Abstract
If the quality and efficiency of medical services
are to be ensured, electronic health records (EHR)
and EHR-supporting infrastructure must be prevalent.
Many hospitals, however, have EHR systems
for their internal use only, and the standardization
process for the exchange of medical information is
still in process. This standardization process
addresses information security and is considering
public key infrastructure (PKI) as one security
measure, but PKI is rarely used by medical practioners
because of its poor user-friendliness.
Here we propose an effective use of the identitybased
encryption (IBE) system as a security measure.
This system enables us to send encrypted
and signed messages without requiring the
receiver to get a public key, and it enables us to
deliver secured messages to ambiguous receivers
like those to whom letters of reference are sent. We
evaluated the feasibility of this technology by
using the analytic hierarchy process, which is an
effective analysis tool when selection and judgment
depend on nonquantitative psychological
factors, to analyze the results of an experiment in
which medical workers used E-mail agents with
and without PKI and IBE. We found that medical
practioners and researchers avoid using PKI
because of its poor user-friendliness and instead
use IBE even though it is harder to install. We
therefore think IBE would encourage medical
institutions to share patient records.
