Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy-Preserving Patient Identity Management Framework for Secure Healthcare Access

Nasif Muslim, Jean-Charles Grégoire

TL;DR

A privacy-preserving, patient-centric identity management framework specifically tailored to the operational and regulatory requirements of healthcare, which balances operational reliability with strong privacy protections through a rooted trust anchor, anonymous pseudonyms, and a conditional traceability mechanism.

Abstract

Effective healthcare delivery depends on accurate longitudinal health records and addressing patients' concerns regarding the privacy of their information. While patient authentication is essential, reusing patient identifiers exposes individuals to linkability (associating multiple visits) and traceability (tying visits to real-world identities) risks. This paper presents a privacy-preserving, patient-centric identity management framework specifically tailored to the operational and regulatory requirements of healthcare. The framework balances operational reliability with strong privacy protections through a rooted trust anchor, anonymous pseudonyms, and a conditional traceability mechanism. It is formally specified, and its security and privacy properties are evaluated through MSRA-based architectural analysis and complementary formal verification. Simulation-based evaluation demonstrates that the framework's identity workflows are operationally feasible within the latency bounds typical of clinical environments.

Privacy-Preserving Patient Identity Management Framework for Secure Healthcare Access

TL;DR

A privacy-preserving, patient-centric identity management framework specifically tailored to the operational and regulatory requirements of healthcare, which balances operational reliability with strong privacy protections through a rooted trust anchor, anonymous pseudonyms, and a conditional traceability mechanism.

Abstract

Effective healthcare delivery depends on accurate longitudinal health records and addressing patients' concerns regarding the privacy of their information. While patient authentication is essential, reusing patient identifiers exposes individuals to linkability (associating multiple visits) and traceability (tying visits to real-world identities) risks. This paper presents a privacy-preserving, patient-centric identity management framework specifically tailored to the operational and regulatory requirements of healthcare. The framework balances operational reliability with strong privacy protections through a rooted trust anchor, anonymous pseudonyms, and a conditional traceability mechanism. It is formally specified, and its security and privacy properties are evaluated through MSRA-based architectural analysis and complementary formal verification. Simulation-based evaluation demonstrates that the framework's identity workflows are operationally feasible within the latency bounds typical of clinical environments.
Paper Structure (47 sections, 3 theorems, 8 equations, 9 figures, 9 tables)

This paper contains 47 sections, 3 theorems, 8 equations, 9 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Identity Management
  4. Identity, Credential, and Their Role in Identity Management
  5. An IDM Framework
  6. Credential Issuance and Maintenance Module (CIMM)
  7. Access Management Module (AMM)
  8. Decentralized Identity Management (DIDM)
  9. Limitations of Identity Management in Healthcare
  10. Design Overview of the HIDM Framework
  11. Architecture of the HIDM
  12. Immutable Ledgers Supporting the HIDM Framework
  13. Patient Interaction with HIDM Framework
  14. Patient Key Management
  15. Issuance of Patient Credential
  16. ...and 32 more sections

Key Result

Theorem 5.1

Let $\Sigma$ be a digital signature scheme that is Existentially Unforgeable under Chosen Message Attack (EUF-CMA) secure. Consider any protocol that issues artifacts of the form: Then artifacts produced under $\Sigma$ are existentially unforgeable: no adversary can output $[M^{*},\sigma^{*}]$ with $M^{*}$ not previously submitted to the signing oracle and $\mathsf{Verify}(Y_{\mathsf{issuer}},M^{

Figures (9)

  • Figure 1: Coordinated identity reconstruction workflow showing the separation of duties between the PTA and APC
  • Figure 2: Architecture of the HIDM framework
  • Figure 3: Sequence diagram illustrating the issuance of a Patient Credential
  • Figure 4: Sequence diagram of Pseudonym Token issuance
  • Figure 5: Sequence diagram of pseudonym-specific private key issuance
  • ...and 4 more figures

Theorems & Definitions (5)

  • Theorem 5.1: Generic unforgeability of issuer-signed artifacts
  • proof : Proof (reduction)
  • Corollary 5.2: Unforgeability of domain-specific artifacts
  • Theorem 5.3: Replay resistance of appointment tokens
  • proof : Proof sketch