Traditional security measures - like cryptography or encryption - can
be expensive, time-consuming, and computing-intensive. Researchers at Binghamton University, State University of New York
have devised a new way to protect personal electronic health records
using a patient's own heartbeat.
"The cost and complexity of traditional encryption solutions prevent
them being directly applied to telemedicine or mobile healthcare. Those
systems are gradually replacing clinic-centered healthcare, and we
wanted to find a unique solution to protect sensitive personal health
data with something simple, available and cost-effective," said Zhanpeng
Jin, assistant professor in the Department of Electrical and Computer
Engineering at the Thomas J. Watson School of Engineering and Applied
Science at Binghamton University.
‘A person's unique electrocardiograph (ECG) was used by researchers to lock and unlock the files with patient data.’
Jin is the co-author of a new paper
titled "A Robust and Reusable ECG-based Authentication and Data
Encryption Scheme for eHealth Systems."
researchers encrypted patient data using a person's unique
electrocardiograph (ECG) - a measurement of the electrical activity of
the heart measured by a biosensor attached to the skin - as the key to
lock and unlock the files.
"The ECG signal is one of the most important and common
physiological parameters collected and analyzed to understand a
patient's' health," said Jin. "While ECG signals are collected for
clinical diagnosis and transmitted through networks to electronic health
records, we strategically reused the ECG signals for the data
encryption. Through this strategy, the security and privacy can be
enhanced while minimum cost will be added."
Essentially, the patient's heartbeat is the password to access their electronic health records.
The identification scheme is a combination of previous work by
Jin using a person's unique brainprint instead of traditional passwords
for access to computers and buildings combined with cyber-security work
from Guo and Chen.
"This research will be very helpful and significant for next-generation secure, personalized healthcare," said Jin.
Since an ECG may change due to age, illness or injury - or a patient
may just want to change how their records are accessed - researchers are
currently working out ways to incorporate those variables.
Assistant Professor Linke Guo and Associate Professor Yu Chen, along
with PhD candidates Pei Huang and Borui Li, are co-authors of the
The research was presented at The IEEE Global Communications Conference (GLOBECOM 2016) in Washington, D.C., in December 2016.