Literature DB >> 17460132

Encryption characteristics of two USB-based personal health record devices.

Adam Wright1, Dean F Sittig.   

Abstract

Personal health records (PHRs) hold great promise for empowering patients and increasing the accuracy and completeness of health information. We reviewed two small USB-based PHR devices that allow a patient to easily store and transport their personal health information. Both devices offer password protection and encryption features. Analysis of the devices shows that they store their data in a Microsoft Access database. Due to a flaw in the encryption of this database, recovering the user's password can be accomplished with minimal effort. Our analysis also showed that, rather than encrypting health information with the password chosen by the user, the devices stored the user's password as a string in the database and then encrypted that database with a common password set by the manufacturer. This is another serious vulnerability. This article describes the weaknesses we discovered, outlines three critical flaws with the security model used by the devices, and recommends four guidelines for improving the security of similar devices.

Entities:  

Mesh:

Year:  2007        PMID: 17460132      PMCID: PMC2244899          DOI: 10.1197/jamia.M2352

Source DB:  PubMed          Journal:  J Am Med Inform Assoc        ISSN: 1067-5027            Impact factor:   4.497


  2 in total

1.  Security threat posed by USB-based personal health records.

Authors:  Adam Wright; Dean F Sittig
Journal:  Ann Intern Med       Date:  2007-02-20       Impact factor: 25.391

2.  Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption.

Authors:  Paul C Tang; Joan S Ash; David W Bates; J Marc Overhage; Daniel Z Sands
Journal:  J Am Med Inform Assoc       Date:  2005-12-15       Impact factor: 4.497
  2 in total
  7 in total

1.  A patient-centric taxonomy for personal health records (PHRs).

Authors:  Adam Vincent; David C Kaelber; David Charles Kaelber; Eric Pan; Sapna Shah; Sapna S Shah; Douglas Johnston; Blackford Middleton
Journal:  AMIA Annu Symp Proc       Date:  2008-11-06

Review 2.  Personal health records: a scoping review.

Authors:  N Archer; U Fevrier-Thomas; C Lokker; K A McKibbon; S E Straus
Journal:  J Am Med Inform Assoc       Date:  2011 Jul-Aug       Impact factor: 4.497

3.  A research agenda for personal health records (PHRs).

Authors:  David C Kaelber; Ashish K Jha; Douglas Johnston; Blackford Middleton; David W Bates
Journal:  J Am Med Inform Assoc       Date:  2008-08-28       Impact factor: 4.497

4.  Patient accessible electronic health records: exploring recommendations for successful implementation strategies.

Authors:  David Wiljer; Sara Urowitz; Emma Apatu; Claudette DeLenardo; Gunther Eysenbach; Tamara Harth; Howard Pai; Kevin J Leonard
Journal:  J Med Internet Res       Date:  2008-10-31       Impact factor: 5.428

5.  Indivo: a personally controlled health record for health information exchange and communication.

Authors:  Kenneth D Mandl; William W Simons; William C R Crawford; Jonathan M Abbett
Journal:  BMC Med Inform Decis Mak       Date:  2007-09-12       Impact factor: 2.796

6.  Social and self-reflective use of a Web-based personally controlled health management system.

Authors:  Annie Ys Lau; Adam G Dunn; Nathan Mortimer; Aideen Gallagher; Judith Proudfoot; Annie Andrews; Siaw-Teng Liaw; Jacinta Crimmins; Amaël Arguel; Enrico Coiera
Journal:  J Med Internet Res       Date:  2013-09-23       Impact factor: 5.428

7.  Patients' acceptance towards a web-based personal health record system: an empirical study in Taiwan.

Authors:  Chung-Feng Liu; Yung-Chieh Tsai; Fong-Lin Jang
Journal:  Int J Environ Res Public Health       Date:  2013-10-17       Impact factor: 3.390
  7 in total

北京卡尤迪生物科技股份有限公司 © 2022-2023.