Red Alert: Break-Glass Protocol to Access Encrypted Medical Records in the Cloud

Abstract

Availability of medical records during an emergency situation is of paramount importance since it allows healthcare professionals to access patient's data on time and properly plan the next steps that need to be taken. Cloud storage has the potential to provide a solution to the problem of data unavailability during an emergency situation. However, sharing medical records raises several concerns about security and privacy. In this paper, we study the problem of how to share encrypted patients' data during an emergency situation. To this end, we propose a protocol through which a team of healthcare professionals can securely decrypt the medical records of a patient who is under an emergency situation (e.g. acute stroke). Furthermore, our protocol ensures that a team of healthcare professionals will only have access to the patient's data for the time needed to complete a specific process related to the patient's situation (e.g. transfer patient to the hospital). In our study, the dynamically granting and revoking data access during an emergency treatment is the main novelty.