Widespread adoption of health information sharing is claimed to improve healthcare quality at reduced cost due to the ability for providers to share healthcare information rapidly, reliably, and securely. During emergency access, however, such sharing may affect patient privacy adversely and steps must be taken to ensure privacy is preserved. Australia and the US have taken different approaches toward health information sharing. The Australian approach broadly uses a "push" model where a summary record is extracted from local health records, and pushed into a centralized system accessed by providers. Under the US approach, providers during emergency access generally "pull" health records from a centralized system that typically replicates local health records. On the other hand, the centralized repository most likely will be a third party cloud provider that offers on demand availability of high quality and cost effective services. These features make cloud computing a perfect infrastructure for EHR systems. The fact that medical data are handled and managed by a third party cloud provider, however, requires additional security mechanisms, i.e. auditing, to preserve data confidentiality, integrity, and privacy. This thesis contrasts the Australian and US approaches to information sharing during emergency access, focusing on patient privacy preservation. It develops a generalized approach to enhance patient privacy during emergency access using "push" and "pull" approaches. It presents an auditing service implementation over a multi-cloud data repository. It finally shows preliminary results from a proof-of-concept EHR system.
Library of Congress Subject Headings
Medical records--Data processing; Communication in emergency medicine--Australia; Communication in emergency medicine--United States; Data protection--Australia; Data protection--United States; Cloud computing--Security measures
Department, Program, or Center
Computer Science (GCCIS)
Darnasser, Muhannad, "Toward privacy-preserving emergency access in EHR systems with data auditing" (2013). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus