Design of RSA-CA Based E-Health System for Supporting HIPAA Privacy-Security Regulations

The privacy and the security regulations are two essential requirements of Health Insurance Portability and Accountability Act (HIPAA), recognized by US congress in 1996 as the US Federal Law followed by global e-health industry, in the protection of healthcare privacy. In this paper, a certificate authority (CA) based duality solution has been proposed to fulfill the HIPAA privacy and security regulations that supports both contract and smart card based systems. It presents a patient-centric e-health system based on RSA based public key certificate that allows secure sharing of healthcare information through internet. Doctors and relevant medical staff must have to take patients' permission for online access to patients' PHI data stored in the national medical center server (MCS). A copy of PHI text-data is stored in patients e-health smart card to support the duality. A random session key is generated in each appointment after prior authentication to upload and retrieve patients' PHI data to or from MCS. One advantage is that the proposed CA based e-health system is easy implementable using existing security standards, tools and products. Discussions regarding the fulfillment of HIPAA regulations and comparison with the existing schemes have been provided to show the better performance of our scheme. (C) 2012 The Authors. Published by Elsevier Ltd. Selection and/or peer-review under responsibility of the Department of Computer Science & Engineering, National Institute of Technology Rourkela