Personal health records (PHRs) have been developed into a type of patient-centered health information exchange model in recent years. It provides users powerful saving, reading, and sharing of medical data. Considering the fullness of current Cloud construction, complicated combination of hospital staff, differences of prioritization between hospital staff and patients, and varied levels of privacy regulation of people in groups or individuals, the difficulty of security exchange and information sharing will increase. Therefore, there is necessity of existence for one flexible and efficient group-oriented cryptosystem. We proposed a bilinear pairing-based group-oriented cryptosystem to overcame above situations. This proposal owns the following advantages: (I) The cryptosystem can simultaneously realize four decryption strategies, enabling receivers to designate appropriate decryptors according to the content of plaintext. (II) All group members need only one private key, which can be used for decryption regardless of the decryption modes. Therefore, errors resulting from the misuse of keys can be avoided, and the difficulty of key management can be reduced. (III) The system is required to disclose only six parameters, thus decreasing spatial complexity. (IV) Regardless of the encryption and decryption modes, receivers must perform encryption only one time, and the length of the ciphertext comprises only four parameters. Thus, the proposed cryptosystem computing (including environment setting and the processes of encryption and decryption) is highly efficient, with easy key management, low spatial complexity, and small amount of ciphertext being transmitted.

Introduction

With the emergence of cloud computing, most healthcare information technology providers and healthcare service providers have begun to transfer the PHR service to cloud systems. Cloud systems provide storage space and software as a service (SaaS), enabling software service providers to use nearly unlimited and flexible storage space and computing resources [1], [2]. To reduce their operating costs, an increasing number of PHR providers are transferring their PHR applications and data storage services to clouds, instead of establishing a specific data center. For example, Google and Microsoft, the two major cloud platform providers, both provide PHR services on their clouds, namely Google Health and Microsoft HealthVault [3]. PHR investment generally is based on the interest and efficiency-oriented goals of increasing patients’ power or improving disease management. However, patients are most concerned about the security and confidentiality of PHR and other healthcare systems. Health Insurance Portability and Accountability Act (HIPAA) formulated in 1996 outlines the legal protection of PHR privacy and security.