680 CHAPTER 27 Security and Privacy for Mobile Health-Care (m-Health) Systems privacy and information sharing, and the pro- posed solution may lay the foundation for online fast access to patients' record in emergency situa- tions or collaborative diagnosis, hence can poten- tially save people's lives with proper and timely treatment. the delegator. Access control is an enhancement to delegation for further and accurately restrict- ing the data portions accessible to the delegatee. The revocation mechanism describes a dynamic approach to tackle unexpected or urgent revoca- tion issues. The ultimate goal of the architecture described in this chapter is to simulate, imple- ment, and test HIPS to obtain the first functional, secure, and private EHR-based health-care sys- tem, with the following design objectives: 1. Establishing trust: leveraging hierarchical identity (ID)-based cryptography (HIBC) for authentication and key management. 2. Protecting patient privacy: featuring patient- controlled health information for bet- terprivacy and compliance with HIPAA regulations. 3. Controlling access to patients' health records: bearing different design requirements for the 27.2. ELECTRONIC HEALTH RECORD (EHR) Electronic health record refers to a patient's medical record created, stored, transferred, and accessed digitally, as opposed to the traditional paper-based health record. EHR is the central piece of information in realizing electronic health care and may record medical data such as radi- ology images (CAT, MRI, and X-ray), laboratory test results, medication, allergy, disease history, billing information, as well as some processed or aggregated medical data (ECG, emergencies, crit-