Mark Rodzinka


In this thesis we investigate the relationship of security, privacy, legislation, computational power in relation to Cross-Enterprise User Assertions (XUA), which allows us to develop the recommendations for the appropriate, architecture, functionality, cryptographic algorithms, and key lengths. The evolution of health records from paper to electronic media promises to be an important part of improving the quality of health care. The diversity of organizations, systems, geography,laws and regulations create a significant challenge for ensuring the privacy of Electronic Health Records (EHRs), while maintaining availability. XUA is a technology that attempts to address the problem of sharing EHRs across enterprise boundaries. We rely on NSA suite B cryptography to provide the fundamental framework of the minimum security requirements at the 128 bit security level. We also recommend the use of the National Institute of Standards and Technologys (NIST) FIPS 140-2 specification to establish confidence in the software's security features.

Library of Congress Subject Headings

Medical records--Data processing; Medical records--Access control; Data encryption (Computer science)

Publication Date


Document Type


Department, Program, or Center

Computer Science (GCCIS)


Radziszowski, Stanisław


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: R864 .R64 2012


RIT – Main Campus