Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access

Md Al Amin; Rushabh Shah; Hemanth Tummala; Indrajit Ray

doi:10.5220/0013527000003979

Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access

Md Al Amin, Rushabh Shah, Hemanth Tummala, Indrajit Ray

2025

Abstract

HIPAA, HITECH, GDPR, and other data protection laws and regulations mandate patients’ consent to access and share their data. They also impose compliance requirements for healthcare organizations. Non-compliance cases or failure to comply come with financial, reputational, business, and other penalties. In emergency medical situations, accessing a patient’s protected health information or records can be critical to saving lives, especially when the patient is unconscious or unable to consent. This paper addresses the need for a secure, compliant, auditable system for emergency PHI access. We propose a blockchain and smart contract-based policy compliance framework where the emergency duty doctor requests access and must obtain approval from the senior in charge, which is recorded through multi-signature transactions. Once access is granted, the patient or their emergency contact is notified. To prevent unauthorized modifications, all actions are captured as immutable audit logs within a private blockchain network. The compliance check uses a novel Proof of Compliance (PoC) consensus mechanism, ensuring all access requests adhere to defined policies. This framework offers transparency, accountability, and security for emergency PHI access requirements.

Download

Paper Citation

in Harvard Style

Al Amin M., Shah R., Tummala H. and Ray I. (2025). Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 195-208. DOI: 10.5220/0013527000003979

in Bibtex Style

@conference{secrypt25,
author={Md Al Amin and Rushabh Shah and Hemanth Tummala and Indrajit Ray},
title={Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={195-208},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013527000003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access
SN - 978-989-758-760-3
AU - Al Amin M.
AU - Shah R.
AU - Tummala H.
AU - Ray I.
PY - 2025
SP - 195
EP - 208
DO - 10.5220/0013527000003979
PB - SciTePress