Sensitive and Energetic IoT Access Control for Managing Cloud Electronic Health Records

Electronic health records (EHRs) replaced the old paper-based systems to make patient data more accurate, reliable, and more accessible. Yet, the EHRs system requires high transmission cost, energy, and waste of time for both doctors and patients. Furthermore, EHRs security presents a serious issue threatening the patient's privacy. Most of the third-party hosting systems have some issues related to the users' privacy and data security. Hence, it is necessary to restrict the access control policies and develop efficient mechanisms for cloud-based EHRs data. In this paper, a sensitive and energetic access control (SE-AC) mechanism is proposed for managing the cloud-hosted EHRs and providing a fine-grained access control even in critical situations. The proposed mechanism ensures the confidentiality of the patient's data, where only authorized individuals to have permission to be able to edit or review certain of the patient's data. Each EHR data is encrypted by the managing authority before submitting to the cloud storage. The requesting user can get dynamically changing permissions based on authentication and context attributes. In addition, seven major aspects have been quantified to assess the operation of any access control that could be deployed in the Internet-of-Thing (IoT). The security analysis indicates that the SE-AC mechanism is secure and will prevent any unauthorized access. The results show exceptional compatibility and performance with different setups and configuration.