Cryptographic access control in electronic health record systems: A security implication