access, which increases the storage cost, communication cost and processing overhead. Quite often, multiple accesses to the PHI are needed by the different people like doctors, nurses, analysts of the medical test-sample analysis laboratories located in geographically different places. Other weaknesses of this scheme are due to the smartcard based authentication, because it cannot authenticate the presenter of the smart card and the patients residing in remote locations are unfamiliar with smartcard.

Later on, Hu et al. (2010) proposed a contract based scheme using RSA to address the HIPAA privacy and security regulations in e-health system, where a contract based scheme means to make a contract for a fixed period of time with a medical service provider. In this method, a Smart Card Trust Centre (STC) issues smart cards to access the Internet authentically and the patient’s entire PHI data is stored in the MCS during the contract period. This scheme lacks the patient’s control over the PHI data as the relevant medical service provider has unlimited access to the PHI without the patient’s presence, however, the doctors and patients independently communicate with MCS through Internet to access the PHI. This scheme is totally internet-based and as a result, it is not beneficial to remote patients who have no facility to access Internet. Another weakness of this scheme is that the protocols for uploading and retrieval of PHI data are not free from the replay attack,

which means that an attacker may impersonate the legitimate client through the reuse of information obtained from a previous run protocol.

Recently, Huang and Liu (2011) proposed a new smartcard based key management scheme for the HIPAA privacy and security regulations using ECC. This scheme is basically a modification of the Lee and Lee’s (2008) scheme, where instead of RSA, ECC environment has been used to minimise the key size and computation cost for registration, signature verification and encryption/ decryption processes. It exactly follows Lee and Lee’s (2008) scheme for different operations except for allowing the patients to freely choose and update their passwords. Since the presence of the smart card for each access / session to the PHI is required, this scheme, similar to Lee and Lee (2008), is season based and also not helpful for remote patients due to unfamiliarity with smart cards.

The proposed scheme, instead of adopting conventional session based cryptographic key management, is designed based on the RSA and the permanent contract basis supported by mobile phones, which not only reduces registration/session key generation overhead, but also supports remote users. Since the mobile phones now a day are common to each and every people, thus our scheme is easily realisable. Also both the doctors and patients are benefited as the formers save precious time not by consulting physically and the latter get the best treatment from the specialised doctors (home and/or abroad) without visiting themselves to the doctor. In registration phase, since the patient makes a permanent contract with the national medical service provider, this scheme is contract based. The patient’s PHI is entirely left to the national MCS and a copy of PHI text-data only is stored in the patient’s side. Thus our scheme supports both mobile phone and MCS services, which provide additional advantage over the earlier schemes. All the protocols given in the proposed scheme such as protocols for specialised doctor request, PHI data uploading and PHI data retrieval are free from the replay attack and man-in-the-middle attack.

Now the comparative results of the proposed scheme with three existing schemes is summarised in Table 1, which shows better performance of our scheme in all respect than others.

Table 1 Comparison of Lee and Lee’s (2008), Hu et al. (2010) and Huang and Liu (2011) schemes with the proposed scheme

Parameters Lee and Lee

(2008) Hu et al. (2010)

Huang and Liu (2011)

Proposed scheme

System architecture based on Session Contract Session Contract

Crypto system used RSA RSA ECC RSA

Device used Smartcard Smartcard Smartcard Mobile phone

Protected from the replay attack NA No NA Yes

Protected from the man-in-the-middle attack NA Yes NA Yes

Patient’s consent to access PHI data Yes No Yes Yes

Patient’s security control to retrieve PHI data Yes No Yes Yes

Design of an efficient mobile health system 387

6 Conclusion

A contract oriented and mobile phone based solution to deal with the HIPAA privacy and security regulations in e-health system is proposed in this paper to provide quick health services to patients especially residing in remote locations. Both the doctors and patients are benefited in the proposed scheme as the former saves precious time not by consulting physically and the later gets the best treatment from the specialised doctors without visiting to the doctor. The access of patient’s PHI data from MCS is protected and controlled through cryptographic authentication, encryption, non-repudiation etc. The best quality treatment in less time for the patients in remote locations and the use of mobile phone and MCS are strongly supported in the proposed scheme. It is more efficient and able to preserve the regulations of the HIPAA. Lastly, the comparison table concludes the importance of the proposed scheme over the existing schemes.

References

Agrawal, R., Asonov, D., Bayardo, R., Grandison, T., Johnson, C. and Kiernan, J. (2005) Managing Disclosure of Private Healthcare Data with Hippocratic Database, White Paper, IBM.

Agrawal, R. and Johnson, C. (2007) ‘Securing electronic health records without impeding the flow of information’, International Journal of Medical Informatics, Vol. 76, Nos. 5/6, pp.471–479.

