Masters Theses

Date of Award

5-2025

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Scott Ruoti

Committee Members

Scott Ruoti, Doowon Kim, Fnu Suya

Abstract

This thesis presents a comprehensive evaluation of the security foundations in modern Electronic Health Record (EHR) systems, emphasizing the persistent gap between usability-driven deployments and robust data protection. We assessed leading opensource and commercial EHR platforms—including OpenMRS, GNU Health, Epic, Cerner, and NextGen through a structured taxonomy of security, utility, deployability, and usability properties. Our evaluation revealed that while these systems offer mature interfaces and scalable deployments, they commonly lack critical protections such as record-level confidentiality, tamper-evident audit logs, and mechanisms for patient-controlled access. To address these shortcomings, we designed a cryptographically secure EHR architecture. Our approach enables fine-grained access policies, enforces per-record encryption using distinct keys, and ensures that only authorized parties can decrypt patient data. This system prioritizes patient sovereignty, minimizes insider threat vectors, and provides verifiable provenance across access events. Through comparative analysis and architectural modeling, we identify trade-offs in emergency access, metadata privacy, and clinical usability. The findings underscore the need for rethinking EHR security from the ground up, embedding cryptographic assurances without compromising operational workflows. This thesis contributes a modular framework for secure EHR design using cryptography and outlines future work on protocol standardization and usability optimization for deployment in real-world healthcare settings.

Download
Files over 3MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS