HealthPass: Fine-grained access control to portable personal health records

Proceedings - International Conference on Advanced Information Networking and Applications, AINA

Volumn , Issue , 2010, Pages 1012-1019

  Steele, Robert ^a   Min, Kyongho ^a  

^a UNIVERSITY OF SYDNEY   (Australia)

Author keywords

Access control; Health informatics; Portable personal health record; Role based access control; XML document

Indexed keywords

DATA ACCESS; DELIVERY SYSTEMS; DIGITAL CERTIFICATES; DYNAMIC INTERACTION; HEALTH DATA; HEALTH INFORMATICS; HEALTH INFORMATIONS; HEALTH RECORDS; PERSONAL HEALTH RECORD; ROLE-BASED ACCESS CONTROL;

AUTHENTICATION; CUSTOMER SATISFACTION; HEALTH; HEALTH CARE; INFORMATION MANAGEMENT; INFORMATION SCIENCE; MARKUP LANGUAGES; SECURITY SYSTEMS; XML;

SECURITY OF DATA;

EID: 77954321654     PISSN: 1550445X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/AINA.2010.176     Document Type: Conference Paper

References (35)

1. S. Abiteboul, B. Alexe, O. Benjelloun, B. Cautis, I. Fundulaki, T. Milo, A. Sahuguet, "An electronic patient record "on steroids": distributed, peer-to-peer, secure and privacy-conscious", VLDB 2004, Canada, pp. 1273-1276, 2004.
2. E. Bertino, S. Castano and E. Ferrari, "Securing XML documents with Author-X", Internet Computing, IEEE, vol. 5, pp.21-31, 2001.
3. E. Bertino and E. Ferrari, "Secure and selective dissemination of XML documents", ACM Transactions on Information and System Security (TISSEC), vol. 5, pp. 290-331, 2002.
4. L. Bouganim, F.D. Ngoc, P. Pucheral, "Dynamic access-control policies on XML encrypted data", ACM Transactions on Information and System Security (TISSEC), vol. 10, pp. 1-37, 2008.
5. E. Damiani, S. de Capitani di Vimercati, S. Paraboschi and P. Samarati, "A fine-grained access control system for XML documents", ACM Transactions on Information and System Security (TISSEC), vol. 5, pp.169-202, 2002.
6. E. Damiani, M. Fansi, A. Gabillon and S. Marrara, "Securely updating XML", KES 2007, Italy, pp. 1098-1106, 2007.
7. E. Damiani, P. Samarati, S. de Capitani di Vimercati and S. Paraboschi, "Controlling access to XML documents', Internet Computing, IEEE, vol. 5, pp.18-28, 2001.
8. S. Endsley, D.C. Kibbe, A. Linares, and K. Colorafi, "An introduction to personal health records," Family Practice Management, pp. 57-62, May 2006.
9. W. Fan, C. Chan, and M. Garofalakis, "Secure XML querying with security views", ACM SIGMOD International Conference on Management of Data (SIGMOD '04), France, pp. 587-598, 2004.
10. K. Frikken, M. Atallah, and J. Li, "Attribute-based access control with hidden policies and hidden credentials," IEEE Transactions on Computers, vol. 55, pp. 1259-1270, 2006.
11. A. Gabillon and E. Bruno, "Regulating access to XML documents", Annual Working Conference on Database and Application Security (Das'01), Canada, pp. 299-314, 2001.
12. K. Garson and C. Adams, "Security and privacy system architecture for an e-hospital environment," Symposium on Identity and Trust on the Internet, USA, pp. 122-130, 2008.
13. S.K. Goel, C. Clifton and A. Rosenthal, A. (2003) "Derived access control specification for XML", ACM Workshop on XML Security, USA, pp. 1-14, 2003.
14. G. Kambourakis, I. Maglogiannis, and A. Rouskas, "PKI-based secure mobile access to electronic health services and data," Technology and Health Care, vol. 13, pp. 511-526, 2005.
15. D. Kulkarni and A. Tripathi, "Context-aware role-based access control in pervasive computing systems," ACM symposium on Access control models and technologies, Estes Park, USA, pp. 113-122, 2008.
