Efficient key management for preserving HIPAA regulations

The protection of patients' health information is a very important issue in the information age. Health Insurance Portability and Accountability Act (HIPAA) of privacy and security regulations are two crucial provisions in the protection of healthcare privacy, especially electronic medical information. For the quality and efficiency of the electronic services, it is necessary to construct better performance for the user and the trusted party. Based on elliptic curve cryptography (ECC) and complying with HIPAA regulations, this article presents an efficient key management scheme to facilitate inter-operations among the applied cryptographic mechanisms. In addition, the proposed scheme can achieve the complete functionality which includes: (1) a dictionary of key tables is not required for users and other units; (2) users can freely choose their own passwords; (3) users can freely update their passwords after the registration phase; (4) the computational cost is very low for users and the trusted center or server; (5) users are able to access their individual medical information through the authorization process; (6) case of consent exceptions intended to facilitate emergency applications or other possible exceptions can also be dealt with easier. (C) 2010 Elsevier Inc. All rights reserved.