More Web Proxy on the site http://driver.im/

research-article

Patient-centric authorization framework for sharing electronic health records

Authors:

Michael J. Covington,

Xinwen ZhangAuthors Info & Claims

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

Pages 125 - 134

https://doi.org/10.1145/1542207.1542228

Published: 03 June 2009 Publication History

Abstract

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs.

In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.

References

[1]

Jaxe XML editor. http://jaxe.sourceforge.net/.

[2]

J. Barkley and K. Beznosov. Supporting relationships in access control using role based access control. In Proc. of 4th ACM Workshop on Role-Based Access Control, pages 55--65, 1999.

Digital Library

[3]

M. Y. Becker and P. Sewell. Cassandra: Flexible trust management, applied to electronic health records. In Proc. of IEEE 17th Computer Security Foundations Workshop, pages 139--154, 2004.

Digital Library

[4]

R. Bhatti, K. Moidu, and A. Ghafoor. Policy-based security management for federated healthcare databases (or RHIOs). In Proc. of the international workshop on Healthcare information and knowledge management, pages 41--48, 2006.

Digital Library

[5]

J.-W. Byun, E. Bertino, and N. Li. Purpose based access control of complex data for privacy protection. In Proc. of 10th ACM symposium on Access control models and technologies (SACMAT), pages 102--110, 2005.

Digital Library

[6]

Ciena. The national health information network creating a new vision. White Paper, Healthcare Information and Management Systems Society (HIMSS) Conference 2008, 2008.

[7]

E. Coiera and R. Clarke. e-consent: the design and implementation of consumer consent mechanisms in an electronic environment. Journal of the American Medical Informatics Association, 11(2):129--140, 2004.

[8]

dbMotion. White paper: The critical role of integrated patient information in the delivery of high quality healthcare, January 2008.

[9]

L. L. Dimitropoulos. Privacy and security solutions for interoperable health information exchange: Interim assessment of variation executive summary. http://www.rti.org/pubs/avas execsumm.pdf, July 2007. RTI Project Number 0209825.000.009.

[10]

R. H. Dolin, L. Alschuler, S. Boyer, C. Beebe, F. M. Behlen, and P. V. Biron. Hl7 clinical document architecture, release 2.0. ANSI Standard, 2004.

[11]

D. M. Eyers, J. Bacon, and K. Moody. OASIS role-based access control for electronic health records. In IEEE Proceedings - Software, pages 16--23, 2006.

[12]

C. Gates and J. Slonim. Owner-controlled information. In Proc. of the 2003 workshop on New security paradigms, pages 103--111, 2003.

Digital Library

[13]

J. Grimson, G. Stephens, B. Jung, W. Grimson, D. Berry, and S. Pardon. Sharing health-care records over the internet. IEEE Internet Computing, 5(3):49--58, 2002.

Digital Library

[14]

HL7. Hl7 reference information model. http://www.hl7.org/Library/data-model/RIM/modelpage_mem.htm.

[15]

R. Housley, W. Polk, W. Ford, and D. Solo. Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC3280, http://rfc.net/rfc3280.html, 2002.

Digital Library

[16]

IEEE-USA's Medical Technology Policy Committee Interoperability Working Group, editor. Interoperability for the National Health Information Network (NHIN). IEEE-USA EBOOKS, 2006.

[17]

Iowa Foundation for Medical Care. HISPC state implementation project summary and impact analysis report for the state of Iowa. http://www.ifmc.org/news/State Impact Report 11-27-07.doc, 2007.

[18]

J. Jin, G.-J. Ahn, M. J. Covington, and X. Zhang. Toward an access control model for sharing composite electronic health record. In Proc. of 4th International Conference on Collaborative Computing, 2008.

[19]

C. M. O'Keefe, P. Greenfield, and A. Goodchild. A decentralised approach to electronic consent and health information access control. Journal of Research and Practice in Information Technology, 37(2):161--178, 2005.

[20]

openEHR Community. openEHR. http://www.openehr.org.

[21]

M. Peleg, D. Beimel, D. Dori, and Y. Denekamp. Situation-based access control: Privacy management via modeling of patient data access scenarios. Journal of Biomedical Informatics, 41(6):1028--1040, 2008.

Digital Library

[22]

J. Pritts and K. Connor. The implementation of e-consent mechanisms in three countries: Canada, england, and the netherlands. SAMHSA report, http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf, 2007.

[23]

C. Ruan and V. Varadharajan. An authorization model for e-consent requirement in a health care application. Applied Cryptography and Network Security, LNCS, 2846:191--205, 2003.

[24]

N. Yang, H. Barringer, and N. Zhang. A purpose-based access control model. In Proc. of 3rd International Symposium on Information Assurance and Security (IAS), pages 143--148, 2007.