16. G.M. Kuper, F. Massacci and N. Rassadko, "Generalized XML security views", Int. J. Inf. Sec. (IJISEC), vol. 8, pp. 173-203, 2009.
17. Markle Foundation, "Connecting for health a public-private collaborative", 2003, available at: http://www.connectingforhealth.org/ resources/final-phwg-report1.pdf.
18. L.D. Martino, Q. Ni, D. Lin, and E. Bertino, "Multi-domain and privacy-aware role based access control in eHealth", International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth 2008), Finland, pp. 131-134, 2008.
19. G. Miklau and D. Suciu, "Controlling access to published data using cryptography", VLDB 2003, Germany, pp. 898-909, 2003.
20. S. Mohan and Y. Wu, IPAC - An Interactive Approach to Access Control for semi-structured data, VLDB 2006, Korea, pp. 1147-1150, 2006.
21. V. Nassis, R. Rajugan, T.S. Dillon, and W. Rahayu, "Conceptual design of XML document warehouses", International Conference on Data Warehousing and Knowledge Discovery (DaWaK 2004), Spain, pp. 1-14, 2004.
22. OASIS, "eXtensible Access Control Markup Language (XACML) Version 1.0", available at: http://www.oasisopen.org/committees/download.php/2406/ oasis-xacml-1.0.pdf, 2003.
23. J.B. Perlin, R.M. Kolodner and R.H. Rosswell, "The veterans health administration: quality value, accountability, and information as transforming strategies for patient-centered care", Am J Manag Care, vol. 10, pp. 828-836, 2004.
24. U. Sax, I. Kohane and K.D. Mandl, "Wireless technology infrastructures for authentication of patients: PKI that rings," Journal of American Medical Informatics Assoc, vol. 12, pp. 263-268, 2005.
25. R. Steele, W. Gardner, D. Chandra, and T.S. Dillon, "Framework and prototype for a secure XML-based electronic health records system," International Journal of Electronic Healthcare, vol. 3 pp. 151-174, 2007.
26. R. Steele, A. Lo, C. Secombe, YK. Wong, "Elderly Persons' Perception and Acceptance of Using Wireless Sensor Networks to Assist Healthcare". International Journal of Medical Informatics. 2009; 78(12): 788-801.
27. R. Steele, A. Lo, "Future Personal Health Records as a Foundation for Computational Health". Computational Science and Its Applications - ICCSA 2009, Lecture Notes in Computer Science, Volume 5593/2009: 719-733.
28. R. Steele and K. Min, "Role-based access to portable personal health records", International Conference on Management and Service Science (MASS (EMS/ISM) 2009), Beijing, China, 2009.
29. R. Steele and W. Tao, "MobiPass: A passport for mobile business," Personal and Ubiquitous Computing, vol. 11, pp. 157-169, 2007.
30. A. Stoica and C. Farkas, "Secure XML views", IFIP WG 1.3 International Conference on Data and Applications Security, UK, pp. 133-146, 2002.
31. A. Tripathi and M.M. Gore, "Hasslefree: Simplified access control management for XML document", International Conference on Distributed Computing and Internet Technology (ICDCIT 2007), India, pp. 116-128, 2007.
32. F.K. Uckert and H. Prokoschl, "Implementing security and access control mechanisms for an electronic healthcare record," AMIA Symp, pp. 825-829, 2002.
33. W3C-XML, Extensible Markup Language (XML), http://www.w3.org/XML, 2004.
34. J. Wang and S.L. Osborn, "A role-based approach to access control for XML databases", SACMAT 2004, USA, pp. 70-77, 2004.
35. A. Wright and D.F. Sittig, "Encryption characteristics of two USB-based personal health record devices," Journal of American Medical Informatics Assoc, vol. 14, pp. 397-399, 2007.