The present invention relates to mechanisms for secured communication between two or more devices/systems. In particular, the present invention relates to systems and methods that utilize physiological signals to encode secret data.
The current way of managing electronic health records (EHRs) has several key drawbacks, which cannot be sustained as the number of disparate health records for a patient increases over time. Setting up an EHR requires the patient to create a username and a password with an EHR provider or with the application used in the smartphone. Password based security in practice fails to provide adequate levels of privacy (enterprise security initiatives like FIDO are switching away from passwords) and can be easily forgotten given the large number of EHRs that an individual may maintain throughout his lifetime leading to loss of useful health data. Collating data from the disparate EHRs to create a comprehensive health history is therefore not easy. For the patients at the very least this requires managing usernames and passwords at for each of the EHR that they have. This is not scalable. On the clinical side, this requires filling out cumbersome paperwork from one health system to the other causing considerable delays in diagnosis and treatment of a patient. Such delays can be especially inconvenient when the user is in need of emergency care. Another problem with our current approach of EHR management is that the health records have to be increasingly maintained for the entire lifetime of the patient. This imposes considerable burden on the system to keep patient data private, which often transforms into a long-term password maintenance nightmare and regular password changes. What is required is a more seamless scheme of ensuring the privacy of the disparate patient EHRs and make them available as needed.
The Health Insurance Portability and Accountability Act (HIPAA) rules any form of personally identifiable health information has to be secured. Hence the data collection phase requires a secure communication channel from the sensors to the smartphone and subsequently to the EHR. However, compliance to the HIPAA rules should not impose a high cognitive load on the user and has to be done implicitly in a fast and transparent way.