Digital Library

Cited By

Ingle NAloraini RAljohany RSamater FAl Ageil AAlshahrani M(2023)Implementation of Blockchain Technology Across Different Domains of Dentistry: A Systematic ReviewCureus10.7759/cureus.45512Online publication date: 18-Sep-2023
https://doi.org/10.7759/cureus.45512
Mokhamed TTalib MMoufti MAbbas SKhan F(2023)The Potential of Blockchain Technology in Dental Healthcare: A Literature ReviewSensors10.3390/s2306327723:6(3277)Online publication date: 20-Mar-2023
https://doi.org/10.3390/s23063277
Karimi LAldairi MJoshi JAbdelhakim M(2022)An Automatic Attribute-Based Access Control Policy Extraction From Access LogsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305433119:4(2304-2317)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3054331
Show More Cited By

Index Terms

Patient-centric authorization framework for sharing electronic health records
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Patient-centric authorization framework for electronic healthcare services

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health ...
A standard-based model for the sharing of patient-generated health information with electronic health records

This paper proposes a standard-based model for the automated collection of patient data using personal health devices and the secure sharing of these data with authorized providers' electronic health records (EHRs). The model addresses a number of ...
Electronic health records: how can IS researchers contribute to transforming healthcare?

Electronic health records (EHR) facilitate integration of patient health history for planning safe and proper treatment. Combined with data analytics, aggregate-level EHR enable examination and development of effective medicines and therapies for ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies

June 2009

258 pages

ISBN:9781605585376

DOI:10.1145/1542207

General Chair:
Barbara Carminati
University of Insubria, Italy
,
Program Chair:
James Joshi
University of Pittsburgh, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '09

Sponsor:

SACMAT '09: 14th ACM Symposium on Access Control Models and Technologies

June 3 - 5, 2009

Stresa, Italy

Acceptance Rates

SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

60
Total Citations
View Citations
1,322
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ingle NAloraini RAljohany RSamater FAl Ageil AAlshahrani M(2023)Implementation of Blockchain Technology Across Different Domains of Dentistry: A Systematic ReviewCureus10.7759/cureus.45512Online publication date: 18-Sep-2023
https://doi.org/10.7759/cureus.45512
Mokhamed TTalib MMoufti MAbbas SKhan F(2023)The Potential of Blockchain Technology in Dental Healthcare: A Literature ReviewSensors10.3390/s2306327723:6(3277)Online publication date: 20-Mar-2023
https://doi.org/10.3390/s23063277
Karimi LAldairi MJoshi JAbdelhakim M(2022)An Automatic Attribute-Based Access Control Policy Extraction From Access LogsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305433119:4(2304-2317)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3054331
Vijay MDevika RPriyangha B(2022)Anomaly Detection System and Resolution of Anomalies for Firewall PoliciesSmart Data Intelligence10.1007/978-981-19-3311-0_12(135-144)Online publication date: 18-Aug-2022
https://doi.org/10.1007/978-981-19-3311-0_12
Afferni PMerone MSoda P(2018)Hospital 4.0 and Its Innovation in Methodologies and Technologies2018 IEEE 31st International Symposium on Computer-Based Medical Systems (CBMS)10.1109/CBMS.2018.00065(333-338)Online publication date: Jun-2018
https://doi.org/10.1109/CBMS.2018.00065
Vollala RVenkateswara Reddy L(2018)Intelligent Attribute Based Encryption (IABE) Mechanism for Health Records in CloudComputing, Communication and Signal Processing10.1007/978-981-13-1513-8_21(197-204)Online publication date: 13-Sep-2018
https://doi.org/10.1007/978-981-13-1513-8_21
Tasali QChowdhury CVasserman EBertino ESandhu RWeippl E(2017)A Flexible Authorization Architecture for Systems of Interoperable Medical DevicesProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078862(9-20)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078862
Liu JMa JWu WChen XHuang XXu L(2017)Protecting Mobile Health Records in Cloud ComputingACM Transactions on Embedded Computing Systems10.1145/298362516:2(1-20)Online publication date: 2-Jan-2017
https://dl.acm.org/doi/10.1145/2983625
Vimalachandran PWang HZhang YHeyward BZhao Y(2017)Preserving patient-centred controls in electronic health record systems: A reliance-based model implication2017 International Conference on Orange Technologies (ICOT)10.1109/ICOT.2017.8336084(37-44)Online publication date: Dec-2017
https://doi.org/10.1109/ICOT.2017.8336084
Karimi LJoshi J(2017)Multi-Owner Multi-Stakeholder Access Control Model for a Healthcare Environment2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2017.00053(359-368)Online publication date: Oct-2017
https://doi.org/10.1109/CIC.2017.00053
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents