Secure Handling of Electronic Health Records for Telemedicine Applications

Abstract: Medical record systems are used whenever caregiving is practiced. The medical records serve an important role in establishing patient safety. It is not possible to prevent honest-but-curious doctors from accessing records since it is legally required to allow doctors to access health records for emergency cases. However, it is possible to log accesses to records and mitigate malicious behaviour through rate limiting. Nevertheless, many of the records systems today are lacking good authentication, logging and auditing and existing proposals for securing medical records systems focus on the context of multiple different healthcare providers. In this thesis, an architecture for an electronic health records system for a telemedicine provider is designed. The architecture is based on several requirements from both the legal perspective and general security conventions, but also from a doctor’s perspective. Unlike the legal and general security conventions perspective, doctor requirements are more functionality and usability concerns rather than security concerns. The architecture is evaluated based on two main threat models and one secondary threat model, i.e. insider adversaries. Almost all requirements are satisfied by the solution design, but the two main threat models can not be entirely mitigated. It is found that confidentiality can be violated by the two main threat models, but the impact is heavily limited through audit logging and rate limiting.