TY - GEN
T1 - Designing a secure e-health network system
AU - De Luca, Gabriel
AU - Brattstrom, Morgan
AU - Morreale, Patricia
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/6/13
Y1 - 2016/6/13
N2 - Healthcare data breaches are a growing issue, with healthcare security incidents increasing more than 900% in the last 2 years. A large U.S. health insurance provider had a major data breach, which resulted in the theft of more than 80 million patient and employee records. The U.S. Health Insurance Portability and Accountability Act (HIPAA) currently does not require Electronic Personal Health Information (ePHI) to be encrypted, increasing the vulnerability of e-health information. This paper proposes a secure e-health network system architecture which will significantly reduce the risk of data breaches and data theft, with minimal additional cost or network delay. This architecture is reliant on the application client and ensures authorized access to health records through the use of a secure client and a 2-step authentication process. The proposed network design will reduce instances of compromised networks, phishing attacks, or unwanted remote access, while improving authenticity of credentials.
AB - Healthcare data breaches are a growing issue, with healthcare security incidents increasing more than 900% in the last 2 years. A large U.S. health insurance provider had a major data breach, which resulted in the theft of more than 80 million patient and employee records. The U.S. Health Insurance Portability and Accountability Act (HIPAA) currently does not require Electronic Personal Health Information (ePHI) to be encrypted, increasing the vulnerability of e-health information. This paper proposes a secure e-health network system architecture which will significantly reduce the risk of data breaches and data theft, with minimal additional cost or network delay. This architecture is reliant on the application client and ensures authorized access to health records through the use of a secure client and a 2-step authentication process. The proposed network design will reduce instances of compromised networks, phishing attacks, or unwanted remote access, while improving authenticity of credentials.
KW - electronic health records
KW - Encryption
KW - secure client
KW - time-based one-time passwords (TOTP)
KW - two-step authentication
UR - http://www.scopus.com/inward/record.url?scp=84979200928&partnerID=8YFLogxK
U2 - 10.1109/SYSCON.2016.7490528
DO - 10.1109/SYSCON.2016.7490528
M3 - Conference contribution
AN - SCOPUS:84979200928
T3 - 10th Annual International Systems Conference, SysCon 2016 - Proceedings
BT - 10th Annual International Systems Conference, SysCon 2016 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th Annual International Systems Conference, SysCon 2016
Y2 - 18 April 2016 through 21 April 2016
ER -