In this thesis we investigate the relationship of security, privacy, legislation, computational power in relation to Cross-Enterprise User Assertions (XUA), which allows us to develop the recommendations for the appropriate, architecture, functionality, cryptographic algorithms, and key lengths. The evolution of health records from paper to electronic media promises to be an important part of improving the quality of health care. The diversity of organizations, systems, geography,laws and regulations create a significant challenge for ensuring the privacy of Electronic Health Records (EHRs), while maintaining availability. XUA is a technology that attempts to address the problem of sharing EHRs across enterprise boundaries. We rely on NSA suite B cryptography to provide the fundamental framework of the minimum security requirements at the 128 bit security level. We also recommend the use of the National Institute of Standards and Technologys (NIST) FIPS 140-2 specification to establish confidence in the software's security features.
Library of Congress Subject Headings
Medical records--Data processing; Medical records--Access control; Data encryption (Computer science)
Department, Program, or Center
Computer Science (GCCIS)
Rodzinka, Mark, "Cross-enterprise access control security for electronic health records: Technical, practical and legislation impact" (2012). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus