Degree Name

Doctor of Philosophy


School of Information Systems & Technology


Information technology is expected to become an essential tool in providing reliable information for supporting the delivery of health care services. Nevertheless, incorporating such technologies to support the provision of healthcare raises concerns over the protection of patient‟s information. The technological, social and legal implications regarding the access and release of medical data have to be considered carefully during the implementation of interconnected health information systems. Secure and effective data exchange along with the protection of patient‟s confidentiality are two issues that electronic health records need to address to make them reliable and secure in a shared care environment. In this thesis, the author explores these issues by analysing several topics regarding electronic health records, communication, exchange of information and security. The result of this analysis provides an understanding of the framework required to support the exchange of EHRs in a shared care environment. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients‟ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information. A prototype version of a communication interface based on the proposed solution has been implemented and tested to evaluate its viability. The prototype has shown that attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.