Abstract
Patients can track, manage, and share their personal health information (PHI). There are security concerns with the ownership and custodianship of PHI. Traditional provider-facing access control (AC) policies have been applied to many patient-facing applications without consideration as to whether these controls are comprehensible and sufficient. We have conducted a scoping literature review of on AC and patient privacy (n = 31) to identify the state of knowledge and to understand what is being done to address this gap. Synthesizing the results we propose Circle of Health Based AC, a graphical patient-centric AC model. The model has been validated with a panel of user experience, healthcare, and security experts. This work will discuss the scoping literature review and describe the proposed model and justification for it’s applications for user-defined access policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Norman, D.A.: The Design of Everyday Things: Revised and Expanded Edition. Basic Books, New York (2013)
Price, M.: Circle of Care Modeling: Seeking Improvements in Continuity of Care for end of life patients. PhD Dissertation, School of Health Information Science, University of Victoria (2009)
Pham, H., Schrag, D., O’Malley, A., Wu, B., Bach, P.: Care patterns in Medicare and their implications for pay for performance. New Engl. J. Med. 356(11), 1130 (2007)
Kahn, J.S., Aulakh, V., Bosworth, A.: What it takes: characteristics of the ideal personal health record. Health Aff. 28(2), 369–376 (2009)
Arksey, H., O’Malley, L.: Scoping studies: towards a methodological framework. Int. J. Soc. Res. Methodol. 8(1), 19–32 (2005)
Hue, P.T.B., Wohlgemuth, S., Echizen, I., Thuc, N.D., Thuy, D.T.B.: An experimental evaluation for a new column-level access control mechanism for electronic health record systems. Int. J. U- E-Serv. Sci. Technol. 4(3), 73–86 (2011). http://www.sersc.org/journals/IJUNESST/vol4_no4/1.pdf
Trojer, T., Katt, B., Ozata, T., Breu, R., Mangesius, P., Schabetsberger, T.: Factors of access control management in electronic healthcare: the patients perspective, pp. 2967–2976. IEEE (2014). https://doi.org/10.1109/HICSS.2014.369
Levy, K., Sargent, B., Bai, Y.: A trust-aware tag-based privacy control for eHealth 2.0. In: Proceedings of the 2011 Conference on Information Technology Education. ACM (2011)
Margheri, A., et al.: On a formal and user-friendly linguistic approach to access control of electronic health data, pp. 263–268 (2013)
Ssembatya, R.: An access control framework for protecting mobile health records: the case study of developing countries. In: Proceedings of the Ninth International Network Conference (INC 2012) (2012). Lulu.com
Sicuranza, M., Esposito, A.: An access control model for easy management of patient privacy in EHR systems. In: 2013 8th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 463–470 (2013). https://doi.org/10.1109/ICITST.2013.6750243
Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Graph transformation systems. In: Ehrig, H., Ehrig, K., Prange, U., Taentzer, G. (eds.) Fundamentals of Algebraic Graph Transformation. EATCS, pp. 37–71. Springer, Heidelberg (2006). https://doi.org/10.1007/3-540-31188-2_3
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Habibi, R., Weber, J., Price, M. (2018). Circle of Health Based Access Control for Personal Health Information Systems. In: Liu, P., Mauw, S., Stolen, K. (eds) Graphical Models for Security. GraMSec 2017. Lecture Notes in Computer Science(), vol 10744. Springer, Cham. https://doi.org/10.1007/978-3-319-74860-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-74860-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74859-7
Online ISBN: 978-3-319-74860-3
eBook Packages: Computer ScienceComputer Science (R0)