Abstract: A Personal Health Record system enables a patient to create, manage, and control his/her personal health information in one place with the use of the web, which provides the services such as storage, retrieval, and sharing of the medical information more effectively and efficiently. Especially, each patient has full control on their medical records and can able to share their personal health data among the wide range of users, such as healthcare providers, friends and family members. PHR is an patient centric model of health information exchange, which is outsourced to be stored on third party servers such as cloud. Due to the high cost to build and maintain specialized data centres, many Personal Health Record services are outsourced to third-party service providers, such as Microsoft Health Vault. Recently, scheme of storing PHRs in cloud have been proposed. There are many security as well as privacy concerns such as personal health information could be exposed to the third party servers and unauthorised parties. To assure the patients fully control over their own PHRs, it is very efficient method to encrypt the PHRs before outsourcing. The privacy and security issues such as risk of privacy, key management flexible access, it is an important challenges to achieve the fine-grained access over the data. To achieve scalable and fine-grained access control over PHRs, we used attributed based encryption (ABE) policy to encrypt PHR of each patient. In order to protect the data (PHI) stored on semi-trusted or third party servers, we used attribute based encryption (ABE) technique for encrypting the patient’s PHR data. A degree of patients PHRs privacy is guaranteed by exploiting multi-authority ABE (MA-ABE).

Keywords: Personal health records, patient-centric privacy, cloud computing, , fine-grained access control, Attributed-based encryption.