In case of emergency, do not break the glass!: Secure cross-organisational data sharing in acute care

This thesis presents various secure mechanisms for cross-organisational data sharing during acute stroke care. In such situations, access to the data is urgent. For all the proposals, we assume the patients' EMR are stored in a cloud system to improve accessibility and collection of medical records during the emergency. However, to protect against abuse or internal attacks in the cloud providers, the patient's EMR is stored as ciphertext in the cloud, and the encryption keys are only shared with the involved acute care teams. Additionally, the proposed protocols are used to dynamically grant and revoke access to the patient's EMR for the healthcare teams according to the needs of triage, diagnosis, hospital selection and treatment. This thesis presents mechanisms for secure cross-organisational data sharing during acute stroke care. The proposed mechanisms are applicable and generalisable to other acute and non-acute care cases. These mechanisms focus on improving data availability once the security requirements are fulfilled, so the professionals no longer need break-glass procedures, even in emergencies. Instead, access to data happens with lawful purpose, without compromising patient privacy. Furthermore, cross-organisational data sharing requires trustworthiness among organisations, which needs to be built with regulation compliance and transparency. The proposed mechanisms of this thesis may help future healthcare digital systems comply with the regulations and be more transparent, thus improving security and enabling data sharing across organisations.