Security-aware department matching and doctor searching for online appointment registration system

Abstract

In a modern hospital information system, an online appointment registration system has become a mainstream trend. It brings convenience and reduces waiting time for patients in the hospital. However, it also causes patients' personal privacy disclosure and security vulnerability problems. In order to address these issues, we propose a novel secure-aware online appointment registration system, which can achieve department matching and doctor searching with privacy preservation. First, a patient can describe his/her symptoms with searchable encryption and sends the ciphertext to the cloud server. Then, the electronic health record (EHR) cloud server matches information of the department associated with similar symptoms and sends the department in the ciphertext to the patient. Furthermore, the patient sends his/her requirements with attribute-based keyword search encryption to doctors' profile system (DPS) server, which can search for the appropriate doctors corresponding to the encrypted requirement without decrypting it. The doctors' profiles are sent to the searcher in the ciphertext. At last, the patient can make an online appointment with the expected doctor. The security analysis demonstrates that the system can achieve data confidentiality and integrity, mutual authentication, secure search, anonymity, and trapdoor unlinkability.