Secure Electronic Medical Record (EMR) System

Personal information protection has emerged as a sensitive issue since General Data Protection Regulation (GDPR), and medical information is sensitive but it has to be used as data for research and other statistical analysis. In this respect, medical information has special attention, unlike other general information. Especially for the medical information in the EMR and EHR systems, the information subject is a patient, but the information generator is a medical staff, not a patient, which is a unique characteristic in that the information subject and the information generator are not the same. However, some security researchers overlooked the characteristics of these medical information and proposed patient-controlled medical information systems, which were not applicable to the current medical law and medical system. To solve this problem, we classify the hospital patient's treatment process step by step, identify the type and characteristics of information generated in each step and apply the appropriate encryption key, and propose a secure protocol that applies cryptographic methods to the entire process from patient treatment to providing information to external organizations.