Balancing Privacy and Flexibility of Cloud-based Personal Health Records Sharing System

Publication Name

IEEE Transactions on Cloud Computing


The Internet of Things and cloud services have been widely adopted in many applications, and personal health records (PHR) can provide tailored medical care. The PHR data is usually stored on cloud servers for sharing. Weighted ABE is a practical and flexible technique to protect PHR data. Under a weighted ABE policy, the data user's attributes will be “scored”, if and only if the score reaches the threshold value, they can access the data. However, while this approach offers a flexible access policy, the data owners have difficulty controlling their privacy, especially sharing PHR data in collaborative e-health systems. This paper aims to find a balance between privacy and flexibility and proposes an AND-weighted ABE scheme in cloud-based personal health records sharing systems. The proposed scheme can meet both privacy and flexibility. Only when the data user satisfies the scored-based policy and is in the specified organization(s), can the data user access the PHR data. Besides, we give the security proof and the performance evaluation of the proposed scheme. The security proof and performance analysis show that the proposed scheme can efficiently and securely share PHR data in cloud service.

Open Access Status

This publication is not available as open access



Link to publisher version (DOI)