Abstract

The Personal Health Record (PHR) acts as a central repository for health information, often managed by third-party cloud providers. However, this raises privacy concerns as sensitive personal health data could be exposed. To address this, we propose innovative data control mechanisms specifically designed for PHRs hosted on semi-trusted servers. Utilizing Attribute- Based Encryption (ABE) techniques, we encrypt each patient's PHR file, drawing from previous research on secure data outsourcing. Unlike existing methods, our focus lies in streamlining core management for PHR users and owners across different scenarios. By employing Multi- Authorization ABE, we ensure robust patient privacy while facilitating access policies, dynamic attribute adjustments, user/attribute overrides upon request, and emergency mirror access. Our study includes comprehensive analytical and experimental assessments to validate the safety, scalability, and effectiveness of our proposed approach.