Bhatti, R., Samuel, A., Eltabakh, M.Y., Amjad, H. and Ghafoor, A. (2007) ‘Engineering a policy based system for federated healthcare databases’, IEEE Transactions on Knowledge and Data Engineering, Vol. 19, No. 3, pp.1288–1304.

Chan, V., Ray, P. and Parameswaran, N. (2008) ‘Mobile e-health monitoring: an agent-based approach’, IET Communications, Vol. 2, No. 2, pp.223–230.

Collmann, J., Lambert, D., Brummett, M., DeFord, D., Coleman, J., Cooper, T., McCall, K., Seymour, D., Albert, C. and Dorofee, A. (2004) ‘Beyond good practice: why HIPAA only addresses part of the data security problem’, International Congress Service, Proceedings of the 18th International Congress and Exhibition, 23–26 June, Chicago, USA, Vol. 1268, pp.113–118.

Grove, R. (2000) ‘Internet-based expert systems’, Expert Systems, Vol. 17, No. 3, pp.129–135.

HIPAA (1996a) Health Insurance Portability Accountability Act of 1996 (HIPAA), Centers for Medicare and Medicaid Services (1996). Available online at: http://www.cms.hhs. gov/hipaageninfo

HIPAA (1996b) Health Insurance Portability and Accountability Act of 1996, 104th Congress, Public Law 104–191.

Hu, J., Chen, H. and Hou, T. (2010) ‘A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations’, Computer Standards & Interfaces, Vol. 32, Nos. 5/6, pp.274–280.

Huang, H.F. and Liu, K.C. (2011) ‘Efficient key management for preserving HIPAA regulations’, The Journal of Systems and Software, Vol. 84, No. 1, pp.113–119.

Hwang, G., Chen, J., Hwang, G. and Chu, H. (2006) ‘A time scale-oriented approach for building medical expert systems’, Expert Systems with Applications, Vol. 31, No. 2, pp.299–308.

Lee, W.B. and Lee, C.D. (2008) ‘A cryptographic key management solution for HIPAA privacy/security regulations’, IEEE Transactions on Information Technology in Biomedicine, Vol. 12, No. 1, pp.34–41.

Mateo, R.M.A., Lee, J. and Gerardo, B.D. (2008) ‘Healthcare expert system based on group cooperation model’, International Journal of Software Engineering and its Application, Vol. 2, No. 1, pp.105–115.

May, T.T. (1998) ‘Medical information security: the evolving challenge’, Proceedings of the 32nd Annual International Carnahan Conference on Security Technology, 12–14 October, Alexandria, VA, USA, pp.85–92.

NIST (2011) Introduction to Public Key Technology and the Federal PKI Infrastructure, National Institute of Standards and Technology, 26th February.

Osuagwu, C.C. and Okafor, E.C. (2010) ‘Framework for eliciting knowledge for a medical laboratory diagnostic expert system’, Expert Systems with Applications, Vol. 37, No. 7, pp.5009–5016.

Rongyu, H., Guolei, Z., Chaowen, C., Hui, X., Xi, Q. and Zheng, Q. (2009) ‘A PK-SIM card based end-to-end security framework for SMS’, Computer Standards & Interfaces, Vol. 31, No. 4, pp.629–641.

Shortlife, E.H. (1986) ‘Medical expert systems-knowledge tools for physicians’, The Western Journal of Medicine, Vol. 145, No. 6, pp.830–839.

Stallings, W. (2009) Cryptography and Network Security: Principles and Practices, 4th ed., Prentice Hall, pp.420–430.

Weise, J. (2001) Public Key Infrastructure Overview, Sun PSSM Global Security Practice, Sun Blue Prints™.

Yanga, C.M., Lina, H.C., Changb, P. and Jianc, W.S. (2006) ‘Taiwan’s perspective on electronic medical records’ security and privacy protection: lessons learned from HIPAA’, Computer Methods and Programs in Biomedicine, Vol. 82, No. 3, pp.277–282.

Yu, W.D. and Chekhanovskiy, M.A. (2007) ‘An electronic health record content protection system using smartcard and PMR’, Proceedings of the 9th International Conference on e-Health Networking, Application and Services 2007, 19–22 June, Taipei, Taiwan, pp.11–18.

Yu, W.D., Ray, P. and Motoc, T. (2006) ‘A RFID technology based wireless mobile multimedia system in healthcare’, Proceedings of the 8th International Conference on e-Health Networking, Applications and Services, HEALTHCOM 2006, 17–19 August, New Delhi, pp.1–8.