Patient-centric authorization framework for sharing electronic health records

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2009, Pages 125-134

  Jin, Jing ^a   Ahn, Gail Joon ^b   Hu, Hongxin ^b   Covington, Michael J ^c   Zhang, Xinwen ^d  

^a UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE   (United States)

^b ARIZONA STATE UNIVERSITY   (United States)

^c INTEL CORPORATION   (United States)

^d SAMSUNG INFORMATION SYSTEMS AMERICA   (United States)

Author keywords

Electronic health records (EHRs); Patient centric authorization; Selective sharing

Indexed keywords

ACCESS CONTROL POLICIES; ACCESS CONTROL SCHEMES; AUTHORIZATION FRAMEWORKS; AUTHORIZED USERS; DATA AGGREGATION; DATA THEFTS; ELECTRONIC HEALTH RECORD; HEALTHCARE ENVIRONMENTS; MULTIPLE DATA SOURCES; PATIENT HEALTH; POINT OF CARE; PRIVACY PROTECTION; SENSITIVE INFORMATIONS;

DATA PRIVACY; HEALTH; RECORDS MANAGEMENT; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 70450252045     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1542207.1542228     Document Type: Conference Paper

References (24)

1. Jaxe XML editor. http://jaxe.sourceforge.net/.
2. J. Barkley and K. Beznosov. Supporting relationships in access control using role based access control. In Proc. of 4th ACM Workshop on Role-Based Access Control, pages 55-65, 1999.
3. M. Y. Becker and P. Sewell. Cassandra: flexible trust management, applied to electronic health records. In Proc. of IEEE 17th Computer Security Foundations Workshop, pages 139-154, 2004.
4. R. Bhatti, K. Moidu, and A. Ghafoor. Policy-based security management for federated healthcare databases (or RHIOs). In Proc. of the international workshop on Healthcare information and knowledge management, pages 41-48, 2006.
5. J.-W. Byun, E. Bertino, and N. Li. Purpose based access control of complex data for privacy protection. In Proc. of 10th ACM symposium on Access control models and technologies (SACMAT), pages 102-110, 2005.
6. Ciena. The national health information network creating a new vision. White Paper, Healthcare Information and Management Systems Society (HIMSS) Conference 2008, 2008.
7. E. Coiera and R. Clarke. e-consent: the design and implementation of consumer consent mechanisms in an electronic environment. Journal of the American Medical Informatics Association, 11(2):129-140, 2004.
8. dbMotion. White paper: The critical role of integrated patient information in the delivery of high quality healthcare, January 2008.
9. L. L. Dimitropoulos. Privacy and security solutions for interoperable health information exchange: Interim assessment of variation executive summary. http://www.rti.org/pubs/avas-execsumm.pdf, July 2007. RTI Project Number 0209825.000.009.
10. R. H. Dolin, L. Alschuler, S. Boyer, C. Beebe, F. M. Behlen, and P. V. Biron. H17 clinical document architecture, release 2.0. ANSI Standard, 2004.
11. D. M. Eyers, J. Bacon, and K. Moody. OASIS role-based access control for electronic health records. In IEEE Proceedings - Software, pages 16-23, 2006.
12. C. Gates and J. Slonim. Owner-controlled information. In Proc. of the 2003 workshop on New security paradigms, pages 103-111, 2003.
13. J. Grimson, G. Stephens, B. Jung, W. Grimson, D. Berry, and S. Pardon. Sharing health-care records over the internet. IEEE Internet Computing, 5(3):49-58, 2002.
14. HL7. H17 reference information model. http://www.hl7.org/Library/data- model/RIM/modelpage-mem.htm.
15. R. Housley, W. Polk, W. Ford, and D. Solo. Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC3280, http://rfc.net/rfc3280.html, 2002.
16. IEEE-USA's Medical Technology Policy Committee Interoperability Working Group, editor. Interoperability for the National Health Information Network (NHIN). IEEE-USA EBOOKS, 2006.
17. Iowa Foundation for Medical Care. HISPC state implementation project summary and impact analysis report for the state of Iowa. http://www.ifmc.org/ news/StateImpact-Report11-27-07.doc, 2007.
18. J. Jin, G.-J. Ahn, M. J. Covington, and X. Zhang. Toward an access control model for sharing composite electronic health record. In Proc. of 4th International Conference on Collaborative Computing, 2008.
19. C. M. O'Keefe, P. Greenfield, and A. Goodchild. A decentralised approach to electronic consent and health information access control. Journal of Research and Practice in Information Technology, 37(2):161-178, 2005.
20. openEHR Community. openEHR. http://www.openehr.org.
21. M. Peleg, D. Beimel, D. Dori, and Y. Denekamp. Situation-based access control: Privacy management via modeling of patient data access scenarios. Journal of Biomedical Informatics, 41(6):1028-1040, 2008.
22. J. Pritts and K. Connor. The implementation of e-consent mechanisms in three countries: Canada, england, and the netherlands. SAMHSA report, http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf, 2007.
23. C. Ruan and V. Varadharajan. An authorization model for e-consent requirement in a health care application. Applied Cryptography and Network Security, LNCS, 2846:191-205, 2003.
24. N. Yang, H. Barringer, and N. Zhang. A purpose-based access control model. In Proc. of 3rd International Symposium on Information Assurance and Security (IAS), pages 143-148, 2007.